☠ Cyber code ☠

🛠 Operating Systems and Tools 🛠

🟠For most users, Windows is the preferred operating system due to its user-friendliness and ease of use. Windows provides an efficient environment for completing tasks securely. However, for those who are more experienced or looking for greater control, Linux can be a powerful option.

🟠If you are interested in Linux, it is advisable to start reading specialized literature to become more familiar with the system before attempting to use it for security purposes. While Windows remains the primary focus for the course, Linux knowledge can still be beneficial if you choose to pursue it later.

🟠Tails, a security-focused operating system, is another option that ensures online privacy by routing all internet traffic through the Tor network. While it’s an excellent choice for anonymity, the recommendation for this course is to stick with Windows for simplicity unless you’re actively studying Linux.

🫂 Working Options with VMs and VPNs 🫂

🟠You have several options for interacting with your system based on your environment. If you’re using a secure platform like a "sphere" you can either work directly from your base system or use a virtual machine for increased security. Both options are valid, and the choice depends on your specific needs and the environment you’re operating in.

🟠In certain scenarios, you may choose to run the “sphere” from a VM, which provides an additional layer of separation from your base system. However, you can also work directly on the base system if desired. The flexibility of using VMs alongside VPNs allows you to secure your operations in multiple ways.

❗️ Installing VPN on the Base System vs. VM ❗️

🟠While it’s possible to install a VPN on a virtual machine, it’s generally better to install it directly on your base system. A VPN encrypts all your network traffic, and installing it on the base system ensures that all virtual machines running on the system benefit from this protection automatically. This setup provides more comprehensive security because it applies to everything that connects to the internet, including any VMs you may use.

🟠It’s important to note that the VPN acts as your first line of defense against online surveillance, and its effectiveness is maximized when it is running on the base system rather than just on individual VMs.

💻 Virtual Machines (VMs) and their Purpose 💻

🟠A virtual machine allows you to simulate an entire computer system within your primary operating system. This creates an isolated environment that can be used for tasks where security and privacy are important. The advantage of using a VM is that it keeps your activities separate from your main operating system, reducing the risk of any exposure or compromise.

🟠For fraud, it’s recommended to use a VM. You can install multiple VMs on your system, such as one with a your country's keyboard layout and another with an English layout. This gives you flexibility and helps avoid mistakes that might expose your real identity or data. Additionally, by isolating each environment, you can minimize the risk of information leaks or tracking.

🍀 Lecture #0 — Virtual Machines, VPNs, and Online Security Essentials 🍀

In this lecture, we’ll cover the importance of virtual machines (VMs) for privacy and security, the proper installation of VPNs, and other essential security tools.

🚨 How to Keep Your Accounts Secure​ 🚨

💠 Be Cautious of Unexpected One-Time Codes: If you suddenly receive a one-time code, be suspicious. You might be the target of a hacking attempt.
💠 Create Strong, Unique Passwords for All Your Accounts: Fraudsters cannot use OTP bots against you if they don't know your password. Therefore, generate complex passwords and store them securely.
💠 Verify URLs Before Entering Personal Data: If you receive a message with a link asking for personal information or OTP codes, ensure the URL is correct. Fraudsters often change a couple of characters in the address bar to redirect you to a similar phishing site, so take a moment to check if you are on a legitimate site before entering your login, password and OTP code.
💠 Never Share One-Time Codes: Don't provide one-time codes to third parties or enter them on your phone's keypad during a call. Remember that legitimate bank employees, store representatives or law enforcement officials will never ask for your one-time password.

✅ By following these guidelines, you can significantly reduce the risk of falling victim to OTP bots and other phishing attacks, ensuring that your accounts remain secure.

🕸 Fraudsters utilize phishing kits - tools that automatically create convincing phishing pages to collect data. These kits allow cybercriminals to save time and gather the information they need about a user in a single attack (with OTP bots being just one part of the phishing attack). A multi-step phishing attack might look like this: the victim receives a message purportedly from their bank, a store or any other organization, asking them to update their personal information in their account.

🎣 The message includes a phishing link. The implication is that by clicking on it and being directed to a site that closely resembles the legitimate bank's website, the victim will enter their login and password, which will immediately be captured by the fraudster. If the account is protected by two-factor authentication, the fraudster can command the phishing kit's admin panel to display the OTP code entry page on the phishing site. When the victim enters the one-time code, the fraudster gains full access to the real account and can, for example, steal money from the victim's account.

