There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage of the fear around the virus pandemic, sending phishing and scam emails to Microsoft OneDrive users, trying to profit from Coronavirus/COVID-19. They will pretend to be emailing from government, consulting, or charitable organizations to steal victim’s OneDrive details. OneDrive scammers will steal sensitive account information like usernames and passwords.  We would like to educate McAfee users and the public about the potential risks with these scams.

Nefarious Groups Attempt to Harvest Users’ Credentials

Below we will take you through three examples of this kind of attack, coming from a government organization, consulting firm and a charitable organization hosted in OneDrive to make them appear more genuine to users. As the screenshot below illustrates, the goal is to steal the user’s OneDrive credentials.

Fake Government Email Baits Victims

Scammers pretend to be from government offices and deliver documents that contain the latest live questionnaire regarding COVID-19. Remember: governments do not generally email the masses, sending unrequested documents, so a user could verify by examining the sender email address and location in the email headers and could visit the legitimate government site to see if there is COVID-19 information there instead.

When the folder in the above image is clicked on, it redirects to the screenshot shown below.

A warning saying “Hmm… looks like this file doesn’t have a preview we can show you” baits the visitor into clicking on the Open button. When clicked, it takes them to the below OneDrive screenshot prompting them to enter their personal information.

Notice that the link points users to a vulnerable WordPress site that contains a credential phishing landing page. A user should be aware that a legitimate OneDrive login page will never be hosted on a non-Microsoft domain. This should be a red flag to the user that this may be a scam or phishing attack.

 

As intended by the scammers, the user cannot access the OneDrive document to view the updated government questionnaire and, instead, will receive an error message to try again later.

By this stage, the scammers would have already stolen the user’s OneDrive personal information.

Fake Consulting Firm Attempts to Trick Users with Secured Document

Scammers pretend to be a consulting firm to share a secured document with the customer regarding the COVID-19 pandemic. Accepting an email document from a random and unsolicited consulting firm should be regarded as suspicious.

 

 

If a recipient clicks on the Download PDF link, it will take them to the page shown above where they are prompted to login. If they do so, it brings them to the below Microsoft login page where they enter their email address and password.

After attempting to sign in, the victim will be presented with an error message, as seen in the below screenshot.

When they enter their OneDrive information they will receive an error message saying, “Sorry, but we’re having trouble signing you in”. However, by this point, the scammers have already stolen the user’s OneDrive information.

Fake Charitable Organization Tries to Trick Volunteers

Some emails appear like charitable organizations looking for volunteers to help the community.

 

If someone clicks on the open PDF link, it will take them to the below OneDrive login page.

Scammers are trying to harvest company and individual OneDrive credentials by pretending to appear as a non-profit organization looking for volunteers.

 

The user is then presented with a login screen requesting their credentials.

However, they should notice the URL hosting the OneDrive login page is not from a Microsoft domain and should be regarded as suspicious.

Advice to Consumers

Consumers should be aware of scammers trying to harvest OneDrive details and should follow these best practices: –

• Be careful of any charity or businesses requesting their OneDrive user information. Stick with organizations known to be reputable.
• Never share financial or personal information over the phone, via email or with untrusted sites.
• Remember that legitimate organizations will almost never send an email asking for personal information.
• Never click on suspicious links or download attachments from unknown sources.
• Never log in to a web page reached through a link from an email.
• Remember email addresses can be spoofed so if a message looks suspicious, contact the sender via a known telephone number taken from their official website.

Advice to Organizations

• Organizations should activate multi-factor authentication to prevent stolen credentials from been used to access OneDrive or Office 365 accounts.
• Ensure all employees are aware of the threat posed by OneDrive and Office 365 phishing scams and consider security awareness training where appropriate.

 

If you find suspected scam sites, please submit them to McAfee for review at https://trustedsource.org as well as reporting them to your local law enforcement.

The post OneDrive Phishing Awareness appeared first on McAfee Blog.

There are number of ways scammers use to target your money or personal details.  These scams include support sites for services such as Office365, iCloud, Gmail, etc. They will charge you for the service and steal your credit card details. Software activation scam sites will steal your activation code and they may resell it at a low cost.

