It'(wa)s 2019 and people still fall for spelling mistakes - Microsoft takes down 50 North Korean phishing sites

[williamcll]

Multiple people were fooled into providing their credentials to websites named rnicrosoft. The hacking group has also compromised systems with malwares named “BabyShark” and “KimJongRAT.”.

Quote

Microsoft has taken control of fifty sites reportedly linked to cyberattacks originating from North Korea. The Windows maker has been successful in a court bid to take down fifty domains used for spear phishing attacks that would both steal personal data and upload malware to infect IT systems.

 

The attacks apparently came from a hacking group known as Thallium, which has been accused of being affiliated with the North Korean government. The court action, filed in Virginia last month, came after both the US Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) teams finalised a long-term investigation into Thallium and its activities, which looked to target employees of governments, international agencies, as well as university staff, mostly based in the US, Japan and South Korea. The spoof emails claimed that the user’s account was compromised, advising them to login to change their account details - but clicking on a link that offered to do so would take the victim to fake phishing sites hosted on one of the malicious domains, which would look to steal personal login details.

The hackers were also able to set up a command to silently copy any new emails to the user without their knolwedge, even if the account password had been changed.

 

Microsoft says that the court decision has now allowed it to take control of the fifty domain names used in the attacks, which have all now been removed.

 

Source:https://www.itproportal.com/news/microsoft-sees-50-north-korean-phishing-sites-taken-offline/

https://blogs.microsoft.com/on-the-issues/2019/12/30/microsoft-court-action-against-nation-state-cybercrime/

Thoughts: You did think microsoft's own phishing filter is smart enough to clear these emails but I guess some still slip pass. Honestly I think the apple phishing mails were more authentic. I bet there emails out there right now originating from "Pomhub" or something silly.

[Fasauceome]

2 minutes ago, williamcll said:

Multiple people were fooled into providing their credentials to websites named rnicrosoft

wonder if modern companies factor in fonts when considering their company names to avoid this

[Levent]

I physically zoomed into my monitor (by leaning forward) to see that.

[williamcll]

2 minutes ago, Fasauceome said:

wonder if modern companies factor in fonts when considering their company names to avoid this

Not with common browser supported fonts it doesn't. Maybe possible if you turn on dyslexia support.

 

 

[Curious Pineapple]

People still believe Indians from "New York" who need to access their bank accounts to get an Amazon refund for something that's not on their account because of "hackers".

 

They're likely targetting the older people with half farked eye sight who won't notice the difference.

[mr moose]

The spelling mistakes and bad grammar are sometimes there intentionally.  These phishing attacks don't actually target  average or higher intelligence people who tend to catch on quicker increasing the chance of things not working.  They want the  people who will still think they haven't been fooled for a week or two so they can get the money and be home free before anyone of significance is informed.   By including the mistakes and poor grammar effectively filters out majority of the respondents that won't net them any return.

 

[Arika]

15 hours ago, Curious Pineapple said:

People still believe Indians from "New York" who need to access their bank accounts to get an Amazon refund for something that's not on their account because of "hackers".

"hello, yes this is the IRS, you own us money, and the only way you can pay us is with itunes gift cards. Also don't tell anyone this is what you're buying them for, otherwise they will call the police and have you arrested for tax-evasion"

 

how people STILL believe this is legit will forever be beyond me

[Beerzerker]

The IRS will never call you - They just show up and that's it.

[mr moose]

31 minutes ago, Arika S said:

"hello, yes this is the IRS, you own us money, and the only way you can pay us is with itunes gift cards. Also don't tell anyone this is what you're buying them for, otherwise they will call the police and have you arrested for tax-evasion"

 

how people STILL believe this is legit will forever be beyond me

They make it that dumb so the ones that fall for it literally don't tell anyone even after the fact.  It is intentionally a con job aimed at those with an IQ below 85.

