Domain Name Scam: A Digital Defense

Cyber attacks using domain names are commonplace among cybercriminals. These fraudulent domains are used for a wide range of attacks such as wire transfer fraud, phishing, counterfeit good sales, scams and other new attacks. Such bad actors use social engineering to trick people into believing their domains are legitimate. This method is particularly attractive as domains are cheap, easy to obtain, and most registrars offer privacy features.

Cybersecurity firm Palo Alto Networks states that over 70% of newly registered domains are marked malicious, suspicious, or not safe for work.

Hence, the eleventh episode in this series seeks to explore the ways malicious actors use domain names for their nefarious activities.

Our speaker is a Cyber-security analyst with experience in Software Development, Vulnerability Assessment, Penetration Testing – Network Infrastructure, Mobile & Web Applications and Threat hunting.

This is a free event, but registration is required as we have limited spaces available.

Ransomware: Fighting Digital Kidnapping

Ransomware attacks are considered the most prevalent cybersecurity threat impacting both businesses and individuals alike. This state of affairs is possible because ramsomware authors have developed ingenious ways of using social engineering tactics to exploit human errors in the delivery of their malware.

Recent events have thrown the spotlight on ransomware incidents with security experts predicting an increase. For instance, Cisco Systems indicates that ransomware attacks are growing more than 350 percent annually and Cybersecurity Ventures predicts that a ransomware attack will hit a business every 11 seconds by 2021, and the estimated damage caused by ransomware will cost the world $20 billion in 2021.

Hence, the tenth episode in this series seeks to explore the ways malicious actors deploy and use ransomware.

Our guest speaker, Mr. Chinedu Onwukike is a Cyber Security Veteran and is currently senior red team specialist at Canada Life.

Registration for this event is required as we have limited seats available.

Social Engineering and Password Security

Passwords have come a long way, from ancient times where they were required for access into places like a castle to modern times where they are a means of digital authentication, passwords don’t seem to be going away anytime soon.

As such, passwords, and especially passwords with privileged access are a target for Cybercriminals as they know they can access a lot of sensitive information with them. This is evidenced by the 2019 Verizon Data Breach Investigation Reports which states 80% of hacking-related breaches still involve compromised and weak credentials. 29% of all breaches, regardless of attack type, involved the use of stolen credentials.

Hence, the ninth episode in this series seeks to explore the ways malicious actors steal login credentials using social engineering.

Our speaker Eyitemi Egbejule is a multi-talented information security expert with experience in Reverse Engineering, Malware Research, Responsible Vulnerability Disclosures, Application Security and ecosystem building.

United Nations Job Scam

Fake employment vacancies in the name of the United Nations have become a staple of internet fraudsters. Recently, our intelligence team came across one of such scams. It was a PDF document being shared on social messaging applications. The document was advertising several vacancies into a non-existent agency of the United Nations called “The United Nations Commission for Industrial and Economic Development (UNCIED)”

Below is a screenshot of the beginning of the document.

The document is 37 pages long with 16 different vacancies and is very detailed with proper formating and good diction. Suffice to say at a first glance it can fool anyone. But upon further scrutiny, it is not too difficult to establish that this is a scam.

First, a good rule of thumb is to always use a search engine to find out more information. Using google reveals no institution of the United Nations has such a name. Instead, what we find is a website that posted the exact same list of vacancies sometime in January this year.

This is a huge clue. Why would an organization post the exact same number of vacancies barely four months after? Of course, an explanation could be made for this but it remains a red flag.

The next pointer that this is a scam is the email address.

Visiting the domain of the email address, we see that it was recently registered on namecheap and a WHOIS search confirms this; the domain was registered on the 16th of December 2019. This fact is another red flag as it is a common practice for scammers to register new domains when undertaking a new scheme. Also, the fact that the domain has nothing on it should raise eyebrows as it is incredulous to believe that a commission of the United Nations cannot afford web development services.

Digging further into the domain, we find that its mail server is active and is being hosted on the namecheap platform.

From the foregoing, we can see this is an elaborate ruse to hoodwink unsuspecting job applicants. The play here is that after an application has been sent in, the scammers will request payment of fees at one or more stages of the recruitment process. Also, Identity Theft could occur due to personal information obtained during the sham recruitment process.

Finally, for the would-be Job applicant, eternal vigilance and due diligence are indispensable.

Phishing Email Campaign Impersonating Netflix

There’s a new phishing email campaign targeting Netflix subscribers. From what has been observed, the aim seems to be to steal user login credentials.

The Email arrives with the title “Re: Update Subscription Payment – We Have Canceled Your Premium Membership….”

The Email can be very convincing just by looking as it uses Netflix logo and branding with no typographical errors, see below:

Another devious ploy is the title which begins with “RE…” meaning reply, the idea is to trick the recipient into thinking this is a reply to a previous message, thereby lowering they are suspicious.

The Email contains a link to a phishing site that leads to a cloned Netflix login portal:

While visually appealing, there are several clues that show this is a phishing email and users should pay attention to these details below:

  1. The sender’s email address does not match the sender’s name. While the sender’s name is “[email protected]” if you look below it, you’ll see the real email address is a long string of characters that has nothing to do with Netflix
  2. The message does not address the recipient with their name, instead, it starts with “Hi”, if this was a legitimate email from Netflix, then it would address the recipient by name since they have this information.

Always remember, never click links in emails. Also, if you’re in doubt, do not click the reply button. Instead, open a fresh new message by clicking on “compose” or the button to launch a new email and write out a message inquiring if the previous email received was legitimate. For instance, if you were the recipient of the email above and you are a Netflix subscriber, you would not reply to the email but send an email to the Nexflix customer service email inquiring if the email you received was from them.