Advisory

“MariSewaBank” Scam

BACKGROUND
 
BruCERT has recently received a number of reports on a scam called “MARISEWABANK”. The scammer contacts victims via SMS containing a WhatsApp link. Once the link is clicked, the victim would be lured into online gambling by promising a profit of 100% to 350% depending on the bank that the victim deposits their money into. The victim will then be asked for their personal and banking details, namely:
•    Bank 
•    Name of account holder 
•    Account number 
•    Online banking username & password 

TELE-SURVEY SCAM

BACKGROUND

BruCERT has received several complaints recently about a tele-survey phone scam allegedly from a company named Prolific, asking people for their personal email address purportedly to send a survey through email. However, the real purpose is to collect sensitive and personal information.

MODUS OPERANDI

Hacked Email Account: What to do and how to prevent it

BACKGROUND
 
According to a study, 91% of cyber-attacks start with an email. Scammers hack email accounts so that they can send messages from a trusted email address in hopes of getting the recipients to take action. Their main goal is to get these email contacts to send money, reveal personal information, or click on a link that installs malware, spyware, or a virus.

IMPACT
 

ADVISORY ON TRICKBOT

BACKGROUND
Trickbot is a malware-as-a-service botnet that is often described as one of the world's largest. It first appeared as banking malware in 2016, used to steal online banking credentials, and is designed to stealthily infiltrate a victim's computer and remain silent thus no particular symptoms are clearly visible on an infected machine.

ADVISORY ON EMOTET ATTACK AGAINST ORGANIZATION

BACKGROUND

Emotet started as a banking trojan in 2014 and has recently returned as a more dangerous malware targeting local government agencies. It acts as a downloader/dropper to deliver trojans and malicious code to infect devices. Emotet typically spreads through phishing emails or spam that contain Microsoft Word attachments or links along with zip files in order to bypass security filters (i.e. antivirus) to lure victims to click on the link or file.

 
IMPACT

ADVISORY ON PHISHING WITH WORMS-EMAIL ACCOUNT TAKEOVER

BACKGROUND

The latest phishing attack has caused a wave of business email account takeovers.

Once an email account is compromised, the account credentials are sent to a remote bot which would then sign into the account and analyse recent emails. For each unique email thread, it would then reply to the most recent email, sending a link to a phishing page to capture credentials. Since the phishing emails are being sent as replies to genuine emails between suppliers, customers, and colleagues, this makes the emails appear trustworthy.

ADVISORY ON PHONE SCAM

BACKGROUND
 
BruCERT has recently received a number of complaints from the public regarding phone scammers impersonating legitimate banks. The scammers contact victims through unofficial channels such as apps like WhatsApp or Viber, usually calling from an international number. They claim to be calling to check all customers’ cards and pressure the victim to reveal personal and financial information.

IMPACT

Fake Technical Support And Scareware

Background

A technical support scam is a form of fraud, utilizing social engineering and fear tactics to fool victims into divulging useful and confidential information or paying for unnecessary support services due to alleged technical error or software problems.

There are 2 common methods of tech support scams: via a phone call and scareware.

Phone call