Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Fraud. Show all posts
University Students
Cyber Fraud LabHost Threat Landscape UK Police University Students

International Cyber Fraud Ring Busted By London Police

 

UK Police stated that they have infiltrated a massive phishing website on the dark web that has defrauded tens of thousands of individuals, and learned that university students have turned to cyber fraud as a way to increase their revenue. 

LabHost was a cyber fraud emporium that allowed users to create realistic-looking websites from major names such as big institutions, ensnaring victims all around the world, including 70,000 in the United Kingdom. It has been in operation from 2021. 

Victims entered private data, some of which were used to steal money, but the site's creators also profited by selling details to fraudsters on the dark web.

According to the Metropolitan police, the majority of the victims were between the ages of 25 and 44, and they spent the majority of their time online. Police believe they apprehended one of the site's major suspected masterminds this week, among 37 individuals held in the UK and abroad.

The Metropolitan Police reported that arrests were made at Manchester and Luton airports, as well as in Essex and London. Policing in the UK is under pressure to prove that it is effectively combating the rise in cyber fraud.

The site's infiltration is a drop in the ocean compared to the scope of the problem, but police seek to shake criminals' confidence in their ability to act with impunity and intend to shut down more cyber fraud sites. 

In the midst of struggles for resources against other criminal objectives like protecting children and bolstering what is often viewed as inadequate protection of women, fraud and cybercrime are seen as difficult crimes for law enforcement to solve. 

The Met is currently enjoying its success. The main users of the website have been arrested, and 25,000 victims have been notified in the UK. Some of the users won't be arrested, though, since investigators don't know who they really are.

LabHost collected 480,000 debit or credit card data, and 64,000 pin numbers, and generated £1 million from 2,000 customers who paid up to £300 a month in Bitcoin for membership fees. As a “one-stop-shop for phishing,” it promoted itself.

It included a teaching video on how to use the site to conduct crimes, similar to one on how to use a new consumer product. The video stated that the show takes five minutes to install and that "customer service" was available if there were any issues. It concluded by urging its criminal users, "Stay safe and good spamming.”
Read more »
unauthorised access
Cyber Fraud Financial crime Financial Loss Information Technology Online fraud Online Scam OTP unauthorised access

E-Challan Fraud, Man Loses Rs 50,000 Despite Not Sharing Bank OTP

 

In a cautionary tale from Thane, a 41-year-old man, M.R. Bhosale, found himself embroiled in a sophisticated online scam after his father fell victim to a deceptive text message. The incident sheds light on the dangers of trusting unknown sources and underscores the importance of vigilance in the digital age. 

Bhosale's father, a diligent auto-rickshaw driver in Ghatkopar, received a seemingly official text message from the Panvel Traffic Police, notifying him of a traffic violation challan against his vehicle. The message directed him to settle the fine through a designated app called Vahan Parivahan, with a provided download link. Unbeknownst to him, the message was a clever ruse orchestrated by scammers to dupe unsuspecting victims. 

When Bhosale's father encountered difficulties downloading the app, he sought his son's help. Little did they know, their attempt to rectify the situation would lead to financial loss and distress. Upon downloading the app on his device, Bhosale encountered a barrage of One-Time Passwords (OTPs), signalling a red flag. Sensing trouble, he promptly uninstalled the app. 

However, the damage had been done. A subsequent check of his bank statement revealed unauthorized transactions totalling Rs 50,000. With resolve, Bhosale wasted no time in reporting the incident to the authorities. A formal complaint was filed, detailing the deceptive mobile number, fraudulent link, and unauthorized transactions. 

In response, the police initiated an investigation, invoking sections 66C and 66D of the Information Technology Act to pursue the perpetrators and recover the stolen funds. This unfortunate ordeal serves as a stark reminder of the prevalence of online scams and the importance of exercising caution in the digital realm. To avoid falling victim to similar schemes, users must remain vigilant and skeptical of unsolicited messages or unfamiliar apps. 

Blind trust in unknown sources can lead to devastating consequences, as Bhosale's family discovered firsthand. Furthermore, it is essential to verify the authenticity of communications from purported official sources and refrain from sharing personal or financial information without thorough verification. 

In an era where online scams abound, skepticism and diligence are paramount. As the investigation unfolds, Bhosale's story serves as a cautionary tale for all internet users. By staying informed, exercising caution, and seeking assistance when in doubt, individuals can protect themselves from falling prey to online scams.
Read more »
SVG
Cyber Campaigns Cyber Fraud Cyberattacks CyberCrime Cybersecurity CyberThreat Email Attacks Malware Campaigns Phising SVG

Cybercriminals Employ Obfuscation in Invoice Phishing Malware Campaigns

 


An array of cunning cyberattack campaigns utilizing seemingly innocuous invoices to deliver malware attacks have been uncovered by cybersecurity researchers. In this deceptive campaign, malicious Scalable Vector Graphics (SVG) file attachments are embedded in phishing emails that have been crafted to pose as malicious content. 

There is a risk that an intricate infection sequence will unfold once the victim opens the attachment, potentially releasing the victim's computer with various types of malware strains. Using this invoice-themed phishing scheme, FortiGuard Labs at Fortinet, a leading cybersecurity research team, identified a variety of malware. 

