Tag: cyber attack

Security, Tech

Swapping Phones and Trading Places

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Jesus Saves but Scriptingthewhy saved my bank account baby! Read this script!
Photo by Brett Sayles, please support by following @pexel.com

Hey you, yes you, you the reader. Do you want to know a secret? I know something special about you. The fact that you’re reading this means that you are in the market for getting robbed.

I’m sure there hasn’t been a point in time, where you haven’t had the thought to give some stranger on the internet your hard-earned cash. Please keep in mind that hard-earned was said depending on your work ethic, we all know that results may vary. You say “no”? None of this sounds appealing to you. Don’t worry, that wasn’t my angle.

Humans, it has long been known that we are creatures of habit. We don’t like change much, so we often don’t like it when our plans have hiccups. This could range from something small like having to pick up a tube of toothpaste because you just squeezed your last bit this morning and now you have to add another item to stop for on your shopping list or, to something big like having your phone no longer working because it’s not in your name despite the fact it was fully functional the day before.

You don’t quite understand that last one? Don’t worry, I’m going to script it for you.

Lord, I think this is what Z-Daddy was talking about. This phone was working a minute ago.
Photo by Alex Green, please support by following @pexel.com

A Change in Signal

If you can, picture you’re using your phone for one minute and you put it down only to come back moments later to find that it no longer operates the same. You try making some calls, double check to see if you have any “bars” (“signal”, if you wanted to be technical).

You turn on and off the airplane mode, restart your phone, and still nothing. It’s obvious that something is off and this clearly isn’t normal, you shouldn’t try putting it off to deal with it later.

There is a super high chance that you could be experiencing SIM Swapping. SIM (Subscriber Identity Module) swapping which may go by other names like SIM hijacking, SIM splitting, or sim jacking (not sure how much I like that last one, sounds like a trip to HR), is the art of an attacker/hacker gaining control of your phone number.

Once your number is obtained, life for you is going to go from Netflix and Chill to Bodies by Drowning Pool pretty quickly.

Another globe crisis and cyberattacks on the rise…I’m good with this.
Photo by Ashutosh Sonwani, please support by following @pexel.com

Changing Faces

If you’re an advent reader of mine then you’ll already know or have a good sense of who would commit this act and why, but if you’re not, ask yourself the following. How could you have committed this heinous crime of not subscribing? Why haven’t you subscribed to keep up to date on when I post? And are you going to be missing out if you don’t subscribe? To that last one, I can honestly say “yes”.

Subscription shaming aside, this act is committed with the intent of the attacker becoming you. Why would someone choose you as a target you may be asking? As mentioned before, imposing as you can grant them access to everything you have and more.

They can intercept incoming messages meant for you. Some events have involved credit cards being charged and financial institutions trying to confirm if the purchase was legit only for the attacker to confirm in your place.

Sometimes there’s just no other way to say it.
Photo by Saksham Choudhary, please support by following @pexel.com

Ways to Phone Jack

So you may be wondering, how is something like this executed. I mean, clearly, there has to be some telltale signs before it even happens, right? Well…in most and by most meaning all, you’ll never know that your information is being collected.

This could be done by using keyloggers malware, phishing emails, or which happens in most cases social engineering. The attacker will be someone who has been in the same vicinity as you and has listened close and long enough to obtain enough information to pose themselves as you.

Enough to fool your cellphone provider into giving them more information that they may be missing to commit further attacks. Once that happens, the fun of trying to get everything back in order begins, depending on your response time when you find out your phone no longer has service.

I watched out for social engineering, and I’m didn’t crazy.
Photo by Kindel Media, please support by following @pexel.com

Becoming Socially Unacceptable

At this junction, which is normal, you might be wondering how to prevent this from happening. Social engineering is tricky to catch, so you have to pay attention to everyone you’re within earshot of. Trying to do this constantly will drive you insane and pretty much overload your senses…well and at some point, you’re going to lock eyes with someone for a little longer than what’s considered to be normal, and you may end up weirding them out. The point is, you’re going to end up like Jim Carrey from the movie 23 and be uber-paranoid.

An easier and more sane solution is to be mindful of your volume in places where you’re required to verbally give your information as talking to the person as if you two are in a rave could end poorly since eavesdropping is an easy skill perk that we all have. If writing it down, make sure you are aware of people who may walk by as this could lead to them being able to perform “shoulder surfing”, this is a clever name I know. I didn’t coin it but still somehow, I can feel your judgment.

Some other countermeasures you can take instead of opting for text-based confirmations are, your cellphone provider will let you add a PIN (Personal Identification Number) to your account for an extra layer of protection. When making use of 2FAs (two-factor authentications) verification methods, opt for biometrics which relies on either facial recognition or fingerprint scanning as this involves confirmation of your physical being.

