$365,000 Worth of Bitcoin From Darknet Criminals

Hacker Michael Richo, who was arrested on October 5, 2016, has admitted that he stole a total of $365,000 worth of Bitcoin from darknet marketplaces, News 8 reports.

For this crime, Richo could serve up to 30 years of jail time.

Modus operandi

Richo has established several phishing sites in order to gain access to user credentials.

A phishing site is used to trick users in order to obtain their sensitive information such as login accounts, and passwords. Cybercriminals, particularly those operating in the darknet, are expected to be already aware of such sites, but they were tricked by Richo just the same. He was able to trick users to his phishing sites by posting fake links on forums and other online marketplaces.

Modern-day Robinhood?

A number of darknet marketplaces became victims of the phishing sites created by Richo. By gaining access to the sites’ user credentials, Richo was able to access the users’ accounts in the real darknet marketplace and stole their Bitcoin balance.

All the funds stolen by Richo, however, are believed to be owned by darknet criminals, who could have utilized the money for illegal activities.

Richo then deposited the stolen Bitcoin to his LocalBitcoins account. He also conducted bank transfers to his account at Bank of America, as well as his Green Dot prepaid debit cards.

Another win for FBI

After almost three years of monitoring and building a case against Richo, operatives from the FBI finally arrested him in 2014.

During their examination of his computers, the operatives discovered more than 10,000 stolen login credentials. They also found that his phishing sites were created in a very professional and meticulous manner that allowed him to trick even the most experienced darknet users.

The court hearing Richo’s case is scheduled to issue its verdict on September 28, 2017.

Cyber Attack and Prevention Tips

A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

Cyberattack is also known as a computer network attack (CNA).

Cyberattacks may include the following consequences:

• Identity theft, fraud, extortion
• Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses
• Stolen hardware, such as laptops or mobile devices
• Denial-of-service and distributed denial-of-service attacks
• Breach of access
• Password sniffing
• System infiltration
• Website defacement
• Private and public Web browser exploits
• Instant messaging abuse
• Intellectual property (IP) theft or unauthorized access

The Institute for Security Technology Studies at Dartmouth University researches and investigates cyberattack issues facing law enforcement investigations and focuses on the continuous development of IP tracing, data analysis, real-time interception and national data sharing.

Keep your computer current with the latest patches and updates.

One of the best ways to keep attackers away from your computer is to apply patches and other software fixes when they become available. By regularly updating your computer, you block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into your system. 

While keeping your computer up-to-date will not protect you from all attacks, it makes it much more difficult for hackers to gain access to your system, blocks many basic and automated attacks completely, and might be enough to discourage a less-determined attacker to look for a more vulnerable computer elsewhere. 

More recent versions of Microsoft Windows and other popular software can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software. Taking advantage of "auto-update" features in your software is a great start toward keeping yourself safe online. 

Make sure your computer is configured securely.

Keep in mind that a newly purchased computer may not have the right level of security for you. When you are installing your computer at home, pay attention not just to making your new system function, but also focus on making it work securely. 

Configuring popular Internet applications such as your Web browser and email software is one of the most important areas to focus on. For example, settings in your Web browser such as Internet Explorer or Firefox will determine what happens when you visit Web sites on the Internet—the strongest security settings will give you the most control over what happens online but may also frustrate some people with a large number of questions ("This may not be safe, are you sure you want do this?") or the inability to do what they want to do. 

Choosing the right level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be properly configured without any sort of special expertise by simply using the "Help" feature of your software or reading the vendor's Web site. If you are uncomfortable configuring it yourself consult someone you know and trust for assistance or contact the vendor directly. 

Choose strong passwords and keep them safe.

Passwords are a fact of life on the Internet today—we use them for everything from ordering flowers and online banking to logging into our favorite airline Web site to see how many miles we have accumulated. The following tips can help make your online experiences secure: 

• Selecting a password that cannot be easily guessed is the first step toward keeping passwords secure and away from the wrong hands. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Avoid using any of the following as your password: your login name, anything based on your personal information such as your last name, and words that can be found in the dictionary. Try to select especially strong, unique passwords for protecting activities like online banking.
• Keep your passwords in a safe place and try not to use the same password for every service you use online.
• Change passwords on a regular basis, at least every 90 days. This can limit the damage caused by someone who has already gained access to your account. If you notice something suspicious with one of your online accounts, one of the first steps you can take is to change your password.

Protect your computer with security software.

Several types of security software are necessary for basic online security. Security software essentials include firewall and antivirus programs. A firewall is usually your computer's first line of defense-it controls who and what can communicate with your computer online. You could think of a firewall as a sort of "policeman" that watches all the data attempting to flow in and out of your computer on the Internet, allowing communications that it knows are safe and blocking "bad" traffic such as attacks from ever reaching your computer. 

The next line of defense many times is your antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types malicious programs. More recent versions of antivirus programs, such as Norton AntiVirus, also protect from spyware and potentially unwanted programs such as adware. Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe on the Internet. Your antivirus and antispyware software should be configured to update itself, and it should do so every time you connect to the Internet. 