The malicious payloads included RATs such as Venom RAT, Remcos RAT, NanoCore RAT, and XWorm, as well as other Remote Access Trojans (RATs) that are known to have been exploited by hackers. Furthermore, the attack arsenal has incorporated a cryptocurrency wallet stealer that allows attackers to steal digital currencies from users without their knowledge of it. 

In a technical report published by Fortinet FortiGuard Labs, a technical report said that the emails include Scalable Vector Graphics files (SVG) that activate infection sequences when clicked. It is of particular note that the modus operandi uses BatCloak's malware obfuscation engine and ScrubCrypt to deliver malware as obfuscated batch scripts via the BatCloak malware obfuscation engine. 

A tool known as BatCloak, which was offered for sale to other threat actors in late 2022, has its roots in Jlaive, a tool that was developed by the organization. Essentially, it serves to load a next-stage payload by circumventing traditional detection mechanisms by loading it in a layered manner. The complexity of the attack lies in its multilayered approach. 

It is the SVG attachments that serve as triggers, initiating the infection process once the target opens them up. The BatCloak malware obfuscation engine is also extensively used to perform obfuscation techniques. In late 2022, cybercriminals were able to purchase a tool called Jlaive, a descendant of another obfuscation tool known as Jlaive, which has been available since then. 

In addition to masking the subsequent stages of malware, BatCloak's main function is to make it difficult for security software to detect the subsequent stages of malware. This variant of the Quasar RAT gives attackers the ability to seize control of compromised systems, collect sensitive data, and execute commands from command and control (C2) servers once they have taken control of a compromised system. 

In addition, it allows a multitude of plugins to be deployed for different kinds of malicious activities, including Remcos RAT, which is distributed via obfuscated VBS scripts, ScrubCrypt, and Guloader PowerShell scripts. The plugin system also allows a stealer module to be deployed to collect information from crypto wallets and applications like Atomic Wallet, Electrum, Ethereum, and others and send that stolen information to a remote server via the plugin system. 

In addition to obfuscating the malware, ScrubCrypt is one more layer that adds to this elaborate attack. It encrypts the malicious code, making it even more difficult to detect and prevent infection from security systems. A malware payload typically arrives in the form of encoded batch scripts as soon as the layers are peeled back. Once the scripts have been downloaded and executed onto the compromised system, the malware payload will be able to be detected. 

According to the cybersecurity firm that analyzed the latest campaign, the SVG file served as a conduit for dropping a ZIP archive which contained a batch script that probably was created using BatCloak. After the ScrubCrypt batch file has been unpacked, the Venom RAT is eventually executed, but not before establishing persistence on the host, bypassing ETW and AMSI protections, and setting up persistence on the host. 

The evolution of the tactics employed by cybercriminals has demonstrated the importance of the evolving threat landscape. A very important aspect of the sophistication of these online threats is the fact that attackers are strategically using readily available obfuscation tools, alongside malware that targets cryptocurrency. 

Researchers have stressed to users the importance of remaining vigilant, especially when it comes to unsolicited email attachments, even when they seem to be invoices or other documents that seem to come from a legitimate source. Several security measures should also be implemented by businesses, including comprehensive email filtering systems in addition to employee training programs targeted at recognizing warning signs of phishing attempts, which are recommended as part of these measures.
Read more »
SIM swap
2FA Bitcoin Cyber Fraud Identity Theft SIM swap

Look Out For SIM Swap Scams: Tips for Bitcoin Security

 




In today's digitised world, safeguarding personal information and digital assets is of great importance. One emerging threat is the SIM swap scam, a sophisticated form of identity theft where fraudsters manipulate mobile carriers to transfer a victim's phone number to a SIM card under their control. This can lead to unauthorised access to accounts, especially those reliant on SMS-based two-factor authentication (2FA).


Bitcoin Security at Risk

For Bitcoin users, SIM swap scams pose an even greater risk, particularly on centralised exchanges using SMS-based 2FA. Unauthorised access to these accounts could result in substantial financial loss. However, utilising self-custodial wallets, where users control their private keys, significantly reduces this risk by eliminating reliance on telecom-based authentication methods.


Protective Measures and Best Practices

1. Switch to Authenticator Apps: Transitioning from SMS-based 2FA to authenticator apps like Google Authenticator or Authy enhances security by eliminating the vulnerability to SIM swap attacks.

2. Implement Additional Security Measures: Make use of platform-provided security features such as withdrawal address whitelisting and multi-factor authentication whenever possible to add layers of protection to your assets.

3. Stay Careful Against Phishing: Be cautious of unsolicited communications and verify the authenticity of requests for personal information or urgent actions related to your accounts.

4. Inform Your Mobile Carrier: Make your mobile carrier aware of the risks associated with SIM swap scams and inquire about additional security measures to safeguard your account.

5. Prioritise Non-Custodial Wallets: Opt for storing Bitcoin in hardware or reputable software wallets where you control your private keys, ensuring maximum security.


Striving for Practical Security

While achieving perfect security may seem daunting, taking practical steps such as enabling authenticator apps and transitioning to non-custodial wallets significantly reduces vulnerability to SIM swap scams. Rather than pursuing perfection, adopting proactive security measures is key to mitigating risks and protecting valuable assets.


