Connect with us

GRTech

Sophos discovers SMS phishing scam that pretends to be Apple “chatbot”

BY Sandra Ani

Published

on

Sophos report on SMS scams

If you think SMSes are dead, you need to have a rethink. In fact, SMS is still of big interest to businesses and cybercriminals know about this.

If you consider this report coming from Naked Security, you will understand they are still widely used because of their simplicity and convenience.

Indeed, as a general-purpose short message service – which is literally what the letters SMS stand for – it’s hard to beat, because any phone can receive text messages, from the fanciest smartphone to the cheapest pre-paid mobile.

If all you need to transmit is a 6-digit logon code or a “pizza driver now 2 minutes away” notification, SMSes still make excellent business sense.

Sadly, and as noted by Naked Security, however, what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing – an attack that’s wryly known as smishing.

You can see why SMSes work for crooks. Start a 

With just 160 characters per message, it’s easy for them to avoid the grammatical and stylistic blunders that they often make when they’re forced to produce longer-format email messages in a language they don’t speak well.

Better yet, business SMSes generally use URL shorteners to save space, giving the criminals an excuse to do the same.

URL shorteners convert lengthy but meaningful web addresses such as https://brandname.​example.com/​pizza-order.html?​lang=en-US into a compressed but cryptic format such as https://xx.test/ABXt that frees up characters for the rest of the SMS, but disguises where the link is going to end up.

Hovering over a shortened link doesn’t help because the link denotes the actual website you’ll visit.

The link shortening site uses the characters after the website name (ABXt in our made-up example above) as an index to look up the real destination and then sends an HTTP 301 Moved Permanently reply to tell your browser where to go next. You need to click through to the shortening site first before you find out where you are supposed to end up.

The SMS system, of course, doesn’t know anything about URLs or even about the internet – but it doesn’t need to.

Your phone’s operating system will happily recognise when the text in an SMS looks like a URL and automatically make it clickable for you.

So, when the crooks use shortened URLs in their smishing scams, they don’t look unusual or out of place, even though the crooks are doing it specifically to be treacherous and not to save space.

As a result, text messages that contain one short, clipped sentence that wouldn’t look right in an email, and that contain deliberately disguised links that we might be suspicious of anywhere else…

…look surprisingly natural when they show up in an SMS.

Like this one we received earlier this week. (We’re not called Christopher and we don’t live in Derry, which is in Northern Ireland. The incomplete address given is a genuine suburban street, presumably plucked from a map to make it seem realistic.)

Naked Security

Source: Naked Security

Dear Christopher, we have your packet in queue. Address: Londonderry, Ballynagard crescent

http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz

The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky “reverse authentication” psychology to lure you in further.

The scam first shows you some cheery messages from a fake Apple chatbot to tell you why you – actually, to tell you why Christopher – had enough luck to be chosen to take part in an iPhone 12 trial, and then it invites you – actually, it invites Christopher – to join in:

Naked Security

Source: Naked Security

Here, the link looks genuine, but the blue characters are simply the clickable text of the link, not the URL that is the destination of the link.

At this point, you’re no longer in the SMS messaging app but have clicked through into your browser, so you can see where the fake link leads if you hover your mouse over it. (On a phone, tap-and-hold on the link until the destination pops up.)

But if you aren’t cautious, you might wonder whether “Christopher” really was part of some Apple pre-release group.

What if you claim Christopher’s promo for yourself?

In fact, what’s stopping you from simply clicking through as if you were Christopher and finding out for yourself?

Well, one thing is stopping you, namely that you have to “prove” yourself by by giving your full name and address – except, of course, that the crooks helpfully leaked that information to you in the original text, making the “test” easy to pass.

You can guess what happens next:

Naked Security

Source: Naked Security

In case you’re wondering, the name-and-address answers above in part 3/5 don’t matter a jot. We tried clicking numerous different combinations and, unsurprisingly, the crooks let us through anyway. The questions are there just to provide a plausible connection back to the SMS that was meant for “Christopher” but that reached you instead. It’s as though the criminals are trying to “authenticate” themselves to you, rather than the other way around.

As you see above, if you do click through the questions then you end up on a scam site (there were several variations, all similar – we tried the smish repeatedly) where you find there’s a courier delivery charge for the “free” phone, typically between £1 and £2.

