Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Fraud. Show all posts
Vulnerability
Awareness Cyber Criminals Cyber Fraud Cybersecurity elderly Financial Loss fraud prevention Online Scams Scams vigilance Vulnerability

India's Digital Rise Sees Alarming Surge in Online Scams Targeting the Elderly

 

With India advancing in the digital landscape, the country is also witnessing a concerning rise in online scams. In recent months, thousands of individuals have lost substantial sums to these cyber criminals, either hoping to earn more money or after being threatened. Scammers employ new tricks, targeting people across all age groups, with a notable increase in elderly victims. Cyber criminals use increasingly sophisticated techniques to exploit the vulnerability and trust of senior citizens, causing significant financial and emotional distress.

In one case from Bengaluru, a 77-year-old woman named Lakshmi Shivakumar lost Rs 1.2 crore to a scam. It began with a call from someone posing as a Telecom Department representative, falsely claiming a SIM card in her name was involved in illegal activities in Mumbai. The caller mentioned a complaint with the Mumbai Crime Branch to add credibility.

Within hours, she received another call from individuals impersonating Mumbai Crime Branch officers, accusing her of laundering Rs 60 crore and demanding her bank account details for verification. Using threats of arrest and showing a fabricated FIR and arrest warrant, the scammers coerced her into sharing her bank details, ultimately transferring Rs 1.28 crore from her account, promising the money's return after the investigation.

In another case from Chandigarh, an elderly woman was deceived out of Rs 72 lakh under the pretense of a digital arrest scam. She received a call from someone claiming to be from the Central Bureau of Investigation (CBI) office in Andheri, Mumbai, falsely implicating her in a drug case connected to a man named Naresh Goyal and threatening to freeze her bank accounts.

The scammer linked her ATM card to the suspect and claimed obscene messages from her phone were circulating. Under immense pressure, she complied with the demands, participating in a video call where a fake police ID was shown. Over a week, the scammers defrauded her of Rs 72 lakh, promising to return the money after proving her innocence.

Older people are particularly vulnerable to such scams due to several reasons. They often struggle to keep up with the latest technology and digital security measures, making them easy targets for tech-savvy criminals. Additionally, older adults are more likely to trust authoritative figures and may not recognize the signs of deceit in official-looking communications. Their financial stability and natural inclination to trust and cooperate with law enforcement further increase their susceptibility.

How to stay safe and protect the elderly from scams

To protect the elderly from falling prey to such scams, awareness and vigilance are crucial. Here are some essential tips:

  • Inform elderly family members about common types of scams and the tactics used by fraudsters. Regular discussions can help them recognize and avoid potential threats.
  • Encourage seniors to verify any unsolicited calls or messages by contacting the official organization directly using known contact details, not the ones provided by the caller.
  • Ensure that devices used by the elderly have updated security software to protect against malware.
Read more »
User Security
Cyber Fraud Data Theft Euro Final QR Codes Quishing User Security

England Fans Warned Over 'Quishing' Scam Ahed of Euro Final

 

England football fans have been urged to be wary of a 'quishing' scam as they gather in pubs to watch the Euro 2024 final against Spain. The duping phenomenon has the potential to be devastating for victims, and it has caught supporters off guard amid scenes of flying beer as fans celebrated achieving Sunday's landmark. In certain places, the scam has already been going on as the national team advanced to the final four. 

And now that England has advanced to the final, fans have been warned to keep an eye out for the scam. It employs the now-familiar digital QR codes, but individuals scanning the code with their phones can also be duped into downloading malicious stuff via fake codes. 

This is not a new thing, but for fans watching the game in pubs, it can be worrying. It combines 'QR codes' and 'phishing'. Fake QR (quick response) codes could imitate an existing code, leading users to download malicious content. According to Cloudflare, their goal is to collect sensitive information such as passwords, financial data, or personally identifying information (PII). A code might also deceive victims when sent as an email or message. 

“Once this sensitive information is captured, attackers can exploit it for various malicious purposes, including identity theft, financial fraud, or ransomware,” Cloudfare added.

QR codes, which emerged during the coronavirus pandemic, were popular as a way to order food or drinks in bars. It may appear harmless, but it means that a once-harmless transaction now involves a possible risk. 

Scammers started using QR codes, which operate by inserting instructions within a black and white dot-based graphic, to trick customers. Smartphones, apps, and scanners transform QR codes into information that people can understand. However, the coders usually direct to websites, links to media, or buttons to download an app. 

According to TitanHQ, an anti-phishing platform, 84% of smartphone users have scanned a QR code at least once, with more than 34% scanning a QR code once every week. However, the ease with which QR codes are used has enabled criminals to indulge in phishing. 

These scams might have varying effects depending on the type, but the consequences can be serious for people who are targeted by scammers. Football fans will likewise be enthusiastic for Sunday's game, and many possibly have a few drinks before watching their team.
Read more »
User Safety
Australia Cyber Fraud Data Leak Data Privacy Flight Scam User Safety

Australian Man Arrested for Evil Twin Wi-Fi Attacks on Domestic Flights

 

Police in Australia have arrested and charged a man with nine cybercrime crimes for allegedly setting up fictitious public Wi-Fi networks using a portable wireless access point to steal data from unsuspecting users. 

The man designed "evil twin" Wi-Fi networks at airports, during flights, and other places related to his "previous employment" that would deceive people into registering into the fake network using their email address or social media accounts. Police stated the login data was then transferred to the man's devices. 

Dozens of credentials were reportedly obtained. This information might have enabled the perpetrator to get access to victims' accounts and possibly steal further sensitive information such as banking login details or other personal information. Employees of the airline noticed one of the strange in-flight Wi-Fi networks. The anonymous Australian airline then reported the Wi-Fi's presence to authorities, who investigated the situation in April and arrested the suspect in May. 

According to the Australian Broadcasting Corporation, the man, Michael Clapsis, appeared before Perth Magistrates Court and was subsequently released on "strict" bail with limited internet access. He also had to submit his passport. Clapsis' LinkedIn profile, which has since been deleted, hints that he may have previously worked for a shipping company. 

He has been charged with three counts of unauthorised impairment of electronic communication, three counts of possession or control of data with the intent to commit a serious offence, one count of unauthorised access or modification of restricted data, one count of dishonestly obtaining or dealing in personal financial information, and one count of possessing identification information with the intent to commit an offence. Clapsis is set to appear in court again in August. 

