Category Archives: For Home

Scam Alert: Digi Phishing Campaign Detected, Asking Credentials for a Prize

Summary: we discovered a Digi phishing campaign targeted at Romanian internet users. However, the campaign is displaying tailored content for each country, so its actual target pool is much larger. The malicious domains could be accessed from organic Google search results and led the user to a page with Digi branding elements.

Once there, the users were invited to go through some steps, ‘win’ a prize consisting of a new smartphone and then claim the ‘prize’ by submitting their personal details, including credit card information.

How Does the Digi Phishing Campaign Work?

Incidentally, we found these malicious websites while looking for Antivirus-related search words on Google. It’s pretty ironic if I think about it since people who are looking for cybersecurity software could be well enough prepared to recognize a phishing campaign. Of course, I suspect that this is not the only search that could lead to these malicious but organic results to be displayed.

malicious organic search results

The malicious link for the Digi phishing campaign only worked if accessed from Google. If we attempted to access them directly, the browser just entered a redirect loop and nothing was loaded.

Once we accessed the website, the page first asked for verification of humanity (the standard ‘Confirm you are not a robot’ checkbox). Oddly, this first screen was displayed in Spanish, although the next ones are in Romanian, based on the correct identification of our location.

digi phishing campaign pic 1

After moving past the human confirmation screen, a page imitating the Digi brand is displayed. The page offers congratulations for being ‘one of the selected 100 users’ eligible to receive a smartphone gift. But before you can receive your gift, you need to answer 9 questions.

digi phishing campaign pic 2

The questions are well crafted as to not arouse suspicion. All of them were about the devices you use, what other internet and cable providers have you had, that kind of stuff – it can seem like legitimate competitor research questions a brand can ask its users.

After moving through the questions, you get another confirmation that you answered all of them, that no duplicate IP entries were found and that you are indeed about to get the smartphone reward.

digi phishing campaign page 3

Clicking ‘Next’ will take you to a page displaying the smartphone prize and asking for your email, as well as a confirmation you are over 18.

digi phishing campaign pic 4

After entering your email, you are asked for your credit card details, allowing you to ‘buy’ the smartphone for 4.99 RON, the approximate equivalent of 1 EURO. There’s also a countdown timer on the offer to make you feel the FOMO.

Judging by the bad grammar and spelling on this page, I have a strong hunch that this Digi phishing campaign displays in other languages as well, probably across Europe. 

digi phishing campaign pic 5

These are the malicious URLs we identified as part of this Digi phishing campaign (but they do not work if accessed directly, only if accessed through search results):

http://applefarm.it/wx0/reason-premium-antivirus.html 

https://fres-news.com/?p=gbtdayrtgm5gi3bpgm3dk

https://1.fres-news.com/?p=gbtdayrtgm5gi3bpgm3dk

https://2.fres-news.com/?p=gbtdayrtgm5gi3bpgm3dk

https://customers-surveys.com/lp/d467a0446787ab993210cf648d6fb1af/02522a2b2726fb0a03bb19f2d8d9524d.html?browser={browser}&p=599&lpkey=15017060014a220f78&source=AdCash&campaign=173949420&zone=2048991-600419873-0&subzone=Adsterra&uclick=2tdv1ne2bl#

https://supertrackingz.com/click.php?lp=1

https://get-the-better-deal.com/page?cam=11189&country=ro&pub=313&clickid=8c9632tdv1ne2blffa

Meanwhile, our own cybersecurity software (the DNS traffic filtering engine in Thor Foresight Home) blocks all of the above.

Context: Another Campaign Which Fakes Digi Branding, but on Social Media

As it happens, another fraudulent campaign using the Digi branding has been identified in the past few days, on social media. There were 5 fake Facebook Digi accounts posing as the official page, even if they were clearly recently created and had very few likes. Link to full story HERE (the text is written in Romanian).

Even more weirdly, one of the pages also ran a sponsored campaign on Facebook, attempting to grow its user pool. The incident is unanimously believed to be a part of a potential electoral fraud campaign, preparing to flood people with fake news in order to influence their votes.

This Digi fake accounts campaign is not so different from the Cambridge Analytica scandal and also with some Russian involvement. Some of the ‘o’ characters in these fake Digi pages were not quite right, and a closer look revealed that the input method had been a Russian keyboard, using the Cyrillic equivalent of ‘o’.

Potential of Electoral Fraud?

Such campaigns have a huge potential for electoral fraud and other types of social engineering. While the two types of campaigns discovered could be unconnected, I’m not yet sure it’s all a coincidence.

