Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Scams. Show all posts

Myanmar Rebels Take Authority of ‘Pig Butchering’ Scam City Laukkaing


Well known for being a hub for online scams near the border with China, Laukkaing is presently under the authority of a coalition of rebel groups in Myanmar.

On Thursday, the Three Brotherhood Alliance, which had conducted a surprise attack in Shan state, on the country's northern border, in late October, took over the city from the military administration of Myanmar. The rebel organization claims that the military has given up control over the Kokang region, which is about the size of Lebanon.

Since the beginning of the campaign, the coalition has indicated its plans to deal with the organized scams that have emerged under the watch of militias loyal to the ruling junta. 

“To eradicate telecommunications fraud, fraud dens and their protective umbrellas across the country, including the China-Myanmar border areas, our three coalition forces decided to jointly carry out this military operation,” the coalition stated upon the launch of the offensive.

The rebel groups' emphasis on the flourishing scam sector is probably an attempt to win over China, which has grown weary of seeing its citizens targeted into the compounds to conduct scams, or worse, targeted by so-called 'pig butchering scams.'

Over last weekend, junta leader Senior Gen. Min Aung Hlaing met with Chinese Vice Foreign Minister Sun Weidong in Naypyidaw to discuss border security and organized crime.

“The two sides will jointly maintain peace and stability on the China-Myanmar border, cooperate to combat cross-border criminal activities such as telecommunications fraud, and jointly promote regional peace, tranquillity, development and prosperity,” stated the Chinese Foreign Ministry in the meeting.

As per a state media outlet China Daily, Wang Xiaohong, Minister of Public Security also attended a virtual meeting with Myanmar’s Home Affairs Minister, Lt. Gen. Yar Pyae, where they both agreed to strengthen law enforcement to protect security and stability in border areas, especially by stepping up efforts to deal with online and telecom fraud.

According to a UN report from August 2023, around 120,000 individuals were coerced into scamming operations in Myanmar. In most cases, pig butchering scams entail a con artist establishing a rapport with a victim via social media, dating services, or messaging apps.

On January 5, Chinese state media reported that 41,000 individuals implicated in telecom fraud in Myanmar were turned over to Chinese police in the previous year. The number of people that were taken into custody who were trafficked is unknown.

Observers have cautioned that despite the crackdown in northern Myanmar, activities might easily move to criminal areas elsewhere in the nation, particularly near the borders with Thailand and Laos.  

How can You Protect Yourself From the Increasing AI Scams?


Recent years have witnessed a revolution in terms of innovative technology, especially in the field of Artificial Intelligence. However, these technological advancement has also opened new portals for cybercrime activities. 

The latest tactic used by threat actors has been deepfakes, where a cybercriminal may exploit the audio and visual media for their use in conducting extortions and other frauds. In some cases, fraudsters have used AI-generated voices to impersonate someone close to the targeted victim, making it impossible to realize they are being defrauded.  

According to ABC13, the most recent instance of this included an 82-year-old Texan called Jerry who fell victim to a scam by a criminal posing as a sergeant with the San Antonio Police Department. The con artist informed the victim that his son-in-law had been placed under arrest and that Jerry would need to provide $9,500 in bond to be released. Furthermore, Jerry was duped into paying an extra $7,500 to finish the entire process. The victim, who lives in an elderly living home, is thinking about getting a job to make up for the money they lost, but the criminals are still at large.  

The aforementioned case is however not the first time where AI has been used for fraud. According to Reuters, a Chinese man was defrauded of more than half a million dollars earlier this year after a cybercriminal fooled him into transferring the money by posing as his friend using an AI face-swapping tool.   

Cybercriminals often go with similar tactics, like sending morphed media of a person close to the victim in an attempt to coerce money under the guise of an emergency. Although impostor frauds are not new, here is a contemporary take on them. The FTC reported in February 2023 that around $2.6 billion was lost by American residents in 2022 as a result of this type of scam. However, the introduction of generative AI has significantly increased the stakes.  

How can You Protect Yourself from AI Scammers? 

A solution besides ignoring calls or texts from suspicious numbers could be – establishing a unique codeword with loved ones. This way, one can distinguish if the person on the other end is actually them. To verify if they really are in a difficult circumstance, one can also attempt to get in touch with them directly. Experts also advise hanging up and giving the individual a call directly, or at least double-checking the information before answering.  

Unfortunately, scammers employ a variety of AI-based attacks in addition to voice cloning. Deepfaked content extortion is a related domain. Recently, there have been multiple attempts by nefarious actors to use graphic pictures generated by artificial intelligence to blackmail people. Numerous examples where deepfakes destroyed the lives of numerous youngsters have been revealed in a report by The Washington Post. In such a case, it is advisable to get in touch with law enforcement right away rather than handling things on one's own.     

Cybercriminals Target Facebook Users with Malicious 'Look Who Died' Messages

'Look Who Died' Facebook Scam

In recent times, Facebook scams and fraud have been on the rise, with scammers finding new ways to exploit the platform for their malicious activities. The latest attention-grabbing scam to hit Facebook is the "Look who died" scam, which targets users seeking information about the death of a friend or celebrity. This article will delve into the details of the scam and provide expert advice on how to protect yourself from falling victim.