[circeseye]

1 hour ago, Arika S said:

"hello, yes this is the IRS, you own us money, and the only way you can pay us is with itunes gift cards. Also don't tell anyone this is what you're buying them for, otherwise they will call the police and have you arrested for tax-evasion"

 

how people STILL believe this is legit will forever be beyond me

i love the irs calls. so much fun but dammit they changed their tactics. now when they call its a automated message saying for you to call them before there is a live person lol. i wont call them. easy chance for outside charges

[RonnieOP]

6 hours ago, Arika S said:

"hello, yes this is the IRS, you own us money, and the only way you can pay us is with itunes gift cards. Also don't tell anyone this is what you're buying them for, otherwise they will call the police and have you arrested for tax-evasion"

 

how people STILL believe this is legit will forever be beyond me

Older people usually fall for that out of fear and out of not understanding new technologies.

 

Its sad. One almost got my grandma last year (not as dumb as sending gift cards but she almost gave her bank details). But thankfully she mentioned it to a friend who saved her.

 

Theres a special place in hell for these people and i wouldnt piss on them if they were on fire. 

[Master Disaster]

I've noticed a huge increase in the amount of phishing emails I've been getting for the last few months. I get up to 5 a day every day from Microsoft, Amazon, Netflix, Apple, Google and others. They all say the same thing too, its always either your account is suspended for unusual activity or purchase/delivery failed.

 

I can't even filter them as they come from a new domain every single time. Its actually starting to get annoying. Sometimes I fuck with them and fill out their form using fake details.

[Master Disaster]

9 hours ago, Arika S said:

"hello, yes this is the IRS, you own us money, and the only way you can pay us is with itunes gift cards. Also don't tell anyone this is what you're buying them for, otherwise they will call the police and have you arrested for tax-evasion"

 

how people STILL believe this is legit will forever be beyond me

I had one yesterday saying my car had been involved in an accident, I wasted about 30 minutes of his time before telling him I suffer from a degenerative eye disease, am registered as semi blind and I am not allowed to drive by law. He called me a shit head then hung up very quickly

[circeseye]

22 hours ago, Master Disaster said:

I had one yesterday saying my car had been involved in an accident, I wasted about 30 minutes of his time before telling him I suffer from a degenerative eye disease, am registered as semi blind and I am not allowed to drive by law. He called me a shit head then hung up very quickly

interesting..i havent heard of that one

[Touch My Hamm]

I am a simple man. I do not click links in emails and if a site says I have issues I will direct myself to the site on another tab to confirm. 99.9% of the time they are fake. 

[EldritchMoose]

I got a call last year from a roadside assistance company I had been forced to join back in 2017 (car broke down as I travelled to my wedding, priorities kinda shift when that happens). Apparently my membership fee "had not been processed."

 

The company must have had a data breach because the caller not only called from the country where the roadside assistance company has its main office (for reference, I'm Dutch and the car broke down in England. The call came from France) and they knew down to the month when my car had broken down. It seemed just legit enough until I noticed that they kept asking me leading questions. The icing on the cake was that they offered to "help me settle the matter right away if I just gave them my credit card info."

 

I "looked around for my credit card" for a good 20 minutes before telling them that they had my credit card info on file.

 

It used to be that their voice and bad English was a dead giveaway but in this case it was a lady working for a French company that sounded like a French person speaking English. She knew enough to be a plausible employee of a company with which I had had actual dealings and she knew a few details about these dealings. It's a far cry from the call I received a few years ago where "Microsoft" informed me of "the virus that was affecting my computer" where the dude legit sounded like Apu Nahasapeemapetilon and it was interesting that Microsoft had contacted me since I did not own a Windows machine at the time.

[Brooksie359]

On 1/5/2020 at 11:50 AM, Master Disaster said:

I had one yesterday saying my car had been involved in an accident, I wasted about 30 minutes of his time before telling him I suffer from a degenerative eye disease, am registered as semi blind and I am not allowed to drive by law. He called me a shit head then hung up very quickly

Yeah I have had people call with that credit card account phone scam saying there is something wrong with your account. I didn't have a credit card at the time lol.