It’s clear that the objective of the first campaign was to collect credit card details for some type of actual financial theft. It’s also true that Digi is a very well-known brand, so it makes sense for any hacking group to use its image for a campaign.

But at the same time, I am also concerned that the two Digi phishing campaigns are not unrelated and hacking into people’s wallets is just another offshoot of malicious intent. Especially since elections are upcoming and social engineering has already proved its potential for evil, I suspect we will see more in the following months.

How to Stay Safe from Phishing and Social Engineering in General:

We’ve written dedicated guides on how to stay safe from phishing and how to recognize social engineering. Please feel free to browse them and take some precautions from there.

In a nutshell, the most important take-away from the Digi phishing campaign is this: never fail to verify whether a domain you are accessing is the real deal. You can do this by checking its name in the address bar, by closing the tab and going to the official website, or even by contacting the customer service to be found on the official page. If an offer sounds too good to be true, it probably is.

As for social engineering and the potential of election fraud, things can be more complicated. There was huge backlash in both ways after the Cambridge Analytica scandal came to life. People are not comfortable accepting that they can be manipulated easily and that perhaps their ideas are not exactly their own. The only advice for this, beyond checking whether the pages posting stuff on social media are the official ones, is to strengthen your critical thinking as much as possible.

Note: I would like to thank my colleague Eduard Roth who initially drew my attention to this Digi phishing scam.

The post Scam Alert: Digi Phishing Campaign Detected, Asking Credentials for a Prize appeared first on Heimdal Security Blog.

What Is Safe Mode on My Phone?

Ever experienced buggy features on your phone? Well, there’s a way to solve them and it does not involve sending your phone packing to the nearest repair shop – it’s called the safe mode and, yes, it works just like Microsoft Windows’ repair and debugging environment. So, what is safe mode on my phone? Long story short, it could be your only shot at making that phone off your works again.

Screen freezes, unresponsive features, cascading restarts – all could be symptoms of a conflictive application. Unfortunately, uninstalling the application in question may not resolve the issue. Anyway, here’s how to switch on the safe mode on your phone.

What happens when your phone reboots in safe mode?

Basically, the safe mode is an environment where you debug faulty applications, turn off the feature that is otherwise hidden in normal mode. A Windows user knows best that in order to completely uninstall an app, you would need to go into safe mode. Well, that’s, more or less, what happens when you use this smartphone feature.

The environment is not at all different from your regular UI – all the apps are there, menus, connectivity options. However, while running in safe mode, you won’t be able to use widgets and some third-party applications; you won’t need them anyway since your goal here is to determine what went wrong with your phone. Well, that’s about it in safe mode. Yes, I know that it’s not a lot, but then again, you can’t get more straightforward than this.

Oh, by the way – most of the smartphone mishaps are generated by latent malware. On that note, I would wholeheartedly recommend using Thor Mobile Security, our latest malware-busting tool. Take it for a spin – first month’s on the house. If you don’t like it, you can always cancel your subscription and rely on your tool of choice.

Free Trial

How do you turn on the safe mode on your phone?

The quickest answer would be that it depends on what operating system your phone runs. Interestingly enough, the procedure’s the same across all iPhone devices, regardless of the OS. I’ll start with this one.

Turning on safe mode on your iPhone

Here’s a rundown on how to switch on the safe mode feature on your iPhone.

Step 1. Power down your phone by holding the power button.

Step 2. Wait until the phone’s completely powered off.

Step 3. Press and hold the power button again.

Step 4. When the screen lights up, hold down the Volume down button. Keep the two buttons pressed until the Apple logo appears on the screen.

Step 5. Your phone will now boot up in safe mode. Now you can safely remove any malfunctioning applications.

That was suspiciously easy, wasn’t it? Told you that the procedure’s the same when it comes to iPhones. Now that the fun part is over, let’s see how to switch on the safe mode on your Android device.

Turning on safe mode on Android

Let me start by showing you how to switch on this feature on most Samsung Galaxy phones.

Step 1. Drag down the notification bar.

Step 2. Tap on the “Safe mode enabled” button.

Step 3. Confirm and wait until your phone restarts. Congrats! Your phone is now operating in a safe mode.

Pitch-perfect! But that’s hardly the only way to switch on the celebrated safe mode. As I might have mentioned, the procedure depends on the type of phone you have. The list below will show you to unlock the feature on your Android phone.

Safe mode on HTC phones

If you have an HTC device, here’s how to switch on the safe mode.

Step 1. Press and hold the Power key. It should be located on the right side of your phone.

Step 2. Hold the Power key for about three seconds.

