🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Identify and counter malicious links and phishing attempts effectively with CloudSEK XVigil Fake URLs and Phishing module, bolstering your defense against cyber threats
Schedule a DemoCloudSEK’s Threat Intelligence team uncovered a new attack vector for soiling the brand reputation of organizations by supplementing existing scam infrastructure.
Threat Actors have always been on the lookout for ways that they can use to make their scam operations seem legitimate. Historically, we have seen that even if the Fake Domain or the scam domain might seem very real the end goal of the threat actor is receiving money from the victims. A simple check generally reveals if the payment is actually going to the desired organization or not.
In this attack vector lack of verification of the name of the organization while registering a merchant account using a payment provider makes it fairly tough for a victim to differentiate between a legitimate and illegitimate merchant VPA/transaction.
Qwiklabs is a cloud-based platform that offers hands-on learning experiences for developers and IT professionals. It provides temporary credentials to Google Cloud Platform (GCP) and other cloud platforms, allowing users to practice their skills in real-world environments. Although the intended use of the temporary credentials is learning GCP skills, threat actors are abusing this to add a layer of obscurity by using these credentials to create merchant accounts.
We uncovered the following while investigating this attack vector:
The screenshot on the right is an authorized reseller of Apple in India and all the details are verifiable, which includes the Mobile number, Email information as well as the Website. Whereas, the screenshot on the left is a scam merchant account because of the following reasons:
Qwiklabs is used because while creating a Gmail account and signing up for pay.google.com to setup merchant transactions a Phone Number verification is required which can land a threat actor in trouble. While signing up for qwiklabs the following are required -
Please Note - A temporary inbox provider like temp-mail.org can be used to fill in the company email.
Once an attacker has signed in to the portal they can choose a learning path which contains a hands-on learning lab, for that qwiklabs gives temporary access to gmail inbox. This Gmail inbox is then used to set up a merchant UPI ID without the use of a phone number.
The above account was created without divulging any personal information.
A User can take following precautions to be safe from this type of elaborate scheme:
WazirX, a leading Indian cryptocurrency exchange, faced a major security breach on July 18, 2024 resulting in significant financial losses of over $200 Million. Dive into our detailed analysis to uncover how the attack unfolded, potential culprits, and the broader implications for WazirX users.
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
Explore the escalating wave of cyber threats on platforms like Google Groups and Usenet, uncovering the pivotal role of cybersecurity in safeguarding online discussion forums.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
8
min read
CloudSEK’s Threat Intelligence team uncovered a new attack vector for soiling the brand reputation of organizations by supplementing existing scam infrastructure.
CloudSEK’s Threat Intelligence team uncovered a new attack vector for soiling the brand reputation of organizations by supplementing existing scam infrastructure.
Threat Actors have always been on the lookout for ways that they can use to make their scam operations seem legitimate. Historically, we have seen that even if the Fake Domain or the scam domain might seem very real the end goal of the threat actor is receiving money from the victims. A simple check generally reveals if the payment is actually going to the desired organization or not.
In this attack vector lack of verification of the name of the organization while registering a merchant account using a payment provider makes it fairly tough for a victim to differentiate between a legitimate and illegitimate merchant VPA/transaction.
Qwiklabs is a cloud-based platform that offers hands-on learning experiences for developers and IT professionals. It provides temporary credentials to Google Cloud Platform (GCP) and other cloud platforms, allowing users to practice their skills in real-world environments. Although the intended use of the temporary credentials is learning GCP skills, threat actors are abusing this to add a layer of obscurity by using these credentials to create merchant accounts.
We uncovered the following while investigating this attack vector:
The screenshot on the right is an authorized reseller of Apple in India and all the details are verifiable, which includes the Mobile number, Email information as well as the Website. Whereas, the screenshot on the left is a scam merchant account because of the following reasons:
Qwiklabs is used because while creating a Gmail account and signing up for pay.google.com to setup merchant transactions a Phone Number verification is required which can land a threat actor in trouble. While signing up for qwiklabs the following are required -
Please Note - A temporary inbox provider like temp-mail.org can be used to fill in the company email.
Once an attacker has signed in to the portal they can choose a learning path which contains a hands-on learning lab, for that qwiklabs gives temporary access to gmail inbox. This Gmail inbox is then used to set up a merchant UPI ID without the use of a phone number.
The above account was created without divulging any personal information.
A User can take following precautions to be safe from this type of elaborate scheme: