Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Banking scam. Show all posts
Payment Scam
Banking scam Cyber Crime Money Laundering Mule Account Payment Scam

Mule Recruitment Scheme: Scammers Making Innocents Accomplices Into Money Laundering

Mule Recruitment Schemes

If an online offer seems too good to be true and needs managing money, it is a possible mule recruitment scam

RBI and NPCI warn users

The National Payments Corporation of India (NPCI) and RBI regulations advise not using Indian payment systems for banned or blacklisted website categories such as porn sites, gambling, Chinese laundering/loan apps, Forex trading sites, or other shadowy websites. 

To escape this restriction, scammers use Mule accounts to receive money through Indian payment ways like bank accounts, credit cards, UPI, debit cards, and VPA. 

What is a Mule account?

A Mule account is a famous term in cybercrime that looks for any account used for moving money illegally received through illegal activities. These accounts mostly belong to those who, intentionally or unintentionally, have been tricked into playing the illegal money laundering act.

Not aware of being part of a bigger scam, these individuals or “money Mules” are tricked into letting unknown scammers use their accounts to hide the source of laundered money. Scammers make these payments look legit through sly schemes and baits, hiding the money’s shadowy inheritance before it goes to the final destination. 

“We detect 18 to 20 thousand cases every single day for a National Bank. These mule accounts are usually owned by regular people who are either tricked into opening them or knowingly use them at the behest of some monetary payments. We advise people not to share their account details or give access to anyone. Fraudsters can use your credentials for such illegal activity” said Amit Relan, Co-founder and CEO of mFilterit. 

Tricking of customers

Money Mules fall into two categories: willing participants and duped participants. The scammers approach the Mule account customer online via emails, social media, websites, etc. Customers are fooled into believing they will get money in their bank account through commissions or incentives. After that, the scammer transfers laundered money into the Mule account. 

Scammers attack vulnerable and naive individuals, using lucrative job scams or fake online relationships to scam people. The victims are fooled through false promises of easy money for not-so-harmful activities like transferring goods or money. If an online job opening seems too good to be true or needs managing money or services, it is most likely a Mule recruitment scam. 

“Fraudsters might pose as authentic organizations like banks or government agencies to deceive victims into divulging personal or financial details. Phishing emails frequently include hyperlinks or attachments that, once clicked or opened, can deploy malware or direct users to fake websites crafted to steal sensitive information” said Dhiren. V. Dhedia, Head- Enterprise Solutions, CrossFraud. 

How to be safe?

Be cautious, if someone else controls your bank account, you are risking your savings and facing possible criminal charges. You should stay updated and informed to not fall for the mule scam. 

Sharing your personal banking details with people you don’t trust is a big no, even if they have a believable story or offer.


Read more »
Privacy
Banking scam Cyber Crime Cyber Phishing Cyber Security Privacy

A Delhi Lawyer's Encounter Exposes Hidden Perils of SIM Swap Scam

 




In the contemporary landscape dominated by digital interconnectedness, the escalating menace of cybercrime has assumed unprecedented proportions. The latest threat on the horizon is the insidious 'SIM Swap' scam, an advanced scheme exploiting vulnerabilities in the telecommunications system. In this exposé, we read into the intricacies of the SIM Swap scam, shedding light on how unsuspecting individuals could find themselves ensnared in this financially ruinous web. 

The Delhi Lawyer's Ordeal: An Actual Scenario 


Recently, a 35-year-old lawyer residing in Delhi fell victim to the 'SIM Swap' scam, experiencing an undisclosed financial loss after three seemingly innocuous missed calls. This scam involves perpetrators gaining unauthorised access to a duplicate SIM card, subsequently infiltrating bank accounts and more. 

This unfortunate incident unfolds against a backdrop of a surge in scams across the country, ranging from the notorious telegram job scam to deceptive Army officer scams. As scammers continually adapt, it becomes imperative for individuals to stay informed and exercise caution to shield themselves from the fluctuating digital security. 

