Musician's Friend Scam Site

Stroman said:
Here is an example of how subtle fake urls can be. If you don't have the two side-by-side, you probably wouldn't notice.

This is why I never ever buy from social media ads. It's tricky enough when you are trying to find the correct url yourself.
Click to expand...
Cybersecurity is a large part of my job. A little while back one of our customers was compromised through an AiTM MFA-stealing phishing attack (nasty) and during that, the attackers stole company signatures and grabbed the customer list. This was for a solicitor that deal with conveyancing.

After I secured our customer's accounts there was still email activity reported between the criminals and our customer's customers. Turned out that half an hour after I'd secured everything, the criminals registered a URL that simply pluralised the company name from &$#*(#Solictor.net to &$#*(#Solictors.net

It took me three weeks to get the scam domain shut down and ultimately got shut down only because I contacted the CEO of the domain registrar that the criminals had used via LinkedIn and pointed out the issue. This was after going through their 'official' reporting channels, etc. Once I'd contacted the CEO it got shut down in 20 minutes. In the end we registered half a dozen adjacent domains to our customer's domain to try and limit this happening again.

In this case, 50K was stolen from one of customer's customers as the scammers had targeted people that were about to pay house deposits and in this case, a 500K house was being purchased with a 50K mortgage deposit.

Not the most money that I've personally seen stolen but in this instance, the fraud was very good and I've seen people fall for much, much less.
 
WhereIsTheOne?! said:
Cybersecurity is a large part of my job. A little while back one of our customers was compromised through an AiTM MFA-stealing phishing attack (nasty) and during that, the attackers stole company signatures and grabbed the customer list. This was for a solicitor that deal with conveyancing.

After I secured our customer's accounts there was still email activity reported between the criminals and our customer's customers. Turned out that half an hour after I'd secured everything, the criminals registered a URL that simply pluralised the company name from &$#*(#Solictor.net to &$#*(#Solictors.net

It took me three weeks to get the scam domain shut down and ultimately got shut down only because I contacted the CEO of the domain registrar that the criminals had used via LinkedIn and pointed out the issue. This was after going through their 'official' reporting channels, etc. Once I'd contacted the CEO it got shut down in 20 minutes. In the end we registered half a dozen adjacent domains to our customer's domain to try and limit this happening again.

In this case, 50K was stolen from one of customer's customers as the scammers had targeted people that were about to pay house deposits and in this case, a 500K house was being purchased with a 50K mortgage deposit.

Not the most money that I've personally seen stolen but in this instance, the fraud was very good and I've seen people fall for much, much less.
Click to expand...
I need multiple response emojis, but the angry one will do.

Good job pushing until you finally got the fake url shut down. 👍🏼
 
Stroman said:
I need multiple response emojis, but the angry one will do.

Good job pushing until you finally got the fake url shut down. 👍🏼
Click to expand...
The nastiest one was a research institution that had a contract with a third party for some regular work.

The same attack method (AiTM, MFA/session-interception) phishing email. They got access to the finance controller's Microsoft 365 account. They sat there for three months. They also compromised the third party contractor by sending a phishing email from our customer's account and used the contractor's email address and format to send a request to our customer to change outgoing payment details to an account controlled by the attackers. The finance controller actioned the request without checking it because they were overloaded and stressed. A commercial VPN was used (it usually is) to obscure manual activity.

140K stolen over the course of three months. As Microsoft login records only go back 30 days, that one took a lot of unpicking. Fortunately (partly due to the quality of our investigative work), their insurer paid out but the meeting outlining the attack was one of the most stressful meetings of my life.

During my initial investigation, I contacted the bank that owned the account controlled by the attackers. Despite me having payment details, the account number, the registered name on the account, times and dates of payments, etc. they were not interested in even looking at the account and brushed me off. Many banks (particularly the challenger banks in my experience) have no interest in dealing with fraud.

The irony is that we have a tool that can pick up these AiTM attacks within 15 minutes of them occurring (and automatically lock affected accounts). It has a nominal cost per user per month so in total for this customer per month it would have been around 200. So for the sake of 200 a month, they lost 140K.

Initial attacks are usually automated (botnets) and don't bother obscuring their IP location, then they forward on the details to a human operator to exploit. If you're lucky, you can catch the initial compromise via the botnet before the human operator can action anything. Done that a few times but you usually only get about half an hour to an hour before bad stuff starts happening.
 
Last edited:
WhereIsTheOne?! said:
Cybersecurity is a large part of my job. A little while back one of our customers was compromised through an AiTM MFA-stealing phishing attack (nasty) and during that, the attackers stole company signatures and grabbed the customer list. This was for a solicitor that deal with conveyancing.

After I secured our customer's accounts there was still email activity reported between the criminals and our customer's customers. Turned out that half an hour after I'd secured everything, the criminals registered a URL that simply pluralised the company name from &$#*(#Solictor.net to &$#*(#Solictors.net

It took me three weeks to get the scam domain shut down and ultimately got shut down only because I contacted the CEO of the domain registrar that the criminals had used via LinkedIn and pointed out the issue. This was after going through their 'official' reporting channels, etc. Once I'd contacted the CEO it got shut down in 20 minutes. In the end we registered half a dozen adjacent domains to our customer's domain to try and limit this happening again.

In this case, 50K was stolen from one of customer's customers as the scammers had targeted people that were about to pay house deposits and in this case, a 500K house was being purchased with a 50K mortgage deposit.

Not the most money that I've personally seen stolen but in this instance, the fraud was very good and I've seen people fall for much, much less.
Click to expand...
Well done!
 
This will be my last post on this subject. Folks, just exercise caution when you are on this Facebook thing.
Every day they come up with different flavor of these ads with too good to be true prices.

1751147341935.png


1751147379675.png
 
so glad that I have never gotten into social media!!!
 
Justin (65 Drums) did a video on this a couple of weeks ago and I think it's important to note it's not just good old social media that's the problem, entire websites are being cloned.
Fortunately they're easy to spot with the ridiculous prices being offered but still....
 
I just found out last week that a guy I know got taken for over about $1000 on a fake Sweetwater site. They had a speaker cab for about $250 that's usually over $2000.
 
I work for a credit union so i see these scams all the time. My advice is to never click on any social media ads, email links, attachments, text links, etc. they are almost always scam sites. the FBI shut down 19,000 fake sites last year . all from china hackers! The fake usps, DMV and Toll road texts scam from the last 8 months were also traced back to China. Government sponsored hackers are the most aggressive and most sophisticated. Some fake Job scams have been linked to North Korean Hackers. Don't accept any job that offers to pay you with a cashiers check before you do any work. The checks are forged. If you get a signing bonus and its a cashiers check, call the making(bank that is named on upper left) Bank and ask if its a real check. They can check to see if its already been cashed or not. Be skeptical of any "great deal"
 
You must log in or register to reply here.
Back
Top