Hackers have been impersonating people for a long time and creating fake profiles on social media. After that, by sending malicious links from that profile, they are stealing people's e-mail usernames and passwords. Hackers are becoming more skilled and sophisticated at handling personal information.
Such a warning was recently issued by the National Cyber Security Center (NCSC), the cyber security wing of the UK's intelligence service GCHK. The agency has warned that various organizations and individuals from various sectors have been targeted by this fraud.
According to the agency, the ultimate goal of such scams is to get the victim to click on malicious links. Those links look normal and have login pages, but they are fake. Giving the login password to those links means inviting hackers to your account. Hackers then misuse that account or use it to take over someone else's account. Many of these malicious links look like cloud software Google Drive, OneDrive and other file sharing websites.
In one scam, the attackers make a Zoom call to the victim and send a malicious web address or URL to the chat bar during the call.
In addition, hackers create multiple characters (all under their control) in decoy traps to make their presence appear credible.
Hackers make extensive preparations to carry out such fraudulent cyber attacks. They use profiles on social media and various websites. It tries to learn as much as possible about the target. Hackers try to find out what their (target) occupation is in real life and also gather personal contact addresses.
According to the NCSC, such activities are the work of cyber attackers based in Russia and Iran. But there is no relation between them. It doesn't matter who the attackers impersonate, or what bait they use.
The biggest trick of hackers is their patience. They take a lot of time to build a relationship with the victim. They don't prompt the victim to click on malicious links. Gradually gaining trust. The process begins by sending an e-mail. Where they seem very modest. This catches the victim's attention.
Then send e-mails to the person repeatedly. Sometimes it takes longer to send. Keep sending links until user trust is gained.
The link sends behind a document or website, which the user finds interesting and relevant. Through this they take control of the user's server. When the victim enters the username and password to access the link, it goes to the attackers.
According to the NCSC, hackers take control of accounts, steal information and files from them, and monitor e-mail exchanges. It also uses them to take control of the accounts of people in the victim's contact list.
What to do with caution
NCSC has asked users to be alert about various cheating techniques. Be especially careful with e-mails that are used for professional purposes.
The agency recommends using strong passwords to protect e-mail accounts, using different passwords for each account. This will keep the others safe even if one account's password is stolen for some reason.
Apart from this, it is recommended to adopt a multi-dimensional verification system. Even if passwords are stolen, it will be detected that they have been stolen. Apart from this, the device's security measures must be updated.
Data source: ZDnet
0 Comments