Jump to content

Search the Community

Showing results for tags 'rcs'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


LinkedIn Profile URL


About Me


Cloud Platforms


Cloud Experience


Development Experience


Current Role


Skills


Certifications


Favourite Tools


Interests

Found 1 result

  1. A new phishing service has been detected sporting a unique way of approaching iOS and Android users. The Phishing-as-a-Service (PhaaS) tool, called “Darcula” and uncovered by researchers at Netcraft, stands out from the crowd as it reaches out to its victims via the Rich Communication Services (RCS) protocol for Google Messages and iMessage, instead of the usual Short Message System (SMS). There are two reasons for the move to RCS, they explain, with the first one being an improved sense of legitimacy of the messages. The second one is that RCS messages are end-to-end encrypted, making them impossible to intercept, or block based solely on the contents of the message. Thousands of domains and IP addresses It’s impossible to say how many people received these smishing messages, but we do know that they’re located in more than 100 countries around the world. Hackers who sign up for the service can impersonate dozens of organizations, choosing between more than 200 phishing templates. After paying for the subscription, the threat actors can choose one of many companies in the postal, financial, government, tax, telecommunications, airlines, and utility verticals, and get a dedicated phishing website with properly aligned fonts, logo images, and more. The researchers described the phishing websites as “high quality”. “The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service (USPS) highlighted in numerous posts on Reddit’s /r/phishing,” the researchers explained in their writeup. The PhaaS apparently has some 20,000 domains, across 11,000 IP addresses. More than 100 new domains are being added to the tool, every day. As usual, the best way to defend against phishing is to use common sense. If the message is unexpected, sounds strange, or too good to be true, extra caution is advised. Via BleepingComputer More from TechRadar Pro A new phishing kit is targeting Gmail and Microsoft email accounts — and it can even bypass 2FA Here's a list of the best firewalls around today These are the best endpoint security tools right now View the full article
  • Forum Statistics

    63.6k
    Total Topics
    61.7k
    Total Posts
×
×
  • Create New...