Evil twin attacks can use a variety of tactics to steal victims' data. However, they typically entail providing free Wi-Fi networks that appear genuine but actually contain "login pages" designed to steal your data. Genuine Wi-Fi networks should never ask you to login using your social media credentials or provide a password for any of your accounts. It is also recommended to use a VPN and avoid connecting to public Wi-Fi networks when a more secure option is available.
Read more »
Quishing
Cyber Fraud Data Privacy Phishing scam QR Codes Quishing

Phishing And The Threats of QR Codes

 

Cybercriminals have always been adept at abusing the latest technological developments in their attacks, and weaponizing QR codes is one of their most recent strategies. QR codes have grown in popularity as a method for digital information sharing due to their ease of use and functionality. 

However, their widespread use has created a new channel for phishing attempts, namely QR code phishing (or quishing). With the NCSC recently warning of an increase in these attacks, businesses must grasp how QR codes can be used to compromise staff and what they can do to effectively protect against these rising threats. 

Leaders at risk from QR code attacks 

Quishing attacks, like traditional phishing campaigns, typically attempt to steal credentials by social engineering, in which an email is sent from a supposedly trusted source and uses urgent language to persuade the target to perform a specific action. 

In a quishing attack, the target is frequently induced to scan a QR code disguised as a fake prompt, such as updating an expired password or examining a critical file. The malicious QR code will then direct visitors to a counterfeit login page, prompting them to enter - and ultimately expose - their credentials. 

CEOs and senior executives, who have the system access, are naturally appealing targets due to the high value of account credentials. In fact, the study discovered that C-Suite members were 42 times more likely than other employees to receive QR code phishing assaults. 

Quishing attacks mainly follow the same standard phishing strategy, in which social engineering is employed to control the victim's actions. However, when it comes to QR code phishing, cybercriminals appear to prefer two methods. 

Data collected in the second half of 2023 revealed that QR codes were most commonly used in false notifications for MFA activity (27% of all QR assaults) and shared documents (21%). Whatever the explanation for the malicious code, the majority of QR assaults security experts detected are credential phishing attempts. 

Prevention tips 

The best defence is to keep these attacks from reaching their intended targets at all. However, it is becoming increasingly evident that these new phishing schemes outperform secure email gateways (SEGs) and other legacy email systems. Unfortunately, these safeguards were not intended to thoroughly detect QR code threats or assess the code's destination.

Businesses need to be aware that new threats like QR codes will outsmart many of the classic security solutions, forcing them to switch to more contemporary, dynamic strategies like AI-native detection technologies.
Read more »
Vahan Parivahan
Cyber Fraud Cyberattacks CyberCrime CyberThreat Phishing scam Vahan Parivahan

Phishing Alert: Spotting the 'Vahan Parivahan' Speeding Violation Ticket Scam

 


There is no doubt that traffic violations have also been victimized by scammers, as have most online services, as phishing has become one of the new ways in which unsuspecting victims have been tricked into giving out their personal information. The scammer sends users an e-challan that mentions an issue, and as soon as they click on it, or download the app, they use this information to wipe their bank account clean and get away from them. 

Receiving an e-challan and questioning its legitimacy may indicate a scam is on the horizon. It has been found that cybercriminals have been exploiting traffic violations to lead unwitting individuals into phishing traps, leading unsuspecting individuals into phishing schemes. As the landscape of online fraud continues to evolve, a new scam has emerged, targeting unsuspecting vehicle owners through WhatsApp. A new scam dubbed the "Fake Traffic Violation Challan Scam" involves fraudsters sending bogus traffic challans through the messaging service, along with an APK file which is designed to take personal information. 

Several online scams have surfaced over the past few months, ranging from job offers to investment schemes, however, now a new threat has emerged - a fake traffic violation Challan scam. Recently, a Reddit user, known as Dambu186, shared his experience with the scam, emphasizing the importance of being aware of these types of scams and avoiding them. It is important to understand that Android uses an APK file format for distributing and installing its apps. 

APK files, a similar software installation process to EXE files for Windows computers, are used by Android devices for software installation. However, in this scam, the APK file isn't just another benign installer, but a Trojan horse designed to take control of users' phones. Vahan Parivahan phishing scams or e-challan scams are cyberattacks aimed at unsuspecting citizens who are notified via SMS that they have been charged with a traffic violation. 

In most cases, scammers send users a message with a link that invites them to pay the fine or download an app called Vahan Parivahan and once the app is downloaded, they have access to users' data and can steal money from their bank account as a result. There has been an increase in the number of scams targeting vehicle owners and drivers. One example of this scam is the "Vahan Parivahan Fraud." It is a scam in which users receive an APK file via WhatsApp along with an SMS that informs them of a traffic violation. 

There is a common fraud that one receives via SMS for an e-challan, and the link to the fake website or even an app will prompt users to download. Let's try to understand it and learn how to avoid it. There are fake websites that are similar to the official ones that are designed to steal information such as credit card numbers, Aadhaar numbers, login credentials, etc. These fake websites look like the official ones, but they are meant to steal information like these. 

Despite its disarmingly simple mode of operation, the scam has been successfully evading people for years. In India, scammers impersonate the government traffic department Parivahan, and they send messages on WhatsApp informing victims of an alleged traffic violation registered against their vehicles. An APK file is attached to the message, which encourages recipients to download the app to view and pay the challan. There are several details included in the message, including the specific date, a location that was generated randomly, as well as a fake challan number. 

This is an e-mail that seems legitimate enough to deceive the uninitiated, particularly those who are not familiar with traffic violation notifications or new car drivers. To stay safe from such scams, one of the best ways is to simply not click on any links in messages. The best thing users can do if they receive an e-challan notification is to go to the official website and check it out. Users can also contact the traffic police to verify the information. Despite what the message says, be aware of the ‘.gov.in’ extension when it comes to any official government website. 

Whenever users visit an unknown website, do not share any personal information until they are certain the site is legitimate. Installing the provided APK unintentionally installs malware on the user's computer. To create these fake apps, the attackers present a fake payment gateway to steal credit card details or net banking credentials from the user. The fake apps take many forms, from spyware that records keystrokes, to more aggressive types that allow the attacker to control the device completely. Keeping a vigilant eye out for scams like these is crucial to protecting users from them. 