Understanding the Basics of the Scam: 


Examining the Delhi lawyer's experience, she received three missed calls and, despite not returning them, received text messages indicating a financial transaction from her bank account. What's particularly alarming is that she had not disclosed any confidential codes or personal information. The investigator elucidated that SIM Swap scammers aim to obtain personal information to collaborate with mobile networks and secure a duplicate SIM card. This underscores the need for caution and safeguarding personal information from evolving online threats. 

Ensuring Security: Prudent Measures for All 


To fortify against scams like SIM Swap, proactive measures are paramount. Refrain from sharing personal information such as your address, Aadhar card, or PAN details online. Verify the identity of any entity requesting such details before divulging them. Should your SIM card cease to function unexpectedly, promptly contact your telecom operator. Reporting such incidents expeditiously can mitigate the risk of unauthorised activities. Never share OTPs with individuals purporting to be officials or banking agents, as these codes can be exploited in the SIM Swap scam. 

In the aftermath of the Delhi lawyer's unfortunate encounter, it becomes evident that a seemingly innocuous missed call can cascade into a financial crisis. Safeguarding against such threats necessitates a proactive approach. By unravelling the nuances of scams, adopting essential precautions, and fostering a shared commitment to online safety, we fortify ourselves in the digital realm. As we revel in the benefits of a connected world, let us unite in safeguarding our personal information. Stay vigilant, stay secure—our digital defence is a collective responsibility. Share this article to disseminate awareness and contribute to a secure digital community!


Read more »
User Security
Banking scam Cyber Fraud Payment Fraud UK Consumers User Privacy User Security

Beware of These Five Banking and Payment Frauds in 2023

 

UK consumers are being cautioned by Which? money watchdog experts as con artists continue to take advantage of the rising cost of living. The top five banking and payment scams to avoid in the new year have been disclosed. 

With household finances being squeezed owing to inflation, skyrocketing energy bills, and rising food prices, the last thing anyone needs is to be duped. Sadly, though, it's a golden opportunity for heartless con artists, who profit from folks looking for a deal. 

"Scammers are relentless when it comes to wanting our personal information and ultimately our money. And while their tactics will no doubt continue to evolve, we think these scams are the main ones to watch out for,” said Jenny Ross, Which? Money Editor. 

“Banks will never ask you for personal information, nor will they try to hurry you into making a decision. If this happens to you - whether by text, email, or over the phone, step back and think about what they’re asking. If it looks too good to be true, it usually is." 

Here are the five banking and payment scams that Brit consumers should look out for: 

1. Requests for money mules 

Intentionally or unintentionally allowing a criminal to use their bank account to transfer stolen funds is known as a "money mule request." These will frequently show up in targeted emails or social media posts. In its most recent fraud report, the banking industry association UK Finance noted a considerable rise in online user-generated posts inviting people to sign up to become money mules. 

Money mule tactics include getting people to apply for credit or bank cards on someone else's behalf, sending money "in error" that they are then requested to return to a separate bank account, and persuading people to move money given to their account in exchange for a fee. 

2. "Shoulder surfing" and credit card fraud 

Although a sizable part of the fraud is committed online, customers must continue to be on the lookout for "offline" crimes like card theft and retail fraud. 

According to data from UK Finance, losses from contactless and face-to-face card theft at retail stores totaled £33.6 million in the first half of this year, an increase of 72% over the same period last year. Fraudsters will "shoulder surf," which is when they watch victims as they input their PIN number or entrapment tools like PIN pad cameras at ATMs. 

During the same time frame, incidents of credit and debit card ID theft more than doubled, with associated losses rising by 86% to a total of £21.4 million. In order to apply for a card in the victim's name or take over their existing account, scammers who steal cards will use the information to fake paperwork. 

3. Malicious apps 

Consumers are advised by experts to be on the lookout for any strange activity in their financial accounts and personal credit reports and to alert their banks right away. The majority of banks provide free text or email alerts for balance and payments. Use ATMs inside bank branches whenever possible as they are less likely to have been tampered with. 