In the face of multiplying threats like SIM swap scams, prioritising security measures is essential, especially for Bitcoin holders. By following best practices and embracing non-custodial solutions, individuals can shield their digital assets and minimise the risk of falling victim to cyberattacks. Stay informed, stay vigilant, and take proactive steps to protect yourself in the digital realm.


Read more »
User Security
Bing Ad Cyber Fraud Fake Website Malicious Sites Trojan User Security

Bing Ad Posing as NordVPN Aims to Propagate SecTopRAT Malware

 

A Bing advertisement that appeared to be a link to install NordVPN instead led to an installer for the remote access malware SecTopRAT. 

Malwarebytes Labs identified the malvertising campaign on Thursday, with the domain name for the malicious ad having been registered only a day earlier. The URL (nordivpn[.]xyz) was intended to resemble an authentic NordVPN domain. The ad link linked to a website with another typosquatted URL (besthord-vpn[.]com) and a duplicate of the actual NordVPN website.

The download button on the fake website directed to a Dropbox folder containing the installer NordVPNSetup.exe. This executable comprised both an authentic NordVPN installation and a malware payload that was injected into MSBuild.exe and connected to the attacker's command-and-control (C2) server.

The threat actor attempted to digitally sign the malicious programme, however the signature proved to be invalid. However, Jérôme Segura, Principal Threat Researcher at Malwarebytes ThreatDown Labs, told SC Media on Friday that he discovered the software had a valid code signing certificate. 

Segura said some security products may block the executable due to its invalid signature, but, “Perhaps the better evasion technique is the dynamic process injection where the malicious code is injected into a legitimate Windows application.” 

“Finally, we should note that the file contains an installer for NordVPN which could very well thwart detection of the whole executable,” Segura added. 

The malicious payload, SecTopRAT, also known as ArechClient, is a remote access trojan (RAT) identified by MalwareHunterTeam in November 2019 and then analysed by GDATA experts. The researchers discovered that the RAT produces an "invisible" second desktop, allowing the attacker to manage browser sessions on the victim's PC. 

SecTopRAT can also provide system information, such as the system name, username, and hardware, to the attacker's C2 server. 

Malwarebytes reported the malware campaign to both Microsoft, which controls Bing, and Dropbox. Dropbox has since deactivated the account that contained the malware, and Segura said his team had yet to hear anything from Microsoft as of Friday. 

“We did notice that the threat actors updated their infrastructure last night, perhaps in reaction to our report. They are now redirecting victims to a new domain thenordvpn[.]info which may indicate that the malvertising campaign is still active, perhaps under another advertiser identity,” Segura concluded. 

Other malvertising efforts promoting SecTopRAT have been discovered in the past. In 2021, Ars Technica reported on a campaign that used Google advertisements to promote the Brave browser.

Last October, threat actors employed malvertising, search engine optimisation (SEO) poisoning, and website breaches to deceive consumers into installing a fake MSIX Windows programme package containing the GHOSTPULSE malware loader. Once deployed, GHOSTPULSE employs a process doppelganging to enable the execution of several malware strains, including SecTopRAT.
Read more »
Remote Access Software
Amsterdam cybercrime investigation bank helpdesk fraud Cyber Fraud cybercriminal arrests email database discovery online banking theft phishing email scam Remote Access Software

Sophisticated Dutch Bank Helpdesk Scam Unveils Database with Over 7 Million Email Addresses

 

In January, authorities in Amsterdam made six arrests as part of a significant cybercrime inquiry, leading to the unearthing of a database containing 7.3 million email addresses, with around 5 million linked to Dutch residents. The investigation initially targeted a bank helpdesk scam, wherein the perpetrators operated with a high level of professionalism akin to a call center.

Investigators stumbled upon the email lists on a laptop belonging to one of the suspects. They caution the public about the broader risks associated with phishing emails, as this extensive list has been circulated within the cybercriminal community for potential reuse in various fraudulent activities.

The case unfolded when approximately 30 individuals fell victim to a scheme where impostors, posing as bank representatives, deceived them into believing they were corresponding with other legitimate organizations. After victims responded to these emails, they were subsequently contacted by individuals masquerading as bank employees. These perpetrators employed psychological tactics, including feigning concern over the victims' involvement in a scam, to gain their trust.

Victims were then coerced into installing a remote access software called 'Anydesk,' which allowed the criminals to manipulate their computers from afar, ultimately siphoning off substantial sums of money through online banking. In some instances, the perpetrators even went as far as visiting victims in person to collect debit cards and valuables.

Following the arrests on January 24, which occurred in Amsterdam, Almere, and Heemskerk, authorities seized laptops, mobile phones, and debit cards. One suspect was subsequently released. Notably, one of the confiscated laptops contained the aforementioned email database.

Despite the apprehension of the suspects, authorities emphasize that the danger persists, as such lists continue to be traded and utilized by cybercriminals. They urge individuals to verify if their email addresses have been compromised and to exercise caution when encountering suspicious communications.

To combat such threats, the police have launched websites where individuals can ascertain if their email addresses have been compromised and verify the legitimacy of links received through various channels. Additionally, they advise individuals to hang up on anyone claiming to represent a bank and to independently verify such claims by contacting the bank's official customer service line.

