Archive for June 9, 2023

Fisker to Open China Delivery Center in 2023 And Starting Deliveries In Q1 2024

Posted in Commentary with tags on June 9, 2023 by itnerd

Fisker Inc. today announced its plans to open a delivery center in China in 2023 and commence deliveries of the Fisker Ocean SUV in Q1 2024. This makes sense because China represents a third of global vehicles sales, which is roughly 26 million cars in 2022, of which electric vehicles represent 6-7 million, around a 25% share. In 2023 year-to-date, that has grown to around 27%.  So that’s a market that Fisker clearly wants a piece of. The company expects to produce 75,000 additional vehicles because of this move.

Fisker’s leadership team recently visited China and met with officials and business leaders in Shanghai to discuss collaborations and opportunities in the region. The conversations focused on automotive supply chains, logistics, warehousing, and future production development.

With a 113 kWh battery pack (106 kWh usable) the $68,999 Fisker Ocean Extreme has an EPA-estimated range of 360 miles on standard 20” wheels and tires; in Europe the Fisker Ocean Extreme has a WLTP range of 707km/440 UK miles on standard 20” wheels and tires, which is the longest range of any electric SUV sold in Europe today. The all-electric SUV starts at $37,499 for the Fisker Ocean Sport trim level.

Leave a comment »

A Somewhat Different Sort Of Extortion #Phishing #Scam Email Has Hit My Inbox Today

Posted in Commentary with tags on June 9, 2023 by itnerd

For the last few years I’ve been telling you about extortion phishing scam emails. If you’re not familiar with them, here’s how this scam works. You get an email from someone who claims to be some sort of elite hacker who has taken control of your PC and they’ve got some sort of incriminating video of you. And to keep the video from getting out to the public, you have to pay them. Pretty simple and straightforward. In this case, the scam takes a bit of a different twist. Let me start with the scam email that I got:

***The driver installation was successful***

The system has been added to the tracking list.

Your device has been successfully attacked by our bot-virus, which, once on the device, spreads to all layers of the device.
These are drivers, cameras, microphone, operating system services.

Your entire device is under our control. We can delete any data on it, write anything on it.

We copied all the data from your device to our server clusters recording dialogs, video from the web camera, from the main camera of the device, as well as everything that happened on the screen.
There is some very interesting nude video.
All your movements with the phone were recorded by GPS data during the entire time.

You have 48 hours to transfer 1100$ US dollars to our Bitcoin wallet [BITCOIN Wallet Address Redacted]

If no money is received after that time, all the data will be on the Internet.
Your social networking friends and phone contacts will especially like it.

As soon as the funds are credited to our account, your data will be deleted from our servers and the virus will be automatically deleted from your device and won’t bother you anymore.

Don’t forget that your device is completely under our control and don’t try anything foolish things.
If any action is suspected of finding a virus, contacting law enforcement, all your friends will be familiar with the fine selection of materials involving you.

***The timer was automatically run after you’ve opened this email.

So let’s unpack this email.

  • In this case, the email was sent directly to my email address from what I presume is a “burner” email account. That’s interesting because usually, these scam emails are clearly sent to a mailing list of people. By clearly I mean that it the scam emails that I usually see are not addressed to your email address. I am guessing that this is meant to get your attention.
  • This email also says that the so called hacker installed the “bot virus” on your computer. I am assuming that this is a deliberate attempt to circumvent spam filters which would be looking for words like “trojan virus” which is what I often see in scam emails. Or it could be that the threat actor isn’t that bright and is using terminology that they don’t understand.
  • Any threat actor who can take complete control of your system (as in drivers, cameras, microphone, operating system services) via a virus wouldn’t be doing this sort of thing. They would instead be working for a nation state doing espionage or something similar.
  • The threat actor claims to have gotten access to my phone and is monitoring my movements. Again, ignoring the fact that he started out saying he had control of your computer, someone this skilled would be working for a nation state doing espionage or something similar as opposed to trying to get $1100 from you.
  • The threat actor wants you to pay him via Bitcoin. Fact: There’s no way for the scammer to know that you’ve paid him which means that there’s no way for him to delete the data that he allegedly has on you.
  • The English used in this email is not that good. 
  • It tries to play on your fears of being outed for having a nude video on your computer and goes as far as not to tell your friends or law enforcement.

The bottom line is that this guy has created a scam that isn’t all that good and is likely to convince few people to hand over their cash. And having a look at the Bitcoin wallet in the email, nobody has fallen for it yet. But since the number of people who could fall for this is not zero, I’m putting this out there so that the number gets as close to zero as possible.

Leave a comment »

A New Intuit #Phishing #Scam Email Is Making The Rounds

Posted in Commentary with tags on June 9, 2023 by itnerd

It’s been a while since I got a scam email that was either new or different. But I finally have one that I would like to present to you. This one is using the Intuit brand and looks like this:

There’s some things that I would like to highlight about this scam email:

  • The email address that it was sent to was in the body of the email. That shows that the threat actors are trying with this scam.
  • The threat actors create a sense of urgency by saying things like “The debited amount will be reflected within 24hrs in your banking statement” and “If you didn’t authorize this charge, You have 24hrs.”
  • The quality of the English in this scam email is better than normal, but it still highlights the fact that the threat actor that is creating this email does not natively speak English.