This additional layer of security is well-known to fraudsters. At the start of this year, Pradeo researchers at a mobile security company found a bogus app called "2FA Authenticator" on Google Play that had been downloaded more than 10,000 times before it was taken down. The virus known as "2FA Authenticator" stealthily installed on victims' devices disabled system security checks and collected their banking login information. 

The safest sites to download apps continue to be official stores like Apple's App Store and Google Play Store, but caution is still advised. Read reviews of the app and the person who created it because they may provide information regarding its reliability. Never click an unsolicited link in an advertisement, email, or text message, and always look at the "app permissions" before downloading an item. 

4. Fake impersonation 

A classic fraud strategy involves imitating real businesses, notably banks, or "spoofing" them. A recent Which? investigation discovered that six major banks' phone numbers were susceptible to spoofing. 

In order to speak with them about a problem, such as a suspicious payment, scammers conducted automated "robocalls" with pre-recorded phrases urging victims to hit digits on the keypad. 

Criminal groups frequently have personal information about victims, which makes the fraud seem more legitimate. Another technique used by con artists to get victims to click on websites that initially seem real is the use of fake texts. They seek access to the victim's personal information or money sent to a "secure account" under their control. 

According to security experts, never rely on the Caller ID that appears when you receive a call. Also, keep in mind that banks will never request your personal information over the phone. 

5. Online shopping fraud 

Scammers primarily spend money on false or deceptive advertisements on search engines and social media, frequently promising reduced costs for pricey things like mobile phones or laptops. 

According to UK Finance statistics, Authorized Push Payment fraud involving purchases was the most prevalent in the first half of 2022. These can be challenging to identify because some scammers do an excellent job imitating well-known retailers' websites. 

However, there are frequently some telltale indicators of fraudulent websites, such as grammatical problems in the "About Us" part or a missing or insufficient "Contact" page. While it may be tempting to grab a deal, it is best to stick with reputable merchants. Bank transfer payments are less secure than credit card payments.
Read more »
Hacking Accounts
Bank Security Banking fraud Banking scam Cyber Crime Hacking Accounts

Breach into Mahesh Bank's Servers, Transfer Massive Amounts

 

The investigation into the hacking of A.P. Mahesh Co-operative Urban Bank Limited's servers has been taken up by Hyderabad city police's cybercrime officials.

The Bank has achieved a position of prominence by not sacrificing the spirit of cooperative ideals, while also attempting to integrate and implement innovative techniques of work organization and administration, all while remaining committed to its goals.

According to authorities, the incident occurred around 12 p.m. after bank staff discovered unauthorized access and over Rs. 12.50 crore was deposited to more than 100 trust funds in Telangana. Nearly 2.5 crores of the combined worth of the unauthorized charges have already been frozen by the police. Some individuals hacked into the bank's servers before logging into the major accounts and transferring the funds to over 100 separate bank accounts. 

The fraud was discovered by bank personnel, and a report was filed at the Hyderabad Cybersecurity police station after testing. A preliminary investigation was undertaken by the police, who investigated Mahesh Bank's main branch and examined the security features and procedures used by the management. Bank payment channels operate 24 hours a day, seven days a week, including holidays, and officials are constantly monitoring them. 

Three clients in Mahesh Bank's two city branches were reportedly questioned about the scam. The authorities were also looking into the connection between suspects and account holders at other banks across the country. 

Four teams have been created to examine the crime, according to Addl. Commissioner (Crimes) A.R. Srinivas, and bank personnel in the technical departments have been questioned. The money was transferred to 128 accounts in multiple banks in Delhi, Bihar, and the northeastern provinces by the cybercrooks. 

The RBI has awarded the Bank an Authorised Dealer – Category – II license, allowing it to conduct money transfer activity as well as certain non-trade current account transactions. In the states of Telangana and Andhra Pradesh, Mahesh Bank is the first Co-operative Urban Bank to have this license.