Furthermore, the public is urged never to allow anyone to collect their debit cards or install programs on their computers. It's essential to educate vulnerable individuals, such as the elderly, about these fraudulent practices to prevent further victimization.
Read more »
User Safety
AI Scams Canada Cyber Fraud Data Privacy User Safety

Authorities Warn of AI Being Employed by Scammers to Target Canadians

 

As the usage of artificial intelligence (AI) grows, fraudsters employ it more frequently in their methods, and Canadians are taking note. According to the Royal Bank of Canada’s (RBC's) annual Fraud Prevention Month Poll, 75% of respondents are more concerned with fraud than ever before. Nine out of 10 Canadians feel that the use of AI will boost scam attempts over the next year (88%), thereby making everyone more exposed to fraud (89%).

As per the survey, 81 percent of Canadians think that AI will make phone fraud efforts more difficult to identify, and 81 percent are worried about scams that use voice cloning and impersonation techniques. 

"With the recent rise in voice cloning and deepfakes, fraudsters are able to employ a new level of sophistication to phone and online scams," stated Kevin Purkiss, vice president, Fraud Management, RBC. "The good news is that awareness of these types of scams is high, but we also need to take action to safeguard ourselves from fraudsters.”

The study also discovered that phishing (generic scams via email or text), spear phishing (emails or texts that appear authentic), and vishing (specific phone or voicemail scams) were among the top three types of fraud. More than half also report an increase in deepfake frauds (56%), while over half (47%) claim voice cloning scams are on the rise. 

Prevention tips

Set up notifications for your accounts, utilise multi-factor authentication whenever possible, and make the RBC Mobile App your primary banking tool. Keep an eye out for impersonation scams, in which fraudsters appear to be credible sources such as the government, bank employees, police enforcement, or even a family member. 

Some experts also recommend sharing a personal password with loved ones to ensure that you're conversing with the right individual. 

To avoid robo-callers from collecting your identity or voice, limit what you disclose on social media and make your voicemail generic and short. Ignore or delete unwanted emails and texts that request personal information or contain dubious links or money schemes.
Read more »
Personal Data
Courier Scam Cyber Fraud Cybersecurity Financial Fraud Fraud Call Personal Data

Deceptive Calls in Kolkata, Residents Targeted in Elaborate Scam

 

In a concerning trend, an increasing number of Kolkatans are falling victim to sophisticated scams orchestrated by fraudsters posing as law enforcement officials. The scam involves duping individuals into believing that a consignment of illegal articles has been booked in their names, leading them to face interrogation by supposed cops from another state via video calls at hotels. 

Reports from police sources indicate that victims receive calls informing them of the purported consignment and urging them to leave their homes or offices immediately to undergo interrogation. The fraudsters employ persuasive tactics, insisting that compliance is necessary to avoid legal repercussions. One such incident occurred recently when a resident of Chetla received such a call and hastily left his workplace to participate in a supposed police interrogation conducted via Skype. 

Fortunately, the intervention of a vigilant friend prevented him from being swindled. The friend recognized the potential fraud and advised him to disconnect the call, averting any financial loss. During these deceptive interrogations, victims are instructed not to communicate with anyone else, including family members, further isolating them from potential assistance. The fraudsters exploit the victims' fear and vulnerability, making them susceptible to coercion. 

The scam has evolved from previous tactics where fraudsters posed as representatives of courier companies to extort money from victims. Now, they employ a more elaborate ruse, convincing individuals to relocate to hotels for virtual interrogations under the guise of law enforcement procedures. The fraudsters utilize personal information such as PAN and Aadhaar card numbers to lend credibility to their claims, instilling a sense of urgency and fear in their targets. 

Victims, believing their identity documents have been implicated in illegal activities, are manipulated into complying with the fraudsters' demands. The consequences of falling victim to such scams can be severe, not only resulting in financial loss but also potentially damaging the victim's reputation and inviting legal trouble. 

It is essential for individuals to remain vigilant and skeptical of unsolicited calls or demands, especially those involving sensitive personal information or coercive instructions. Law enforcement authorities have cautioned the public against divulging personal information or complying with suspicious requests from unknown callers. They advise individuals to verify the authenticity of such communications by contacting official channels or seeking assistance from trusted sources. 

In light of these incidents, it is crucial for residents to exercise caution and awareness when dealing with unfamiliar or unexpected requests, particularly those involving legal matters. By staying informed and vigilant, individuals can protect themselves from falling prey to elaborate scams and fraudulent schemes. The recent surge in such scams underscores the importance of community awareness and proactive measures to combat cybercrime and protect vulnerable individuals from exploitation.
Read more »
Malicious Software
Antitrust Lawsuit antivirus software Cyber Fraud FTC Malicious Software

Fraudulent Antivirus Software Faces FTC Lawsuit After Raking in Millions

 

The US Federal Trade Commission filed a lawsuit alleging that two antivirus software packages, Restoro and Reimage, are counterfeit goods that have defrauded customers out of "ten of millions" of dollars. 

FTC investigators apparently went undercover and purchased the alleged malicious software four times. They discovered that the software consistently lied, telling them that they had a slew of viruses and security issues on their machines when, in fact, they did not. 404Media and Court Watch were the first to report the news.