Another thing to note is that this email didn’t come from an Intuit email address:

Intuit as a company doesn’t use iCloud to send and receive email. So that should be the big hint that this is a scam and you should delete the email immediately and move on with your life. But seeing I am not most people, I wanted to see what this scam was all about. Though I assume that it’s the usual refund scam which goes like this:

  • You get an email in your inbox saying that services that you know that you don’t have are being renewed, and the money has been debited from your bank account. 
  • You then call the phone number provided to dispute this.
  • The scammer talks you into getting remote access to your computer where they have you fill out some sort of form to get a refund for this purchase that you never made. Fun fact: The form that the scammers will have you fill out will ask for a lot of your personal information which can later be used to steal your identity. 
  • The scammer will then have you check your bank account using your bank’s online services to see if you got your refund. But the scammer will use some sleight of hand to make it look like that they massively overpaid you. And then the scammer will blame you for that. 
  • You will then be bullied into refunding the overpayment by buying cryptocurrency or gift cards to send to them electronically. Assuming that they just don’t steal your money straight from your bank account themselves, or have you go to your bank to transfer the money to them, or withdraw it in cash and have you send it to an accomplice via a courier. 

So I did what you should never, ever do, which is call the number in the email. However the number was disconnected when I did. It is possible that it was shut down by the threat actors by the time I called, or it got shut down. Either way, they’ll likely pop up with with another number to try and perpetrate this scam. But my best advice to avoid this sort of scam is if you don’t have a product or service from the company that you’re receiving the email from, delete the email and go on with your life.

Leave a comment »

ESET Research deconstructs Asylum Ambuscade: group focused on cybercrime, cyberespionage and attacking countries bordering Ukraine

Posted in Commentary with tags on June 9, 2023 by itnerd

Today, ESET Research released its analysis of Asylum Ambuscade, a cybercrime group that has been performing cyberespionage operations on the side. The group has been running cyberespionage campaigns since at least 2020. ESET found previous compromises of government officials and employees of state-owned companies in Central Asian countries and Armenia. In 2022 the group reportedly targeted government officials in several European countries bordering Ukraine. ESET Research assesses that the goal of the attackers was to steal confidential information and webmail credentials from official government webmail portals. Asylum Ambuscade usually targets small- and medium-sized businesses (SMBs) and individuals in North America and Europe. 

In 2022, when the group targeted government officials in several European countries bordering Ukraine, the compromise chain started with a spearphishing email containing a malicious Excel spreadsheet or Word document attachment. If the machine was deemed interesting, the attackers eventually deployed AHKBOT, a downloader that can be extended with plugins to spy on the victim’s machine. These plugins provide various capabilities, including taking screenshots, recording keystrokes, stealing passwords from web browsers, downloading files and executing an infostealer.

Even though the group entered the spotlight because of its cyberespionage operations, it has mostly run cybercrime campaigns since early 2020. Since January 2022, ESET Research has counted more than 4,500 victims worldwide. While most of these are located in North America, it should be noted that we have also seen victims in Asia, Africa, Europe and South America. Targeting is very wide and mainly includes individuals, cryptocurrency traders, bank customers, and SMBs in various verticals.

For more technical information about Asylum Ambuscade, check out the blogpost “Asylum Ambuscade – A curious case of a threat actor at the border between crimeware and cyberespionage” on WeLiveSecurity

Leave a comment »

The Stolen iPhone Activation Lock #Scam Has Taken A Very Disturbing Turn

Posted in Commentary with tags on June 9, 2023 by itnerd

A year ago, I brought to your attention a scam related to stolen iPhones and Apple’s very effective Activation Lock feature. The scam went something like this:

  • Your iPhone gets stolen
  • Days or weeks later you get contacted by the thief with a phishing email or text that encourages you to enter your Apple ID and password to locate your phone. 

The reason why you get contacted by the thief is that iPhones have a feature called Activation Lock. That effectively makes the phone useless to sell for anything other than parts because there is no way for a thief to erase it and sell it as new. And if the iPhone is new enough, a lot of those parts are tied to the specific iPhone, which makes it even less valuable to a theif. Thus the thief needs to get you to turn of Activation Lock if they want to make any money off of it. To top it all off, the thief in question is likely using what I call a “scam as a service” to facilitate contacting you to get you to turn off Activation Lock. I’ve covered how these services work here.

But the reason why I am posting this today is that this scam as of late has taken a really bad turn recently. Threads have popped up on Reddit like this one that say that death threats are now being used to get people to remove Activation Lock from their iPhones. Here’s an example of a text that one Reddit user received after their iPhone was stolen:

Clearly this would scare anybody. But let me be clear. There’s no way for the threat actor to find you and to harm you. And also for the record, there is no way that the threat actor to get access to the data on your iPhone. They are simply trying to scare you into removing the phone from your iCloud account which would remove Activation Lock and allow them to sell it for a lot of money. Under no circumstances should you do what the threat actor is asking you to do.

Apple has some tips on that you should follow if your iPhone gets stolen. And this advice is also largely true for iPads and Apple Watches as well as newer MacBooks as they have the Activation Lock feature as well. If you follow this advice, there’s no way that these losers can get a good payday at your expense. Or put another way, you get to ruin a scumbag’s day so that they don’t make anywhere near the amount of money that they want to.

Leave a comment »