Bfore.AI Blog, Blog
[SCAM ALERT 035] -AmericaFirst | Bfore.AI
Summary
America First Credit Union is a federally chartered credit union headquartered in Riverdale, Utah, United States. As of January 2020, America First was the sixth largest credit union in the United States in terms of total membership and ninth largest credit union in assets in the U.S.
During our PreCrime internet scout of 15 July 2022 we identified suspicious markers across multiple vectors. One of those was this website spoof that could be targeting unsuspecting bank clients.
The Attack
Under review af-cubank[.]online site seems to be a threat to americafirst[.]com
The website’s visual signature includes screenshots, font styles, images, page layouts, logos, etc. Thus, a simple visual scan cannot identify the fresh phishing websites and generates a high false-negative rate (phishing to benign).
The similarities are very clear as the both websites have the same logo, color scheme and the same formatting. Someone can easily think that AF-CU is America’s First Credit Union.
Reasons to think this is associated with AmericaFirst
- Both websites have the same logo.
- Both websites have the same formatting.
- Both websites have the same color scheme.
- Someone can think AF-CU is America’s First Credit Union.
Technical Breakdown
Website Analysis of af-cubank.online – Threat Intelligence Platform
- The SSL certificate was obtained recently (2022-07-13).
- The mail server is in various blacklists – mostly mail servers get blacklisted because of spamming. Blocking mail servers allows other mail servers to check if an email from an IP address might have possibly been flagged for sending spam in the past.
Also, af-cubank[.]online domain has the IP address “199.188.200.223”.
Our extensive observation engine has an early detection and fast classification on this alert. Therefore, when looking for any other domains related to this IP, there are many of them and they’re related to trading, banks, and crypto. All of them including af-cubank[.]online are registered with NAMECHEAP INC which is different than the registrar on the official domain.
https://securitytrails.com/list/ip/199.188.200.223
- thetechnologybase.com
- letsmeditate.co
- ndgames.store
- fashionblogpage.com
- afastcompany.com
- sixfigurevisibilityandimpact.com
- upheavalarts.com
- xairforce.com
- treetab.co
- badcanton.ch
- club-des-chefs-des-chefs.com
- basketball-training.org.ua
- gashhuds.com
- rachelmonosov.com
- www.thetechnologybase.com
- musemaster.net
- faizeislam.net
- heritage.fullbellyfoodgroup.com
- moore.com
- heritagerestaurant.fullbellyfoodgroup.com
- alhamdislamictutor.com
- oakandhearth.com
- shorteez.xyz
- cddvdlabelmaker.com
- couponsaustralia.net
- envato.musemaster.net
- webmail.knewport7.fun
- whm.taste-me.co.uk
- mail.hexfour.com
- autoconfig.dressnu.net
- cpanel.omprakash.co.uk
- webdisk.bethelmortgagesolutions.com
- ftp.geocachables.com
- cpcalendars.goldfitnessprime.com
- cpanel.jobaxy.xyz
- www.leslye.nephilanet.com
- www.idiomas.arequipavalley.com
- webmail.hometrackcouriers.com
- ftp.paribhraman.in
- www.stufforhumans.com.au
- management.vikatservices.tech
- ftp.azuwapharmacy-bd.com
- autoconfig.fabianalopes.com
- webmail.harwig.com
- ftp.rattiotech.com
- mail.vromonguru.com
- cpanel.1702london.com
- cpcalendars.mock-api.addisapps.com
- webmail.kishagame.anybop.host
- webdisk.beef-jerky-recipes.com
Graph
Also the IP has a history of having traffic which is related to malicious APK files.
https://www.virustotal.com/gui/sign-in/graph
How Bfore.Ai is protecting our customers
At Bfore.Ai, we work daily to ensure these phishing attacks get stopped before even reaching their targets. We are here to make your internet journey safer than it has ever been.
With more than 30K new malicious indicators per day we got you covered no matter where the attack comes from. Only 0.05% false positive rate, stop wasting time in false alerts chasing. By launching our PreCrime and PreEmpt technologies, we measure our anticipation from an attack starting, faster than attackers.
Accepting that the only defense is good detection, is accepting to be forever a victim. We believe in prevention more than response. Visit our website for more information !
Bfore.Ai’s recommendations
Every day, adversarial tactics become more collaborative, technologically advanced, and rapid – and at this rate, you simply can’t afford to wait for the next attack before you react. Here are some recommendations from our team :
- Pay close attention to the URL
- Check connection security indicators (the lock)
- Read emails carefully
- Look for trust seals
Appendix
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Bfore.Ai) is ultimately responsible for assessing and meeting Client’s own compliance responsibilities. This report does not constitute a guarantee or assurance of Client’s compliance with any law, regulation or standard.
Prevent the next Cyber Threat
Bfore.AI patented AI technology combined with hyperscale observation infrastructure and modern APIs augment our customers security postures with Predictions.
Discover Predictive Cyber-Security
Book a live demo with our specialist to discover how Bfore.AI helps organization fight cyber threats with their patented technology.