New research has revealed that over 2,000 WordPress sites have hacked as part of a campaign to redirect visitors to a number of scam sites which contain unwanted notification subscriptions, fake surveys, giveaways and even fake Adobe Flash downloads.
The attackers have written their scripts so that visitors without administrative privileges will be redirected through a series of sites that will eventually lead them to various scam pages. These pages then tell users that they must subscribe to browser notifications in order to proceed.
WordPress Scam
Site owners who use WordPress need to be aware of a new technique that scammers are using to phish for WordPress login credentials: fake copyright and trademark infringement notices. If you or an employee fall for this attack, your entire site could fall into the hands of scammers who may use your site to spread malware or force you to pay a ransom to regain access.
Similar scams have made the rounds in our community before. The schemes are attempted via telephone, mail or e-mail. They frequently ask victims to purchase pre-paid credit cards. They target vulnerable populations such as senior citizens.
Unfortunately, a lot of people attempt to scam us out of our hard-earned money, and they often use the guise of government grants. The specific tactics, questions, and circumstances scam artists use will continue to change, so we have to remain aware and cautious. How do we avoid being a victim of a scam?
Social engineering is another very common, and unfortunately effective, tactic scammers have used. Social engineering is the process of creating a network of fake social media accounts, pages, and profiles that make the person or organization appear legitimate.
During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September.Multiple injectionsThe sites that are affected are running the WordPress CMS and often using outdated plugins. We were not able to figure out whether this campaign was made worse by the exploitation of a single vulnerability, although the recent RCE for the Duplicator plugin came to mind. Our friends over at Sucuri believe this is a combination of multiple vectors.
Malwarebytes users running our browser extension are protected against the tech support scam pages without any need for signature updates.Indicators of compromise137.74.150.112,examhome[.]net,Examhome Campaign (URI)51.255.157.138,uustoughtonma[.]org,Examhome Campaign (URI)37.139.5.74,mp3menu[.]org,Examhome Campaign (URI)23.163.0.39,ejyoklygase[.]tk,TK TSS Browlock (URI)
He told us that "they are also pushing ads for some geolocations and user agents," a fraudulent activity that scams the advertiser, not the user visiting the ads, who is left with the annoyance of being diverted from content they want to see.
Hooray, I received my Lucky Magic Seven Travel scratchies today. And of course one ticket was a second prize winner for USD 180,000.00. Having read the brochure, there are three places where the grammar is incorrect. I immediately Googled Magic Seven Trave l scam. Sure enough, up came this site. Well done guys. Quite right, if it seems too good to be true- IT IS !!!!
The WordPress sites were hijacked to redirect visitors to the sites to two scam URLs, Julian Sobrier, a senior security researcher at Zscaler, wrote on the ThreatLabz blog. It appears that the scammers had added new pages with randomly-generated filenames inside the /wp-includes/ directory on the sites.
While some of the hijacked sites have been blacklisted by Google Safe Browsing, majority of them are not flagged, Sobrier said. The visitors to these WordPress sites are all redirected to one of the two scam sites, realonlineincnow.com or online13workhome.com. Neither site was blacklisted by Google Safe Browsing at the time Sobrier wrote the post.
These hijacked sites were legitimate WordPress sites which had been hacked specifically for the campaign, Sobrier said. The scammers appeared to be sending out spam to propagate the link to the hijacked Websites.
Earlier this year, many of the scam sites started displaying Facebook Like icons on their pages to convey a sense of legitimacy. Facebook allows you to embed any Like widget on any website, even if the domains or URLs do not correspond. Scammers are using this trick to appear more legitimate, by tricking visitors into thinking their website has been visited and liked by many people.
These cases reveal the two poles of our gullibility: at one end we are scammed frequently without realizing it; at the other, we have become so accustomed to brushing aside obvious scams, particularly on the internet , that most of us think we are pretty much unscammable and become complacent. But just because we spot obvious scams, that does not mean we cannot fall victim to those well camouflaged (as fancy shampoo shows). One such well-camouflaged scam that directly targets students and prowls universities worldwide has already suckered a few at UMB, namely the Predator Press Scam.
How to recognise a Predator PressThe Predator Press sends mass e-mails phishing for your work. Although they use various tricks to convince you that you have been specially selected, you will be safe if you remember one golden rule: No reputable journal or publishing agency ever approaches Bachelor or Master students, much less reads their work that has not been formally submitted to them. Thus, if you receive an e-mail from a publishing agency asking to publish your thesis, you know it is a scam. The only action you need to take is to file it next to the e-mails you get from Nigerian princes.
Auragen group is a recent spammer and predatory company started in Hyderabad. If you are free call at +91 9989 661 232., they are ready to initiate their scam over phone itself, by the name called Mr. Sai Kiran Olipilli, who is just a graduate and spamming the researchers.
I consider the MDPI biomedical bogus Journals to be completely dangerous to the Public Health, because they publish fake statistics, fake experiments, fake studies. Their journal CELLS has published 3 SciGen fake papers. I am a cellular biologist and Journals of MDPI are fake and bogus. MDPI is the Leader of Predatory Publishing Industry.They are scam. Avoid MDPI JUNK publisher.
Impersonation scams are fraudulent practices of copying identifying elements of a person, brand or organization in order to steal sensitive information, sell counterfeit products or execute a bank impersonation scam. When executed on platforms like WordPress, impersonators create look-a-like websites under fake web addresses, a practice also referred to as domain spoofing. Spoofers either use cybersquatting or typosquatting to create these fake web addresses.
Impersonation scams on WordPress also come in the form of phishing attacks. Scammers create emails that appear to be from WordPress asking site administrators to update their database. By clicking on a link, you will be forwarded to a fraudulent site that looks legitimate to insert your credentials.
Additionally, your intellectual property, content and brand identity might be infringed on social media platforms like Facebook, Amazon, YouTube or Instagram. When it comes to impersonation scams, intellectual property infringements and content theft, it is important to act fast before reputation damages and revenue losses hurt your brand. Keeping track of possible infringements and reporting fake websites and social media accounts manually quickly reaches its limits when dealing with multiple platforms.
NakedSecurity are reporting a new scam email which pretends to come from WordPress. The email claims that DNS security features will soon be added for your WordPress domain. It tells the reader to click on a link in the email to activate DNSSEC to their website.
A new fake ANZ email scam has been delivered to thousands of Australian email users. The seemingly legitimate communication targeting banking customers, impersonates the ANZ Bank. This most recent phishing attempt is similar to a recent campaign by cyber criminals.
My husband got ripped off by one of these shell game scams in Barcelona. He lost around 100 Euros and there was an Australian guy who also got scammed. I kept telling my husband to walk away as I smelt a rat but he just kept giving the guy more money. I was about 5 months pregnant at the time and my stress levels were through the roof over this! Luckily for us, the police arrested him and both my husband and the Australian guy got their money back. If something seems too good to be true, it usually is. Steer clear folks!
E-commerce and online activity have grown exponentially, year-on-year. Bricks and mortar stores have increasingly been migrating their products/services to the Internet, which caters to a larger target market then their physical in-store counterpart. However, a recent hack by a new cybercrime gang has caused some ecommerce WordPress sites to generate a scam to their customers.
Therefore, tech support scammers now aim at legitimate websites and try to advertise by illegally injecting codes in reputable sites. They may also attempt to exploit legitimate advertising platforms to present themselves as trustworthy service providers. 2ff7e9595c
Comments