Verify before Clicking, and ensure that all communication from official sources is authentic by verifying the authenticity of the communication through the official channels that they have verified. In no circumstances should users rely on messages received by WhatsApp or other social media platforms if they have not been verified. Keep an eye out for downloaded apps and unsolicited links. Never trust links or downloads from unknown sources, and do not download apps from them. 

The official apps are only available on reputable stores such as Android Play, or they can be downloaded directly from the official website of the developer. Ensure that a secure network whenever possible protects users' financial information from being intercepted in case of public Wi-Fi networks or unprotected networks. 

Be on the lookout for suspicious activity in their accounts: Make sure users routinely check their bank statements and transaction histories for any suspicious activity. It is crucial to educate others about such scams, especially those who might be less tech-savvy, and make sure they are aware of these threats. There are several things citizens can do to protect not only their personal information but to ensure their own peace of mind as well by staying informed and cautious. The key to a successful campaign against cybercrime is awareness, and action is the sword when it comes to fighting this crime.
Read more »
Thai US authorities
Cyber Fraud CyberCrime cybercrime ring dismantled cybercriminal arrests global cybercrime international cybercrime operation Thai US authorities

Globl Cybercrime Ring Dismantled in Landmark Operation by Thai and US Authorities

 

In an extraordinary global effort, authorities have successfully dismantled what is described as the world’s most sophisticated hacking group. This achievement is the result of a relentless joint operation between Thai and US security agencies.

The FBI and Thailand’s Technology Crime Suppression Division (TCSD) led the operation, culminating in the arrest of three high-ranking members of the international cybercrime organization. The impact of these arrests is expected to be significant, marking a major blow to global cybercrime activities.

This criminal syndicate had been engaging in extensive illegal activities, including unauthorized system access, theft of confidential information, and cryptocurrency fraud, causing widespread disruption to the global digital economy. The arrested individuals are now facing serious charges under the Computer Crimes Act, with potential sentences of up to ten years for each offense. 

Officers searched a house in Bang Lamung District, Chonburi Province, and three condominium rooms in Na Jomtien, discovering 7.5 million baht in cash, various foreign currencies, 13 luxury watches including three Audemars Piguet watches valued over 30 million baht, and 23 pieces of jewelry worth over 50 million baht.

This operation, supported by the broader international community, represents a significant milestone in the battle against cybercrime. It highlights the power of international collaboration in tackling digital threats. The arrests are not only victories for Thailand and the US but also a triumph for global digital security, serving as a robust deterrent against future cybercriminal activities. By targeting the leaders of this cybercrime network, authorities aim to significantly hinder the proliferation of similar criminal enterprises.

The collaboration was initiated at the request of the US to combat cybercriminal activities, particularly focusing on Chinese national Wang Yunhe and his associates. They are accused of engaging in online fraud at a national level, compromising protected computer systems, committing electronic communications fraud, and laundering money in the US.
Read more »
Threat Landscape
Cyber Crime Report Cyber Fraud Cyber Scam South Asia Threat Landscape

Rise of Cybercrime in India: Reasons, Impacts & Safety Measures

 

The reel is frequently influenced by the real. Jamtara, an OTT series, was inspired by cyber fraud activities carried out in a remote part of Jharkhand. However, the script appears to need some tuning in the future. This is because cybercrime hotspots in India, such as Jamtara and Mewat, have spread outside the country's borders. 

According to a recent study conducted by the Indian Cyber Crime Coordination Centre, a part of the Union Home Ministry, approximately 45% of cybercrime cases targeting Indians originate in other South Asian nations, primarily Myanmar, Cambodia, and Laos. This is not to imply that the threat is minimal in India. 

The number of complaints about grey activities such as trading scams, phishing, and fake romance has risen dramatically, from 26,049 in 2019 to 7.4 lakh by April 2024. This year, the national cybercrime reporting system received over six lakh complaints, totaling almost Rs 1,800 crore in fraudulent money. 

Based on a study undertaken by an IIT Kanpur-incubated non-profit, financial fraud accounts for approximately 77% of cybercrimes between 2020 and 2023. There are additional risks: identity and data theft caused by cyber fraud can have long-term consequences such as a permanent debt footprint, as well as legal and security issues. Notably, the cybercrime network based in these South Asian nations has been deceiving Indians by using Indian SIM cards and fraudulent recruitment possibilities via messaging apps.

For example, the Indian embassy in Cambodia sponsored the extradition of 360 Indians. However, 5,000 citizens are accused of being trapped there and forced to commit cybercrime against their fellow Indians. Last year, India was the 80th most targeted country for cybercrime. New Delhi must use diplomatic channels to interact its concerns to these countries.

India has the second largest population of active internet users. However, the vast majority of them are unaware of internet fraud, making them easy targets for scammers. Other rising threats include privacy violations and sextortion. The expanding digital ecosystem needs a thorough understanding and mitigation of cyber threats. 

To prevent such mischief, legal loopholes must be fixed. However, there should be a balance between cybercrime prevention and overregulation so that access to the internet is not hampered while also protecting the privacy of users. Treading this fine line under an authoritarian rule can be difficult.
Read more »
malware
Cyber Fraud Cyberattacks CyberCrime Cybersecurity CyberThreat malware

Task Force Triumphs in Shutting Down Six Notorious Malware Droppers

 


This is the biggest-ever international operation against ransomware, coordinated by the justice and police agencies of the European Union. Police have taken down computer networks that spread ransomware via infected emails in what is described as the largest international operation. Eurojust, an EU-wide judicial cooperation agency, announced on Thursday that four suspects of high value were arrested, 100 servers were taken down, and more than 2,000 internet domains were seized. There has been an international crackdown on six malware droppers, which are malicious programs that play an important role in hacking campaigns. 

Europol, which led the task force, announced today that it has disrupted the infrastructure behind these programs. In the takedown, hundreds of law enforcement officers from Denmark, France, Germany, the Netherlands, the United Kingdom, and the United States were involved. This was the largest-ever botnet takedown according to Europol. 

The Europol-led international law enforcement operation began with the announcement of numerous arrests, searches, seizures and takedowns of malware droppers as well as their operators following several arrests, searches, seizures and takedowns. In the early days of Operation Endgame, the EU task force coordinated with its US and UK law enforcement partners to disrupt the operations of malware droppers such as IcedID, Bumblebee, SystemBC, Pikabot, Smokeloader, and Trickbot as well as other malware droppers. 

