To Spoof or Not to Spoof?

 The spoofing question.

By Dominic Alvieri, @AlvieriD
March 10th, 2021


Apple spoof giveaway via SMS text.


They subtly come everyday. The email. The text. Great free products, messages, pictures. Some are not so subtle and easy to detect. Others are more opaque and harder to spot for the average Joe.

Smishing, spearing, phishing or whaling the targets may vary but the goal is the same. Get you to click. 


During a busy day would this alert make you click? Always go to the account directly to verify.

What would you do? Would you click?



Spoofed SMS texts pretending to be from AT&T

 

From top to bottom you have to secure your phone lines and networks. Now.


Exchange server hacks and rising Bitcoin prices probably means more malware attacks and intrusion attempts. They so cost effective and the margins are only getting better.

Phishing and smishing are also on the rise as are SIM jackings and swaps. You can lose everything on your phone. That should make you think twice.

Executives should have their personal phones secured as well.


AT&T is beefing up security.

AT&T is integrating more security features like voice recognition technologies to help secure customer accounts.

More companies should follow.

That helps secure the account. 


Now on to the spoofing issue.








Email spoofs are still all the rage for the spear or whale minded scammer on the internet. SMS texts are catching up quickly. More and more new short domains area appearing with malicious links in the first quarter of 2021. 

The number one entrance point for ransomware groups and malware is still the phish. Can the smish be far behind? Exploits are changing but the vulnerability is the same. The human element. 

DotCom, .net, .me, .info, nearly every domain has an issue. The FBI warned late last year of new short domains appearing in 2020 and the trend is accelerating. This group of new short domains as well as the fake Apple iPad giveaway are all leading to the same group of bad actors in Hong Kong, China. 











The map above is the geolocation of the malicious links. Fake Apple, Hulu, Netflix and several others have been traced back to the same area.

This was an attempt in 2020 located in what looks the same block. Apple, Sony, Netflix and Hulu giveaways are geared towards the general public. Most bank, PayPal and even the fake Venmo below are also for the general public.




Others are crafted better like this Venmo spoof below.


Spoofed email pretending to be from Venmo



Spoofed headers are not the only problem with this fake spoof of Venmo. The body quality is much better but several mistakes were made. The typography is usually off along with a host of technical issues that will be withheld to avoid helping the bad guys.

A prior poor example below. Both are spoofed emails with bad results if clicked.

Sadly many people click on these spoofed emails and texts.




Security alert warnings from any email or text should be verified directly with the company in question itself, not the notice.


The executive spoof is better crafted and tailored to the person. It generally isn't from an unknown account or general public spoof. The whale will usually get a link from a trusted source that is spoofed professionally. Targeted. Direct. 





Bad actors are hoping for impulse clicks on login warnings.

The warnings and notices continue. The best advice is to check your accounts directly. 
Leave the clicking and tracing to the professionals and authorities.

Secure any and all accounts with MFA. Choose Google or Microsoft Authenticator over SMS.
Signal and VPNs are preferred methods of communications.

Stay safe online and off. Many viruses are around. Covid is too. 

The CyberSecurity Show on Google Blogger.
The Cyber Show

and

CyberSecurity Show

 on

Google Blogger

Twitter @AlvieriD

Dominic Alvieri, Analyst, Hacker and Tracker

 




Comments

Post a Comment

Popular posts from this blog

2020 Software is Killing

Image
   Ransomware leads to death.         By Dominic Alvieri, @AlvieriD    September 22nd, 2020.     Did anyone notice ransomware literally just killed someone?     Ransomware just got upgraded to Murderware. German police are treating the cybersecurity event as a homicide. A lifesaving surgery was cancelled at the last minute in Dusseldorf University Hospital on Wednesday, September 9th due to a ransomware attack on the hospital. The patient was immediately rerouted to the next hospital available about 20 miles away. The patient passed away during the ambulance trip. The digital footprints are familiar.  Reports allege that the attack intended to attack a university (Heinrich Heine University) and redirected to Dusseldorf University Hospital. A woman was arriving for a lifesaving procedure when the ransomware attack took down the hospitals IT systems.  The vulnerability in question is a Citrix VPN appliance controll...
Read more