Another method is having a security key that looks like a flash drive but a simple tap or insert into the phone could be more secure if you didn’t want the hassle of trying to get your phone to recognize your face. It is highly advised to contact your provider as soon as possible if you get a “Number changed” or your phone stops operating normally, the effects and fallout could run into years of working to get everything fixed.

Within 5 hours a credit card statement of $7,845.35 could be in your name and that could be the prelude to what’s to come.    

Small Detour:

Check out this person’s experience with SIM swapping because their story is wild, click here.

Sean: I want to be a hacker like Z-Daddy when I grow up.
Z-Daddy: I’m not a hacker kid, you know what, forget it.
Photo by cottonbro studio, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Is there something I may have missed about SIM swapping? Script a comment below.

Tech

Never Going Trip Again

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Scriptingthewhy, what do you mean I’ll never vacation again? I can’t do it now.
Photo by Robert Nagy, please support by following @pexel.com

After reading this, you just may never trust writing a review ever again. And you know what, we don’t blame you. It’s getting pricey just to exist. We all enjoy traveling to new places, especially with our partners.

You may have seen or shared some photos of yourself or others on their romantic getaways from the kids, job, or life just in general on social media. But let’s say you visited a vacation spot, and it left a sour taste in your mouth, clearly, your next course of action is to fire up your computer and write a review.

However, you may want to hold your horses before letting that Sandals resort owner know how you really feel because not all websites are created equal or with good intentions.

We’re going to be going over what kind of attack this is, who is using it, the functionality and effects upon release, and what are some ways you can prevent this from being the beginning to the end of your vacations.

Oh, would you look at that, someone else filed another complaint. That would hurt my business…if they were complaining on the real website.
Photo by Mikhail Nilov, please support by following @pexel.com

The Attack

We as humans have a common tendency to seek out others who align with our current or pending point of view. Sometimes when we can’t find this we may resort to posting online as a signal for someone to agree or just be wrong in their thought.

But given the current growing threat in the landscape of the internet, it seems like those days are about to be numbered due to malicious actors making use of the complaint form of TripAdvisor as an attack vector for cyber-attacks. This may sound absurd, but like Spandau Ballet, this much is true.

We revamped the malware and made it better. Don’t call it a comeback.
Photo by Cleber wendder Nascimento, please support by following @pexel.com

Who Can It Be Now

So, an old menace brings an onset of new challenges. The group operating behind the Cyclops campaign back in May 2023 had revamped and offered Knight ransomware as RaaS (Ransomware-as-a-Service)—this is the act of offering the use of ransomware with different payment plans to interested parties, on the RAMP hacking forum.

This was done with the intent to invite affiliates to join their scheme and share the profits from extorting victims. We’re not sure as to how many partake in this invite but it’s something to keep an eye out for.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I didn’t download a file, did I? How would I remember? I was just trying to get off the computer. 36 hours a day at work is driving me mad.
Photo by Mikhail Nilov, please support by following @pexel.com

That Sinking Feeling

So, how does something like this work, well, we’re glad you asked. This campaign was spotted by Bleeping Computer and after analyzing they found an HTML (Hypertext Markup Language) file, “TripAdvisor-Complaint-[random].PDF, htm”. When opening the file, a fake browser window is launched within the real one. This window displays a TripAdvisor website however, this is a spoofed domain name and URL (Uniform Resource Locator). This technique is called browser-in-the-browser (BitB).

This aims to trick users into thinking they’re on a trusted site but in reality, the stealing of your credentials is pending. What makes BitB attacks more dangerous is, unlike normal phishing attacks where the user is redirected to a malicious website, BitB attack does not require the victim to click on any link or download a file because the fake browser window is embedded in the HTML attachment itself. The user may not notice the difference between the real and fake browser windows, this is unless they pay close attention to the details or have security tools in place for detecting phishing attempts.

However, the fun doesn’t stop there, when interacting with this particular BitB, it pretends to be a complaint submitted, asking for the user to review it. When clicking on the “Read Complaint” button, an Excel XLL file is downloaded named “TripAdvisor_Complaint-Possible-Suspension.xll”.  This file delivers the malware payload to encrypt files appending the “.knight_l” extension to encrypted files’ names, where ‘l’ portion likely stands for ‘lite’.

Once this process is complete a ransom note will be created named “How to Restore Your Files.txt” in all the folders of the computer. The note will demand a payment of $5,000 to be sent to a listed Bitcoin address. Trust us, even if you find the means to pay the ransom, there will be no restoration of your files.

They said they revamped it and made it better, but it still looks the same to me.
Photo by Pixabay, please support by following @pexel.com

The Prevention

While reading this you probably think it’s the end of the world and that you may never go on vacation again. We’re here to tell you, that is not the case. A few ways of protecting yourself is familiarizing yourself with the actual website. When visiting a website make sure you look for “https” and a lock image in your search bar as this will ensure that not only the site is secure, but your personal information is encrypted.

Some fake websites will be harder to spot since scammers are kind of clever, so they’ll be sure to come as close to mimicking the real website as possible, but a bit of mindfulness and staying up to date with your operating system and rising threat trends could safeguard you for your next vacation.

