Archive for April 16, 2023

What Is “Juice Jacking” And Why Should You Care?

Posted in Commentary with tags on April 16, 2023 by itnerd

You might have heard that the FBI is warning everyone about “Juice Jacking” via Tweets like this one:

This has caught the attention of the media and has generated a lot of phone calls and emails from my clients to me. But what isn’t helping is that there really isn’t a good explanation of what “Juice Jacking” is and why or if you should care. This is where this article comes in as I hope will explain what this threat is and what you can do to protect yourself.

First, let me explain what this attack is. “Juice Jacking” is theoretical type of attack on devices like phones and tablets which use the same cable for charging and data transfer, typically a USB cable. The goal of the attack is to either install malware on the device, or to surreptitiously copy potentially sensitive data. Now I use the word theoretical because I have yet to hear of an actual attack using this method. Now to be clear, that doesn’t mean that it hasn’t happened. But there has been no proof that this has happened in the wild. Having said that, I am aware of proof of concept attack demonstrations, as well as cables and other hardware that are available that could be used to execute these attacks. Thus if you want my opinion, you should be concerned about these attacks. There’s also the fact that recent versions of Android and iOS will prompt you in terms allowing a device to connect to something. Thus if you’re paying attention and see one of these prompts, you may want to think twice about connecting to whatever it is you’re connecting to. But the threat actors I suspect are counting on the fact that you’re not paying attention in order to make this attack work.

Based on that, how do you protect yourself? That part is easier than you think. Here’s some random suggestions that I came up with:

  • Don’t use public charging stations, EVER. Instead, use a power bank to keep your devices charged. If you must recharge something via a public charging station, charge the power bank instead of the phone. Another option is to always carry your own charger.
  • Don’t use “promo” or “free” cables to charge your gear. Instead, you should buy good quality cables from known brand names and always keep them on hand. Yours truly for example always has a cable on my keychain, and a couple in my tech sling bag along with my own charger.
  • Consider using a “charging only” cable which does not send data over the wire. That in theory should make you safe from this attack if you must use a public charging staging. Buy good quality cables from known brand names and always keep them on hand.

Since the FBI came out with this warning, I will assume that they are doing this because they found evidence that this is a threat that we all need to be worried about. So it makes sense that we should all take some precautions based on that. And fortunately those precautions are simple. If I hear about any actual attacks, I’ll be sure to post them here as I am sure that knowing that these are more than theoretical attacks would be helpful for us all.

Leave a comment »

A New And Crafty Amazon Prime Phishing #Scam Email Is Making The Rounds…. Let’s Have A Look At It

Posted in Commentary with tags on April 16, 2023 by itnerd

Now I cover a lot of these phishing scam emails. But this one that is related to Amazon Prime is pretty crafty and clearly designed to evade detection by spam filters. Let’s have a look at it:

Now at first glance this looks like your typical scam email. Except for one thing:

The entire email is made up of a PDF that has elements, specifically the Sign In button, that can be clicked. This is designed from the ground up to evade detection by spam filters. I’ve only seen this method of attack with a Norton billing scam email before. Which makes me believe that the threat actor is counting on this hitting your Inbox with the ability to preview PDF’s turned on. Also, I assume that the threat actor is counting on the Sign In button being available to click. I say that because I am displaying this in macOS Mail which doesn’t allow you to click the sign in button. So Mac users are somewhat protected from this email. Windows users, not so much depending on what email program you use.

Now other than that, it has the usual hallmarks of a phishing email. Specifically:

  • Your Amazon account is on hold, which is meant to get you to pay attention.
  • If you don’t act quickly, your orders will be cancelled. Which is to create a sense of urgency.
  • They want you to click Sign In so that you can update your details. Or more accurately, the threat actor can steal them.
  • The quality of the English is marginal at best. A hallmark of scam emails.

And there’s this:

The domain used in this email doesn’t match @amazon.com or @amazon.ca or whatever.

Now let’s do something that you should never, ever do. I’m going to click on Sign In and see what happens. Since macOS Mail blocks this, I will use Adobe Acrobat to do this:

I have to admit that this is pretty low grade stuff here. But the fact is that a scam doesn’t have to fool everyone. It only has to fool a few people to be successful. And the fact that this is a scam is highlighted by this:

This clearly isn’t Amazon.com. But the threat actors are hoping that you’re not paying attention. And that’s as far as I got as it appears that the fake site was taken out of service as it redirected to the home page of the hosting provider. Perhaps Amazon got wind of this and took action? I am not sure. But the fact that the page above is still operational suggests that the threat actors could easily set up shop someplace else and try this again. Thus if you see an email like this, you know what to do. Delete it and move on with your day.

Leave a comment »