Latest news with #Darcula
Daily Mail
16-05-2025
- Business
- Daily Mail
Australia Post customers warned to be on high alert for new 'Darcula' scam texts
Australia Post has issued a warning about a new scam exposing countless of its customers to massive personal and financial losses. The scam, known as 'Darcula', involves sending fradulent messages purportedly sent by Australia Post, advising customers that their delivery had failed due to an invalid post code. Customers are then asked to click on a link to a page that appears similar to Australia Post's website where they are asked to provide personal information. Australia Post shared the alert on its website on Friday, reminding Australians it would never call, text or email customers to request access to personal or financial information or payment. It also shared new research which found nine in 10 Aussies have received a scam text or call while nearly three-quarters have been targeted by scams mimicking parcel delivery services. 'Scammers prey on busy lifestyles and the excitement and urgency in waiting for a package', Australia Post chief information security officer Adam Cartwright said. 'The safest way to track your deliveries is directly through the official AusPost app. If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages — always check the app first.' Hacker and founder of Sydney-based cybersecurity firm Dvuln Jamieson O'Reilly told Daily Mail Australia the consequences of falling prey to a Darcula scam could be dire depending on how far the scammer was willing to go. 'As soon as the victim enters their details, the information appears in the criminal's dashboard. They can watch it live and immediately use the information,' he said. 'They might drain bank accounts, steal identities, or sell the information on dark web forums.' Mr O'Reilly said the scam was an example of a 'Phishing-as-a-Service' platform. 'It gives cybercriminals a turnkey solution to launch sophisticated brand impersonation campaigns,' he said. 'Unlike older phishing kits that rely on hackers cloning legitimate websites and using these static phishing pages, Darcula is a little more innovative. 'It's offered as a subscription-based cybercrime toolkit that makes it incredibly easy for scammers to launch fake websites that look like trusted brands such as Auspost or DHL.' Mr O'Reilly said the new scam recently entered its third iteration, opening the field to less-skilled scammers who can benefit from the increasingly automated platform. 'Criminals don't need to be technical. They just pick a brand, choose a scam message (like 'you missed a parcel'), and Darcula sets everything up for them,' he said.
Yahoo
16-05-2025
- Business
- Yahoo
Sophisticated phishing scam impersonates postal giant
Australians are being urged to be on alert as a sophisticated scam is circulating in text messages and emails, impersonating one of the country's largest organisations. Dubbed "Darcula", the phishing scam sends out fraudulent messages claiming that a delivery from Australia Post failed due to an invalid postcode. It lures recipients into clicking malicious links, designed to steal personal information. The scam uses advanced techniques to bypass telco and network filters, allowing it to spread over iMessage and Rich Communication Services. It comes as new data released by the postal giant reveals that more than 90 per cent of Australians have been targeted by scammers in their lifetime. Meanwhile, 74 per cent of people have reported that scams commonly impersonate shipping and parcel delivery. This is a worrying statistic, according to Adam Cartwright, chief information security officer at Australia Post. He said it has never been more important to rely on trusted channels when managing deliveries. "If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages, always check the (AusPost) app first," he said. Australians reported close to 250,000 scams last year, with financial losses totalling $318.8 million according to the National Anti-Scam Centre's Scamwatch service. Phone scams had the highest overall losses for contact method with $107.2 million reported lost across 2179 reporters. Australia Post is urging customers to remain vigilant and warn that parcel delivery scams may reference other delivery company names, both real and fake. Australia Post will never request personal or financial information, such as passwords, credit card details, or account information. The service will also never contact customers via call, text, or email to ask for payment.