One Restoro scan reported to the FTC that their test PC had 522 vulnerabilities that needed to be repaired. A Reimage scan discovered 1,244 so-called "issues," which the software classified as "PC privacy issues," "junk files," "crashed programs," and "broken registry issues." According to the complaint, these flaws were part of a larger scheme to offer buyers fraudulent "repair" tools. 

After installation, the software prompted the user to call a phone number to "activate" the software. However, the FTC claims that this is also part of the scheme, as the phone call sends users to a person who attempts to upsell the customer on further computer "repair services" over the phone, the lawsuit alleges. 

The FTC claims that the two software programs, which originate from the same place in Cyprus, have successfully tricked clients out of "tens of millions" of dollars. Reimage was added to a risk-monitoring program in 2019 because so many customers used credit card chargebacks to demand refunds. A large number of people also complained online, claiming the products are a scam.

According to the lawsuit, Visa also claimed in 2020 that the developers of the programme were involved in "fraudulent activities." Due to the large volume of customer chargeback requests, Visa later placed one of the Restoro-affiliated companies on a watch list in 2021. 

Restoro and Reimage are now facing charges from the FTC for allegedly misrepresenting their products and breaking laws pertaining to US telemarketing. Concerning the possibility that the developers of Restoro and Reimage will "continue to injure consumers and harm the public interest" in the absence of action, it expresses concern that the threat actors behind it won't stop.
Read more »
Voice Phishing
Cyber Fraud Financial Scam User Privacy Vishing Campaign Voice Phishing

Sophisticated Vishing Campaigns are Rising Exponentially Worldwide

 

Voice phishing, also known as vishing, is popular right now, with multiple active campaigns throughout the world ensnaring even savvy victims who appear to know better, defrauding them of millions of dollars. 

South Korea is one of the global regions hardest hit by the attack vector; in fact, a fraud in August 2022 resulted in the largest amount ever stolen in a single phishing case in the country. This transpired when a doctor sent 4.1 billion won, or $3 million, in cash, insurance, stocks, and cryptocurrency to criminals, showing how much financial harm one vishing scam can inflict.

According to Sojun Ryu, lead of the Threat Analysis Team at South Korean cybersecurity firm S2W Inc., sophisticated social engineering strategies used in recent frauds involve imitating region law enforcement officers, giving individuals a false sense of authority. Ryu will present a session on the topic, "Voice Phishing Syndicates Unmasked: An In-Depth Investigation and Exposure," at the upcoming Black Hat Asia 2024 conference in Singapore. 

Vishing attempts in South Korea, in particular, take advantage of cultural differences that allow even those who do not appear to be susceptible to such scams to be victimised, he claims. For example, in recent frauds, cybercriminals have posed as the Seoul Central District Prosecutor's Office, which "can significantly intimidate people," Ryu adds. 

By doing so and acquiring people's private data ahead of time, they are successfully intimidating victims into completing money transfers — sometimes in the millions of dollars — by convincing them that if they do not, they will suffer serious legal penalties. 

Vishing engineering: A blend of psychology and technology 

Ryu and his companion speaker at Black Hat Asia, YeongJae Shin, a threat analysis researcher who previously served at S2W, will focus their talk on vishing in their own nation. However, vishing scams identical to those seen in Korea appear to be sweeping the globe recently, leaving unfortunate victims in their wake.

Even savvy Internet users appear to fall for the law-enforcement frauds; one such reporter from the New York Times, who explained in a published story how she lost $50,000 to a vishing scam in February, is one of these people. A few weeks later, when fraudsters working in Portugal pretended to be both national and international law enforcement agencies, the author of this piece almost lost 5,000 euros to a sophisticated vishing operation. 

Ryu explains that the combination of social engineering and technology enables these modern vishing scams to exploit even individuals who are aware of the risks of vishing and how their operators function. 

"These groups utilize a blend of coercion and persuasion over the phone to deceive their victims effectively," he stated. "Moreover, malicious applications are designed to manipulate human psychology. These apps not only facilitate financial theft through remote control after installation but also exploit the call-forwarding feature.” 

This suggests that there are several vishing groups active throughout the world, emphasising the need to be cautious even when dealing with the most convincing schemes, according to Ryu. To prevent compromise, it's also essential to train staff members on the telltale signs of frauds and the strategies attackers typically implement to trick victims.
Read more »
Skype call
arrest Cyber Fraud CyberCrime digital scam Fraud Noida online deception Rs 3.7 lakh Skype call

Woman in Noida Swindled of Rs 3.7 Lakh During 7-Hour Skype Call in Recent 'Digital Arrest' Scam

 

A 32-year-old female IT engineer residing in Noida fell victim to cyber criminals who reportedly swindled Rs 3.75 lakh from her during a seven-hour Skype call, where they held her "hostage" and gradually siphoned money from her account.

According to reports, the fraudsters posed as police officers and accused the woman of involvement in drug trafficking, claiming to have intercepted a parcel purportedly sent from Mumbai to Taiwan containing illicit substances.

The victim's husband, Chirag Varshney, disclosed that the incident occurred on February 28. His wife received a Skype call around 10:30 am, during which the criminals coerced her into staying put while they manipulated her into transferring funds under the guise of clearing her of the alleged drug charges.

Varshney explained that despite his presence in the office and his father being at home, his wife was too intimidated to seek help, allowing the fraud to unfold uninterrupted in an adjacent room. The perpetrators allegedly instilled fear in her by threatening harm to family members if she didn't comply.

