Ever since the launch of Flipper Zero, the wide range of capabilities of the pen-testing tool has raised the interest of not only security experts but threat actors as well. One such security incident leveraging the multi-functional tool to collect personal data from users has come to light.
What happened?
Last week, BleepingComputer was alerted of a phishing scam, making rounds on social media and Reddit, that claimed to offer a free Flipper Zero device.
- Scammers impersonated the Flipper Zero site and misled users to shady browser extensions, scam sites, or surveys, to grab the free offer.
- To make it look legitimate, the fake site included the "Copyright 2023 - flipperzero - All Rights Reserved" statement and Terms of Use and Privacy Pages from the original site.
- The fake sites or surveys collected names, physical addresses, and email addresses that could be used in other malicious or phishing scams.
Flipper Devices has reportedly not taken any action to take the fake sites down. They are still live and put online users at risk of identity theft and other attacks.
Brand impersonation continues to outwit everyone
Brand impersonation attack affects organizations and users alike. Some of the well-known cases from the past months are:
- Scammers impersonating the DoorDash support team and using social engineering tactics to trick users into handing over their banking details or logging into a fake portal. As a result, the firm suffered a loss of around $950k.
- In another incident, a massive phishing campaign impersonating 100 brands was reported in the first half of June, tricking people into sharing their account credentials and financial information. Some of the impacted brands included Nike, Puma, Asics, Vans, Casio, Timberland, Crocs, and Caterpillar.
Conclusion
Users must remain vigilant and not fall into the trap of free giveaways and promotional offers. They must cross-check for such offers and only buy from the official store. Additionally, organizations must take prompt action to take down fake sites as and when they come to know about them.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/f3ab_shutterstock_640377106.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2c9f_shutterstock_791299255.jpg)
