Republished on March 17th with reports into another dangerous online threat.
Following hot on the heels of the FBI’s warning for Americans to delete fraudulent texts as a malicious scam sweeps across America, here comes another alert as a very different kind of threat has emerged. The latest scam targets both smartphone and desktop users through websites crafted to steal your passwords, financial information and wallets.
This time it’s utility websites in the bureau’s crosshairs, as it “increasingly sees a scam involving free online document converter tools.” These are the simplest, most innocuous websites, but criminals are using “converter tools to load malware onto victims’ computers, leading to incidents such as ransomware.”
“The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place,” the FBI says in an online warning via its Denver field office. “If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need.”
It’s not just websites, of course, there are a raft of dangerous conversion tools on smartphone app stores as well. But unlike the official Google and Apple stores, there are no defenses preventing criminals publishing malicious websites. You’re reliant on the security tools built into your browser and common sense. “Unfortunately, many victims don’t realize they have been infected by malware until it’s too late, and their computer is infected with ransomware or their identity has been stolen.”
The FBI’s advice as ever is to “take a breath, slow down and think. Be aware of your actions online and what risks you could be exposed to.” In addition, PC users should ensure they have some form of updated antivirus software running on their machines. You will also benefit by enabling safe browsing if available on your browser.
Chrome and Safari dominate the mobile browsing market, and with Edge do the same across desktops. Whether using those or other browsers on your phone or desktop, if you think you might have fallen foul off a such a scam, you can report it at IC3.gov, and more critically you should change your passwords and check your online accounts.
This is just the latest warning for web and app users to avoid utility tools that are stupidly simply for an attacker to create and which will always find a ready audience. If you need to convert documents, use a tool from an established provider or the stock ones available with your OS or other platforms. You certainly should not send any files to the cloud for conversion, provide personal information or install software.
And this isn’t the only online document warning doing the rounds. Per Bleeping Computer over the weekend, “cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.” These are “malicious OAuth apps” that are “impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.”
This warning comes courtesy of the research team at Proofpoint, and highlights the risks with online services that easily lure users into clicking links. While a URL in an email might raise concerns, we are all now used to receiving DocuSign or Adobe links that we click through. It has proven too easy for criminals to add brand impersonation into the mix, and when an attack is highly targeted this becomes difficult to spot.
While this latest campaign impersonated “charities or small companies using compromised email accounts,” last year government agencies themselves were being mimicked. SlashNext warned of a “concerning turn,” as “businesses that regularly interact with state, municipal, and licensing authorities” were targeted. This came as a 98% increase in the use of DocuSign phishing URLs” was flagged.
Coming full circle, the FBI has also warned this month that scammers are even impersonating federal agencies, as citizens are presented “with a fraudulent federal warrant and asked to pay fines to clear it up.”
Be careful out there.