This updated advisory provides additional red flag indicators and due diligence measures to help victims who have been in contact with fictitious law firms conducting this fraudulent activity.
This scheme combines a number of exploitation tactics including targeting vulnerable populations, particularly the elderly; exploiting victims’ emotional state and financial need to recover funds from a previous scam; and giving victims the sense of safety and security by impersonating or falsely affiliating themselves with multiple government entities. Contact with scammers impersonating law firms continue to pose many risks, including the theft of personal data and funds from unsuspecting victims to the reputational harm of actual lawyers being impersonated.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response
August 19, 2019
In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro™ Deep Discovery™ Inspector that turned out to be related to EternalBlue, an exploit perhaps more popularly known for being used in the WannaCry attacks. After the discovery, we sent our first alert to the ...
- Hackers Use Fake NordVPN Website to Deliver Banking Trojan
August 19, 2019
The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims’ computers. This allows them to focus ...
- Router Network Isolation Broken By Covert Data Exfiltration
August 18, 2019
Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host. The boundary insulates sensitive or critical ...
- DanaBot banking Trojan jumps from Australia to Germany in quest for new targets
August 15, 2019
The DanaBot banking Trojan is on the move and has traveled across the sea in a pivot from its original focus on Australia to strike European targets. DanaBot was first discovered by Proofpoint researchers last year. The malware was observed striking Australian targets of financial value, but at the time, DanaBot appeared to come from only one threat ...
- Analysis: New Remcos RAT Arrives Via Phishing Email
August 15, 2019
In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is ...
- Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
August 13, 2019
Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week. A Mirai variant that calls itself “Asher” surfaced on July 30, then a Bashlite ...