Bryan King (W8DBK)Don’t fall for tech support scams! Learn how to spot the tricks and protect your digital life from scammers. Stay safe online 🔒💻 #CyberSecurity #TechSupportScam #StaySafeOnline
ccinfo.nlOplichters worden steeds creatiever in hun technieken, en de zogenaamde helpdeskfraude is daar een duidelijk voorbeeld van.
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-nieuws-trends/opsporing/gezochte-personen-cybercrime/2555614_de-bilt-helpdesk-fraude
Podcast Spotify: https://open.spotify.com/episode/0DjNU0jW4CsA7hK6wS0qMW?si=a2df5d816d6a4ea3
Podcast Youtube: https://youtu.be/1L_vYm5XB3M
#DeBilt #HelpdeskFraude #Cybercrime #Opsporing #Vishing #Smishing #TechSupportScam #AnyDesk #BankhelpdeskFraude #Cybersecurity #DigitaleVeiligheid #FraudePreventie #Oplichting #Politie #GezochtePersonen #FraudeZaken #Cybercriminelen
Huizen / Almere - Helpdesk fraude
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-nieuws-trends/opsporing/gezochte-personen-cybercrime/2542675_huizen-almere-helpdesk-fraude
Podcast Spotify: https://open.spotify.com/show/1tIe2XIhAOfcRB818jsacC?si=W88ogkJ0QHC_HSbLEy7pXg
Podcast Youtube: https://youtu.be/6mJivRWu9UQ
#Huizen #Almere #HelpdeskFraude #Cybercrime #Opsporing #Vishing #Smishing #TechSupportScam #AnyDesk #BankhelpdeskFraude #Cyberdreigingen #Oplichting #DigitalSecurity #CyberAwareness #CyberCriminaliteit #Politie #FraudePreventie #Cybercrimeinfo #Digiweerbaar
Huizen / Almere - Helpdesk fraude / Gezochte personen Cybercrime / Opsporing / Menu Nieuws & Trends | Cybercrimeinfo.nl
Helpdesk fraude in Huizen/Almere: verdachte gezocht na oplichting van 79-jarige vrouw. Meer dan €1200 gestolen. Leer hoe je jezelf beschermt tegen vishing en andere cyberdreigingen.
Op 9 januari 2025 werd een vrouw in Breda slachtoffer van een geraffineerde bankhelpdeskfraude.
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-nieuws-trends/opsporing/gezochte-personen-cybercrime/2528152_breda-helpdesk-fraude
Podcast Youtube: https://youtu.be/Q_D_t_fpQjU
Podcast Spotify: https://open.spotify.com/episode/7rddNI0Cb2UBOJdYeSDmn8?si=f96de99ff2df4293
#Breda #HelpdeskFraude #Cybercrime #Vishing #Smishing #TechSupportScam #AnyDesk #BankHelpdeskFraude #Cybersecurity #VeiligInternet #FraudePreventie #Cybercriminaliteit #Politie #Opsporing #GezochtePersonen #Cybercrimeinfo
Stuart Longland (VK4MSL)Arrived by email… thankfully I don't get any of these anymore (they can't figure out the IVR menu prompt on the home telephone) but I have to give the woman a mark for originality…
-----
A phone conversation with a very nice young chap from Pakistan. This is how it went:
"Hello, how are you today?"
"I'm very well thank you for asking, how are you and more to the point, WHO are you?"
"Madam, my name is Sanjit, and I'm calling you from Microsoft."
"Microsoft, is that a city in Pakistan?"
"No Madam, MICROSOFT, the computer company. I'm calling to tell you that we have found a problem with your computer."
"REALLY, that's quite concerning."
"Yes Madam, it can become very serious indeed but thankfully I will be able to fix it for you."
"No, I meant it's very concerning because I don't HAVE a computer."
“You don't?"
“No."
"Ahh, it must be a problem on your laptop Madam."
"Don't have one."
"Ipad?"
"Nope."
"Tablet?"
"I have none of those things. As a matter of fact, I don't even have a telephone."
After a few seconds of silence he said "Madam, you are lying to me now!"
I said "Well, you started it!!" and put the phone down.
-----
Randysigh, frustrating to watch folks google for major names instead of tacking on the .com to simply go to the site. Instead they get subjected to #malvertising that no user will be able to differentiate from legit.
For the chain I saw searching amazon, these seem worth blocking.
lunavattuone[.]com
urchin-app-2-p3hvj.ondigitalocean[.]app
TIL that TSS's are equal opportunity. This is the first I'd seen a macOS TSS.
BTW, you might want to block this TDS.
tarapau[.]world
At present it points to here, but I'm sure it'll change by the time anybody blocks it.
datahubcenter11.z13.web.core.windows[.]net
decioSur le sujet: analyse de Malwarebyte sur cette arnaque exploitant les résultats de recherche sponsorisés Google
👇
https://www.malwarebytes.com/blog/news/2024/05/watch-out-for-tech-support-scams-lurking-in-sponsored-search-results
Ces mêmes outils permettent aux acteurs malveillants de cibler et adapter géographiquement les campagnes. En effet, les options de ciblage avancées disponibles dans les campagnes publicitaires permettent de viser spécifiquement une population donnée, exploitant les configurations linguistiques et régionales pour adapter le contenu du faux-message d'alerte au public.
Cette technique de ciblage est à l'origine de ce que le l'Office Fédéral de la Sécurité Cyber (OFSC) défini comme la "variante suisse romande"
👇
https://www.ncsc.admin.ch/ncsc/fr/home/aktuell/im-fokus/2024/wochenrueckblick_1.html
This campaign consists of at least four active apex domains.
99read[.]net
hintguides[.]com
movieanddrama[.]com
myfastupdate[.]com
Each of the subdomains within them all lead to the TSS campaign with this format.
hXXps://{random}.{random}.web.core.windows[.]net/?bcda={phonenumber}
Conveniently they occasionally use subdomains with the date. For example the domain 29apr.99read[.]net came on line April 29th, 2024.
The domain 4dec1.myfastupdate[.]com was indeed observed on December 4th 2023. Interestingly the TSS was hosted on the domain itself. So the switch to Azure was a change made since then.
https://urlscan.io/result/4f249136-281f-4dc9-b8e3-d70d3edffdc2/
There's a Facebook #malvertising campaign that uses *.hintguides[.]com for it's dynamic re-director to their current #TechSupportScam (TSS) on Azure. They don't seem to rotate them as quickly as other TSS TDSs I've seen, but they did change from yesterday to today.
Here are three currently active ajax.php URLs that return Javascript that contain the current TSS URL.
22aprl.hintguides[.]com/ajax.php
bestnew.hintguides[.]com/ajax.php
latestupdate.hintguides[.]com/ajax.php
https://urlscan.io/result/bcc95c86-df1d-4153-bc92-f89537b5590d/