156. Romancing the Scam
Here are a few highlights from each article we discussed:
- In a deceptive bait and switch (pun absolutely intended), a customer service gig turned into a catfishing scheme, targeting those looking for companionship during the pandemic
- The story begins with a person needing a job during the pandemic and found one with a company called vDesk
- It does what a lot of companies do – they’re a third party procurer of customer service people – people who take calls at home, people who make hotel reservations, help you order things over the Internet, they provide those people who do that at-home work
- They had a side business for people to moderate “dating sites”
- If you do real digging, you might be skeptical, but at first glance, the ads they share look pretty credible – it would not raise any alarms
- This job title was “freelance customer support representative” and they were asked to moderate dating websites, but that turned into creating personas to lure people into paying money
- The sites in question are not in huge reach, but they aren’t necessarily questionable-looking
- They need 2 Euros to get a message back, however (so if you want to receive a reply, you need to pay 2 Euros to do so)
- Unless you have your security wits about you, you probably won’t see any red flags. The virtuals (online personas), don’t seem fake. But how will AI impact this type of scam
- In this case, if you Google the headshots of the accounts in question, they almost always come from pornography websites – they’re a widely available source of photos
- With AI, if you can make composite people, it will be harder to detect because you won’t be able to Google the face anymore and find a face on the Internet – it will look unique
- This is similar to the Manti Te’o documentary from Netflix, where a prominent athlete was catfished and to try to confirm the identity of the person he was talking to, he asked a sign with today’s date written on it, and with the increasing abilities of AI, it seems like that will make scams like this much harder to detect
- It seems like it will only help build legitimacy around the catfisher
- Last week Adobe implemented some new AI features where the barrier to entry seems very low – it’s pretty easy at this point and there’s no reason to not create dozens and dozens of fake images for scams
- Are there any mitigations to scams such as these?
- We would recommend staying with a reputable site and although you have to pay monthly to gain access as a whole, if you have to pay per message, that’s a really good sign it’s a scam
- Customer service reps are collecting data on their victims like kids’ names, vacation plans, if they go to therapy – what are they doing with this information?
- If we had to guess, it’s probably being sold to spammers – people who are spamming somehow so they can better tailor their messages
- Eclypsium shares details of backdoor-like behavior found in Gigabyte systems along with the risk and impact and further recommendations
- Gigabyte is a motherboard manufacturer – they might also do graphics cards, but in general, they’re known for motherboards
- They target the gaming market quite a bit – people who build their own PCs
- They’re not sitting in a bunch of server racks
- The detections were made by heuristic methods
- Heuristic methods mean they looked at it real hard, so they looked at it a little more :)
- It’s looking for abnormalities
- Ecylpsium has been tracking the boot process for a while now and they found some issues with how windows is able to boot things securely
- How does the backdoor operate and does it pose more risk?
- In a lot of ways this looks like a normal update service so there’s a lot of reasons to patch after the fact
- You also have this concept in Windows trying to protect the boot layer so in Windows 8 and beyond
- This creates a file and you can look for it in three places
- One of them is just an HTTP connection to a Gigabyte site
- Another is an HTTPs connection to a Gigabyte site
- And then a local storage so if you were going to try to update a lot of machines locally you would start here
- What are the takeaways from this process
- From Eclypsium’s point of it – if you’re just looking for an HTTP connection, you could have a man-in-the-middle attack
- Gigabyte has patched this for 270+ different models and pretty quickly
- But then you’ll have other machines out there that don’t have this update
- What is the risk with these patches being available for those who were impacted?
- They didn’t publish a POC and nothing was found in the wild
- For now it looks like something the vendors can be proactive about
- What mitigations have been provided?
- First off, there’s the patch available
- There are some things you can do on the Windows side to make files read only – that would be your best bet for now
This Week’s Hoodie/Goodie Scale
Keep It on the .dll
[Taylor]: 3.127/10 Hoodies
[Kelly]: 5/10 Hoodies
Better Regulate Than Never
[Taylor]: 4.5/10 Hoodies
[Kelly]: 4/10 Hoodies
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!