According to a police officer, a case has been filed and an investigating team has visited the bank's core branch. It is worth noting that, this is considered to be the city's first e-fraud attack on a bank.
Read more »
User Credentials
Banking scam Cyber Crime Hackers SMS User Credentials

The Zelle Scam Aims to Steal Your Bank Credentials

 

One of the most prevalent methods for hackers to gain access to bank accounts is to drain the victim's assets via Zelle, a "peer-to-peer" (P2P) payment service utilised by many banking institutions that allows users to send money to friends and family instantly. Naturally, many of the phishing scams that lead up to these bank account takeovers start with a counterfeit SMS from the target's bank alerting them to a suspected Zelle transfer. 

According to the text, someone attempted to withdraw a substantial sum of money from their bank account and deposit it into their Zelle account. The notification asks for a response of "Yes," "No," or "1" to decline. Regardless of which option is selected, the recipients are instantly contacted by a person posing as a bank official. Incoming phone numbers are frequently faked to make it appear as if they are from the person's bank. 

The scammer asks for the customer's online banking username and then instructs them to recite back a passcode given through text or email to "verify their identity." In actuality, the fraudster begins a transaction — such as the "forgot password" option on the financial institution's website — that creates the member's authentication passcode. 

Ken Otsuka is a senior risk consultant of CUNA Mutual Group, an insurance company that offers credit unions financial services. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?” 

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’” 

Once the scammer obtains control of the bank account, they will make different deposits to other accounts before draining the customer's funds. When a victim understands what has happened, they typically contact their bank right away. Unfortunately, most consumers who fall victim to this type of direct contact phishing fraud rapidly discover that many banks are unable to help them recover their stolen funds in any way. The banks argue that the transaction was initiated by the customer and thus does not fall under Regulation E's "unauthorised transaction" protection.
Read more »
Trojan
Android Bank Cyber Security Banking Malware Banking scam Hydra Malware malware Malware Trojan Trojan

Hydra Malware Targets Germany's Second Largest Bank Customers

 

The Hydra banking trojan has resurfaced to target European e-banking platform users, especially Commerzbank customers, Germany's second-largest financial institution. 

MalwareHunterTeam discovered the two-year-old virus in a fresh dissemination operation that targets German users with a malicious APK called 'Commerzbank Security' with a lookalike icon to the legitimate application. 

This grabbed the attention of Cyble researchers, who sampled the file for a more in-depth study, revealing a sophisticated phishing tool with broad rights access. 

According to Cyble experts, Hydra is still evolving; the variations used in the latest campaign include TeamViewer features, similar to the S.O.V.A. Android banking Trojan, and utilize various encryption methods to avoid detection, as well as Tor for communication. 

The latest version additionally allows to turn off the Play Protect Android security function. The virus demands two very hazardous permissions, BIND_ACCESSIBILITY_PERMISSION and BIND_DEVICE_ADMIN, according to the experts. 

The Accessibility Service is a background service that assists users with disabilities, and the BIND_ACCESSIBILITY_SERVICE permission permits the app to access it. 

The analysis published by Cyble states, “Malware authors abuse this service to intercept and monitor all activities happening on the device’s screen. For example, using Accessibility Service, malware authors can intercept the credentials entered on another app.” 

“BIND_DEVICE_ADMIN is a permission that allows fake apps to get admin privileges on the infected device. Hydra can abuse this permission to lock the device, modify or reset the screen lock PIN, etc.” 

Other rights are requested by the malware to carry out harmful activities such as accessing SMS content, sending SMSs, making calls, modifying device settings, spying on user activity, and sending bulk SMSs to the victim's contacts: 
  • CHANGE_WIFI_STATE : Modify Device’s Wi-Fi settings 
  • READ_CONTACTS: Access to phone contacts 
  • READ_EXTERNAL_STORAGE: Access device external storage 
  • WRITE_EXTERNAL_STORAGE: Modify device external storage 
  • READ_PHONE_STATE: Access phone state and information 
  • CALL_PHONE: Perform call without user intervention 
  • READ_SMS : Access user’s SMSs stored in the device 
  • REQUEST_INSTALL_PACKAGES : Install applications without user interaction 
  • SEND_SMS: This allows the app to send SMS messages 
  • SYSTEM_ALERT_WINDOW: The display of system alerts over other apps 
The code analysis shows that many classes are missing from the APK file. To avoid signature-based detection, the malicious code uses a custom packer. 

