cybersecurity new yorkFBI warns of scammers who pretend to be refund payment websites for financial institutions in order to steal sensitive information from victims.

Federal law enforcement agencies stated that scammers trick victims into giving them access to their computers via phone calls or email by pretending to be representatives of computer repair or technical companies.

According to the FBI scammers usually start by stating that the service must be renewed. They also include a fee of $300 to $500 USD which will be refunded. This creates a sense urgency in victims and prompts them to provide information to get a refund.

"In this instance, the scammers pretended to help the victim obtain a refund by gaining remote control to the victim's PC."

Tech support scams are not new. However, the FBI stated that con artists have been using scripts to imitate refund payment gateways in command prompt window windows.

Some scripts mimic Chase Bank, JPMorgan Chase’s division for commercial and consumer banking. Other batch files that were used in this tech support campaign were also discovered. These batch files enable dynamic customization through the modification of the output bank name via Windows environment variables.

These scripts, however, aim to collect the targets' financial and personal data (such as full names, bank names, ZIP codes, refund amounts) in order to facilitate illegal wire transfers of money from victims' bank accounts.

The FBI says that malware can launch a command prompt designed to look like a service interface.

There are many pauses in the script that encourage interaction with users as they wait for a refund or another action to take place.

Individuals who are victims of tech support fraud should immediately report it to the Internet Crime Complaint Center.

Potential victims were also warned by the FBI NOT to grant remote access to their computers or send wire transfers as a response to advice received via telephone or internet.

Caffine Phishing-as-a-Service Platform on the Rise

phishingPhishing as a Service (PhaaS), platforms such as "Caffeine" have made it possible for threat actors to launch sophisticated attacks. Anyone can sign up for these platforms through an open registration process.

Mandiant security experts discovered these threats for the first time while investigating large-scale phishing campaigns. This campaign was designed to steal Microsoft 365 credentials.

Caffeine, now known as a threat to PhaaS platforms, was discovered by the company. It had a low entry barrier with many features.

An economy underground has made phishing assaults possible and Caffeine was the first to stand apart from other phishing-as-a-service platforms.

This new generation of PhaaS platforms gained popularity quickly because they provide built-in features that cybercriminals can use instead of paying for service providers to do the work.

Caffeine-like platforms make it easier for cybercriminals to get in touch with them than other PhaaS platforms. They allow anyone with an email address to register to use their services. Others require existing subscribers to endorse or refer them, or work through underground forums to access their services.

Caffeine was discovered for the first time in a subscription-based licensing structure. There were several service tiers, and you could sign up for Core Caffeine accounts.

Caffeine's administrators announced significant updates to the platform, including new features and support. However, attackers have many other options for phishing emails designs. This includes webmail phishing lures that target subscribers to major Russian and Chinese services.

Phishing attackers are constantly looking for ways to improve their techniques, particularly in response to automated detection techniques via email and security protection platforms.

Mandiant researchers recommended that companies implement security measures to safeguard themselves against attacks like the one caused by Caffeine.

Inexperienced cybercriminals can launch sophisticated attacks using the Caffeine phishing platform. To protect themselves against this threat, companies should take the necessary security precautions.

In today's internet world almost anyone can launch an attack on your company's network. Are you ready? Call Integrated Technology Systems if you have any doubts.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017