US court docs expose fake antivirus renewal phishing tactics

In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails.
The now-executed seizure warrant was submitted by Special Agent Jollif of the United States Secret Service to recover funds stolen in a fake Norton subscription renewal email that led to the threat actor gaining access to a victim's PC and bank account.
These phishing emails claim that the recipient is about to be charged for renewing an antivirus subscription license and to call the enclosed number to cancel it.
The victim calls the phone number listed on the email, and from there, the scammers direct them to perform various actions such as installing remote access software on their computers, infecting themselves with malware, and entering their account credentials on a phishing page.
This type of scam has been ongoing for many years, but Jollif stated that the activity has recently risen to higher volumes.
One case highlighted in the court document mentions a victim who received a phishing email on November 28, 2023, alleging that he would be charged $349.95 for a Norton antivirus subscription unless he canceled the charge.
While the court document does not show the phishing email received in this attack, it is likely similar to the one shown below that was seen in past attacks.
After calling the scammers, the victim was tricked into giving them remote access to his laptop, supposedly needed to ensure the $349.95 was refunded to his account.
At that point, the scammer alleged that $34,000 was refunded by error, and the victim was asked to return the amount to avoid legal trouble.
The victim complied with the instruction, seeing that his checking account now had a new $34,000 deposit that he assumed originated from Norton.
In reality, the scammer had overlaid a blue screen on the monitor so the victim couldn't see his actions and transferred $34,000 from the victim's own Money Market account to their checking balance.
After the fraudulent activity was identified, on December 7, JP Morgan Chase restricted Zhou's access to the funds in his accounts, and these funds were moved to a suspense account controlled by the bank.
Jollif's application seeks to seize the $34,000 derived from Zhou's activities, considering it potentially criminal proceeds.
Zhou now faces charges of wire fraud and involvement in a phishing scam and might also be charged with possible money laundering, bank fraud, and conspiracy to commit wire fraud.
Crypto wallet founder loses $125,000 to fake airdrop website.
FTC offers $25,000 prize for detecting AI-enabled voice cloning.
US detains suspects behind $80 million 'pig butchering' scheme.
SIM swapper gets 8 years in prison for account hacks, crypto theft.
Framework discloses data breach after accountant gets phished.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 15 Jan 2024 21:20:04 +0000


Cyber News related to US court docs expose fake antivirus renewal phishing tactics

2023 Year in Review: The U.S. Supreme Court's Busy Year of Free Speech and Tech Cases - The U.S. Supreme Court has taken an unusually active interest in internet free speech issues. EFF participated as amicus in a whopping nine cases before the court this year. The court decided four of those cases, and decisions in the remaining five ...
11 months ago Eff.org
US court docs expose fake antivirus renewal phishing tactics - In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. The now-executed seizure warrant was submitted by Special Agent Jollif of the United States ...
11 months ago Bleepingcomputer.com
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
11 months ago Therecord.media
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
10 months ago Techrepublic.com
Watch out for "I can't believe he is gone" Facebook phishing posts - This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform. As the posts come from your friends' ...
11 months ago Bleepingcomputer.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
11 months ago Helpnetsecurity.com
Records of Crucial Cases May Have Been Compromised by a Cyberattack on Victoria's Court System - An independent expert believes that ransomware was used to assault Victoria's court system and that the attack was coordinated by Russian hackers. According to a representative for Court Services Victoria, hackers gained access to a portion of the ...
11 months ago Cysecurity.news
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
EFF Helps News Organizations Push Back Against Legal Bullying from Cyber Mercenary Group - For the last several months, there has emerged a campaign of bullying and censorship seeking to wipe out stories about the mercenary hacking campaigns of a less well-known company, Appin Technology, in general, and the company's cofounder, Rajat ...
10 months ago Eff.org
It's Time For Lawmakers to Listen to Courts: Your Law Regulating Online Speech Will Harm Internet Users' Free Speech Rights - Despite a long history of courts ruling that government efforts to regulate speech online harm all internet users and interfere with their First Amendment rights, state and federal lawmakers continue to pass laws that do just that. Three separate ...
5 months ago Eff.org
EFF Continues Fight Against Unconstitutional Geofence and Keyword Search Warrants: 2023 Year in Review - EFF continues to fight back against high-tech general warrants that compel companies to search broad swaths of users' personal data. In 2023, we saw victory and setbacks in a pair of criminal cases that challenged the constitutionality of geofence ...
11 months ago Eff.org
Victoria court recordings exposed in reported ransomware attack - Australia's Court Services Victoria is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. CSV is an independent statutory authority that provides services to Victoria's court systems, ...
11 months ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
10 months ago Gbhackers.com
When It Comes to January 6 Lawsuits, a Court Splits Donald Trump in Two - Donald Trump, the president, may well be immune from any civil action for allegedly inciting an attack against the US Capitol on January 6, 2021. The candidate, is not, an appellate court in the District of Columbia says. "When a first-term President ...
1 year ago Wired.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
7 months ago Hackread.com
CVE-2012-1443 - The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command ...
12 years ago
CVE-2012-1459 - The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ...
6 years ago
International Criminal Court systems breached for cyber espionage - The International Criminal Court provided additional information about the cyberattack five weeks ago, saying that it was a targeted operation for espionage purposes. The intergovernmental organization disclosed the breach on September 19, a few days ...
1 year ago Bleepingcomputer.com
Australian Court Service Hacked, Hearing Recordings at Risk - Court cases and tribunals in Australia have been impacted by a cybersecurity incident, with attackers potentially accessing recordings of hearings, according to the Court Services Victoria. The CSV revealed the incident in a statement on January 2, ...
11 months ago Infosecurity-magazine.com
Cyberattackers breach trove of Victoria court recordings The Register - The court system of Victoria, Australia, was subject to a suspected ransomware attack in which audiovisual recordings of court hearings may have been accessed. The incident began on December 8 and attackers may have accessed hearings between November ...
11 months ago Go.theregister.com
US govt wants BreachForums admin sentenced to 15 years in prison - The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison. BreachForums was a notorious cybercrime forum that ...
11 months ago Bleepingcomputer.com
Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
2 months ago Bleepingcomputer.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
9 months ago Cyberdefensemagazine.com
US moves to recover $2.3 million from "pig butchers" on Binance - Pig butchering is a social engineering scam where fraudsters contact people on social media and messaging platforms to build trust. They eventually trick the person depositing cryptocurrency into fake investment sites, where the victim is deceived ...
9 months ago Bleepingcomputer.com
CVE-2009-1431 - XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)