The Advertiser
16-05-2025
- Business
- The Advertiser
Sophisticated phishing scam impersonates postal giant
Australians are being urged to be on alert as a sophisticated scam is circulating in text messages and emails, impersonating one of the country's largest organisations. Dubbed "Darcula", the phishing scam sends out fraudulent messages claiming that a delivery from Australia Post failed due to an invalid postcode. It lures recipients into clicking malicious links, designed to steal personal information. The scam uses advanced techniques to bypass telco and network filters, allowing it to spread over iMessage and Rich Communication Services. It comes as new data released by the postal giant reveals that more than 90 per cent of Australians have been targeted by scammers in their lifetime. Meanwhile, 74 per cent of people have reported that scams commonly impersonate shipping and parcel delivery. This is a worrying statistic, according to Adam Cartwright, chief information security officer at Australia Post. He said it has never been more important to rely on trusted channels when managing deliveries. "If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages, always check the (AusPost) app first," he said. Australians reported close to 250,000 scams last year, with financial losses totalling $318.8 million according to the National Anti-Scam Centre's Scamwatch service. Phone scams had the highest overall losses for contact method with $107.2 million reported lost across 2179 reporters. Australia Post is urging customers to remain vigilant and warn that parcel delivery scams may reference other delivery company names, both real and fake. Australia Post will never request personal or financial information, such as passwords, credit card details, or account information. The service will also never contact customers via call, text, or email to ask for payment. Australians are being urged to be on alert as a sophisticated scam is circulating in text messages and emails, impersonating one of the country's largest organisations. Dubbed "Darcula", the phishing scam sends out fraudulent messages claiming that a delivery from Australia Post failed due to an invalid postcode. It lures recipients into clicking malicious links, designed to steal personal information. The scam uses advanced techniques to bypass telco and network filters, allowing it to spread over iMessage and Rich Communication Services. It comes as new data released by the postal giant reveals that more than 90 per cent of Australians have been targeted by scammers in their lifetime. Meanwhile, 74 per cent of people have reported that scams commonly impersonate shipping and parcel delivery. This is a worrying statistic, according to Adam Cartwright, chief information security officer at Australia Post. He said it has never been more important to rely on trusted channels when managing deliveries. "If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages, always check the (AusPost) app first," he said. Australians reported close to 250,000 scams last year, with financial losses totalling $318.8 million according to the National Anti-Scam Centre's Scamwatch service. Phone scams had the highest overall losses for contact method with $107.2 million reported lost across 2179 reporters. Australia Post is urging customers to remain vigilant and warn that parcel delivery scams may reference other delivery company names, both real and fake. Australia Post will never request personal or financial information, such as passwords, credit card details, or account information. The service will also never contact customers via call, text, or email to ask for payment. Australians are being urged to be on alert as a sophisticated scam is circulating in text messages and emails, impersonating one of the country's largest organisations. Dubbed "Darcula", the phishing scam sends out fraudulent messages claiming that a delivery from Australia Post failed due to an invalid postcode. It lures recipients into clicking malicious links, designed to steal personal information. The scam uses advanced techniques to bypass telco and network filters, allowing it to spread over iMessage and Rich Communication Services. It comes as new data released by the postal giant reveals that more than 90 per cent of Australians have been targeted by scammers in their lifetime. Meanwhile, 74 per cent of people have reported that scams commonly impersonate shipping and parcel delivery. This is a worrying statistic, according to Adam Cartwright, chief information security officer at Australia Post. He said it has never been more important to rely on trusted channels when managing deliveries. "If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages, always check the (AusPost) app first," he said. Australians reported close to 250,000 scams last year, with financial losses totalling $318.8 million according to the National Anti-Scam Centre's Scamwatch service. Phone scams had the highest overall losses for contact method with $107.2 million reported lost across 2179 reporters. Australia Post is urging customers to remain vigilant and warn that parcel delivery scams may reference other delivery company names, both real and fake. Australia Post will never request personal or financial information, such as passwords, credit card details, or account information. The service will also never contact customers via call, text, or email to ask for payment. Australians are being urged to be on alert as a sophisticated scam is circulating in text messages and emails, impersonating one of the country's largest organisations. Dubbed "Darcula", the phishing scam sends out fraudulent messages claiming that a delivery from Australia Post failed due to an invalid postcode. It lures recipients into clicking malicious links, designed to steal personal information. The scam uses advanced techniques to bypass telco and network filters, allowing it to spread over iMessage and Rich Communication Services. It comes as new data released by the postal giant reveals that more than 90 per cent of Australians have been targeted by scammers in their lifetime. Meanwhile, 74 per cent of people have reported that scams commonly impersonate shipping and parcel delivery. This is a worrying statistic, according to Adam Cartwright, chief information security officer at Australia Post. He said it has never been more important to rely on trusted channels when managing deliveries. "If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages, always check the (AusPost) app first," he said. Australians reported close to 250,000 scams last year, with financial losses totalling $318.8 million according to the National Anti-Scam Centre's Scamwatch service. Phone scams had the highest overall losses for contact method with $107.2 million reported lost across 2179 reporters. Australia Post is urging customers to remain vigilant and warn that parcel delivery scams may reference other delivery company names, both real and fake. Australia Post will never request personal or financial information, such as passwords, credit card details, or account information. The service will also never contact customers via call, text, or email to ask for payment.
