🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
CloudSEK XVigil's Fake Social Media Handles module helps you combat fake identities and protect your brand reputation, ensuring a secure digital presence
Schedule a DemoThe COVID 19 outbreak has significantly changed the way we operate in our day-to-day lives. From the unprecedented shift to remote working, to the dependency on online outlets for the fulfillment of even our most basic needs, the internet has become both our boon and our bane. So, it should come as no surprise that the pandemic is marred with an uptick in sophisticated phishing email schemes by cybercriminals who are on a constant lookout for footholds to infiltrate a company or an organization.
Social engineering is the formal name for the psychology of persuading and manipulating people into feeling a sense of urgency in taking a certain action. Think about advertisers convincing us to believe that a certain brand of jeans is cooler than the other. Or how massive public health campaigns remind you to get your shot. While this may seem like an innocent marketing trick or a simple awareness drive, in Cybersecurity, Social Engineering has a more sinister motive. Attackers often use all sorts of psychological tricks to lure their victims into opening dodgy emails, clicking suspicious links, handing over passwords, downloading sketchy attachments, and engaging in other unsafe behaviors that may ultimately lead to large scale ransomware attacks or data breaches.
Social engineering attacks are possibly one of the most dangerous forms of security and privacy attacks since they are technically oriented to psychological manipulation and have been growing in frequency with no end in sight. Recent reports have shown that 99% of cyber attacks use social engineering techniques to trick users into installing malware. So, it is important to educate yourself and your workforce on some key indicators of scams and frauds.
Social engineering has been one of the largest threats to an organization’s cybersecurity for some time. Scammers are becoming more clever and sophisticated in their attack methods. Several instances have occurred wherein people receive phone calls that appear to be from their bank. The caller sounds legitimate and provides a convincing reason for calling the customer. After comforting the victim with a false blanket of security, the victim is often tricked into giving away their personal and confidential data such as:
With all such crucial information at hand, a fraudster can easily carry out illegal financial transactions using the victim’s name.
Manual fomite of such attacks is quite cumbersome since it requires a lot of human effort to collect the data, analyze, and convince the victim to share their OTP. But cybercriminals have chanced upon a lucrative solution to this problem. They have hopped upon advanced technology that scams using bots that are ultimately safe and steady for the attackers since there are no aftermath traces to be taken care of. This has understandably caused a surge in underground forums and markets with advertisements sales of OTP/ SMS bots. We may call it an automated social engineering tool.
Bots are automated to do certain tasks and interactions, and can often run without human assistance. They take up a huge amount of the traffic on the internet, and there are both good and bad bots.
Good bots often crawl the internet to match our needs and requirements accordingly. Google bots, for instance, help catalog what’s online, so that our search results may be faster and more optimized. Chatbots on the other hand are a good substitute for customer services since they engage with the users to note and cater to them accordingly.
The bad or malevolent bots, on the other hand, can be programmed to break into users’ accounts and steal data, infect computers with dangerous viruses or malware, or perform incessant spamming which ultimately brings down the website. Cybercriminals use bad bots to take over a computer and link it to others to make a network of “zombie computers” called a botnet that can then launch large-scale cyber attacks, thereby blocking users from the internet altogether.
ASC (Asylum for real carders) is a China-based English cybercriminal forum that was launched in 2019. ASC initially started out as a small carding-based forum, but since 2021 has accumulated almost 16,116 members, a relatively large number for a platform that has been active. As a result, the site has more than 250 daily visitors and has 2022 threads. The most active section on ASC is the ‘Carding & Hacking’ Zone, which includes subforums relating to virtual carding, bank carding, cardable sites, hacking tools, payment systems, and tips for newbies on carding activity and methods. Some of the forum’s staff members appear to be particularly active in this section and have created a high proportion of its threads.
The forum added new sections such as VERIFIED MARKET and PREMIUM SECTION. Generally, such forums provide a black marketplace for cybercriminals to exchange malicious tools and services that facilitate all stages of cyber carding crime.
SMS Ranger is an OTP & SMS capture bot that is capable of getting OTP & SMS codes from victims by impersonating a company or bank. These bots help to get OTP for logins, banks, credit cards, Apple Pay, and more. Traditional methods like SIM swapping for OTP codes are not required. These bots can capture any OTP/ 2FA codes as well as personal info. The service cost is based on the country and monthly subscription as mentioned in the platform:
The package includes unlimited calls to the US, Canada, or the UK. For all other countries, the service is available for USD 300.
The key features of this service are:
Users usually have to create an account and sign up or contact the service provider via Telegram to avail the bot service through these websites. Scammers generally collect personal information on the dark web or even on social media to sabotage even the most vigilant of people. On the other hand, card leaks from carding shops and data breaches give social engineers more personal information to exploit in a social engineering attack, thereby substantially catalyzing their chances of targeting individuals and committing fraud in the digital age.
This fraudulent scam involves simple steps:
This bot also has a new feature of asking users the number of digits present in the OTP. This in turn helps to avoid the victim from inputting a wrong OTP or none at all.
Explore the escalating wave of cyber threats on platforms like Google Groups and Usenet, uncovering the pivotal role of cybersecurity in safeguarding online discussion forums.
