Tag: spear-phishing

Programming, Security, Tech

Fishing Made Fun with Bots!

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

You know, every time I read one of these scripts, I learn something new.
Photo by Andrea Piacquadio, please support by following @pexel.com

Okay, so the threat isn’t coming from the future to wipe us out as we once thought. Maybe, and by maybe meaning actually, the threat is here with us in the present day. They attack us every day when checking our email or simply picking up the phone because the scam likely function wasn’t working this go around.

The rise of ChatGPT has not only given people that little nerdy kid to complete their essays for them but people are using a bot to trick a bot in order to land job interviews. But again, with good intentions soon follows malicious ones. 

We’re going to be going over what kind of attack this is, who is using it, its functionality and effects upon release and what are some ways you could protect yourself from being on the receiving end of a malicious connection.

I haven’t been living underneath a Volvo, but I guess hiding isn’t doing me any good neither.
Photo by Mizuno K, please support by following @pexel.com

The Attack

Like most of the computing world and people who haven’t been living underneath a VW 1984 Volvo, that’s a little easter egg for all the old faithful readers. If you’re not one, feel ashamed. Again, for the better part of the internet, most people already know what phishing emails are, but in case you’re unfamiliar and have been living underneath that Volvo, worry not, we have you covered on that one.

Phishing is the act of posing as someone or as part of an organization that an individual may or may not know. The whole objective is to get you (the victim) to interact with the provided link and give up your sweet, sweet information. Once this happens, a number of things can happen, however, the main result is you lose money in some form or fashion.

Who is Greg from accounting, and why did he send me a link?
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Could It Be Now

Unfortunately, no individual or group has been named for using ChatGPT for malicious scams but that doesn’t mean we can’t tell you why they’re doing it. Scammers vary in diversity in ethnicity but many of them don’t diversify in skill level and sometimes… in common sense. Yes, scammers will even try to scam cybersecurity professionals, we don’t know why they do it but, it’s a thing.

Scammers typically use social engineering attacks, mainly phishing. Why? Because it’s easy to obtain an email address for a company, however, they have resorted to spicing up these emails by using ChatGPT.

For those who don’t know what ChatGPT is, we’ll tell you. ChatGPT is a chatbot that is trained to offer humanlike responses in dialogue. In a nutshell, you ask it a question and it gives you something it thinks an average person would say.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Thomas: I told you we lure in more people with ChatGPT.
Simone: Shut up Thomas and keep entering their credit card information.
Photo by Tima Miroshnichenko, please support by following @pexel.com

That Sinking Feeling

How do scammers use ChatGPT to improve their phishing emails you ask? Well, simple, the same way people are using this little chatbot to beef up their resume to outsmart the resume reviewer bot. The scammers simply input into ChatGPT something professional to say to you, adding a few official logos here and there, and before you know it you have what seems to sound like an official email from someone you may know or that job opportunity you’ve been looking for.

Once you fall victim to the scam a number of things can happen and none of them are good. Interaction with a malicious link or attachment could have your system compromised by downloading or visiting a redirected site for a drive-by download, at this point depending on the programming in the payload, the file could execute with or without your interaction.

This, in turn, leads to a back door being created for data exfiltration—this is the act of collecting all the information on your machine and sending it to a command-and-control server for either personal use or marketing on the darknet, and possibly seizing control of your machine at a later date.

Learn the scam, then you can play ball.
Photo by RDNE Stock project, please support by following @pexel.com

The Prevention

So, what are some ways one could be able to protect oneself in the vast sea of the internet? Well, double-checking with people who send you emails with attachments to verify it was indeed them is one way of helping yourself.

Always carefully read the body of the message to see if you can spot any misspellings or grammatical errors as this will tip you off into saying, “I know Greg from accounting might be a bit special, but he wouldn’t write something like this.”

If you have encountered a phishing email and downloaded something or interacted with their link, changing all passwords on all accounts you own will be your next best course of action as this will quickly hinder the attacker’s progress into mucking up your life.

Pair this action with monitoring your accounts for any suspicious activity and keeping your financial institution’s number on speed dial in case you have to make that call saying, “Um, yeah, that latest activity wasn’t you,” will see you better in the years to come.

ChatGPT may be helping the scammer’s game, but common sense and a little know-how still outperform all.

I never thought protecting my information would be this easy. Thank you Scriptingthewhy. Love you Z-Daddy!
Photo by Andrea Piacquadio, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Phishing with ChatGPT? Script a comment below.

Security, Tech

A Stealthy My Little Pony

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

webcam sat on top of monitor.
Not all webcams are set to record but it doesn’t hurt to double check.
Photo by Matheus Bertelli, please support by following @pexel.com

It’s 8:35 AM on a Monday morning and you know what time it is. Time to start your daily routine of shoveling through your email and what could possibly be considered PUMs (Potentially Unwanted Messages).