Integrated security suites such as  Internet Security Antivirus combine firewall, antivirus, antispyware with other features such as antispam and parental controls have become popular as they offer all the security software needed for online protection in a single package. Many people find using a security suite an attractive alternative to installing and configuring several different types of security software as well as keeping them all up-to-date. 

Protect your personal information.

Exercise caution when sharing personal information such as your name, home address, phone number, and email address online. To take advantage of many online services, you will inevitably have to provide personal information in order to handle billing and shipping of purchased goods. Since not divulging any personal information is rarely possible, the following list contains some advice for how to share personal information safely online: 

• Keep an eye out for phony email messages. Things that indicate a message may be fraudulent are misspellings, poor grammar, odd phrasings, Web site addresses with strange extensions, Web site addresses that are entirely numbers where there are normally words, and anything else out of the ordinary. Additionally, phishing messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don't take the bait.
• Don't respond to email messages that ask for personal information. Legitimate companies will not use email messages to ask for your personal information. When in doubt, contact the company by phone or by typing in the company Web address into your Web browser. Don't click on the links in these messages as they make take you to a fraudulent, malicious Web sites.
• Steer clear of fraudulent Web sites used to steal personal information. When visiting a Web site, type the address (URL) directly into the Web browser rather than following a link within an email or instant message. Fraudsters often forge these links to make them look convincing. A shopping, banking or any other Web site where sensitive information should have an "S" after the letters "http" (i.e. https://www.yourbank.com not http://www.yourbank.com)/. The "s" stands for secure and should appear when you are in an area requesting you to login or provide other sensitive data. Another sign that you have a secure connection is the small lock icon in the bottom of your web browser (usually the right-hand corner).
• Pay attention to privacy policies on Web sites and in software. It is important to understand how an organization might collect and use your personal information before you share it with them.
• Guard your email address. Spammers and phishers sometimes send millions of messages to email addresses that may or may not exist in hopes of finding a potential victim. Responding to these messages or even downloading images ensures you will be added to their lists for more of the same messages in the future. Also be careful when posting your email address online in newsgroups, blogs or online communities.

Online offers that look too good to be true usually are.

The old saying "there's no such thing as a free lunch" still rings true today. Supposedly "free" software such as screen savers or smileys, secret investment tricks sure to make you untold fortunes, and contests that you've surprisingly won without entering are the enticing hooks used by companies to grab your attention. 

While you may not directly pay for the software or service with money, the free software or service you asked for may have been bundled with advertising software ("adware") that tracks your behavior and displays unwanted advertisements. You may have to divulge personal information or purchase something else in order to claim your supposed content winnings. If an offer looks so good it's hard to believe, ask for someone else's opinion, read the fine print, or even better, simply ignore it. 

Review bank and credit card statements regularly.

The impact of identity theft and online crimes can be greatly reduced if you can catch it shortly after your data is stolen or when the first use of your information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing the monthly statements provided by your bank and credit card companies for anything out of the ordinary. 

Additionally, many banks and services use fraud prevention systems that call out unusual purchasing behavior (i.e. if you live in Texas and all of the sudden start buying refrigerators in Budapest). In order to confirm these out of the ordinary purchases, they might call you and ask you to confirm them. Don't take these calls lightly-this is your hint that something bad may have happened and you should consider pursuing some of the activities mentioned in the area covering how to respond if you have become a victim. 

What is phishing

Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details. Phishing is a homophone of fishing, which involves using lures to catch fish.

Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages --  the phishing "hooks" that get the highest "open" or click through rate and the Facebook posts that generate the most likes. Phishing campaigns are often built around the year's major events, holidays and anniversaries, or take advantage of breaking news stories, both true and fictitious.

To make phishing messages look like they are genuinely from a well-known company, they include logos and other identifying information taken directly from that company’s website. The malicious links within the body of the message are designed to make it appear that they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is homograph spoofing -- URLs created using different logical characters to read exactly like a trusted domain. Some phishing scams use JavaScript to place a picture of a legitimate URL over a browser’s address bar. The URL revealed by hovering over an embedded link can also be changed by using JavaScript.

Spear phishing attacks are directed at specific individuals or companies, while incidents that specifically target senior executives within an organization are termed whaling attacks. Those preparing a spear phishing campaign research their victims in detail in order to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful. Phishers use social networking and other sources of information to gather background information about the victim’s personal history, their interests and activities. Names, job titles and email addresses of colleagues and key company employees are verified, as are vacations. This information is then used to craft a believable email. Targeted attacks and advanced persistent threats (APTs) typically start with a spear phishing email containing a malicious link or attachment.

A gateway email filter can trap a lot of mass targeted phishing emails, reducing the number of phishing emails that reach users’ inboxes. Ensure your own mail servers make use of one of the main authentication standards; Sender ID or DomainKeys will help cut out spoofed email too. A Web security gateway can also provide another layer of defense by preventing users from reaching the target of a malicious link. They work by checking requested URLs against a constantly updated database of sites suspected of distributing malware.

