Scammers target Facebook Business accounts

Sep 05 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s happy to announce that the UK-wide cyberattack on summer has finally been thwarted and, as such, September is set to be a scorcher ????????????️

Today’s hottest cybersecurity news stories:

  • ???? More malvertising: Vietnamese scammers target Facebook Business accounts ????

  • 得 Chinese-speaking scammers launch ‘smishing’ (SMS) attack via iMessage in U.S. ????

  • ???? Twitter (X) to ask for biometric data from premium users to combat fake accounts ????

Charlie d̶o̶n̶'t̶ DOES (web) surf ????

???? Vietnamese Cybercriminals Target Social Media Platforms with Malware ????????

Afternoon, cyber-squad! ???? We've got an important update about cyber threats targeting social media, especially Meta-owned Facebook. ????

According to cybersecurity researchers, malicious actors linked to the Vietnamese cybercrime scene are now using ads on Facebook to spread dangerous malware. ????

These cybercriminals have been busy targeting not only individuals but also businesses using Meta Business and Facebook accounts as their playground. They employ various tactics, including social engineering, to gain unauthorised access to user accounts. ????

One popular method is luring victims through platforms like Facebook, LinkedIn, WhatsApp, and even freelance job portals. ????️‍♂️ They also use search engine poisoning to trick users into downloading bogus software.

What's alarming is their misuse of URL shorteners, Telegram for command-and-control, and legitimate cloud services like Dropbox and OneDrive to host malicious content. ????

Quack, quack, it’s a cyber-attack! ????

One notorious group, known as Ducktail, uses enticing ads on Upwork and Freelancer to bait victims. They then deploy the Ducktail stealer malware, stealing saved session cookies and taking control of Facebook business accounts, which they sell on the dark web. ????????

These attacks are evolving, with the malware now targeting more platforms like Twitter and TikTok Business. The cybercriminals are also creating fraudulent ads using stolen session cookies. ????????

To evade detection, they use various techniques like process killing, encryption, and obfuscation. They've even been known to infiltrate LinkedIn accounts, making their attacks seem more authentic. ????????

Listen up, this is Duckportant! ????

But that's not all – there's another player in town, Duckport, which is a copycat of Ducktail, but with its own set of tricks. They are also into information theft and account hijacking. ????️‍♂️????

These threats highlight the close-knit Vietnamese cybercriminal community, sharing tools and tactics, making it harder to track them down. ????????

Stay safe online, and be cautious when clicking on ads and links, especially on social media. ????????

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Ah yes, your classic smish and grab attack ???? It’s an Aussie favourite ????

???? Alert: Beware of iMessage Smishing Scam Targeting the U.S. ????????

Heads up, everyone! There's a new smishing (SMS phishing) campaign on the rise, and it's hitting the United States hard. ????

???? What's Happening?

A group known as the "Smishing Triad," believed to be Chinese-speaking cybercriminals, is behind this large-scale smishing campaign. They're using compromised Apple iCloud accounts to send iMessages, with one goal in mind: identity theft and financial fraud. ????

???? How Does It Work?

These scammers impersonate popular postal and delivery services, tricking victims into clicking on a link to "reschedule" a delivery. But it's all a trap! The link leads to a fake form where victims are asked to enter their credit card information. ????????

???? What's at Risk?

Your personally identifying information (PII) and payment credentials are in danger. The scammers are after your identity and credit card details. ????

???? The Dark Web Connection

The Smishing Triad offers "smishing kits" on Telegram for $200 a month, making it easy for other cybercriminals to join in. They even collaborate with Vietnamese-speaking members and other groups for more extensive operations. ????????️‍♂️

???? What to Look Out For

Always be cautious of unexpected messages and links, especially via SMS or iMessage. Don't click on suspicious links, and never share your personal or financial information unless you're absolutely certain it's legitimate. ????????

???? Additional Threat

Besides smishing, this group is also involved in Magecart-like attacks on online shopping platforms to steal customer data. Stay vigilant! ????

Remember, smishing is a growing threat, and scammers are getting smarter. Stay safe and inform your friends and family about these dangers! ????

????️ Extra, Extra! Read all about it! ????️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ✈️ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

  • ???? Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.

  • ???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

Elon Musk be having a laugh ???? He can’t X-pect that ????

???? Privacy Update Alert: X (Formerly Twitter) to Collect Biometric Data ????????

Ever since Twitter turned itself into a symbol… ???? ???? Sorry. X, the social media giant formerly known as Twitter, is making changes to its privacy policy, and it involves collecting your biometric data. ???? 

???? Effective Date: September 29, 2023

Starting at the end of the month, X's updated policy will allow the collection and use of biometric information for safety, security, and identification purposes. However, this change is said to be limited to premium users. ????️????

???? Identity Verification

To fight impersonation and enhance security, users may be asked to provide government ID and a photo for identity matching using biometric data. The specifics of how this data will be collected and how long it will be retained remain unclear. ????️‍♂️????

???? Additional Changes

X's updated policy may also include collecting users' employment and educational history. This data could be used to offer job recommendations, share information with potential employers, and deliver personalised ads. ????????????

???? More on X's Recent Updates

X has been busy lately, introducing encrypted direct messages (DMs) and new hiring features for Verified organisations. Users can look forward to making video and audio calls without sharing their phone numbers. Plus, the platform plans to use collected data to train machine learning and AI models. ????????????

???? Privacy Assurance

According to X CEO Elon Musk, this policy change focuses on public data and doesn't affect private DMs or personal information. Your privacy remains a top priority. ????????

Stay informed and keep an eye out for these updates when they roll out. ???? And for heaven’s sake, don’t let them microchip you! ????

So long and thanks for reading all the phish!

Recent articles