Those who do not know what a dropper is, but can easily identify a dropper, as it is malware that facilitates the installation of other malware. In most cases, the dropper is installed first as part of the initial access process and is transmitted through phishing emails and other common methods of accessing the system. "The largest ever operation against botnets, which are a major contributor to ransomware deployment, has been launched by Europol with Operation Endgame," Europol said at the beginning of the operation. 

Law enforcement agencies coordinated to make four arrests, search 16 locations, seize over 100 servers, including some that were located in the US and UK, and take down more than 2,000 domains that had been used to distribute malware and commit other cyber crimes, according to the international cop group. A total of three arrests were made in Ukraine, with the fourth arrest being made in Armenia. The main suspects were not identified, but Europol said the investigation revealed at least €69m in cryptocurrency that they earned by renting out their illegal infrastructure for ransomware deployments. The names of the suspects were not released.  

There were four arrests made by German law enforcement along with eight fugitives added to the EU's most wanted list for involvement in cybercrime Operation Endgame was aimed at as well as other serious cybercrime activity, along with the four arrests. In a recent announcement by the U.S. Department of Justice, the Department of Justice revealed that the 911 S5 residential proxy network, which is thought to be the world's largest botnet, had been disrupted by the government.  Droppers are also sometimes tasked with performing other duties in addition to dropping. 

Code obfuscation is a common feature of these programs and means that malware is less susceptible to being reverse-engineered by performing the process of obscuring the code. Consequently, cybersecurity professionals are having a harder time understanding the code of malicious programs, which further complicates the process of preventing breaches and makes it more difficult to identify them. Over 100 servers associated with the spread of malware droppers were shut down or disrupted in the Europol-led takedown outlined today by the task force that was led by Europol. 

In roughly a dozen different countries, the machines could be found scattered across the globe. In addition to the domain names, officials also seized over 2,000 IP addresses. It has been confirmed by Europol that, with the disruption of the infrastructure, six of the most well-known cybercrime droppers were impacted: IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. Throughout the investigation, four arrests have been made related to the droppers, and eight of them have been added to Europe's Most Wanted list as fugitives. 

In the wake of the disruption of the hacking operation, it is estimated that hundreds of millions of dollars worth of damages were caused to the economy. In a coordinated international effort, cybercriminals targeting individuals, companies, and government agencies were disrupted. Europol reported that this takedown had a significant global impact, dismantling infrastructure used to distribute malware that facilitated ransomware and other attacks. 

This development follows the U.S. Justice Department's announcement of disrupting a massive botnet, known as 911 S5, which infected millions of computers. Law enforcement successfully apprehended the botnet's operator and disabled the servers responsible for powering the malware.
Read more »
User Security
Account Hack Cyber Fraud Cyber Scammers Data Privacy Meta User Security

Facebook Account Takeovers: Can Tech Giant Stop Hijacking Scams?

 

A Go Public investigation discovered that Meta has allowed a scam campaign to flourish on Facebook, as fraudsters lock users out of their accounts and mimic them. 

According to the CBC, Lesa Lowery is one of the many victims. For three days, she watched helplessly as Facebook scammers duped her friends out of thousands of dollars for counterfeit things. Her Facebook account was taken in early March. 

Lowery had her account hacked after changing her password in response to a Facebook-like email. The scammer locked her out, costing her friends $2,500. Many of Lowery's friends reported the incident to Facebook, but Meta did not. The scammer removed warnings and blocked friends. Lowery's ex-neighbor, Carol Stevens, lost $250 in the swindle. 

Are Meta’s efforts enough? 

Claudiu Popa, author of "The Canadian Cyberfraud Handbook," lambasted Meta for generating billions but failing to secure users, despite the fact that Meta's sales increased 16% to $185 billion last year. 

Meta wrote Go Public, stating that it has "over 15,000 reviewers across the globe" to fix breaches, but did not explain why the retirement home fraud proceeded.

Popa, a cybercrime specialist, believes that fraudsters employ AI to identify victims and create convincing emails. According to Sapio Research, 85% of cybersecurity professionals believe that AI-powered assaults have increased.

In March, 41 US state attorneys general stated that Meta assisted customers as the number of Facebook account takeovers increased. Meta indicated that it attempted to fix the issue but did not disclose specifics. Credential stuffing assaults and data breaches can result in account takeovers and dump sales.

According to The Register, Meta was taken over by Facebook via phone number recycling in the US. New telecom customers receive abandoned numbers without being disconnected from the previous owner's accounts. An outdated number may get a password reset request or a two-factor authentication token, potentially allowing unauthorised access.

Meta is aware of phone number recycling-related account takeovers; however, the social media giant noted that it "does not have control over telecom providers" reissuing phone numbers, and that users who had phone numbers linked to their Facebook accounts were no longer registered with them. 

Meanwhile, cybersecurity experts propose that the government take measures to address Facebook account takeovers. According to Popa, companies like Meta rely on legislation to protect users and respond fast to fraud.
Read more »
Telecom Sector
Cyber Fraud cybercriminals DoT Fake Calls Fraud Calls Identity Fraud India Indian Government Spoofing Telecom Sector

Combatting International Spoofed Calls: India's New Measures to Protect Citizens

 

In recent times, fraudsters have increasingly used international spoofed calls displaying Indian mobile numbers to commit cybercrime and financial fraud. These calls, which appear to originate within India, are actually made by criminals abroad who manipulate the calling line identity (CLI). 

Such spoofed calls have been used in various scams, including fake digital arrests, FedEx frauds, narcotics in courier schemes, and impersonation of government and police officials. To combat this growing threat, the Department of Telecommunications (DoT) and Telecom Service Providers (TSPs) in India have developed a system to identify and block incoming international spoofed calls. 

This initiative aims to prevent such calls from reaching any Indian telecom subscriber. The Ministry of Communications announced that TSPs have been directed to block these calls and are already taking steps to prevent calls with spoofed Indian landline numbers. In addition to this, the DoT has launched the Sanchar Saathi portal, a citizen-centric platform designed to enhance user safety and security amid the rising threat of fraud and international call scams. This portal includes a feature called "Chakshu," which allows individuals to report suspicious calls and messages. 

Chakshu simplifies the process of flagging fraudulent communications, providing an extra layer of protection against cybercriminals. Chakshu serves as a backend repository for citizen-initiated requests on the Sanchar Saathi platform, facilitating real-time intelligence sharing among various stakeholders. The platform also provides information on cases where telecom resources have been misused, helping to coordinate actions among stakeholders. 

