Watch Out For Black Newsjacking: FOSCAM camera poisoned search results



 

FOSCAM

Security researchers frequently report on vulnerable IoT devices. Cisco's Talos group just reported that Foscam video cams have a security risk.  We did a Google search on Foscam Indoor Camera and found scammers have already taken advantage of this and are redirecting to a fake ransomware site which also has audio telling you that you have porn and they will report you to the authorities unless you call the number, which has a criminal call center answering the phone.  

We captured the event on screen cap. If you do a Google on Foscam Indoor Camera the two first US sites are hijacked to this faux ransomware page. You can watch the video without risk of your machine getting infected. Wait for the creepy audio to start! 

We are calling this tactic “Black Newsjacking”. The legit use is quickly blogging about a major news event. Bad guys do something similar, but create pages on servers with exploit kits and used Black SEO techniques to get these pages up quickly in the organic page ranks. Clicking on the link compromises the workstation, or launches a social engineering attack that is sometimes called "reverse phishing" because the victim calls the perp. Current example, the FOSCAM camera.

Whether you call it search “tampering” or “poisoning”, 2018 will see an increase in search results that route users to compromised sites which exploits bugs in the workstation’s software, resulting in a complete take-over of their computer.

Users will have to be particularly vigilant if they work in regulated industries such as Financial Services, Insurance and Healthcare, where personal identifiable information abounds. Step them through new-school security awareness training so they do not fall for scams like this. 

See It For Yourself 

We know that keeping your users on their toes with security top of mind is not easy. Every organization has its own individual challenges but now, finally, our platform allows you to create a fully mature new-school security awareness program.

Get a demo and ask to see our ModStore which gives you an all-you-can-eat buffet of more than 400 items like interactive learning modules, videos, animations, games, posters, tip sheets and other downloadable items. It includes:

  • 20 e-learning modules
  • 8 interactive learning modules
  • 7 compliance modules
  • 100+ videos bite-size 1-3 minute
  • 33 trivia games
  • 125+ pieces of artwork

Request A Demo

Don't like to click on redirected buttons? Copy and paste this in your browser: https://info.knowbe4.com/training-request-a-demo

Prepare to be pleasantly surprised...

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc

NewStu.png




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews