![]() ![]() ![]() These types of hacks surface as quickly as they disappear, and they tend to be more lethal in the earlier days of the attack where detection software hasn’t identified them. However, due to the sophistication of these types of scams they can be tricky to detect. There are some basic rules of thumb you can execute to prevent identity phishing attacks from happening in your organization. There’s a high chance this type of attack will happen again, as adversaries often repurpose the same techniques again. Moreover, you should review the services your end-users use, like Telegram and WhatsApp, and ensure there is protection here. ![]() Security teams, particularly in organizations with high-risk senior leaders, should assess this type of attack and determine the impact on the business. The AFP are yet to determine who is responsible for the scam at this stage. A lot of the messages sent were referring to contacts in Hong Kong or asked contacts to transfer money to a Hong Kong bank account. Once the victim clicked or downloaded the app the bad actor gains access to their contact book and can impersonate them on the new account and send unsolicited messages. The identity phishing scam sent messages to Senior Diplomats asking them to validate new WhatsApp and Telegram accounts. This is not the first the Australian government has been prey for cybercriminals, earlier on in the year the Parliament House was involved in a sophisticated attack on the computer network. A number of reports were made to The Australian Federal Police about suspicious activities on senior members of the party’s phones. Targets of the phishing attacks included the Finance Minister, Simon Birmingham, and Health Minister, Greg Hunt amongst others in senior positions. About the identity phishing scamĪ cyber syndicate i mpersonated the victims on encrypted messaging services, WhatsApp and Telegram, to gain access to sensitive information and steal money from the victim’s contacts. Organizations should take steps now to prevent themselves from being impacted by a similar identity phishing scam. Cybercriminals often repurpose tactics and tools against other organizations, for example, the techniques used by Hafnium were replicated by other groups to hack 60,000 organizations. The report by Intel 471 added that SMSRanger has an efficacy rate of 80 per cent if the call was picked up and information was provided.īesides SMSRanger, Intel 471 discovered other similar tools like SMS Buster which also offers similar features but is able to collect more information including one's card number and CVV code. With easy-to-use tools like SMSRanger attacking a "secure" app like Telegram, it means that the pool of cybercriminals may expand to cause more scams on the platform.įor more on technology and science news, keep reading sophisticated identity theft scam was used to attack Australia’s Senior Diplomats in April of 2021. Knowing just some simple basic scripting commands on Telegram is enough to set the numbers and targets while allowing impersonation of a bank.Īlso read: Telegram Crosses 1 Billion Downloads, India Is Telegram's Biggest MarketĮssentially, SMSRanger may be used not just by professional hackers but also by unskilled cybercriminals. The bot does most of the work once a target's phone number has been entered. In addition, some services also attack other social media platforms and financial services, according to Intel 471. SMSRanger is unlike other similar tools. In its report, Intel 471 explained how they've noticed malicious activity on Telegram in the last "few months" whereby users are fooled into giving away their passwords or verification codes which are then deliver to the operator of the hacking operation. If the attempt is successful, Telegram bots not only harvest the codes but also allow hackers to overcome the OTP verification system of a bank. In the aftermath of this, one's bank account is compromised and funds may be moved.Īlso read: Telegram 8.0 Now Allows Unlimited Users On Live Stream: How It Works The automated message that are emulating the behaviour of banks then ask users for their one-time password (OTP) codes along with extra account information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |