We continue a series of articles about the theft of data and accounts. Now we will explain why we decided to raise this topic.
Recently, the creator of the Creator Tools plugin, Igor, began to receive letters. And in a week I received as many as 5 such letters!
How did it look in a particular case?
Fraudsters are casting the bait that they are allegedly advertising departments of large companies and they want to advertise on your channel. You enter into a dialogue, and in the next letter they send you a link, usually to Google Drive, asking you to download an archive or document.
If it is an archive, then it will most likely contain the file that they are asking to run. And this program immediately after installation will go through your file system, registry and send your session keys to scammers. They will just have to log into your account as if it were you. And that's it, it's done! You have been hacked!
More often, the protection system copes and understands that there is an attempt to log in from a new device / location / browser. And if you have two-factor authentication enabled, then attackers will be asked to enter a security code sent to your phone. And it becomes almost impossible to steal an account.
But they have another way to steal your code. They can, having learned your personal phone number thanks to hacking, send you an SMS to your phone with a link allegedly to Instagram or another service. By clicking on which, they will be able to obtain additional data and already intercept the security code.
This whole attack is complex and only works if the user is not careful.
You may also be interested in