There have been many articles about these types of scams, including one we posted earlier this year about support scams – https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam.

In this article, we would like to provide more examples of the scam sites and tips to help you spot them and avoid entering your personal information.

Scam sites may include these major services’ names in their domains, and include links for the official sites, to appear like legitimate (authorized) support for these companies.

The screenshots below are examples of various types of scam sites.

This one is an example of a software activation scam site. It targets users who are confused about how to set up their software. As shown below, the scammer asks users to enter their personal information and the activation key, pretending to help with the software setup.

On the same page, it provides the details on how to find the activation key and how to set up the software.

After following these steps and entering the personal information, you get an error as shown in the screen shot below.

At this time, the scammer has already received the user’s information, which could then be used for financial gain. As the error occurs, they expect the user to call the numbers above and they will charge the user for that call, even though they can get the same service for free from the respective software companies. This activation code can then be sold at a low cost on pirated software sites.

When you encounter a site which you suspect to be a support scam, try Googling its phone number. You may be surprised that a lot more of other support scam sites with the same phone number will appear in the results. In this example, the same number is linked to at least 4 other support scams.

For these sites, they have the same appearance as shown in the screenshot below.

The below screenshot shows a typical scam site that tries to mimic the official site but is not as professional. It only provides the phone number and contact form, and nothing else.

 

Users may encounter these sites in various ways:

• By clicking on links from unsolicited emails.
• From pop-up ads from risky sites such as illegal movie streams.
• Ad campaign pop-ups from otherwise legitimate sites that have had malicious ads injected or not thoroughly vetted.
• Advertised in online classified ads, forum posts and blog sites.
• Advertised in Social media sites such as Facebook, Reddit, YouTube and Tumblr.

One way to be sure that you have the correct contact information is to get it from the legitimate website.  When you search for the contact information, always make sure that the search result shows the link to the respective organization.  Please be aware that this may not always come up on top of your search.

When you click the link in the search result, make sure that you land on the expected site.

Advice to Consumers:

Online users should be careful in their choices of trying to get technical support and activation setup.

Consumers should be aware that these companies will not send unsolicited email messages or unsolicited phone calls to request users’ personal or financial information to offer technical support to fix their computer or for activation setup.

As highlighted in this blog, a user will often be presented with a fake error screen to be tricked into calling a premium rate phone number. Warnings or error messages from legitimate companies never include their phone numbers.

Users do not have to pay for such a service which they can get from the respective companies directly for free. Also, software companies will never ask you to pay with Bitcoin or gift cards. Users should only use the official website and, if unsure, they should contact the official website via its contact form.

These tech support domains may be registered in various countries. Their lifespan may be short, like a year or two. Just for the examples listed in this article, the average domain life cycle was 2.1 years. They mimic the look and feel of the official web sites by copying the logo and other graphics, but they are often not quite as professional looking as the official ones.

If you find suspected scam sites, please submit them to McAfee for review at https://trustedsource.org as well as reporting to your local law enforcement.

The Below Discovered and Analyzed URLs are Covered By WebAdvisor

hxxps://www-norton-com-setup.xyz
hxxp://nortoncomsetup.co/
<hxxp://mcafeeactivate.support
hxxp://www.yourpcassistant.com
hxxp://manage-norton-setup.com/
hxxp://contacttechassistance.com/
hxxps://i123hp.com
hxxps://canon.com-ijsetup.com
hxxp://www.mydragonsupport.com
hxxps://www.retail-cards.com/
hxxps://wwwofficesetup.com/
hxxps://how-tosetup.com/
hxxps://www.sbcglobalsupportnumber.com
hxxps://acersupportnumber.com
hxxps://www.canonsupportnumber.org/
hxxps://applesupportnumber.net/
hxxp://mssetup.com
hxxp://officecomsetup.support
hxxp://wwwofficesetup.com
hxxp://howtoactivatemcafee.com
hxxp://www-mcafee-com-activate.co.uk

The post Top Tips to Spot Tech Support Scams appeared first on McAfee Blog.