Union Minister Ashwini Vaishnaw has highlighted additional measures, including creating a grievance redressal platform for reporting unintended disconnections and a mechanism for returning money frozen due to fraud. These efforts aim to address the concerns of citizens who may have been inadvertently affected by the anti-fraud measures. Since its launch in May last year, the Sanchar Saathi portal has been instrumental in enhancing the security of telecom users. It has helped track or block over 700,000 lost mobile phones and detect more than 6.7 million suspicious communication attempts. 

These efforts underscore the government's commitment to safeguarding citizens from cyber threats and ensuring the integrity of telecom services. The DoT and TSPs' proactive measures, along with the Sanchar Saathi portal, represent significant steps towards protecting Indian citizens from international spoofed calls and other forms of cybercrime. By leveraging advanced technology and fostering collaboration among stakeholders, these initiatives aim to create a safer digital environment for all.
Read more »
User Privacy
Cyber Fraud Cyber Scammers Threat Intelligence User Privacy

Have You Been Defrauded? This Scam Survival Toolkit Can Help You Recover

 

Wondering what to do in the aftermath of a fraud can be extremely difficult. The Better Business Bureau's (BBB) new fraud Survival Toolkit helps fraud survivors navigate the recovery process.

Fraudsters target people from many walks of life. BBB frequently shares tips on how to avoid scammers, but you may still be at risk immediately after a scam happens. 

Scams not only cause financial harm, but they also have an emotional impact on victims. Survivors of scams often experience feelings of shame, guilt, or wrath, even if it is not their fault they were victimised.

Scammers capitalise on strong emotions, and emotions are high in the days following a scam, putting survivors at risk. According to the BBB's 2023 Scam Tracker Risk Report, 10% of respondents were victims of three or more frauds. 

The first step following a scam is to protect oneself from further harm. Everyone's situation is unique, but the methods below can help you secure your money, credit, or identity. 

Prevention tips 

Secure your finances: If you have lost money or bank information to a scammer, contact your financial institution. They may be able to initiate a fraud inquiry or cancel the transactions. If your credit card information has been hacked, they can cancel it and provide you a new one.

Protect your credit: If you lose personal or credit card information, it could be exploited to steal your identity; thus, place a fraud warning on your credit reports or freeze your credit. Consider acquiring a free credit report to keep track of any suspicious activities.

Change your password: If a specific account has been compromised, notify the company and change your password. Follow the BBB's password-creation instructions and consider using multifactor authentication to protect your account. Keep an eye out for any unusual behaviour on your other accounts.

Keep an eye out for recovery scams: Some scammers strike after a fraud has occurred, offering phoney credit repair or tech assistance services that steal money or information from susceptible people. 

Report the scam: Once you've taken steps to safeguard yourself, report the scam to BBB Scam Tracker to assist others. Last year, 36.6% of customers who visited BBB fraud Tracker reported that it helped them prevent fraud.
Read more »
UK Firm
Cyber Fraud Deepfakes Engineering Giant Threat Landscape UK Firm

Engineering Giant Arup Falls Victim to £20m Deepfake Video Scam

 

The 78-year-old London-based architecture and design company Arup has a lot of accolades. With more than 18,000 employees spread over 34 offices worldwide, its accomplishments include designing the renowned Sydney Opera House and Manchester's Etihad Stadium. Currently, it is engaged in building the La Sagrada Familia construction in Spain. It is now the most recent victim of a deepfake scam that has cost millions of dollars. 

Earlier this year, CNN Business reported that an employee at Arup's Hong Kong office was duped into a video chat with deepfakes of the company's CFO and other employees. After dismissing his initial reservations, the employee eventually sent $25.6 million (200 million Hong Kong dollars) to the scammers over 15 transactions.

He later realised he had been duped after checking with the design company's U.K. headquarters. The ordeal lasted a week, from when the employee was notified to when the company started looking into the matter. 

“We can confirm that fake voices and images were used,” a spokesperson at Arup told a local media outlet. “Our financial stability and business operations were not affected and none of our internal systems were compromised.” 

Seeing is no longer the same as believing 

The list of recent high-profile targets involving fake images, videos, or audio recordings intended to defame persons has risen with Arup's deepfake encounter. Fraudsters are targeting everyone in their path, whether it's well-known people like Drake and Taylor Swift, companies like the advertising agency WPP, or a regular school principal. An official at the cryptocurrency exchange Binance disclosed two years ago that fraudsters had created a "hologram" of him in order to get access to project teams. 

Because of how realistic the deepfakes appear, they have been successful in defrauding innocent victims. Deepfakes, such as the well-known one mimicking Pope Francis, can go viral and become difficult to manage disinformation when shared on the internet. The latter is particularly troubling since it has the potential to sway voters during a period when several countries are holding elections. 

Attempts to defraud businesses have increased dramatically, with everything from phishing schemes to WhatsApp voice cloning, Arup's chief information officer Rob Greig told Fortune. “This is an industry, business and social issue, and I hope our experience can help raise awareness of the increasing sophistication and evolving techniques of bad actors,” he stated. 

Deepfakes are getting more sophisticated, just like other tech tools. That means firms must stay up to date on the latest threat and novel ways to deal with them. Although deepfakes might appear incredibly realistic, there are ways to detect them. 

The most effective approach is to simply ask a person on a video conference to turn—if the camera struggles to get the whole of their profile or the face becomes deformed it's probably worth investigating. Sometimes asking someone to use a different light source or pick up a pencil can assist expose deepfakes.
Read more »
Project Swan
Canada Crypto Fraud Cyber Fraud Ontario Police Project Swan

Self Proclaimed “Crypto King” Aiden Pleterski Charged With $30 Million Scam

 

Aiden Pleterski, also known as the "Crypto King," and his partner, Colin Murphy, have been arrested and charged with allegedly defrauding investors of $40 million CAD (about $30 million USD) in a cryptocurrency and foreign exchange investment scam. 

Earlier this week on Wednesday, the Ontario Securities Commission revealed that Aiden Pleterski, 25, known as the "Crypto King," is facing fraud and money laundering charges. The commission also charged his colleague, Colin Murphy (27), with fraud. It stated Pleterski squandered investors' money on a lakeside house and a fleet of expensive cars. Among them was a Lamborghini, the Italian sports car totemic of crypto-based wealth.