Always remember it’s better to file a complaint with the real TripAdvisor. Sure, they might not listen to you and take your money but it’s better than the alternative of scammers holding your data hostage with the intent to sell at a cost way lower than that Sandals resort owner had charged you.

They charged me an “existence fee”. How do you someone for just being in the area!?
Photo by Mikhail Nilov, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Knight ransomware? Script a comment below.

Programming, Security, Tech

Fishing Made Fun with Bots!

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

You know, every time I read one of these scripts, I learn something new.
Photo by Andrea Piacquadio, please support by following @pexel.com

Okay, so the threat isn’t coming from the future to wipe us out as we once thought. Maybe, and by maybe meaning actually, the threat is here with us in the present day. They attack us every day when checking our email or simply picking up the phone because the scam likely function wasn’t working this go around.

The rise of ChatGPT has not only given people that little nerdy kid to complete their essays for them but people are using a bot to trick a bot in order to land job interviews. But again, with good intentions soon follows malicious ones. 

We’re going to be going over what kind of attack this is, who is using it, its functionality and effects upon release and what are some ways you could protect yourself from being on the receiving end of a malicious connection.

I haven’t been living underneath a Volvo, but I guess hiding isn’t doing me any good neither.
Photo by Mizuno K, please support by following @pexel.com

The Attack

Like most of the computing world and people who haven’t been living underneath a VW 1984 Volvo, that’s a little easter egg for all the old faithful readers. If you’re not one, feel ashamed. Again, for the better part of the internet, most people already know what phishing emails are, but in case you’re unfamiliar and have been living underneath that Volvo, worry not, we have you covered on that one.

Phishing is the act of posing as someone or as part of an organization that an individual may or may not know. The whole objective is to get you (the victim) to interact with the provided link and give up your sweet, sweet information. Once this happens, a number of things can happen, however, the main result is you lose money in some form or fashion.

Who is Greg from accounting, and why did he send me a link?
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Could It Be Now

Unfortunately, no individual or group has been named for using ChatGPT for malicious scams but that doesn’t mean we can’t tell you why they’re doing it. Scammers vary in diversity in ethnicity but many of them don’t diversify in skill level and sometimes… in common sense. Yes, scammers will even try to scam cybersecurity professionals, we don’t know why they do it but, it’s a thing.

Scammers typically use social engineering attacks, mainly phishing. Why? Because it’s easy to obtain an email address for a company, however, they have resorted to spicing up these emails by using ChatGPT.

For those who don’t know what ChatGPT is, we’ll tell you. ChatGPT is a chatbot that is trained to offer humanlike responses in dialogue. In a nutshell, you ask it a question and it gives you something it thinks an average person would say.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Thomas: I told you we lure in more people with ChatGPT.
Simone: Shut up Thomas and keep entering their credit card information.
Photo by Tima Miroshnichenko, please support by following @pexel.com

That Sinking Feeling

How do scammers use ChatGPT to improve their phishing emails you ask? Well, simple, the same way people are using this little chatbot to beef up their resume to outsmart the resume reviewer bot. The scammers simply input into ChatGPT something professional to say to you, adding a few official logos here and there, and before you know it you have what seems to sound like an official email from someone you may know or that job opportunity you’ve been looking for.

Once you fall victim to the scam a number of things can happen and none of them are good. Interaction with a malicious link or attachment could have your system compromised by downloading or visiting a redirected site for a drive-by download, at this point depending on the programming in the payload, the file could execute with or without your interaction.

This, in turn, leads to a back door being created for data exfiltration—this is the act of collecting all the information on your machine and sending it to a command-and-control server for either personal use or marketing on the darknet, and possibly seizing control of your machine at a later date.

Learn the scam, then you can play ball.
Photo by RDNE Stock project, please support by following @pexel.com

The Prevention

So, what are some ways one could be able to protect oneself in the vast sea of the internet? Well, double-checking with people who send you emails with attachments to verify it was indeed them is one way of helping yourself.

Always carefully read the body of the message to see if you can spot any misspellings or grammatical errors as this will tip you off into saying, “I know Greg from accounting might be a bit special, but he wouldn’t write something like this.”

If you have encountered a phishing email and downloaded something or interacted with their link, changing all passwords on all accounts you own will be your next best course of action as this will quickly hinder the attacker’s progress into mucking up your life.

Pair this action with monitoring your accounts for any suspicious activity and keeping your financial institution’s number on speed dial in case you have to make that call saying, “Um, yeah, that latest activity wasn’t you,” will see you better in the years to come.

ChatGPT may be helping the scammer’s game, but common sense and a little know-how still outperform all.

I never thought protecting my information would be this easy. Thank you Scriptingthewhy. Love you Z-Daddy!
Photo by Andrea Piacquadio, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Phishing with ChatGPT? Script a comment below.