Step 3. From the power down menu that appears on the screen, tap and holds the Power off icon. After a couple of seconds, a new power down option will appear on your screen – “Reboot to safe mode”.

Step 4. Hit the Restart button. Your phone will now boot up in safe mode.

Safe mode on LG phones

To switch on the safe mode on your LG phone, start by holding the Power key and select the Restart option. Once the LG logo appears on the screen, hold down the Volume Down key. To see if safe mode is enabled, take a closer look at the bottom left corner of the screen. If you followed the above-mentioned steps, a Safe mode icon should appear.

Safe mode on Moto G phones

If you have a Motorola smartphone, please follow these steps in order to enable safe mode.

Step 1. Press and hold the Power key.

Step 2. Please release the power key when the Shut Down menu appears.

Step 3. Long-press the power off button.

Step 4. When the Reboot to Safe Mode option appears on your screen, tap on OK to initiate safe mode.

Safe mode on Huawei smartphones

It’s trickier to switch on the safe mode on Huawei phone since it involves removing the battery. Just follow the steps below.

Step 1. With the phone turned on, remove the back cover.

Step 2. Remove the battery.

Step 3. Put the battery back in the slot.

Step 4. Hold down the Menu.

Step 5. Long-press the Power Key. Don’t let go of that Menu key.

Step 6. If done correctly, the message “Safe Mode” should appear in the lower part of the screen.

Safe Mode on Blackberry PRIVs

Here’s a quick guide ton how to turn off the feature on your Blackberry PRIV phone.

Step 1. Long-press the Power button.

Step 2. When the Power Off menu appears on the screen, long-tap the Power Off button.

Step 3. After a couple of seconds, a safe mode prompt will appear on your screen.

Step 4. Tap OK to confirm.

Safe mode on Xiaomi smartphones

There are two ways to enable this feature on your Mi smartphone. Check out the guide below.

First method

Step 1. With the device powered on, long-press the power key.

Step 2. When the power menu appears, let go of the power key.

Step 3. Long-press the Power Off button.

Step 4. After a couple of seconds, the Android Safe Mode message will appear on your screen.

Step 5. Hit the Reboot button to restart the device into safe mode.

Second method

Step 1. Restart your device. You can do that by selecting the Restart option from the Power Off menu.

Step 2. When the Xiaomi logo appears on your screen, tap the Menu key.

Step 3. Continue tapping the menu key until you see the lock screen.

Step 4. The Android Safe Mode message should now be on your screen.

Safe mode on your Oppo smartphone

Oppo phones are the latest addition to the market. Can’t say I’ve had too much contact with them, but from what I’ve gathered, they’re cheap and surprisingly high-performing. So, here’s how to switch on the safe mode on your Oppo phone.

Step 1. Press and hold the Power key.

Step 2. In the Power Off menu, tap and hold the power off. Keep it pressed for a couple of seconds.

Step 3. A second power off menu till appear.

Step 4. Tap on OK to confirm booting into safe mode.

Wrap-up

Well, that’s about everything you need to know about the issue at hand (what is safe mode on my phone). As I’ve mentioned, sometimes it may be the only way to get rid of buggy applications and unresponsive features. And, if all else fails, there’s always the restore to factory settings feature. Hope you’ve enjoyed the read and, as always, for comments, rants, beer donations, shoot me a comment.

The post What Is Safe Mode on My Phone? appeared first on Heimdal Security Blog.

Participate in Our Survey and Get the Chance to Win A $50 Amazon Voucher!

If you’re a Heimdal Blog reader and/or our customer, you already know we advocate for continuous cybersecurity education.

This is why we decided to launch a survey to better understand what’s your level of cybersecurity awareness and what security measures you apply to stay safe on the Internet. Based on your responses, we will create a report to analyze and present the current state of consumers’ cybersecurity hygiene and awareness.

Stay tuned for the final results!

What’s in it for you?

We’ve also prepared some special prizes for you, meaning you can get the chance to win one of the 5 Amazon vouchers worth $50!

Here you can access the survey.

Read the Rules, Terms and Conditions, and Privacy Policy:

Survey/Sweepstakes Rules

ELIGIBILITY:

Survey/Sweepstakes is open to anyone of legal age in their residing country as of the date of entry, including but not limited to Thor Home users. Employees of Heimdal Security (the Sponsor) and their affiliates, subsidiaries, advertising and promotion agencies, suppliers and their immediate family members and/or those living in the same household of each are not eligible to participate in the Sweepstakes. No purchases are necessary. A purchase will not increase chances of winning. All federal, state and local laws and regulations apply. Void where prohibited or restricted by law. Only the respondents who provide their email address at the final question of the survey (Question 39) will be eligible for winning the prize.