The criminal allegations filed against the two Canadians are part of a 16-month investigation dubbed Project Swan. It coincides with a high-profile bankruptcy case involving their alleged investment fraud scheme. 

According to court filings and local media sources, Pleterski and his company, AP Private Equity Limited, received roughly $40 million CAD from 160 investors between 2021 and 2022 to invest in cryptocurrency and foreign exchange markets. Some investors apparently took out loans to fund their investments with Pleterski.

According to the findings of the bankruptcy trustee, Pleterski only invested two percent of the funds that he was given. He spent at least $16 million on personal luxury items in the interim. Among them were: International trips to the US and UK; more than 10 luxury cars, including two McLarens, two BMWs, and a Lamborghini. renting a lakefront property worth $8.4 million for $45,000 a month.

Aiden Pleterski, a self-proclaimed "Crypto King" and occasional livestreamer, has exposed his lavish lifestyle on social media. He bragged of travels to Los Angeles, London, and Miami, where he drove rental Lamborghini and McLarens. In one film, Pleterski was seen assembling a Lego Titanic model. During it, he claimed that he had spent $150,000 on Lego since 2021. 

Throughout the bankruptcy proceedings, Pleterski portrayed himself as a "20-something-year-old kid". He revealed to creditors that he was messy and did not keep financial records or track payments, CBC reported.

Meanwhile, in December 2022, a group of individuals involved in Pleterski's operation allegedly kidnapped the self-proclaimed Crypto King. According to reports, the group held him captive for three days, torturing and beating him. 

The kidnappers reportedly sought a $3 million ransom for his release. Although Pleterski was later released, a 12-minute video emerged on social media showing him injured and wounded. He apologised to his investors in what his lawyer termed as a forced apology. Four of the suspected kidnappers have since been apprehended and charged.
Read more »
Russian cybercrime forum
Abnormal Security report company data theft Cyber Fraud cybercriminal blackmail DocuSign phishing scams fake DocuSign templates phishing email increase Russian cybercrime forum

Scammers Use Phony DocuSign Templates to Blackmail and Defraud Companies

 

Phishing emails impersonating DocuSign are on the rise, driven by a thriving underground market for fake templates and login credentials.

In the past month, researchers from Abnormal Security have observed a significant increase in phishing attacks designed to mimic legitimate DocuSign requests. Their investigation led them to a Russian cybercrime forum where sellers offered a variety of templates resembling authentic emails and documents.

DocuSign, a leading document-signing software, has long been a prime target for phishers due to its popularity and the sensitive nature of the documents it handles. DocuSign emails are generally generic, making them easy to forge with a large, conspicuous yellow button that tempts users to click. Mike Britton, CISO of Abnormal Security, explains, "People are conditioned to recognize and trust the typical appearance of DocuSign emails. In my weekly routine, I encounter multiple DocuSign requests and often click on them without a second thought."

To create convincing DocuSign phishing emails, attackers can painstakingly design authentic-looking templates from scratch or, more efficiently, purchase pre-made malicious templates from online marketplaces. According to Britton, these templates, which can mimic DocuSign, Amazon, PayPal, and other platforms, can be bought for as little as $10.

With these inexpensive resources, attackers craft phishing emails to deceive employees into revealing personal information or redirecting them to fake login pages to steal their DocuSign credentials. The stolen data is then used by the attackers or sold to other cybercriminals.

Cheap login credentials allow hackers to access employees' DocuSign histories, revealing sensitive documents from recent months. Information from employer contracts, vendor agreements, and payment details can be used for blackmail or sold to other attackers. Hackers can also identify new targets and impersonate specific individuals within a company.

For instance, an attacker might time a fraudulent payment request to coincide with a company's regular vendor payment schedule. By using information from a compromised employee's DocuSign history, they can convincingly impersonate a superior or a vendor's finance department contact, attaching real documents for reference.

To mitigate these risks, Abnormal Security advises employees to be vigilant about suspicious email sender addresses, impersonal greetings, and unusually short DocuSign security codes. Employees should open documents directly from the company's website rather than via email and avoid opening unexpected documents.

"Everyone is busy," Britton notes. "Whether in the office or working in a hybrid environment, the safest approach is to verify emails by calling the sender directly to confirm their legitimacy."
Read more »
online frauds
Arrests Cyber Fraud Cyberattacks Cybersecurity Precautions Data Safety digital safety Information Security online frauds

Government Struggles with Low Arrest Rate Amidst 31 Lakh Cyber Fraud Complaints

 

From the high-profile AIIMS cyber attack to widespread data leaks like that of the ICMR, the National Cyber Crime Portal (NCRP) has seen an alarming rise in cyber fraud complaints. Since 2020, the portal has received 31 lakh complaints as of February 2024. 

However, the most concerning issue, as highlighted by the Central government's official communication, is the staggeringly low number of arrests in these cases. Despite over 66,000 cases being registered by various law enforcement agencies, the total number of arrests stands at just 500, amounting to less than 1% of the reported cases. 

This discrepancy has been a recurring topic in meetings within the Ministry of Home Affairs and the Ministry of Finance. During a recent Financial Stability and Development Council (FSDC) meeting, several stakeholders voiced their frustration over the minimal progress in arrests. A significant part of the problem lies in the increasing prevalence of fraudulent loan lending apps, which have severely impacted India's financial infrastructure. 

These apps disproportionately affect low-income groups, leading to significant financial losses as money is often funneled out of the country. According to a senior official present at the FSDC meeting, many of these apps operate from China, posing a dual threat to both financial institutions and the economic stability of vulnerable populations. The official noted that some Indian nationals involved in these crimes inadvertently aid China-based operators, thereby becoming victims themselves. 

In response to these growing concerns, the central government has urged tech giants like Google and Meta to deploy experts to combat the menace. There is a heightened alarm over advertisements run by organized threat actors, many of whom operate internationally. A central cyber agency's analysis revealed that numerous mobile applications were conducting ad campaigns on Meta platforms, leading to a slew of suicides linked to harassment and extortion by illegal app operators and loan recovery agents. 

The misuse of app permissions for harvesting credentials and data adds another layer of risk, potentially enabling future cybercrimes. The FSDC meeting underscored the urgency of addressing these issues, with multiple stakeholders pushing for the Ministry of Home Affairs to take immediate action. Sources indicate that the Ministry is now expected to convene a meeting with various agencies to expedite investigations and increase the number of arrests. 

