90% off Ray-Bans? It’s a 100% Instagram SCAM!

By Lisa Vaas

A scam ad for Ray-Ban sunglasses has been making the rounds on Instagram.

There are many versions, but they tend to feature the Ray-Ban logo and photos of sunglasses, along with the “whoa, what a crazy deal!” offers of “90% off”. We’ve seen one that dangles the cheap-cheap price tag of £17.65 (that’s US $22.13 – for glasses that typically go for over $100).

And of course, you better hurry, since this offer won’t last – it’s one day only! … And has been for a few weeks!

Not everybody is going to see the fake ads and write them off as being the scams that they are, unfortunately. After all, the ads bear the name of a (self-proclaimed) “official” website. Plus, you’ve likely seen these ads being posted by your Instagram friends.

Don’t fall for it, though. It seems too good to be true, which means it is.

Read more at https://nakedsecurity.sophos.com/2019/06/18/90-off-ray-bans-its-a-100-instagram-scam/

Bella Thorne steals hacker’s thunder, publishes nude photos herself

By Lisa Vaas

The forces of extortionist scumbaggery have had the rug pulled out from them yet again: last week, it was Radiohead, releasing 18 hours of music rather than pay up to whoever hacked it away.

This week, it’s American actress Bella Thorne. Her approach: Oh, so you’re threatening to publish nude pics you hacked out of my accounts? Too late – I did it myself.

Thorne posted the images to Twitter on Saturday. She said in the tweet, which included screenshots of text messages with the alleged hacker, that “all of her s**t” got hacked on Friday. Then, she had to put up with 24 hours of threats “with my own nudes.”

I feel gross. I feel watched, I feel someone has taken something from me that I only wanted one special person to see.

Oh, and by the way, the FBI will be at your door shortly, she also said.

By Sunday, Thorne was still angry and hurt, but feeling a bit more compassionate toward whatever nimrod tried to blackmail her. In an interview with Hollywood Reporter, she said that she thinks whoever hacked her is a kid – somebody who made a bad choice and shouldn’t have his life ruined because of it:

This kid sounds like he’s 17, as much as I’m so angry and wanted to [f**k] him up over doing this to people I just wanted to teach him a lesson, He’s still a kid and we make mistakes, this mistake is a bad one. But I don’t want some 17-year-old’s whole life ruined because he wasn’t thinking straight and [was] being a dumbass.

“If she hadn’t taken them in the first place…”

Read more at https://nakedsecurity.sophos.com/2019/06/18/bella-thorne-steals-hackers-thunder-publishes-nude-photos-herself/

The US is reportedly seeding Russia’s power grid with malware

By Danny Bradbury

The US has been quietly planting malware throughout Russia’s energy networks in response to years of Russian attacks on its own power grid, the New York Times reported on Saturday.

Quoting officials interviewed over the last three months, the paper said that the latest moves represent a turning point for the US policy on interfering with Russia’s electricity infrastructure. Under the Obama administration, the US had used reconnaissance tools to monitor Russia’s electricity control systems. The Trump administration has escalated this activity to an offensive campaign, placing software that could destabilize electrical services within Russia.

The move follows years of provocation by Russia, which has reportedly run recurring cybercampaigns targeting the US energy grid.

In March 2019, the Department of Homeland Security (DHS) reported that Russian hackers had been targeting US infrastructure including not just energy and nuclear facilities, but also water, aviation, and critical manufacturing sectors. The hackers would infiltrate the targets’ trusted partner organizations and use them as staging grounds for their attacks, the report warned.

That report updated a similar warning in October 2017, although that one did not single Russia out for blame.

Most recently, security firm Dragos alleged that Xenotime, a hacking group thought to be linked to Moscow, has been using its Triton (also known as Trisys) malware to explore US power networks in possible preparation for a future attack. It identified…

… a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities.

This behavior could indicate the activity group was preparing for a further cyberattack, or at minimum satisfying the prerequisites for a future ICS-focused intrusion.

Read more at https://nakedsecurity.sophos.com/2019/06/18/the-us-is-reportedly-seeding-russias-power-grid-with-malware/

Phishing attack lures victims with encrypted message alert

By John E Dunn

What is it about phishing emails that makes them so enduringly popular with the bad guys?

The standard answer is they exploit fear, alarm and annoyance to persuade users to click on them, which explains the horde of campaigns using fictitious legal threats or warnings about bank accounts to get a foot in the door.

However, a new campaign covered by Bleeping Computer reminds us that there is another psychological impulse that works just as well if skillfully deployed – curiosity.

This one is couched as an email, apparently from Microsoft, alerting the recipient to an encrypted message which must be viewed by accessing OneDrive for Business.

It used to be said that the best phishing attacks gamed their victims in the shortest possible time and the fewest steps but that was before cloud services were invented where, arguably, introducing more steps now aids authenticity.

This one has several, including a faked-up OneDrive-branded email with a blue ‘Open’ button plastered in the middle of it, followed by – of course – a pretend OneDrive login page that asks users to enter their account credentials to download the file.

It’s like being asked to follow a trail of sweets to find out what’s at the end only to discover it’s a pit filled with spikes.

A big giveaway is that Microsoft business accounts should be protected by two-factor authentication (2FA), which this fake login lacks, but it’s possible some users won’t notice its absence if they’re not familiar with it.

Read more at https://nakedsecurity.sophos.com/2019/06/18/phishing-attack-lures-victims-with-encrypted-message-alert/