Telegram is dangerous.

Apr 10 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that does cybercrime dirty like Starmer does Sunak #LabourAdvert

Today’s hottest cyber security stories:

  • Telegram users bait would-be phishermen with ‘Phishing Kits’
  • Biden takes aim at Russian cybersecurity firm but holds fire… for now.
  • Cybersecurity expert reveals five things we’re all doing wrong everyday

REEL BIG PHISH

Ya’ll remember the old proverb: If you give a man a phish, you feed him for a day. If you teach a man to phish, you feed him for a lifetime. That was it, right?

Well, this is exactly what’s been going on across Telegram, the Russian-owned and frankly crime-ridden encrypted messaging app.

Scammers looking to recruit fresh ‘phishermen’ give away free samples of login details et al to curious newbs hoping they’ll get a get a taste and fall hook, line, and scammer for the easy money scamming (or just plain stealing!) provides.

“How to phish for serious cash”

“To promote their ‘goods,’ phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, ‘What type of personal data do you prefer?’,” Kaspersky Lab (Russian cybersecurity firm) web content analyst Olga Svistunova said in a report published this week.

Indeed, a new generation of scammers are being indoctrinated into the intoxicating world of ripping off strangers on the internet; “How to phish for serious cash” read one of many posts in the same vein.

They’re easy crimes to commit (we’d imagine!) because the victims are just anonymous names and numbers, so the cowardly criminals can eschew guilt by detaching themselves from their poor targets. Nasty stuff.

Fresh Phish for sale!

So, much like all the MaaS (Malware-as-a-Service) we’ve covered previously, cybercriminals can shop for the info they want and phish accordingly. It’s like going on Amazon but instead of putting a Bluetooth keyboard and accompanying mouse in your basket (great purchases, both of them, btw), you scoop up Mandy’s credit card details or Graham’s PayPal login.

Sales must be booming, judging by the fact that Kaspersky Lab (more on them below!) said it detected more than 2.5 million malicious URLs generated using phishing kits in the past six months.

Yikes!

HE’S BIDEN HIS TIME…

Breaking news: President Biden’s Commerce Department is considering taking down Kaspersky Lab, a Russian cybersecurity company that’s been suspected of being a real cyber-pain in the digital behind of the U.S.

Yep, you heard that right. Apparently, they might use their online-security rules to do it! And if they succeed, it could open the door for them to take down other pesky tech companies, like TikTok.

The folks over at Kaspersky Lab were evidently too busy sipping (glugging?) on vodka to give a comment on this development. But don’t worry, they’ve already denied any wrongdoing in the past, claiming that they don’t work with Russia or any government to facilitate cyber espionage or other malicious cyber activity.

Incidentally, Kaspersky Lab products, including antivirus software, are used by hundreds of millions of customers around the world, including in the U.S. And, judging by the story above, the obviously do a lot of good. Is Biden barking up the wrong cyber-tree? It wood not surprise us; he looks/sounds/acts like he could use a nap.

Still, these are interesting developments. Are we on the cusp of a Biden-backed cyber lockdown. We thought those were over! So 2020, Joe.

FRESH PHISH: DON’T GET CAUGHT OUT! HOW TO KEEP IT REEL ONLINE:

According to an expert, most of us are guilty of committing cybersecurity sins on a daily basis. We’re talking about the usual suspects: relying on memory to recall passwords, letting spam emails invade our inboxes, and neglecting the power of two-factor authentication.

And if you think the risk of cyberattacks is a mere exaggeration, think again. Apparently, one in three homes with a computer is believed to have malware-infested devices. And to top it off, nearly half of all American adults have had their personal data compromised by sneaky cyber-criminals.

But don’t worry, folks! The FBI has recently done their part by busting the world’s largest criminal online marketplace. Who knew that you could buy access to bank accounts, eBay, Amazon, and Facebook logins for as little as 50 pence? Score!

Jokes aside, Zane Bond, head honcho of cybersecurity firm Keeper Security, has sounded the alarm bells. He says that millions of Americans are putting themselves and their sensitive information at risk by committing cybersecurity no-nos daily.

Top five cyber c*ck-ups:

  • 1. Memorising passwords: If your password is easy enough to remember, it’s easy for cybercriminals to crack, Mr Bond warns.
  • 2. Not unsubscribing to junk email: “Less junk cluttering your inbox means fewer opportunities for mistakes, and more time and energy available to keep an eye out for phishing attacks”, Bond says.
  • 3. Failing to set up a ‘guest’ network for visitors to your house: A guest network means that guests can’t accidentally introduce malware into your house — and can’t access your devices.
  • 4. Failing to plan your digital afterlife: When you die, your loved ones will need to access your information — and far too few of us bother to plan for it.
  • 5. Ignoring two-factor authentication: Using two-factor authentication can make your accounts 99.9 percent more secure, Microsoft research shows.

So, folks, remember to stay vigilant out there! And may your family meet you in the cyber-afterlife.

So long and thanks for reading all the phish!

Recent articles