The IT Nerd

Netcraft announced its new Conversational Scam Intelligence platform at RSAC in San Francisco, which builds on Netcraft’s intentional approach to using AI to stay ahead of criminals and protect client brands and customers.

The FBI reports that US losses to investment and “pig-butchering” scams were $4.6 Billion in 2023, a 38% increase over 2022. Through carefully constructed generative AI, the Conversational Scam Intelligence platform enables Netcraft and its customers to disrupt these nefarious scam attempts at scale, uncovering the underlying financial account networks and deploying countermeasures against criminal infrastructure.

By engaging criminals identified through its proprietary threat intelligence in private message threads, Netcraft’s AI exposes the scam in its entirety, extracting critical insight that can be used to disrupt and prevent future attacks. This innovative approach helps protect against tactics like pig-butchering, where scammers leverage direct messages, a previously undetectable threat source, to lure victims into sending money to fraudulent schemes.

Early results show a significant impact, accurately identifying the hidden financial infrastructure used in pig-butchering scam attempts, including thousands of criminal-controlled bank accounts, mule accounts, crypto wallet addresses, etc. Leveraging this evidence, Netcraft’s customers can flag or block payments to and from compromised accounts before any transaction has occurred, mitigating risk exposure for banking providers around the globe.

The regulatory landscape is shifting: US senators are pushing for greater accountability for financial institutions, and the UK now requires institutions to bear a 50:50 financial risk for fraudulent push payments. In response, banking leaders must deploy new strategies to react to current threats and intercept criminal behavior. Critical interventions like the use of AI to increase visibility and deploy proactive countermeasures provide a valuable new tool for anti-fraud, payment risk, and security teams worldwide.

AI, machine learning, and 70,000+ human-written rules are at the core of Netcraft’s detection, disruption, and takedown services. Leveraging advances in generative AI to anticipate – and prevent – criminal behavior was a natural next step.

Resources

• Learn more about Netcraft’s Conversation Scam Intelligence platform at https://www.netcraft.com/solutions/by-service/conversational-scam-intelligence/.
• Netcraft at RSA 2024: Please visit Booth #0362 at the 2024 RSA Conference for more information.

Netcraft has revealed that its discovered darcula, a new sophisticated Chinese-language Phishing-as-a-Service (PhaaS) platform, used on over 19,000 phishing domains,  offering easy deployment of phishing sites with hundreds of templates targeting worldwide brands.

Unlike typical phishing kits, darcula can update in place to add new features and anti-detection measures functionality. Netcraft observed a recent update that changed the kit to make malicious content available via a specific path rather than the front page to disguise the attack location. 

Netcraft detected darcula infrastructure domains across 11,000 IP addresses based in 100+ countries, and since the start of 2024, an average of 120 new domains have hosted phishing pages each day. Like other PhaaS threat actors, this group also offers a paid monthly subscription to other criminals. 

This new report unveils Netcraft researchers have observed darcula phishing attacks targeting DHL, Evri, USPS, Bulgarian, Australia, and Singapore Posts; anti-monitoring redirecting site crawlers to a cat breed; and Rich Communication Services (RCS)/iMessage on Apple and Android devices and package scams. 

The darcula platform targets industries that rely heavily on consumer trust, including postal services, public and private utilities, financial institutions, government bodies (tax departments), airlines, and telecommunication organizations, underscoring the potential impact of the PhaaS threat actors attacks.  

Netcraft examines in detail how darcula works, how its campaigns differ from conventional smishing, and why these campaigns offer a uniquely practical approach to extracting critical data from victims, including RCS and iMessage used for phishing lures. 

You can read the report here.

Netcraft has published its new research following the recent release of the FBI’s 2023 IC3 Report, which revealed that investment fraud was the costliest type of crime, with losses rising to $4.57 billion in 2023, a 38% increase from the previous year.

Netcraft’s newest report reveals it detected and blocked almost 13,000 fake investment platform domains across more than 7,000 IPs, the highest number since they began tracking these platforms independently and 25% more than in December when compared to January alone.