"After receiving a call from a courier company, my wife was deceived through a Skype call," Varshney stated, adding that the call transitioned to someone claiming to be a police officer who demanded her bank account and family information. The intimidation tactics compelled her to surrender the money.

Initially reporting the incident on a cybercrime portal yielded no results, prompting Varshney to escalate the matter to the police. An FIR has been lodged at the Sector 39 police station, citing sections 420 (cheating) and 506 (criminal intimidation) of the Indian Penal Code, along with section 66D of the Information Technology (Amendment) Act. Additional Deputy Commissioner of Police, Manish Kumar Mishra, confirmed that necessary legal measures are being pursued in response to the complaint lodged by a resident of Amrapali Sapphire in Sector 45, Noida.
Read more »
scam tactics
Cyber Criminals Cyber Fraud Cyber Scam Cyber Threats CyberCrime Delhi cybercrime rise Delhi Police digital house arrest forged letterheads Fraud Online fraud police alert scam tactics

Delhi Police Alerts Citizens to New Cyber Scam

 

Authorities in Delhi are cautioning residents to remain vigilant against a recent surge in cyber fraud cases known as ‘digital house arrest,’ with over 200 incidents reported monthly in the capital.

Described as a serious threat by senior officials, this tactic employed by cybercriminals aims to coerce victims into parting with their money once ensnared in their schemes.

In this scheme, scammers posing as law enforcement officers deceive victims into believing their bank accounts, SIM cards, Aadhaar cards, or other linked documents have been compromised. The victims are then virtually confined to their homes and pressured into paying the scammers.

According to a senior officer from the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police, cases involving amounts exceeding Rs 50 lakh are investigated by their specialized team.

In a recent case, a man preparing for work received a call from someone claiming to be from the Mumbai Crime Branch. The caller accused the victim of involvement in drug trafficking using his Aadhaar card and instructed him not to leave his house during a prolonged interrogation session. The victim, fearing repercussions, complied. Eventually, the scammers gained remote access to his computer, drained his bank account, and vanished.

These fraudsters often employ forged police letterheads and use translation tools to enhance their communication. They specifically target vulnerable individuals, such as the elderly. Victims are urged to immediately report such incidents to the police helpline for assistance.

According to the National Crime Records Bureau (NCRB), cybercrime cases in Delhi nearly doubled in 2022, with reported incidents increasing from 345 to 685. This marks a significant rise from the 166 cases reported in 2020.
Read more »
Cybersecurity
Crypto Currency Cyber Fraud Cyberattacks CyberCrime Cybersecurity

Crypto Cautionary Tale: How a Man Lost $180,000 in a Scam

 


In Guelph Police's report, they warn people to be careful when investing online after a local man lost $180,000, much of it after failing to heed warnings from bank staff that he was being scammed by an online investment scammer. 

Police were notified of the fraudulent activity on Friday when a sixty-year-old man in Guelph contacted them to report the fraud, occurring since November when he responded to a fake online advertisement for a Bitcoin investment company. Since then, he has transferred over $34,000 through e-transfers and more than $151,000 by wire transfer. He reported last November a fraud involving a Bitcoin investment firm after responding to a fake ad he found on the internet claiming to be a Bitcoin investment firm. 

The man contacted police on Friday to report the fraud. He has already transferred over $34,000 through e-transfers and more than $151,000 through wire transfers since then. The man told police that staff at his bank told him he was being scammed but he did not believe them and still decided to go ahead and transfer the money. 

A resident of the city is advised to be cautious of any online contact and to investigate thoroughly before sending money to anyone, as he became suspicious when he was contacted and asked for another $60,000 to cover administrative costs. 

Cryptocurrency scams are very difficult to investigate and there is a very low likelihood that any lost funds will be recovered. Anyone who feels they may have been a victim of cybercrime or fraud should notify the local police of the incident. 

An advertisement appeared online that claimed to represent a Bitcoin investment company, which lured the victim in. His first transfer was over $34,000 via e-transfer, followed by a further $151,000 via wire transfer, based on promises that he would receive substantial returns. 

Despite the scammers' adeptness at deception, they continued to press for more, persuading him to send an additional $60,000 to cover purported administrative fees that he was supposed to pay. After this, scepticism set in, which prompted him to realize that he had fallen victim to a scam. Unfortunately, this occurrence is not an isolated case. 

Scammers like the Ranndex.com crypto scam take advantage of deep-fake technology and celebrity endorsements to give the appearance that they are legitimate, ensnaring unsuspecting victims. As knowledge is one of the strongest deterrents against fraud, people must be educated about these tactics. 

A good way to protect yourself from being scammed is to understand the common markers of scams. The story of the Guelph man is a powerful reminder of the dangers lurking in the shadows of a digital world that is constantly evolving. 