Perth Now
15-05-2025
- Business
- Perth Now
Sophisticated phishing scam impersonates postal giant
Australians are being urged to be on alert as a sophisticated scam is circulating in text messages and emails, impersonating one of the country's largest organisations. Dubbed "Darcula", the phishing scam sends out fraudulent messages claiming that a delivery from Australia Post failed due to an invalid postcode. It lures recipients into clicking malicious links, designed to steal personal information. The scam uses advanced techniques to bypass telco and network filters, allowing it to spread over iMessage and Rich Communication Services. It comes as new data released by the postal giant reveals that more than 90 per cent of Australians have been targeted by scammers in their lifetime. Meanwhile, 74 per cent of people have reported that scams commonly impersonate shipping and parcel delivery. This is a worrying statistic, according to Adam Cartwright, chief information security officer at Australia Post. He said it has never been more important to rely on trusted channels when managing deliveries. "If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages, always check the (AusPost) app first," he said. Australians reported close to 250,000 scams last year, with financial losses totalling $318.8 million according to the National Anti-Scam Centre's Scamwatch service. Phone scams had the highest overall losses for contact method with $107.2 million reported lost across 2179 reporters. Australia Post is urging customers to remain vigilant and warn that parcel delivery scams may reference other delivery company names, both real and fake. Australia Post will never request personal or financial information, such as passwords, credit card details, or account information. The service will also never contact customers via call, text, or email to ask for payment.
Forbes
06-05-2025
- Forbes
884,000 Credit Cards Stolen With 13 Million Clicks By A Magic Cat
Darcula steals 884,000 credit cards — here's how. getty Two threats have been dominating cybersecurity news headlines recently: phishing and 2FA-bypass attacks. The former is often a precursor to the latter, of course. But what if there were a campaign that combined the two in one deadly attack? Welcome to the distinctly dangerous world of Darcula and the Magic Cat, which has proven that nearly 900,000 credit cards can be stolen with enough clicks if you do. Forbes Confirmed — 19 Billion Compromised Passwords Published Online By Davey Winder According to cybersecurity researchers Harrison Sand and Erlend Leiknes, working with Mnemonic, cybercriminals with the Darcula group have been using custom-made malware called Magic Cat to target consumers, mainly in North America and Europe, and steal credit card data. The Mnemonic report, took a deep technical dive into the SMS text message phishing-as-a-service attacks executed by the Darcula group since December 2023. An investigation into the mastermind behind the Magic Cat attacks revealed a phishing operation with victims spanning 32 countries, involving 13 million clicks, and ending up with a not-so-shabby payload of some 884,000 stolen credit cards. I advise you read both to get a full understanding of the threat and the dangerous criminals behind it. Having successfully created some code that enabled them to read the messages that the attackers were seeing, the security researchers said they were shocked at what this was. 'Flying by our screen was a stream of names, addresses, and credit cards, a real-time feed of hundreds of victims being phished.' Eventually, the researchers were able to access the Telegram group used by Darcula members and download the Magic Cat malware itself. It turned out to be rather easy to get the software configured. 'All we had to do was copy and paste that one simple command,' Sand and Leiknes said, 'and the phishing software was basically ready to go.'Once, that is, they had hacked their way into activating the unlicensed copy they now had. It is this ease of use that attracts so many attackers to such phishing kits, but it's not what concerns some security experts the most about Magic Cat. Forbes Google Says Critical Android 'No User Interaction' Attacks Underway By Davey Winder Javvad Malik, the lead security awareness advocate at KnowBe4, acknowledged the sophistication and scale of the credit card phishing cyberattacks, but said that 'what is particularly alarming is Darcula's ability to circumvent multi-factor authentication through real-time session hijacking.' Addressing this 2FA cookie-stealing threat, Malik said, requires a coordinated response from the financial institution, cybersecurity firm and law enforcement agencies triad. The Darcula campaign and Magic cat malware, Malik concluded, 'serves as a reminder that constant vigilance and adaptive security measures are essential.'