The Netcraft research delves into how cybercriminals behind these scam websites find their victims, operate fake trading platforms, use social engineering tactics, and eventually trick victims into depositing significant amounts of money. Cybercriminals often depend on sophisticated fraudulent investment websites that use fake trading platforms to lure victims through email, social media posts, or counterfeit ads. Netcraft’s report includes a real-world example of a WhatsApp invitation to join an investment group that promises to teach you how to earn huge profits in the cryptocurrency market and emails containing links to fake investment platforms, which offer tiered accounts and promise unrealistic ROI.

You can read the report here.

Netcraft has published new research in which the company has recently observed that criminals abused Twilio SendGrid’s email delivery, API, and marketing services to launch a phishing campaign impersonating itself. 

Hackers behind this novel phishing campaign used SendGrid’s Tracking Settings feature, which allows users to track clicks, opens, and subscriptions with SendGrid. The malicious link was masked behind a tracking link hosted by SendGrid. 

The email headers reveal that phishing emails are sent using SendGrid’s infrastructure. All the domain names appear to be other SendGrid customers, suggesting criminals use compromised SendGrid accounts rather than registering their own. 

Netcraft has identified at least nine companies whose accounts have been used in the campaign. These companies span a range of industries, including cloud hosting, energy, healthcare, education, property, recruitment, and publishing. 

You can read the research here.

Robert Duncan, Chief Strategy Officer at cybersecurity firm, Netcraft, has released the firm’s latest research report, “New Year, New You Scams – Health product scam campaigns abusing cheap top-level domains (TLDs).”

The report identifies a dramatic increase (60%) growth in health/weight loss product scams that emerged around the holidays and the New Year, as a traditional time for consumers looking to lose weight.

You can read the report here.

Netcraft has releasee a new report, Quishing You a Happy Holiday Season, revealing QR Code phishing scams, looking at the threat from QR code-based phishing, why cybercriminals are adopting this technique, and how to detect and disrupt these attacks at scale.

From a cybercriminal’s perspective, there are several reasons to use QR codes for phishing, often dubbed quishing, including hiding URLs from users, bypassing security tools, and circumventing corporate controls.

Netctraft demonstrates the anatomy of a QR code scam with examples of phishing emails, including an email targeting Microsoft in which there’s a QR code, a phishing site designed to capture victims’ account credentials, and targeting DocuSign with a QR code that directs the victim to a malicious website. 

You can read the report here.

Netcraft, a cybersecurity company specializing in phishing detection, cybercrime disruption, and website takedown, has revealed new research that identified a staggering 135% increase in fake retail sites compared to last year – up from the 63% increase over the previous year. The annual increase has more than doubled in the last 12 months, and the growth is alarming. 

Netcraft’s new report analyzes prominent fake retail websites and cybercriminals’ techniques for tricking users and ultimately impacting brand credibility and reputation. 

The data provides real examples of fraudulent retail sites Netcraft detected and since taken down, including fake shops with Black Friday promo targeting Lowe’s, Rakuten, and Vionic Shoes. 

You can read the report here.

Netcraft has published research on the popularity and rise of .ai – the country code top-level domain (ccTLD) for the British Overseas Territory of Anguilla – and the related increase in malicious activity. Registration fees that go to the treasury of the Aguilla government, according to The New York Times, made $2.9M .ai registrations in 2018. 

Registrations for this ccTLD began in 1995 and accelerated rapidly due to the boom in AI and related industries. Netcraft’s data comes from its internet data and research of every discoverable site on the Web run monthly since 1995. 

The ccTLD is used by many legitimate businesses, including Google and Meta (registering google.ai and facebook.ai in 2017), redirecting websites promoting their work in AI. Netcraft detected a significant growth in web servers using .ai domains in 2017 when the technology industry and the broader media began to notice (and report on) the potential of AI. 

The increase in malicious activity using .ai domains includes phishing attacks, affiliate marketing scams, defaced sites, cryptocurrency investment scams, and web shells. Netcrafts’ research to date shows that .ai is a rapidly growing domain space that could be used for malicious purposes and future potential for .ai to be used for phishing .au domains in typosquatting attacks, as the letters ‘u’ and ‘i’ are next to each other on most common keyboard layouts (such as QWERTY, AZERTY, and Dvorak). 

You can read the research here.