This coordinated effort aims to enhance the pace and effectiveness of law enforcement responses to cyber fraud, thereby protecting India's financial ecosystem and its most vulnerable citizens.
Read more »
User Privacy
Action Fraud Cyber Fraud Cyber Scam Cyber Scammers UK User Privacy

Scammers Targeting WhatsApp Groups in UK

 

When businessman Mohammed Yousaf received an urgent plea for assistance from one of his oldest friends, he rushed to the rescue.

The 56-year-old received a WhatsApp message from the account of a man he had been friends with for 50 years. It began with the greeting 'Salaam', followed by the message: "Please, I need a little assistance from you..." 

Mohammed was concerned about his friend and inquired how he could help. He was told that his friend was attempting to send £800 to an account, but it did not function, and he was asked if he could make the payment instead, with his friend reimbursing him the next day. What transpired was a fraud that terrified Mr. Yousaf and cost him £800. Unfortunately, he's not alone. 

Last month, men in East Lancashire were warned of blackmail fraud after scammers posing as Eastern European gang members sent threatening requests for payment. Police said men in Accrington and Blackburn were pushed into giving over substantial sums of cash after getting disturbing messages and video calls of someone carrying a pistol. 

Action Fraud, the UK's national reporting centre for fraud and cybercrime, reports that fraudsters are now targeting group chat participants in order to exploit WhatsApp users. The fraud often begins when a member of the group receives a WhatsApp audio call from the fraudster, who pretends or claims to be another member of the group. 

This is done to earn the individual's trust, and the scammer will frequently use a phoney profile image and/or display name, giving the impression that it is a genuine member of the group. 

The fraudster will inform the victim that they are providing them a one-time passcode that will allow them to participate in an upcoming video call for group members. The perpetrator then asks the victim to reveal the passcode so that they can be "registered" for the video conference.

In reality, the attacker is asking for a registration number to migrate the victim's WhatsApp account to a new device, allowing them to take over the account. 

Once the fraudster has gained access to the victim's WhatsApp account, they will activate two-step verification, making it impossible for the victim to regain access to their account. Other members of the group, or friends and family in the victim's contacts, will then be messaged, urging them to wire money immediately because they are in urgent need of assistance. 

According to Detective Superintendent Gary Miles, head of the City of London Police's National Fraud Intelligence Bureau, WhatsApp remains a key channel of communication for several people in the UK, but fraudsters continue to figure out ways to gain access to these platforms.
Read more »
warn victims
Cyber Fraud fake payment cards Japanese police support scam tech support fraud warn victims

Japanese Authorities Deploy Counterfeit Payment Cards to Alert Victims of Support Scams

 

Japanese police has initiated a unique strategy involving the placement of counterfeit payment cards in convenience stores to safeguard elderly individuals from tech support scams and unpaid money fraud. These fake cards, labeled as "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card," were devised by the Echizen Police in Fukui prefecture as a preemptive measure.

The primary objective behind these dummy cards is to alert elderly victims who might be instructed by fraudsters to acquire such payment cards. This initiative comes in response to the significant financial losses, amounting to around $7.5 million, incurred by Fukui prefecture due to various online frauds in the past year. Notably, in January 2024 alone, there were 14 reported complaints of investment scams causing an estimated damage of $700,000.

In a bid to combat tech support scams, the Echizen Police undertook a trial run of this innovative approach by distributing the counterfeit cards across 34 local convenience stores. Store employees were thoroughly briefed about the purpose of these cards. Whenever customers attempted to purchase them, employees intervened, explaining to the potential buyers that they were likely targeted by scammers.

This collaborative effort not only aims to prevent further victimization but also facilitates the identification of potential victims for subsequent investigation by law enforcement. Reports from local media outlet Fukuishimbun indicate that this strategy, implemented since late November 2023, has already proven effective in aiding at least two elderly men who were nearly swindled into paying fees for non-existent malware cleaning services.

The distinctive messaging on these dummy cards makes them conspicuous to potential victims, who may believe they offer solutions to the issues presented by scammers. Yayoi Tanaka, a convenience store employee who thwarted a scam attempt with the help of these cards, noted that they significantly ease the process of explaining to customers that they have fallen victim to deception.
Read more »
University Students
Cyber Fraud LabHost Threat Landscape UK Police University Students

International Cyber Fraud Ring Busted By London Police

 

UK Police stated that they have infiltrated a massive phishing website on the dark web that has defrauded tens of thousands of individuals, and learned that university students have turned to cyber fraud as a way to increase their revenue. 

LabHost was a cyber fraud emporium that allowed users to create realistic-looking websites from major names such as big institutions, ensnaring victims all around the world, including 70,000 in the United Kingdom. It has been in operation from 2021. 

Victims entered private data, some of which were used to steal money, but the site's creators also profited by selling details to fraudsters on the dark web.

According to the Metropolitan police, the majority of the victims were between the ages of 25 and 44, and they spent the majority of their time online. Police believe they apprehended one of the site's major suspected masterminds this week, among 37 individuals held in the UK and abroad.

The Metropolitan Police reported that arrests were made at Manchester and Luton airports, as well as in Essex and London. Policing in the UK is under pressure to prove that it is effectively combating the rise in cyber fraud.

The site's infiltration is a drop in the ocean compared to the scope of the problem, but police seek to shake criminals' confidence in their ability to act with impunity and intend to shut down more cyber fraud sites. 

In the midst of struggles for resources against other criminal objectives like protecting children and bolstering what is often viewed as inadequate protection of women, fraud and cybercrime are seen as difficult crimes for law enforcement to solve. 

The Met is currently enjoying its success. The main users of the website have been arrested, and 25,000 victims have been notified in the UK. Some of the users won't be arrested, though, since investigators don't know who they really are.

LabHost collected 480,000 debit or credit card data, and 64,000 pin numbers, and generated £1 million from 2,000 customers who paid up to £300 a month in Bitcoin for membership fees. As a “one-stop-shop for phishing,” it promoted itself.