AGREEMENT TO RULES:

By participating, you agree to be fully unconditionally bound by these Rules, and you represent and warrant that you meet the eligibility requirements set forth herein. In addition, you agree to accept the decisions of Heimdal Security, as final and binding as it relates to the content. The Sweepstakes is subject to all applicable federal, state, and local laws.

SURVEY/SWEEPSTAKES PERIOD:

The Survey/Sweepstakes entry period begins at 1:30 pm CET on September 3, 2019, and ends at 1:30 pm CET on October 3, 2019. Winners will be selected from entries properly submitted and timely received during the Survey/Sweepstakes Period.

HOW TO ENTER:

During the Survey/Sweepstakes Period, submit your responses here. The entries must fulfill all sweepstakes requirements, as specified, to be eligible to win a prize. Winners will be granted the prize upon submitting their full name and valid email address at the final question of the survey (Question 39). Respondents who have not provided a valid email address will not be eligible for winning. You may enter only once and you must fill in the information requested. You may not enter more times than indicated by using multiple email addresses, identities or devices in an attempt to circumvent the rules. If you use fraudulent methods or otherwise attempt to circumvent the rules your submission may be removed from eligibility at the sole discretion of Heimdal Security.

PRIZES AND ODDS OF WINNING:

There will be 5 winners drawn at random. Each of the 5 winners will receive a $50 Amazon gift card. No cash or other prize substitution permitted. The prize is non-transferable. Any and all prize-related expenses, including without limitation any and all federal, state, and/or local taxes shall be the sole responsibility of the winner. No substitution of prize or transfer/assignment of prize to others or request for the cash equivalent by winners is permitted. Acceptance of prize constitutes permission for Heimdal Security to use winner’s name, likeness, and entry for purposes of advertising and trade without further compensation unless prohibited by law. The odds of winning depend on the number of eligible entries received.

HOW WINNERS ARE SELECTED AND NOTIFIED:

Five (5) winners will be selected by random drawing to be held on October 4, 2019. Winners will be chosen from survey responses received in the Survey/Sweepstake Period. The potential winners will be notified via email to the email address submitted at the final question of the Survey (Question 39) within one (1) week after the drawing. The drawing will be conducted by Heimdal Security. In the event that a potential winner is disqualified for any reason, Heimdal Security may award the applicable prize to an alternate winner selected randomly. Heimdal Security shall have no liability for a winner’s failure to receive notices due to winners’ spam, junk e-mail or other security settings or for winners’ provision of incorrect or otherwise non-functioning contact information. If the selected winner cannot be contacted, is ineligible, fails to claim the prize within 15 days from the time award notification was sent, or fails to timely return a completed and executed declaration and releases as required, prize may be forfeited, and an alternate winner selected.

TERMS AND CONDITIONS:

Heimdal Security reserves the right to modify, terminate, suspend, or cancel the Survey/Sweepstakes at its sole discretion. Heimdal Security also reserves the right to disqualify your entry if found ineligible to participate. If a dispute arises regarding your identity, Heimdal Security reserves the right not to award the prize and draw another winner.

Heimdal Security has the right, in its sole discretion, to maintain the integrity of the Survey/Sweepstakes, to void votes for any reason, including, but not limited to multiple entries from the same user from different IP addresses, multiple entries from the same computer in excess of that allowed by sweepstakes rules, or the use of bots, macros or scripts or other technical means for entering.

Any attempt by an entrant to deliberately damage any web site or undermine the legitimate operation of the sweepstakes may be a violation of criminal and civil laws and should such an attempt be made, Heimdal Security reserves the right to seek damages from any such person to the fullest extent permitted by law.

PRIVACY POLICY:

Your identity will not be disclosed to any third-parties and will only be accessed by Heimdal Security. The names and email addresses collected in the Survey/Sweepstakes period will be deleted within one (1) week after the winners are announced unless you explicitly signed up to receive future Newsletter communications. can opt-out of receiving this communication at any time by clicking the unsubscribe link in the newsletter and choose to be deleted from Heimdal Security’s database.

Your responses will be used to create a report around the current state of consumers’ cybersecurity awareness and practices. Responses will be kept anonymous.

SPONSOR:

HEIMDAL SECURITY • VAT NO. 35802495 • VESTER FARIMAGSGADE 1 • 3 SAL • 1606 KØBENHAVN V

The post Participate in Our Survey and Get the Chance to Win A $50 Amazon Voucher! appeared first on Heimdal Security Blog.