An Israeli cybersecurity company is warning users and companies about a new phishing scheme that mimics the popular language learning apps Duolingo and Masterclass.
Follow Israel Hayom on Facebook, Twitter, and Instagram
According to researchers from Sygnia, the attack was launched by a group of hackers named Luna Moth, who send an email that looks like it was sent from Duolingo or Masterclass. The email "announces" that the recipient has purchased a premium subscription, and includes a fake invoice. The messages inform users that they are welcome to contact customer service in case of any problems with their "order."
Messages are also sent to non-Duolingo users, the researchers reported. Some of the people who do not use the apps but received the fake invoices called the phone number in the email, reached the call center, and were told that they would have to install a remote call software in order to cancel the purchase.
During a video call with a fake customer service rep, the hackers install tools on the victim's computer, thus gaining constant access to employees' and organizations' data.
Sygnia researcher Oren Biderman noted that because so many people became accustomed to using video chat during the COVID pandemic, many of the phishing scheme's victims did not hesitate to install the software, thereby falling prey to the hackers.
Biderman and his fellow researchers at Sygnia Noam Lifshitz, and Tomer Lahiani warn that organizations are at risk of cyberattacks when employees open emails carelessly or believe that a given email is "legit." VPN networks installed on employees' computers allow them to access the companies' networks from home, increasing the potential for hackers to access private company data.
Before publishing its findings, Sygnia alerted international law enforcement agencies to the new scam, and it continues to monitor the hacker group, which is still active.
Sygnia advises users not to click on links sent from unknown sources or open emails from unfamiliar addresses. The company also suggests that anyone who wishes to dispute possible fraudulent charges to their account first check their credit card statements, and then contact the credit card company directly if in fact an illegitimate charge appears.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