It included a teaching video on how to use the site to conduct crimes, similar to one on how to use a new consumer product. The video stated that the show takes five minutes to install and that "customer service" was available if there were any issues. It concluded by urging its criminal users, "Stay safe and good spamming.”
Read more »
unauthorised access
Cyber Fraud Financial crime Financial Loss Information Technology Online fraud Online Scam OTP unauthorised access

E-Challan Fraud, Man Loses Rs 50,000 Despite Not Sharing Bank OTP

 

In a cautionary tale from Thane, a 41-year-old man, M.R. Bhosale, found himself embroiled in a sophisticated online scam after his father fell victim to a deceptive text message. The incident sheds light on the dangers of trusting unknown sources and underscores the importance of vigilance in the digital age. 

Bhosale's father, a diligent auto-rickshaw driver in Ghatkopar, received a seemingly official text message from the Panvel Traffic Police, notifying him of a traffic violation challan against his vehicle. The message directed him to settle the fine through a designated app called Vahan Parivahan, with a provided download link. Unbeknownst to him, the message was a clever ruse orchestrated by scammers to dupe unsuspecting victims. 

When Bhosale's father encountered difficulties downloading the app, he sought his son's help. Little did they know, their attempt to rectify the situation would lead to financial loss and distress. Upon downloading the app on his device, Bhosale encountered a barrage of One-Time Passwords (OTPs), signalling a red flag. Sensing trouble, he promptly uninstalled the app. 

However, the damage had been done. A subsequent check of his bank statement revealed unauthorized transactions totalling Rs 50,000. With resolve, Bhosale wasted no time in reporting the incident to the authorities. A formal complaint was filed, detailing the deceptive mobile number, fraudulent link, and unauthorized transactions. 

In response, the police initiated an investigation, invoking sections 66C and 66D of the Information Technology Act to pursue the perpetrators and recover the stolen funds. This unfortunate ordeal serves as a stark reminder of the prevalence of online scams and the importance of exercising caution in the digital realm. To avoid falling victim to similar schemes, users must remain vigilant and skeptical of unsolicited messages or unfamiliar apps. 

Blind trust in unknown sources can lead to devastating consequences, as Bhosale's family discovered firsthand. Furthermore, it is essential to verify the authenticity of communications from purported official sources and refrain from sharing personal or financial information without thorough verification. 

In an era where online scams abound, skepticism and diligence are paramount. As the investigation unfolds, Bhosale's story serves as a cautionary tale for all internet users. By staying informed, exercising caution, and seeking assistance when in doubt, individuals can protect themselves from falling prey to online scams.
Read more »
SVG
Cyber Campaigns Cyber Fraud Cyberattacks CyberCrime Cybersecurity CyberThreat Email Attacks Malware Campaigns Phising SVG

Cybercriminals Employ Obfuscation in Invoice Phishing Malware Campaigns

 


An array of cunning cyberattack campaigns utilizing seemingly innocuous invoices to deliver malware attacks have been uncovered by cybersecurity researchers. In this deceptive campaign, malicious Scalable Vector Graphics (SVG) file attachments are embedded in phishing emails that have been crafted to pose as malicious content. 

There is a risk that an intricate infection sequence will unfold once the victim opens the attachment, potentially releasing the victim's computer with various types of malware strains. Using this invoice-themed phishing scheme, FortiGuard Labs at Fortinet, a leading cybersecurity research team, identified a variety of malware. 

The malicious payloads included RATs such as Venom RAT, Remcos RAT, NanoCore RAT, and XWorm, as well as other Remote Access Trojans (RATs) that are known to have been exploited by hackers. Furthermore, the attack arsenal has incorporated a cryptocurrency wallet stealer that allows attackers to steal digital currencies from users without their knowledge of it. 

In a technical report published by Fortinet FortiGuard Labs, a technical report said that the emails include Scalable Vector Graphics files (SVG) that activate infection sequences when clicked. It is of particular note that the modus operandi uses BatCloak's malware obfuscation engine and ScrubCrypt to deliver malware as obfuscated batch scripts via the BatCloak malware obfuscation engine. 

A tool known as BatCloak, which was offered for sale to other threat actors in late 2022, has its roots in Jlaive, a tool that was developed by the organization. Essentially, it serves to load a next-stage payload by circumventing traditional detection mechanisms by loading it in a layered manner. The complexity of the attack lies in its multilayered approach. 

It is the SVG attachments that serve as triggers, initiating the infection process once the target opens them up. The BatCloak malware obfuscation engine is also extensively used to perform obfuscation techniques. In late 2022, cybercriminals were able to purchase a tool called Jlaive, a descendant of another obfuscation tool known as Jlaive, which has been available since then. 

In addition to masking the subsequent stages of malware, BatCloak's main function is to make it difficult for security software to detect the subsequent stages of malware. This variant of the Quasar RAT gives attackers the ability to seize control of compromised systems, collect sensitive data, and execute commands from command and control (C2) servers once they have taken control of a compromised system. 

In addition, it allows a multitude of plugins to be deployed for different kinds of malicious activities, including Remcos RAT, which is distributed via obfuscated VBS scripts, ScrubCrypt, and Guloader PowerShell scripts. The plugin system also allows a stealer module to be deployed to collect information from crypto wallets and applications like Atomic Wallet, Electrum, Ethereum, and others and send that stolen information to a remote server via the plugin system. 

In addition to obfuscating the malware, ScrubCrypt is one more layer that adds to this elaborate attack. It encrypts the malicious code, making it even more difficult to detect and prevent infection from security systems. A malware payload typically arrives in the form of encoded batch scripts as soon as the layers are peeled back. Once the scripts have been downloaded and executed onto the compromised system, the malware payload will be able to be detected. 

According to the cybersecurity firm that analyzed the latest campaign, the SVG file served as a conduit for dropping a ZIP archive which contained a batch script that probably was created using BatCloak. After the ScrubCrypt batch file has been unpacked, the Venom RAT is eventually executed, but not before establishing persistence on the host, bypassing ETW and AMSI protections, and setting up persistence on the host. 

The evolution of the tactics employed by cybercriminals has demonstrated the importance of the evolving threat landscape. A very important aspect of the sophistication of these online threats is the fact that attackers are strategically using readily available obfuscation tools, alongside malware that targets cryptocurrency. 

Researchers have stressed to users the importance of remaining vigilant, especially when it comes to unsolicited email attachments, even when they seem to be invoices or other documents that seem to come from a legitimate source. Several security measures should also be implemented by businesses, including comprehensive email filtering systems in addition to employee training programs targeted at recognizing warning signs of phishing attempts, which are recommended as part of these measures.
Read more »
Subscribe to: Posts (Atom)