While skimming through the mass emails of bills, spam that didn’t get caught in the filter, and mail-order brides offers, have you ever had a creepy, eerie vibe that something is a bit off?

You look into the blackness of your webcam and have the feeling that something or someone is on the other side peering back at you.

Have you never had that experience? Okay, it’s just me then. Well, whether you had the feeling that someone was Sam Rockwelling you or not, let me make you aware of the possibility that something could be spying on your every move the next time you log in.

senior man sat across from computer.
Tom: So…am I to talk to it or?
Director: Tom, shut up, we’re trying to take a picture.
Photo by Ron Lach, please support by following @pexel.com

Watching Eyes & London

On the internet of yesteryear, before you had to watch your back online as you did on the dark cold mist-fog streets of London. Don’t ask me how I know, I’ve never been to London but that’s always the setup in movies dealing with the Great Brit.

Life was simple, you could log in, veg out, and log off without worry of passively downloading spyware leading you to feel like Sam Rockwell and asking every five minutes; “Who’s watching me?” What spyware could have you feeling like this? It’s Pegasus, the cute horse with wings based on Greek mythology that every daughter would beg their father to have, it seems harmless, but your safe space will result in a 404 error. This is an error code (for those who don’t know) results when a web page cannot be found.

Pegasus was created by an Israeli cyber-arms company NSO (Niv, Shalev, and Omri: the names of the company founders) Group. NSO created Pegasus to collect important and sensitive information mainly on cellphones but why stop there when the capability of installing it on other devices could be added?

The installation of Pegasus would be triggered via what’s called a “zero-click”- meaning the software could be downloaded without interaction of the individual. So to translate this, this is like the activation of a tripwire, or for all of you Yu-Gi-Oh card game players out there, you’ve activated my trap card and now I can watch every move you make like the Police from the 80s.

a woman walking ahead of a man.
Maria: You didn’t subscribe so it’s over and I don’t know you, Eric. STRANGER DANGER!
Eric: BUT YOU JUST SAID MY NAME!
Photo by RODNAE Productions, please support by following @pexel.com

Followed Faithfully

Now that we have addressed your stalker, how or what is being done while you are unaware of the spyware present? Well, as mentioned earlier, once the tripwire or trap card is activated, this could happen in several ways such as opening an email or text or instant message and like your ideal date that’s withholding a slew of mental health issues, it’s in.

Pegasus is designed to read texts, and emails, monitor your application usage, collect user information (names and passwords), and gain access to your microphone and camera. You may be amazed and wondering, “Wow, what else can it do?” Well, to top all these features off, Pegasus can gain access to your GPS (Global Positioning System) and report back your whereabouts.

Earlier versions of Pegasus were installed on smartphones via weaknesses in commonly used apps or a cyber-attack technique called “spear-phishing”- this is sending a malicious link directly to an intended target for infection. Calling this spyware Pegasus seems like a one-off name, but it’s fitting as its ability to “fly through the air” from infected smartphone to smartphone and from infected device to device.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

electronic devices on top of a table
“I don’t need virus protection.” Every device can come with virus included.
Photo by Pixabay, please support by following @pexel.com

Good Intentions, Bad Market

The NSO Group created Pegasus with the claim that it would be only for use by “authorized” governments in the pursuit of preventing and fighting terror and crime however, this is an opinion; if it’s on the web, the dark web has it, and interested parties have it as well. Again, money is the kind of thing that makes the world go round.

At this junction, you may be wondering; “What devices are on the menu for Pegasus to peg?” Pegasus can peg Android, Blackberry, and iOS. Yes, Apple users, your coveted ecosystem prized Steve Jobs possessions aren’t safe from infiltration by viruses.

However, ironically the device to first discover the Pegasus spyware was through a failed attempt on an iPhone of a human rights activist that led to an investigation on the spyware back in 2016.  

men in black and red miliary uniform in a line.
Hey…what’s that virus doing over there?
Photo by Pixabay, please support by following @pexel.com

Active Protection

Right now, you’re probably wondering,” How can I detect or prevent this spyware from tracking me?” In most cases you would have some tell-tale signs that you may have an infection on your device however, this is not the case with Pegasus.

Though it may seem bleak, there are actions you can take to ensure you, your information, and your devices are safe. Following common best practices of keeping your OS (Operating System) up to date, not downloading any suspicious files from unknown sources, and not clicking on any links sent from someone you trust unless you’ve verified with them that they sent it.

Friendly confirmation can stop friendly fire.

man standing out in a field with a rifle.
To all those who read this and haven’t subscribed…I’m coming to collect. Z-Daddy is going to get his numbers.
Photo by Lukas, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you have any information to add on Pegasus? Script a comment below.