Cyble concluded, “We have also observed that the malware authors of Hydra are incorporating new technology to steal information and money from its victims. Alongside these features, the recent trojans have incorporated sophisticated features. We observed the new variants have TeamViewer or VNC functionality and TOR for communication, which shows that TAs are enhancing their TTPs.” 

“Based on this pattern that we have observed, malware authors are constantly adding new features to the banking trojans to evade detection by security software and to entice cybercriminals to buy the malware. To protect themselves from these threats, users should only install applications from the official Google Play Store.” 

18 million potential targets

Commerzbank has 13 million German clients and another 5 million in Central and Eastern Europe. This amounts to a total of 18 million potential targets, which is always an important factor for malware distributors. 

Typically, threat actors utilise SMS, social media, and forum postings to direct potential victims to malicious landing pages that install the APK on German devices. 

If anyone believes they have already fallen into Hydra's trap, it is suggested that they clean their device with a trustworthy vendor's security tool and then do a factory reset.
Read more »
Singapore
Banking scam Cyber Crime Phishing emails Singapore

Singapore Witnessed a Sudden Surge in the Bank-Related Phishing Scam

 

Phishing emails are scams where the actors try to befool the user by sending emails that may concern the user. Generally, these emails are received in the name of a bank or some trusted company, that asks for your personal information. The entire process appears to be legitimate but it's designed to trick the user into extracting their personals information. 

We all buy or sell things online through various platforms and organizations that have our personal information stored in their database that is nevertheless safe until and unless the actors impersonate these organizations and befool users into submitting their OTP’s, passwords, etc. The user is safe from such phishing emails as long as they do not respond in the required condition to the mail. 

The city-state of Singapore has turned out to be a victim of extortion with phishing emails that have even agonized the government officials. On the 5th of January, the Singapore government officials stated that there have been bank-related phishing scams where the actors have been imitating to be Singapore Government officials and asking natives for their personal information.  Generally, the victims in such scams receive a call or email or even a message from some government agencies like the Ministry of Manpower, asserting some issues within the victim’s bank account. 

Furthermore, they ask to verify some personal details that should have stayed confidential – such as their NRIC numbers, password of bank account, log-in credentials, and much more. Following the aforesaid state of affairs, the actors then try to make illegitimate transactions of money from the victim’s account. 

The first six months of the year 2020 have reported some 900 cases of bank-related phishing scams and a more than 25-fold from the just 34 such cases for the same period in the year 2019, stated the Singapore Police. The amount of loss has been calculated to $ 3.6 million for the year 2020. 

The Singapore Police in charge of the case has requested the natives to ignore such calls and deny stipulating any information regarding the bank account or the log -in credentials and any private details. They clarified that no government agency in any situation would ask for any private information or bank account details over a phone call or via emails. Scammers or actors may mask their actual phone numbers and try to display a different profile using ID spoofing technology as further added by the police. 

After recording a significant surge in these cases Singapore government officials have asked for cooperation and support from the city natives, requesting them not to share their personal or internet banking details and OTP’s with anyone.
Read more »
Cyber Fraud
Bank fraud Banking scam Cyber Fraud

The Central Bank of Russia spotted a fraud scheme using the voice menu of one of the banks

The Central Bank of Russia informed banks that fraudsters use the voice menu to get information about the status of customers' accounts, using only the last four digits of the card.

It all started with the fact that one of the credit organizations reported a sharp increase in the number of calls to customers from fraudsters, and the attackers knew the exact amount on the accounts.

