uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-05-13 22:10:01

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Cybercriminals Create Credible Phishing Pages

lLKhWoS.png
Since at least mid-2022, cybercriminals have been using a new phishing-as-a-service (PhaaS or PaaS) platform called Greatness to target business users of the Microsoft 365 cloud service, effectively lowering the barrier to entry for phishing attacks.

"Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates extremely convincing decoy and login pages," said Cisco Talos researcher Tiago Pereira.

It has elements like pre-filling the victim's email address and showing their appropriate company logo and background image, which were taken from the target organization's actual Microsoft 365 login page, among other things. ".

Manufacturing, healthcare, and technology companies with U.S. locations predominately participate in campaigns for Greatness. S. , the U. K. , Australia, South Africa, Canada, and Australia, with a December 2022 and March 2023 activity peak.

Phishing kits like Greatness provide threat actors—whether experienced or inexperienced—with a convenient one-stop shop that is affordable and scalable, enabling them to create convincing login pages for a variety of online services and get around two-factor authentication (2FA) security measures.

The decoy pages, in particular, act as a reverse proxy to collect login information and time-based one-time passwords (TOTPs) supplied by the victims.
Attack chains start with malicious emails that include an HTML attachment. When opened, the HTML file executes obfuscated JavaScript code that directs the user to a landing page with the recipient's email address pre-filled and requests their password and MFA code.

In order to gain unauthorized access to the accounts in question, the entered credentials and tokens are then sent to the affiliate's Telegram channel.

Additionally, the AiTM phishing kit includes an administration panel that enables the affiliate to customize the Telegram bot, monitor data breaches, and even create malicious attachments and links.

Additionally, in order to load the phishing page, each affiliate is required to have a current API key. The API key also enables behind-the-scenes communication with the genuine Microsoft 365 login page by posing as the victim and preventing unwanted IP addresses from viewing the phishing page.
Together, the phishing kit and the API carry out a "man-in-the-middle" attack by asking the victim for information, which the API will then transmit in real time to the authentic login page, according to Pereira.

"If the victim employs MFA, this enables the PaaS affiliate to steal both the victim's username and password as well as the authenticated session cookies. ".

The findings coincide with Microsoft's implementation of number matching in Microsoft Authenticator push notifications starting on May 8, 2023, in order to strengthen 2FA security and thwart prompt bombing attacks.

Offline

#2 2023-05-14 23:06:47

PEACEMAKER
Member
Registered: 2023-01-27
Posts: 412

Re: Cybercriminals Create Credible Phishing Pages

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

Offline

#3 2023-05-15 21:17:25

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Cybercriminals Create Credible Phishing Pages

PEACEMAKER;8464 wrote:

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

Offline

#4 2023-05-15 21:19:44

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Re: Cybercriminals Create Credible Phishing Pages

IyaJJJ;8556 wrote:
PEACEMAKER;8464 wrote:

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

Offline

#5 2023-05-15 21:22:13

joanna
Member
Registered: 2023-01-10
Posts: 3,896

Re: Cybercriminals Create Credible Phishing Pages

thrive;8557 wrote:
IyaJJJ;8556 wrote:
PEACEMAKER;8464 wrote:

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

Offline

#6 2023-05-15 21:24:26

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Cybercriminals Create Credible Phishing Pages

joanna;8558 wrote:
thrive;8557 wrote:
IyaJJJ;8556 wrote:

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Offline

#7 2023-05-15 21:27:08

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Re: Cybercriminals Create Credible Phishing Pages

IyaJJJ;8559 wrote:
joanna;8558 wrote:
thrive;8557 wrote:

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Offline

#8 2023-05-15 21:29:25

joanna
Member
Registered: 2023-01-10
Posts: 3,896

Re: Cybercriminals Create Credible Phishing Pages

thrive;8560 wrote:
IyaJJJ;8559 wrote:
joanna;8558 wrote:

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Browsing the internet with free antivirus is never a good idea and i am sure if the user that explained the file sent him use free antivirus there's possibility that it wont detect the malicious file as something that could harm the user.

Offline

#9 2023-05-15 21:40:35

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Re: Cybercriminals Create Credible Phishing Pages

joanna;8561 wrote:
thrive;8560 wrote:
IyaJJJ;8559 wrote:

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Browsing the internet with free antivirus is never a good idea and i am sure if the user that explained the file sent him use free antivirus there's possibility that it wont detect the malicious file as something that could harm the user.

Yes, there's a huge chance that the user would have been a victim of bad actors that sent the file. However, it is always nice to know how the online scammer operate.

Last edited by thrive (2023-05-15 21:40:47)

Offline

#10 2023-05-15 21:46:15

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Cybercriminals Create Credible Phishing Pages

thrive;8564 wrote:
joanna;8561 wrote:
thrive;8560 wrote:

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Browsing the internet with free antivirus is never a good idea and i am sure if the user that explained the file sent him use free antivirus there's possibility that it wont detect the malicious file as something that could harm the user.

Yes, there's a huge chance that the user would have been a victim of bad actors that sent the file. However, it is always nice to know how the online scammer operate.

It's good to understand how cryptocurrency scammers operate but there's no way anyone can totally understand all their strategies and with more consciousness when online.

