Monday, July 15, 2024
EHA

Threat Actors Abuse Google Groups to Send Fake order Notifications

Threat actors continue to evolve their spam tactics by utilizing legitimate  Google Groups to send Fake order messages to target multiple users. 

Fake order scams work by notifying victims about the purchase status or confirmation that originally was not placed by the recipient.

They are motivated to steal the victim’s personal credentials – name, address, credit, or banking information, or trick the victim into installing malware on their computer.

Trustwave SpiderLabs has identified a notable surge in these Geek Squad scam email activities delivered via Google Groups.

The new variant of the fake order scam sent to the users to notify them about the victim has been added to the Google group.

Fake Google Notifications Warning

Above is a sample of a scam message sent to the user to join the client support geek squad, and by clicking view, this group will redirect to a fake discussion group.

Later, threat actors can automatically add email addresses, even non-Gmail accounts, into a group and start spamming users. 

Fake Email

The spam email notified the users about the renewal of their membership in Geek Squad and the amount for the renewal. The customer ID was mentioned to make it legitimate.

It also leaves the customer care number to contact the support team to avoid charging the amount if they do not wish to continue.

If the victims contact the customer care number mentioned in the email, it will connect with spammers, and they are asked to update the online form.

They then instruct the victims to access a website where an application can be downloaded to access the victim’s machine remotely. 

Once the scammer has remote access, they pretend to process the refund while secretly browsing their files and accessing sensitive information such as personal documents, banking details, and passwords.


These deceptive schemes cause financial harm to victims and lead to breaches of their personal data.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles