Phishing and Fraud via Fake Banking and Device Recovery Apps
Cybercriminals are increasingly leveraging fake mobile applications and targeted phishing campaigns to steal sensitive credentials and financial information. Security researchers have identified malicious APKs masquerading as legitimate banking apps, such as a counterfeit YONO SBI app, which can surreptitiously install additional hidden applications and potentially compromise user data. These fake apps exploit trust in well-known brands and can evade detection by mimicking normal app behavior, posing significant risks to users who download apps from unofficial sources.
In parallel, authorities such as the Swiss National Cyber Security Centre (NCSC) have warned about sophisticated phishing scams targeting individuals who have lost their iPhones. Attackers use information displayed on the lost device’s lock screen to send convincing SMS or iMessage phishing messages, impersonating Apple’s Find My team and luring victims to enter their Apple ID credentials on fake websites. These incidents highlight the growing threat of social engineering and technical deception in mobile ecosystems, emphasizing the need for vigilance when responding to unexpected messages or installing applications outside official app stores.
Sources
Related Stories
Social Engineering Scams Exploiting Mobile Device Features to Steal Credentials and Funds
Cybercriminals are increasingly leveraging built-in features of popular mobile platforms to execute sophisticated social engineering scams aimed at stealing sensitive credentials and financial assets. On WhatsApp, scammers exploit the screen-sharing function by impersonating trusted entities such as bank employees or support agents, coercing victims into sharing their screens under the pretense of resolving urgent security issues. This access enables attackers to view and capture one-time passwords (OTPs), banking details, and other personal information, resulting in significant financial losses. In response, Meta has introduced AI-powered safety tools, including real-time warnings when users attempt to share their screens with unknown contacts, to mitigate these attacks. Similarly, iPhone users are being targeted through phishing campaigns that exploit the "Find My" feature. After a device is lost or stolen, scammers send convincing fake messages—purportedly from Apple Support—containing links that claim to help locate the missing phone. By leveraging accurate device details and the victim's sense of urgency, attackers trick users into divulging their Apple ID credentials, potentially granting full access to personal data and accounts. Authorities such as Switzerland’s National Cyber Security Centre have issued warnings about these tactics, emphasizing the need for heightened vigilance when responding to unsolicited messages related to lost devices.
4 months agoCredential Theft via Phishing and Social Engineering Techniques
Attackers are increasingly leveraging simple yet effective phishing and social engineering tactics to steal user credentials. One observed method involves sending phishing emails with malicious attachments, such as `.shtml` files, that present fake login screens to unsuspecting victims. These screens are designed to capture any credentials entered and immediately transmit them to attackers via Telegram bots, making detection and takedown more difficult. The phishing campaigns often use compromised legitimate email accounts and minimal social engineering, relying on the likelihood of password reuse across multiple sites to maximize the value of stolen credentials. Another prevalent technique targets iPhone owners whose devices have been lost or stolen. Scammers exploit the contact information displayed on the device's lock screen to send convincing messages that mimic Apple's Find My service, tricking victims into entering their Apple ID credentials on fake websites. With these credentials, attackers can unlock, wipe, and resell the devices, as well as access sensitive personal data. These attacks highlight the ongoing evolution of credential theft tactics, emphasizing the need for vigilance against both low-sophistication phishing and more targeted social engineering schemes.
4 months ago
Mobile and Messaging Scams Use Impersonation and Urgency to Steal Credentials and Data
Acronis researchers reported a deceptive Android campaign targeting Israeli users with a trojanized version of the *Red Alert* rocket-warning app distributed via SMS messages impersonating Israel’s Home Front Command. The fake app displays legitimate rocket alerts to reduce suspicion while requesting extensive permissions that enable **GPS tracking**, **SMS interception (including one-time passwords)**, contact harvesting, installed-app enumeration, and account discovery; collected data is exfiltrated to a remote server, and the operators used **certificate spoofing** to make the installation appear as if it came from Google Play. Separate consumer-focused advisories described multiple **social-engineering/phishing** lures delivered via text, email, and calendar invites: an “Amazon recall” SMS that pushes victims to a credential-harvesting site for “refunds,” an “Apple Security Alert” pop-up/text/email that attempts to drive victims to call a fraudulent support number or surrender credentials/2FA/payment details, and a trend of **fake calendar invitations** increasingly appearing in Microsoft Outlook (previously more common in Gmail) using urgent subjects (e.g., “Final Notice”) and domain-reconnaissance to personalize invites; the Outlook example noted mixed authentication signals (DMARC/SPF/DKIM pass/fail across relays), underscoring that users and defenders should treat unsolicited invites and urgent account/payment prompts as high-risk even when messages appear superficially legitimate.
1 weeks ago