In light of this, it serves as a reminder to individuals that they should exercise caution, verify that investment opportunities are genuine, and most importantly, follow the advice of financial institutions that are committed to securing their assets against fraudulent practices. There is no denying that staying informed and prudent is crucial in this day and age, where opportunities and risks walk hand-in-hand.
Read more »
Scammers
Amazon CIA agent Cyber Fraud Federal Trade Commission Financial Exploit Scammers

How a Fake CIA Agent Duped Someone out of $50,000

 



Given a recent incident reported by The Cut, freelance finance writer Charlotte Cowles fell victim to an elaborate scam that highlights the dangers of social engineering. The scam began with a call from a number appearing as "Amazon," leading Cowles to believe she was a victim of identity theft. The caller, posing as a Federal Trade Commission official, connected her with a fake CIA agent named Michael. Over hours on the phone, "Michael" convinced Cowles that she faced serious charges related to the identity theft and persuaded her to withdraw $50,000 in cash. The twist? She was instructed to hand over the money to the CIA, which would inexplicably issue her a check for her own funds.

Despite suspicions during the ordeal, the scammers manipulated Cowles into isolation, urging her not to involve her family or the police, claiming it could jeopardise their safety. This tactic of isolating the victim is a common element in scams, aiming to heighten emotions and push individuals into making decisions they might not otherwise make. The scammers played on Cowles' fears for herself and her family, using personal details like the last four digits of her Social Security number to further erode her judgement.

Experts emphasise that falling victim to professional scammers is not a matter of lacking savvy. Selena Larson, a senior threat intelligence analyst, stresses that fraud perpetrators excel at social engineering and employ tactics like instilling fear, excitement, or urgency to manipulate their targets. To protect against such scams, Larson advises people to be wary of anyone trying to isolate them from friends and family, cautioning against trusting individuals posing as government officials or celebrities. Immediate requests for money and a sense of urgency are red flags that should prompt individuals to break off contact and report the activity.

This cautionary tale serves as a reminder that anyone can be targeted by scams. Larson suggests a vigilant approach, emphasising the importance of staying connected with loved ones and not succumbing to isolation. Additionally, adopting a strategy similar to Cowles' newfound tactic—never answering calls from unknown numbers—can be an effective way to avoid falling prey to scams.

As online threats continue to multiply, it is crucial for individuals to remain informed and alert. The incident also borders on the broader issue of cyber threats, including state-backed hacking efforts, ransomware attacks on hospitals, and the impact of cyberattacks on vulnerable communities. Stay safe and informed as we venture through the complexities of online security.

Read more »
Security
Cyber Fraud CyberCrime Hackers Miami-Dade police officers prosecutors Safety Secure Security

Hackers Target Police Officers and Prosecutors in Miami-Dade

 

The police officers in North Miami Beach were misled by a counterfeit email masquerading as an official communication from the Miami Dade State Attorney's Office, as per sources knowledgeable about the scheme.

Utilizing the guise of an SAO investigator probing human trafficking, a scammer circulated the fraudulent email, successfully duping several employees of the North Miami Beach Police Department earlier this week, according to insiders.

Addressing the incident, city authorities issued a statement acknowledging that a handful of email accounts had fallen victim to a phishing scam, impacting multiple government entities. They assured that steps had been taken to regain control of the compromised accounts.

The city affirmed that neither the network nor the data had been affected by the breach, which was confined to email accounts. Investigations into the security breach were ongoing. The SAO also released a statement detailing a "highly sophisticated phishing attempt" aimed at their computer information system, which was detected and neutralized on February 13th.

The perpetrator employed "exceptional electronic reproductions of genuine SAO materials" in the email, designed to entice users into opening what appeared to be authentic documents from SAO personnel, as stated in the SAO's statement.

The incident serves as a stark reminder of the importance of vigilance in cybersecurity. Despite appearances, malicious emails can be highly deceptive, emphasizing the need for users to scrutinize links and documents for authenticity before clicking on them.
Read more »
Security
$10 billion 2023 Americans Cyber Fraud Fraud FTC record loss Safety Security

FTC Issues Alert: Americans' Fraud Losses Soar to $10 Billion in 2023

 

The U.S. Federal Trade Commission (FTC) has disclosed that in 2023, Americans fell victim to scammers, resulting in losses exceeding $10 billion, indicating a 14% surge compared to the preceding year.

In tandem, Chainalysis has reported that ransomware groups had a lucrative year, with ransom payments surpassing $1.1 billion in 2023.

Approximately 2.6 million consumers submitted fraud complaints to the FTC in the previous year, a figure mirroring that of 2022. Notably, imposter scams dominated the reported fraud cases, with noticeable increases in instances of business and government impersonation. Following closely were online shopping scams, trailed by reports related to prizes, sweepstakes, lotteries, investment scams, and business or job opportunity schemes.

According to the FTC, consumers reported the highest financial losses to investment scams, totaling over $4.6 billion in 2023, representing a 21% hike from 2022. Imposter scams accounted for the second-highest reported loss amount, nearing $2.7 billion. In 2023, consumers cited losing more money to bank transfers and cryptocurrency transactions than through all other methods combined.

The FTC added 5.4 million consumer reports to its secure online database, the Consumer Sentinel Network (Sentinel), in the previous year. Identity theft complaints, exceeding 1.1 million, were received through the agency's IdentityTheft.gov website.

Nevertheless, the FTC's data only scratches the surface of the extensive damage inflicted by scammers in 2023, as many fraud cases go unreported.

Victims of fraud are encouraged to report incidents on ReportFraud.ftc.gov or file identity theft reports on IdentityTheft.gov. These reports, upon inclusion in the FTC's Sentinel database, are accessible to approximately 2,800 law enforcement professionals, aiding in tracking down fraudsters, identifying trends, and raising public awareness to thwart scam attempts.