However, fraudsters don't stop there - they attempt to extract as much personal information as possible, claiming that the user needs to "confirm their credentials". Through the admin panel, the fraudster can in real-time request the victim's email address, credit card number and other critical information, which can then be used to attack other accounts belonging to the victim. For instance, they might log into the victim's email account using the already known password - after all, people often use the same password across multiple services! With access to the email, they can wreak havoc: for example, they could change the email account's password and, by analyzing its contents, request password reset links for any other accounts linked to that email address.

🤖 Not Just a Bot​ 🤖

However, an OTP bot is merely a tool for bypassing two-factor authentication and without the victim's personal data, it's completely useless. To access someone else's account, the fraudster must know at least the current login and password, as well as the victim's phone number. The more information they have about the victim (full name, date of birth, address, email, credit card details) - the better. Fraudsters obtain this information through several methods:

▪️ Purchase on the Dark Web: Hackers sell vast databases where fraudsters can find login credentials, passwords, credit card numbers and other data. While these may not always be up-to-date, many users don't change their passwords for years and other information becomes outdated even more slowly.
▪️ Searching Open Sources: Sometimes, such databases leak into the public domain on the "clear" part of the Internet, but they usually become outdated quickly due to the significant media attention. For instance, it's standard practice for a company that discovers a data breach involving its customer's personal information to reset the passwords of all affected accounts and require users to create new passwords upon their next login.
▪️ Conducting Phishing Attacks: This method has a distinct advantage over the others - fraudsters can obtain 100% accurate data about the victim, as phishing can be conducted in real-time.

✅ The bot's management menu is user-friendly and accessible, requiring no programming knowledge to navigate. To enhance credibility, the fraudster can activate a spoofing feature, specifying the outgoing number that will appear on the victim's phone.

🌍 The fraudster can also choose the language of the conversation and even the bot's voice. All voices are generated using artificial intelligence, allowing the OTP bot to speak English with an Indian accent or, for example, in a Castilian Spanish dialect.

📞If the call is redirected to voicemail, the bot can hang up. To ensure everything is set up correctly, the fraudster can first test the OTP bot by calling their own test number before targeting the victim. Cybercriminals need the victim to believe in the legitimacy of the call, so some OTP bots allow sending SMS messages to victims before dialing, warning them of an upcoming call. This lulls the victim's vigilance, as there appears to be no deception at first glance: an SMS notification "from the bank" about an upcoming call arrives, and a few minutes later, the call actually comes in - so it must be legitimate.

📍But it's not. Some bots can request not only one-time passwords during the call but also other sensitive information, such as the card number and expiration date, PIN, date of birth and document details.

🔑 The key function of the OTP bot is the call to the victim,and the success of the fraudsters depends on the bot's convincingness: the validity period of one-time codes is very limited and the chance of obtaining a valid code during a phone conversation is much higher. Therefore, OTP bots offer numerous features that allow for fine-tuning call parameters.

😉 One OTP bot offers over a dozen features, including ready-made and customized scripts in various languages, twelve different operating modes and even 24/7 technical support.

💸 OTP bots are a business, so to start using one, fraudsters purchase a subscription from developers for up to $420 per week using cryptocurrency. They then input the victim's name, phone number, banking details and select the name of the organization from which the call will be made.

🤖 How OTP Bots Work​ 🤖

💎These bots are controlled either through a web browser control panel or via Telegram and they trick victims into providing one-time passwords, often by simulating a call from a bank requesting the code. The scheme works as follows:

1️⃣ After obtaining the victim's credentials, the fraudster logs into their account and receives a prompt to enter the OTP code.
2️⃣ The victim receives a message on their phone containing the one-time password.
3️⃣ The OTP bot calls the victim and, using a pre-prepared script, demands that they enter the received code.
4️⃣ The victim types the code on their phone's keypad during the call.
5️⃣ The code is sent to the fraudster's Telegram bot.
6️⃣ The fraudster gains access to the victim's account.

Good day Guys🌐🟢🔴
Yesterday we all disappointed about Toma Airdrop

And all those that invested couldn't get the investment back.

Tg airdrop are becoming something else and not all Tg airdrop even all those testnet u are seeing not all of them dey pay
Just that wen dey pay it usually loud.
Tg is too diluted now..so u should look find another niche to farm airdrop
Majority of you only knw about tg airdrop but we will keep sharing airdrop from another side
Don't play and don't fade
U are here to make money not to watch us make it