There are plenty of resources on the Internet that provide help in combating phishing. The Anti-Phishing Working Group Inc. and the federal government’s OnGuardOnline.gov  website both provide advice on how to spot, avoid and report phishing attacks. Interactive training aids such as Wombat Security Technologies' Anti-Phishing Training Suite or PhishMe can help teach employees how to avoid phishing traps, while sites like FraudWatch International and MillerSmiles publish the latest phishing email subject lines that are circulating the Internet

There are Six common attacks of phishing.

At this year’s RSA Conference, Tripwire conducted a survey where it asked 200 security professionals to weigh in on the state of phishing attacks.

More than half (58 percent) of respondents stated their organizations had seen an increase in phishing attacks in the past year. Despite that increase, most companies didn’t feel prepared to protect themselves against phishing scams. Indeed, a slight majority (52 percent) stated they were “not confident” in their executives’ ability to successfully spot a phishing scam.

The growth of phishing attacks in both frequency and sophistication, as noted by Verizon in its 2016 Data Breach Investigations Report, poses a significant threat to all organizations. It’s important that all companies know how to spot some of the most common phishing scams if they are to protect their corporate information.

With that in mind, I will use a guide developed by CloudPages to discuss six common phishing attacks: deceptive phishing, spear phishing, CEO fraud, pharming, Dropbox phishing, and Google Docs phishing. I will then provide some useful tips on how organizations can protect themselves against these phishing scams.

1. DECEPTIVE PHISHING

The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing the attackers’ bidding.

For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.

The success of a deceptive phish hinges on how closely the attack email resembles a legitimate company’s official correspondence. As a result, users should inspect all URLs carefully to see if they redirect to an unknown website. They should also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email.

2. SPEAR PHISHING

Not all phishing scams lack personalization – some use it quite heavily.

For instance, in spear phishing scams, fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender.

The goal is the same as deceptive phishing: lure the victim into clicking on a malicious URL or email attachment, so that they will hand over their personal data.

Spear-phishing is especially commonplace on social media sites like LinkedIn, where attackers can use multiple sources of information to craft a targeted attack email.

To protect against this type of scam, organizations should conduct ongoing employee security awareness training that, among other things, discourages users from publishing sensitive personal or corporate information on social media. Companies should also invest in solutions that are capable of analyzing inbound emails for known malicious links/email attachments.

3. CEO FRAUD

Spear phishers can target anyone in an organization, even top executives. That’s the logic behind a “whaling” attack, where fraudsters attempt to harpoon an executive and steal their login credentials.

In the event their attack proves successful, fraudsters can choose to conduct CEO fraud, the second phase of a business email compromise (BEC) scam where attackers impersonate an executive and abuse that individual’s email to authorize fraudulent wire transfers to a financial institution of their choice.

Whaling attacks work because executives often don’t participate in security awareness training with their employees. To counter that threat, as well as the risk of CEO fraud, all company personnel – including executives – should undergo ongoing security awareness training.

Organizations should also consider amending their financial policies, so that no one can authorize a financial transaction via email.

4. PHARMING

As users become more savvy to traditional phishing scams, some fraudsters are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming – a method of attack which stems from domain name system (DNS) cache poisoning.

The Internet’s naming system uses DNS servers to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses used for locating computer services and devices.

Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice even if the victims entered in the correct website name.

To protect against pharming attacks, organizations should encourage employees to enter in login credentials only on HTTPS-protected sites. Companies should also implement anti-virus software on all corporate devices and implement virus database updates, along with security upgrades issued by a trusted Internet Service Provider (ISP), on a regular basis.

5. DROPBOX PHISHING

While some phishers no longer bait their victims, others have specialized their attack emails according to an individual company or service.

Take Dropbox, for example. Millions of people use Dropbox every day to back up, access and share their files. It’s no wonder, therefore, that attackers would try to capitalize on the platform’s popularity by targeting users with phishing emails.

One attack campaign, for example, tried to lure users into entering their login credentials on a fake Dropbox sign-in page hosted on Dropbox itself.

To protect against Dropbox phishing attacks, users should consider implementing two-step verification (2SV) on their accounts. 

6. GOOGLE DOCS PHISHING

Fraudsters could choose to target Google Drive similar to the way they might prey upon Dropbox users.

Specifically, as Google Drive supports documents, spreadsheets, presentations, photos and even entire websites, phishers can abuse the service to create a web page that mimics the Google account log-in screen and harvests user credentials.

A group of attackers did just that back in July of 2015. To add insult to injury, not only did Google unknowingly host that fake login page, but a Google SSL certificate also protected the page with a secure connection.

Once again, users should consider implementing 2SV to protect themselves against this type of threat. They can enable the security feature via either SMS messaging or the Google Authenticator app.

CONCLUSION

Using the guide above, organizations will be able to more quickly spot some of the most common types of phishing attacks. But that doesn’t mean they will be able to spot each and every phish. On the contrary, phishing is constantly evolving to adopt new forms and techniques.

With that in mind, it’s imperative that organizations conduct security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.