Samuel Levine, Director of the FTC's Bureau of Consumer Protection, emphasized the growing threat facilitated by digital tools, underscoring the importance of the released data in understanding and combating fraudulent activities targeting hard-working Americans.
Read more »
UK Firms
Banking fraud Biometric Authentication Cyber Fraud Cybersecurity Financial crime UK Firms

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Read more »
Vishing
Cyber Fraud Cybersecurity Federal Trade Commission Mobile Security Scammers Vishing

Watch Out for Phone Scams

 


At the extent of people's gullibility, there is an increasing cybersecurity threat known as "vishing" which has become a cause for concern, impacting unsuspecting individuals and even businesses. Vishing, short for voice phishing, involves scammers attempting to trick people into revealing sensitive information over the phone. These calls often impersonate authorities like the IRS or banks, creating urgency to manipulate victims. In 2022 alone, victims reported median losses of $1,400, per the Federal Trade Commission (FTC).

What Is Vishing?

Vishing operates on social engineering tactics, relying on psychological manipulation rather than malware. The scammers may pose as government officials or company representatives to extract financial details, Social Security numbers, or other sensitive data. Notably, technological advancements, such as caller ID spoofing and AI-driven voice mimicking, contribute to the rising prevalence of vishing attacks.

Detecting a Vishing Attempt

Identifying vishing calls involves recognizing key signs. Automated pre-recorded messages claiming urgent matters or unsolicited requests for sensitive information are red flags. Scammers may pose as government officials, exploiting the authoritative tone to create a sense of urgency. The use of aggressive tactics during the call is another indicator.

What To Do? 

To safeguard against vishing scams, individuals can adopt practical strategies. Screening calls carefully and letting unknown numbers go to voicemail helps avoid falling prey to scammers who may attempt to spoof caller IDs. Remaining suspicious of unsolicited calls and refraining from sharing personal data over the phone, especially Social Security numbers or passwords, is crucial. Joining the National Do Not Call Registry can also reduce exposure to illegitimate calls.

Preventive Measures

Taking preventive measures can further fortify against vishing attacks. Signing up for the National Do Not Call Registry informs marketers about your preference to avoid unsolicited calls. Additionally, services like AT&T's TruContact Branded Call Display provide an extra layer of security, displaying the name and logo of the business calling AT&T customers.

In case one suspects falling victim to a vishing scheme, prompt action is essential. Contacting financial institutions, placing a security freeze on credit reports, and changing passwords, especially for sensitive accounts, are immediate steps. Reporting any attempted scams to the FTC and FBI adds an extra layer of protection.

As vishing scammers continually refine their tactics, individuals must stay vigilant. Being sceptical of unsolicited calls and refraining from sharing personal information over the phone is paramount in protecting against these evolving threats.

To look at the bigger picture, vishing poses a significant risk in the digital age, and awareness is key to prevention. Individuals can strengthen themselves against these deceptive attacks by staying informed and adopting precautionary measures. Remember, scepticism is a powerful tool in the fight against vishing scams, and every individual can play a role in ensuring their cybersecurity. Stay informed, stay cautious.


Read more »
Victim
bank account Cyber Fraud FBI warning Financial crime Identity Theft loss Phone Scam Security Breach Sim-swapping scam Victim

Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.
Read more »
User Privacy
Cyber Fraud Financial Data KYC Scam RBI Threat Landscape User Privacy

RBI Issues Warning Against Scam Via KYC trick

 

On February 2, 2024, the Reserve Bank of India (RBI) reiterated its prior warning to the public, offering further suggestions in response to a rising tide of scams involving Know Your Customer (KYC) updates. RBI amplified the cautionary tips issued earlier to the public on September 13, 2021, citing continuing incidents/reports of consumers falling victim to scams being perpetrated in the name of KYC updation. 

Modus operandi 

Customers typically receive unsolicited calls, texts, or emails requesting personal information, account or login credentials, or the installation of unapproved apps via links in the message. 

Frequently, the messages intentionally instil a false feeling of urgency by threatening to freeze or close the customer's account if they don't cooperate. Customers provide fraudsters unauthorised access to their accounts and enable them to commit fraudulent operations when they divulge critical private details or login credentials. 

Quick reporting 

The Reserve Bank of India (RBI) advised victims of financial cyber fraud to report the incident right away on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or by calling the cybercrime hotline in 1930. 

Preventive measures 

To prevent people from becoming victims of KYC fraud, the RBI published a list of dos and don'ts. Critical data such as card details, PINs, passwords, OTPs, and account login credentials should never be shared with third parties, the RBI cautions the public. 

Individuals are also advised not to click on dubious or unverified links they receive via email or mobile devices, nor share KYC documents with unrecognised or unknown parties. "Do not share any sensitive information through unverified/unauthorised websites or applications," the central bank advised.

For confirmation and help, get in touch with the bank or financial institution immediately when you get a request for KYC updates. Get phone numbers for customer service or contact information exclusively from the official website or other sources. Report any incidents of cyber fraud to the bank right away. Ask the bank about the possible ways to update your KYC information.
Read more »
Subscribe to: Posts (Atom)