Threat actors have been abusing advertisement services to serve malware to users and redirect traffic to websites purchasing services from them.
A detailed blog on Analysis of the Global Malware Trend: Exploiting Undocumented OAuth2 Functionality to Regenerate Google Service Cookies Regardless of IP or Password Reset.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
min read
Advanced Automated Social Engineering Bots: The High Tide of Social Engineering Bots and the Scammers Riding Them
The COVID 19 outbreak has significantly changed the way we operate in our day-to-day lives. From the unprecedented shift to remote working, to the dependency on online outlets for the fulfillment of even our most basic needs, the internet has become both our boon and our bane. So, it should come as no surprise that the pandemic is marred with an uptick in sophisticated phishing email schemes by cybercriminals who are on a constant lookout for footholds to infiltrate a company or an organization.
Social engineering is the formal name for the psychology of persuading and manipulating people into feeling a sense of urgency in taking a certain action. Think about advertisers convincing us to believe that a certain brand of jeans is cooler than the other. Or how massive public health campaigns remind you to get your shot. While this may seem like an innocent marketing trick or a simple awareness drive, in Cybersecurity, Social Engineering has a more sinister motive. Attackers often use all sorts of psychological tricks to lure their victims into opening dodgy emails, clicking suspicious links, handing over passwords, downloading sketchy attachments, and engaging in other unsafe behaviors that may ultimately lead to large scale ransomware attacks or data breaches.
Social engineering attacks are possibly one of the most dangerous forms of security and privacy attacks since they are technically oriented to psychological manipulation and have been growing in frequency with no end in sight. Recent reports have shown that 99% of cyber attacks use social engineering techniques to trick users into installing malware. So, it is important to educate yourself and your workforce on some key indicators of scams and frauds.
Social engineering has been one of the largest threats to an organization’s cybersecurity for some time. Scammers are becoming more clever and sophisticated in their attack methods. Several instances have occurred wherein people receive phone calls that appear to be from their bank. The caller sounds legitimate and provides a convincing reason for calling the customer. After comforting the victim with a false blanket of security, the victim is often tricked into giving away their personal and confidential data such as:
With all such crucial information at hand, a fraudster can easily carry out illegal financial transactions using the victim’s name.
Manual fomite of such attacks is quite cumbersome since it requires a lot of human effort to collect the data, analyze, and convince the victim to share their OTP. But cybercriminals have chanced upon a lucrative solution to this problem. They have hopped upon advanced technology that scams using bots that are ultimately safe and steady for the attackers since there are no aftermath traces to be taken care of. This has understandably caused a surge in underground forums and markets with advertisements sales of OTP/ SMS bots. We may call it an automated social engineering tool.
Bots are automated to do certain tasks and interactions, and can often run without human assistance. They take up a huge amount of the traffic on the internet, and there are both good and bad bots.
Good bots often crawl the internet to match our needs and requirements accordingly. Google bots, for instance, help catalog what’s online, so that our search results may be faster and more optimized. Chatbots on the other hand are a good substitute for customer services since they engage with the users to note and cater to them accordingly.
The bad or malevolent bots, on the other hand, can be programmed to break into users’ accounts and steal data, infect computers with dangerous viruses or malware, or perform incessant spamming which ultimately brings down the website. Cybercriminals use bad bots to take over a computer and link it to others to make a network of “zombie computers” called a botnet that can then launch large-scale cyber attacks, thereby blocking users from the internet altogether.
ASC (Asylum for real carders) is a China-based English cybercriminal forum that was launched in 2019. ASC initially started out as a small carding-based forum, but since 2021 has accumulated almost 16,116 members, a relatively large number for a platform that has been active. As a result, the site has more than 250 daily visitors and has 2022 threads. The most active section on ASC is the ‘Carding & Hacking’ Zone, which includes subforums relating to virtual carding, bank carding, cardable sites, hacking tools, payment systems, and tips for newbies on carding activity and methods. Some of the forum’s staff members appear to be particularly active in this section and have created a high proportion of its threads.
The forum added new sections such as VERIFIED MARKET and PREMIUM SECTION. Generally, such forums provide a black marketplace for cybercriminals to exchange malicious tools and services that facilitate all stages of cyber carding crime.
SMS Ranger is an OTP & SMS capture bot that is capable of getting OTP & SMS codes from victims by impersonating a company or bank. These bots help to get OTP for logins, banks, credit cards, Apple Pay, and more. Traditional methods like SIM swapping for OTP codes are not required. These bots can capture any OTP/ 2FA codes as well as personal info. The service cost is based on the country and monthly subscription as mentioned in the platform:
The package includes unlimited calls to the US, Canada, or the UK. For all other countries, the service is available for USD 300.
The key features of this service are:
Users usually have to create an account and sign up or contact the service provider via Telegram to avail the bot service through these websites. Scammers generally collect personal information on the dark web or even on social media to sabotage even the most vigilant of people. On the other hand, card leaks from carding shops and data breaches give social engineers more personal information to exploit in a social engineering attack, thereby substantially catalyzing their chances of targeting individuals and committing fraud in the digital age.
This fraudulent scam involves simple steps:
This bot also has a new feature of asking users the number of digits present in the OTP. This in turn helps to avoid the victim from inputting a wrong OTP or none at all.