Then you end up on a credit card payment form that’s hosted on what looks like a “special offers” website with a believable enough name, and with an HTTPS security padlock if you take the time to look.

Of course, if you try to pay your modest delivery charge, you are simply handing over your personal data to the crooks, including your full card number and security code:

Source: Naked Security

Source: Naked Security

How bad is this?

Is this really a big deal, given that most of us would back ourselves to spot this as a scam right from the start?

Yes, it is.

Many of us have friends or family – perhaps even an at-risk relative who has been scammed before – who wouldn’t be so sure, and for whom the reverse authentication trick of asking for “Christopher’s” name and address might be convincing enough to draw them in further.

And friends don’t let friends get scammed, so if ever you get asked by someone who relies on you for cybersecurity help, “So what would happen if I clicked through?”…

…you can show them the short video above and let them see how these scams play out – without having to click through yourself.

What to do?

The article recommends that:

1. There is no free phone

And if there were a free phone, you wouldn’t have to hand over your credit card details and pay £1 for it. You’re not getting something for nothing – you’re handing over something for nothing, and the crooks will use it against you. If you’re in any doubt, don’t give it out.

2. Keep your eyes open for clues

The crooks have made numerous spelling and visual blunders in this scam. We’re not going to help them by listing them all like your English Language teacher would have done at school, but there are quite a few things that just don’t look right, even if you assume that there really is a free phone at the end of this. You might not always notice every clue, but always give yourself the time to look and therefore the best chance to catch out the crooks.

3. Look at the link before you click

If anything looks wrong, it IS wrong. Even if the crooks don’t make any spelling or grammatical mistakes they almost always need to lead you to a website that they control.

Often, that means a bogus link that you ought to spot if you take your time. Never let yourself get rushed into clicking through, no matter how much the crooks play on your fear of missing out.

4. Consider a web filter

Network web filtering on your business network isn’t about surveillance, it’s about online safety. This helps you keep the bad stuff out, and helps your users keep the good stuff in, such as passwords and payment card numbers. Setting up a corporate VPN (virtual private network) means that users at home can browse securely back through the office network and enjoy the same protection that’t they’d have on the LAN at work.

[NB: The article was first published for Sophos by Naked Security]

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

GRTech

Unlocking Digital Inclusion: S.Mobile and MTN Nigeria Partner for MoMo PSB and Data Bundles, Airtime

Published

on

S.Mobile, MTN Nigeria and MoMo

In a move that promises to revolutionize access to digital services and financial inclusion for millions of Nigerians, S.Mobile has joined forces with MTN Nigeria.

This strategic partnership focuses on the distribution of MTN’s MoMo Payment Service Bank (PSB) and data bundles, offering a seamless gateway to financial services and connectivity.

The collaboration brings together two industry leaders with unique strengths. MTN Nigeria, the country’s largest telecom provider, boasts an extensive network and deep understanding of the Nigerian market. S.Mobile, known for its innovative digital solutions and commitment to financial inclusion, enhances the digital landscape with its user-friendly platforms. Together, they are poised to deliver unparalleled services to everyone, from individuals to businesses.

Boosting Financial Inclusion with MoMo PSB

A key aspect of this partnership is the promotion of MTN’s MoMo PSB, a groundbreaking initiative aimed at extending financial services to the unbanked and underbanked. By leveraging MTN’s vast network, MoMo PSB empowers users to access banking services, make transfers, settle bills, and save money directly from their mobile devices, eliminating the need for traditional bank accounts.

S.Mobile plays a crucial role by facilitating MoMo PSB adoption through its digital platforms and partner network. Integrating MoMo PSB simplifies participation in the formal financial system, especially for Nigerians in remote or underserved areas.  This move is expected to significantly boost financial inclusion across the country, enabling more people to manage their finances efficiently and securely.

Revolutionizing Data Bundle Distribution

Beyond MoMo PSB, the partnership focuses on distributing MTN data bundles through S.Mobile’s platforms. With internet usage skyrocketing in Nigeria, the demand for reliable and affordable data is paramount. This collaboration seeks to meet that demand by providing consumers with easy access to data bundles, ensuring uninterrupted connectivity for work, learning, and entertainment.