It turned out that the scammers made phone calls to the IVR system (Interactive Voice Response), replacing customer numbers. When calling from a client's number, they requested information about the remaining funds by entering the last four digits of the Bank card.

After that, the scammers called potential victims and introduced themselves as Bank employees. As proof of authenticity, they provided customers with information about their account balances. After that, they successfully used social engineering methods to steal money.

The phone numbers of customers and their Bank cards were compromised and spread on the Internet. The Central Bank believes that fraudsters could get them from the Joom client base, which was in the public domain. Then, representatives of the online store and banks assured that there is no danger for customers, since the data that fell into the hands of fraudsters is not enough to debit money from their accounts.

It turns out that the last four digits of the card may be enough to get confidential information from Bank customers. But this information is not officially classified as secret and is printed on any check.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, the use of biometrics can simplify the identification process for the user and make this process more secure. At the same time, the expert believes that the use of biometrics would increase its cost for the Bank. Thus, despite the recommendations of the Central Bank, banks will continue to minimize their costs in this area, risking making their customers victims of fraud.

Read more »
Scam
Banking scam Cyber Fraud Scam

Cyber Criminals Use New Method To Steal Funds From Bank Customers' Account


According to a report of the Central Bank, this year, Bank fraudsters have a new way of stealing from Bank cards, they pose as Bank employees using the technology to substitute phone numbers. Special IP-telephony services allow them to perform substitution of numbers, or scammers disguise the number using the letters OOO instead of 000 and so on.

It is noted that the two tools help the scammers to commit thefts. The first is access to personal data. Only in the last six months, the Central Bank specialists found 13 thousand ads for buying or selling names and phone numbers. Attackers, who got personal data, can easily simulate a conversation as an employee of a credit institution, insurance company or government agency.

The second tool of scammers is special programs that allow them to disguise as the official number of the Bank. The Central Bank recognised the falsification of Bank numbers as a new massive way of stealing money from the population.

According to the Bank of Russia, this summer the number of fraudulent calls to customers increased dramatically, and in June-August, the regulator sent data to Telecom operators on more than 2.5 thousand numbers from which calls to customers of Banks were received. However, only 200 numbers were blocked.

Experts believe that blocking numbers is not the best way to combat fraud. It would be more correct to stop the leakage of personal data from Banks and other organizations.

Thefts are mostly associated with the substitution of phone numbers, and Telecom operators refer to the lack of norms in the law. We will initiate changes to the law on communications, - said Artem Sychev, the First Deputy Head of the Department of information security of the Central Bank.

Read more »
User Security
Bank fraud Banking scam HDFC Bank User Privacy User Security

HDFC Bank Issues Warning Against a New Online Scam: Here's What you Should Know!



HDFC Bank has sent out a warning to its online banking users about a scam carried out by an app known as AnyDesk which is used by hackers for stealing money through unified payments interface (UPI). The main objective of the scam is to acquire unauthorized access to a victim’s mobile and carry out illegal transactions without any knowledge of the account holder.

In February, Reserve Bank of India (RBI), said, ‘AnyDesk’ have the ability to acquire complete access to users mobile devices which is exploited by hackers to steal their money via making transactions remotely. AnyDesk is a remote device control app which allows the remote controlling of devices.

Bewaring the customers, the bank has issued an official mailer concerning the matter and further warned its users that hackers attempt to access their account related confidential information such as OTP, PIN, expiry date, debit card details, and other sensitive data which is required for the purpose of authentication during transactions.

To ensure the safety of its users, HDFC Bank advised them against sharing their confidential data with anonymous callers and in order to keep their bank balance fortified, they should avoid downloading any apps onto their smartphones.

Commenting on the matter, the bank said, "Beware! Fraudsters may ask you to download AnyDesk App and share a 9-digit code which gets them access to your phone to steal money. Do not share your card details / OTP / PIN with anyone and report any unusual activity immediately to the bank.”


Read more »
Subscribe to: Posts (Atom)