Offline

#11 2023-05-18 16:39:47

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Cybercriminals Create Credible Phishing Pages

IyaJJJ;8559 wrote:
joanna;8558 wrote:
thrive;8557 wrote:

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

Offline

#12 2023-05-18 19:53:24

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Cybercriminals Create Credible Phishing Pages

Comrade;9009 wrote:
IyaJJJ;8559 wrote:
joanna;8558 wrote:

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

Offline

#13 2023-05-18 19:55:26

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Re: Cybercriminals Create Credible Phishing Pages

Comrade;9009 wrote:
IyaJJJ;8559 wrote:
joanna;8558 wrote:

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

Every great invention is what online scammers always used to scam people and there are different between email marketing and phishing email scam. Just be well informed so you wont be a victim.

Offline

#14 2023-05-22 03:52:08

crpuusd
Member
From: Blockchain
Registered: 2022-12-13
Posts: 2,411

Re: Cybercriminals Create Credible Phishing Pages

IyaJJJ;9068 wrote:
Comrade;9009 wrote:
IyaJJJ;8559 wrote:

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Offline

#15 2023-05-23 16:00:12

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Cybercriminals Create Credible Phishing Pages

crpuusd;9662 wrote:
IyaJJJ;9068 wrote:
Comrade;9009 wrote:

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Offline

#16 2023-05-23 16:17:28

oba
Member
Registered: 2023-01-13
Posts: 1,869

Re: Cybercriminals Create Credible Phishing Pages

crpuusd;9662 wrote:
IyaJJJ;9068 wrote:
Comrade;9009 wrote:

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Yes, scammers different unique tools especially marketing tools to send out phishing and different scam emails but it's impossible to know all their subject curriculum

Offline

#17 2023-05-23 17:09:52

Vastextension
Member
Registered: 2022-11-19
Posts: 2,701

Re: Cybercriminals Create Credible Phishing Pages

Comrade;9858 wrote:
crpuusd;9662 wrote:
IyaJJJ;9068 wrote:

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

Offline

#18 2023-05-23 19:26:34

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Cybercriminals Create Credible Phishing Pages

Vastextension;9865 wrote:
Comrade;9858 wrote:
crpuusd;9662 wrote:

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

Yes, just like we have many altcoins in the cryptocurrency market so there are many scammers and some use romantic scams, email, hacking, and phishing site scams. Besides, there are some which have to do with physical business scams and all we need to do is to be careful cause no one is ever safe.

Offline

#19 2023-05-23 22:44:06

Europ
Member
Registered: 2023-05-23
Posts: 2,186

Re: Cybercriminals Create Credible Phishing Pages

IyaJJJ;9881 wrote:
Vastextension;9865 wrote:
Comrade;9858 wrote:

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

Yes, just like we have many altcoins in the cryptocurrency market so there are many scammers and some use romantic scams, email, hacking, and phishing site scams. Besides, there are some which have to do with physical business scams and all we need to do is to be careful cause no one is ever safe.

Security has the best value in protecting one's entity. Utopia has a well-developed ecosystem as more than a high-definition encrypted programs to secure the privacy of all users. We are in a civilized world where a fiat currency it's been improvised and seized for government self use. It important to have a safe investing platform where your currency will be saved for future use and uncompromised

Offline

#20 2023-05-23 23:37:35

joanna
Member
Registered: 2023-01-10
Posts: 3,896

Re: Cybercriminals Create Credible Phishing Pages

Vastextension;9865 wrote:
Comrade;9858 wrote:
crpuusd;9662 wrote:

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

Offline

#21 2023-05-23 23:40:36

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Re: Cybercriminals Create Credible Phishing Pages

joanna;9989 wrote:
Vastextension;9865 wrote:
Comrade;9858 wrote:

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

Offline

#22 2023-05-23 23:43:02

joanna
Member
Registered: 2023-01-10
Posts: 3,896

Re: Cybercriminals Create Credible Phishing Pages

thrive;9990 wrote:
joanna;9989 wrote:
Vastextension;9865 wrote:

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

Offline

#23 2023-05-23 23:43:57

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Re: Cybercriminals Create Credible Phishing Pages

joanna;9991 wrote:
thrive;9990 wrote:
joanna;9989 wrote:

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

If we want this to really stop, then UtopiaP2P needs to create a privacy-supported social media network for people who value privacy.

Offline

#24 2023-05-23 23:44:40

joanna
Member
Registered: 2023-01-10
Posts: 3,896

Re: Cybercriminals Create Credible Phishing Pages

thrive;9992 wrote:
joanna;9991 wrote:
thrive;9990 wrote:

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

If we want this to really stop, then UtopiaP2P needs to create a privacy-supported social media network for people who value privacy.

A user of this forum once suggested that UtopiaP2P developers create a privacy-supported social media network but a lot of people think it's something we don't need, I guess this is what the user was thinking about when he made the suggestion.

Offline

#25 2023-05-28 19:11:16

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Cybercriminals Create Credible Phishing Pages

joanna;9993 wrote:
thrive;9992 wrote:
joanna;9991 wrote:

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

If we want this to really stop, then UtopiaP2P needs to create a privacy-supported social media network for people who value privacy.

A user of this forum once suggested that UtopiaP2P developers create a privacy-supported social media network but a lot of people think it's something we don't need, I guess this is what the user was thinking about when he made the suggestion.

Believé in those that believe in you. Utopia comes with a tendency to protect.

Offline

Board footer

Powered by FluxBB