S.Mobile’s user-friendly interface allows customers to purchase data bundles directly, with real-time updates and instant delivery. This convenience is invaluable for businesses and individuals who rely on a steady internet connection. Integrating MTN’s data services enhances the digital experience for S.Mobile’s customers while driving data usage throughout the country.

A Win-Win Collaboration

This partnership benefits both companies and, more importantly, the millions of Nigerians who stand to gain from enhanced services. For MTN Nigeria, collaborating with S.Mobile represents an opportunity to further expand their reach and deepen their impact in the Nigerian market. S.Mobile’s distribution network and digital expertise  ensure wider accessibility of MTN’s services.

For S.Mobile, partnering with MTN strengthens its position as a key player in the Nigerian digital economy. Offering MoMo PSB and MTN data bundles attracts new customers, enhances service offerings, and fosters greater engagement on their platform. This also aligns with S.Mobile’s mission to empower Nigerians with the tools and services they need to thrive in a digital world.

Looking Ahead

As the S.Mobile and MTN Nigeria partnership takes off, both companies are optimistic about the future. They are committed to continuous innovation and improvement of services to meet evolving customer needs. This collaboration goes beyond business; it’s about empowering millions of Nigerians with the financial and digital tools they need to succeed.

The combined strengths of S.Mobile and MTN Nigeria set a new standard for service delivery, ensuring more Nigerians can access the financial services and connectivity they need. The CEO, Adonu Kingsley Ifeanyi, assures that they will continue to work together, and the impact of this partnership will be felt across the country, driving growth, innovation, and inclusion in the digital age.

Continue Reading

GRTech

Ransomware Groups Weaponize Stolen Data to Increase Pressure on Targets Who Refuse to Pay, Sophos Report Finds

Published

on

Sophos’ Annual State of Ransomware

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released a new dark web report, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” which details how cybercriminals are weaponizing stolen data to increase pressure on targets who refuse to pay.

This includes sharing the contact details or doxing the family members of targeted CEOs and business owners, as well as threatening to report any information about illegal business activities uncovered in stolen data to the authorities.

In the report, Sophos X-Ops shares posts found on the dark web that show how ransomware gangs refer to their targets as “irresponsible and negligent,” and in some cases, encourage individual victims whose personal information was stolen to pursue litigation against their employer.

“In December 2023, in the wake of the MGM casino breach, Sophos began taking note of ransomware gangs’ propensity to turn the media into a tool they can use to not only increase pressure on their victims but take control of the narrative and shift the blame. We are also seeing gangs singling out the business leaders they deem ‘responsible’ for the ransomware attack at the companies they target. In one post we found, the attackers published a photo of a business owner with devil horns, along with their social security number. In a different post, the attackers encouraged employees to seek ‘compensation’ from their company, and, in other cases, the attackers threatened to notify customers, partners and competitors about data breaches. These efforts create a lightning rod for blame, increasing the pressure on businesses to pay up and potentially exacerbating the reputational damage from an attack,” said Christopher Budd, director, threat research, Sophos.

Sophos X-Ops also found multiple posts by ransomware attackers detailing their plans to search for information within stolen data that could be used as leverage if companies don’t pay. For example, in one post, the WereWolves ransomware actor notes that any stolen data is subject to “a criminal legal assessment, a commercial assessment and an assessment in terms of insider information for competitors.” In another example, the ransomware group Monti noted that it found an employee at a targeted company searching for child sexual abuse material and threatened to go to the police with the information if the company didn’t pay the ransom.

These posts align with a broader trend of criminals seeking to extort companies with increasingly sensitive data relating to employees, clients or patients, including mental health records, the medical records of children, “information about patients’ sexual problems” and “images of nude patients.” In one ransomware case, the Qiulong ransomware group posted the personal data of a CEO’s daughter, as well as a link to her Instagram profile.

“Ransomware gangs are becoming increasingly invasive and bold about how and what they weaponize. Compounding pressure for companies, they’re not just stealing data and threatening to leak it, but they’re actively analyzing it for ways to maximize damage and create new opportunities for extortion. This means that organizations have to not only worry about corporate espionage and loss of trade secrets or illegal activity by employees, but also about these issues in conjunction with cyberattacks,” said Budd.

Read the full report “Turning the Screws: The Pressure Tactics of Ransomware Gangs” on Sophos.com.

Continue Reading

Startups

Scaleup with STEP: How STEP Empowering Startups & Talent in Africa

Published

on

Scaleup with STEP

Africa is rapidly becoming a hotbed for innovation, entrepreneurship, and technological advancements.

Yet, for many startups and talented individuals, the journey from concept to market traction and revenue is often fraught with challenges.

Enter the Startup and Talent Enhancement Program (STEP), a pioneering initiative by IDEA Africa, with support from the UK-Nigeria Tech Hub. STEP is not just a program; it’s a transformative force empowering startups and talent across Africa to scale up and achieve sustainable growth.

The vision of STEP is simple yet profound: to bridge the gap between potential and success for startups that have moved beyond the post-revenue stage but are struggling with technical debt, growth hacking, marketing, and other critical areas. How? By giving them access to a large pool of professionally trained talent, strategic market advice from industry experts with years of experience, and a community with like-minded people and fellow founders. By providing targeted intervention and strategic resources, STEP ensures that these startups are not just surviving but thriving.

STEP’s approach is holistic, providing support in multiple areas crucial for startup success. From offering technical assistance, helping startups overcome technical debt and improve their product offerings to providing growth hacking strategies and tools to drive rapid growth and scale operations, to offering marketing insights and resources to effectively market products and reach the right audience and also assisting startups in developing robust business strategies that ensure long-term success.

STEP is committed to empowering individual talent and helping mentors attain fulfilment. By connecting skilled professionals and experienced mentors with high-potential startups, STEP not only helps these individuals find meaningful work and fulfilment but also fosters a culture of innovation and collaboration. This creates a dynamic ecosystem where both startups, talent and mentors can thrive.

To maintain the quality and impact of the program, STEP employs a rigorous selection process. Startups are evaluated based on their growth potential, market fit, and alignment with STEP’s objectives. This ensures that only the most promising startups, ready to embrace transformative changes, are chosen. The result is a cohort of high-potential startups primed for success.

Why STEP?

We are not just another initiative, but an organisation committed to transforming lives and businesses. We believe in the power of local startups to drive economic growth and create jobs. With tailored support and resources, we help you overcome challenges and reach new heights. Also, we provide comprehensive talent and mentor support, connecting you with skilled professionals who can help take your business to the next level. At STEP, we are dedicated to the professional growth of individuals. Through our program, selected talent will receive upskilling opportunities and access to job placements that match their skills, ensuring a bright future for all.

Application Details:

Key Dates:

  • Application Period: July 22nd – August 31st, 2024

How to Apply for Startups, Talent and Mentors:

  1. Click www.steptech.ng
  2. Select your track
  3. Create an account with us
  4. Verify your email
  5. Log in to start your application

How to Apply for Hubs:

Join STEP in Transforming the Startup Ecosystem

We invite all innovators, from startups to mentors, talent, and hubs, to join us in this exciting journey. STEP is your opportunity to make a significant impact, drive innovation, and contribute to the growth of the startup ecosystem in Enugu, Rivers, and Ekiti states.

“Scaleup with STEP” is not just a call to action; it is a testament to the potential and resilience of African startups and talent. By providing targeted support, fostering connections, and driving innovation, STEP is paving the way for a brighter future in Africa’s tech landscape. Join STEP today and be a part of this incredible transformation.

Join the Community

Stay connected with us on LinkedIn, Twitter, Instagram, and Facebook for updates, success stories, and live Q&A sessions. One of the most vital parts of STEP is the community that we are creating. By joining STEP, you join a community of like-minded innovators, tech enthusiasts, and industry experts. This community is a place to collaborate, share experiences, and form long-term connections that can help your startup grow.

Follow STEP’s innovative and exciting journey on social media platforms @steptechnigeria on Instagram, Facebook, LinkedIn, and X.

For more information, visit the website or contact the team at [email protected].

About IDEA Africa:

IDEA Africa is a leading organization dedicated to fostering innovation and entrepreneurship across Africa.

Through various initiatives and partnerships, IDEA Africa supports the growth of startups and the professional development of talent, driving economic growth and technological advancement in the region.

Continue Reading

Trending