The 'Look Who Died' Scam: A Threat to Personal Data Security

The 'Look who died' scam operates by sending Facebook users messages with enticing subject lines like "Look who died." Curiosity prompts users to click on the link, expecting to find news or information related to the mentioned death. However, instead of being redirected to a legitimate news article, users unknowingly download a malware virus onto their computers or devices.

The Exploitative Tactics of Scammers on Facebook

As more people join Facebook and engage with its features, scammers are finding new ways to deceive and defraud users. Carey van Vlaanderen, a digital security expert and CEO of ESET Southern Africa, highlights the use of impersonation, fake promotions, and malware spread as some of the tactics scammers employ. Unfortunately, falling victim to these scams can result in financial loss and identity theft.

Identifying and Protecting Yourself from Facebook Scams

Van Vlaanderen emphasizes the need for caution and vigilance when using Facebook. She advises users to be wary of unusual requests or sensitive information being asked for, as these could be warning signs of a potential scam. To verify the authenticity of a message from a Facebook friend, Van Vlaanderen suggests checking for any sudden profile changes or strange posts that may indicate a compromised account.

The Wider Impact of Cybercrime and the Need for Protection

The rise in cybercrime is not limited to Facebook scams but extends to various forms of online attacks. According to experts from the Council for Scientific and Industrial Research (CSIR), cyber-attacks cost the country billions of rands annually. The digitalization era has seen an increase in cybercrime, posing risks to government institutions, large corporations, and small and medium-sized businesses. Financial and data loss, identity theft, and cyber extortion are significant concerns for individuals and organizations alike.

Urgent Action Required: Protecting Against Cybersecurity Breaches

Recent cybersecurity breaches, such as the one that affected the provincial legislature, highlight the urgency of addressing cyber threats. The lack of transparency surrounding such attacks and their implications raises concerns about preparedness and response strategies. ANC chief whip Pat Lekker has called for a debate on the cyberattack, emphasizing the need for open dialogue and effective measures to combat cybercrime.

Shifting Privacy Paradigm and Building Trust

Erhard Brand, a research and development lead at IT authentication company Entersekt, points out that digital privacy concerns are changing how companies handle personal and biometric data. Empowering individuals with control over their privacy fosters an environment of trust. As technology advances, it becomes crucial for companies to prioritize data security and privacy protection.

The 'Look who died' scam on Facebook serves as a reminder of the ever-present threat of online scams and fraud. To protect yourself from falling victim to such scams, exercise caution, be vigilant for warning signs, and adopt best practices for online security. As the cybercrime landscape evolves, individuals, businesses, and governments must work together to combat cyber threats, ensuring a safer digital environment for all.

ChatGPT Scams Up Since Darktrace Released It

 


Since the release of ChatGPT, Darktrace, a British cybersecurity firm, has warned that since the release of this application, criminals have been using an increase in the use of artificial intelligence to create sophisticated scams that con employees and compromise systems at businesses all over the world. 

As the Cambridge-based firm reported, operating profits had dropped 92% in the half-year to December. Furthermore, he said that artificial intelligence had made it easier for "hacktivists" to target businesses with ransomware attacks. 

Since ChatGPT was launched last November, the company has seen an increase in the number of convincing and complex scams by hackers. It said it was experiencing an increased number of attacks. 

While Darktrace has observed a steady increase in email-based attacks over the last few months since the release of ChatGPT, those attacks that use false links to trick victims into clicking them have declined as a result of ChatGPT's presence. As the complexity of the English language increased, in addition to the volume of the text, punctuation, and sentence length, other factors also increased. 

The results of this study indicate that cybercriminals might not just redirect their focus to creating more sophisticated social engineering scams. Instead, they are also likely to exploit victims' trust. 

Darktrace, on the other hand, told us that the phenomenon had not yet been accompanied by the emergence of a new wave of cybercriminals. Instead, it has been merely an adjustment in tactics. 

In spite of the fact that ChatGPT has not significantly lowered entry barriers for threat actors, it believes it has assisted adversaries with developing more targeted, personalized, and ultimately, successful attacks by enabling adversaries to create more sophisticated phishing emails. 

Aside from reporting its quarterly results, Darktrace also noted that in the last three months of last year, the number of companies signing up for its security products had shown a "noticeable" decline. 

In addition, Poppy Gustafsson and Cathy Graham, both of which are the chief financial officers for the company, have all received share awards in accordance with the vesting terms of their share awards, which has forced them to reduce their forecasts of free cash flow for this year as a result of the tax bill. 

A company with a market capitalisation of £1.9 billion, much slower than the heady heights of almost £7 billion it achieved after flotation months ago, has announced that in the six months to the end of December, its customer base has risen by a quarter from 6,573 to 8,178. 

In an interview with The Wall Street Journal, Darktrace, whose stock has been under continuous attack by short-sellers who doubt that the company can deliver what it promises in the cybersecurity arena dominated by the US, said it is not concerned by the recent slump in new orders.

Air Fryers are Offered by Scammers as a 'Free' Kitchen Gadget

 


The deputy chief executive officer of Sainsbury's and Argos has warned shoppers to be vigilant against an air fryer scam targeting them at the moment. 

Taking part in an online survey is the only way to receive a free Ninja Air Fryer, which is the subject of the air fryer scam. To receive the free item, they will need to enter their credit card details as well as their shipping address. 

There is a convincing scam out there, as reported by secure card payment provider Dojo, in which fraudsters pose as Argos to entice you into making a payment. 

Due to the ongoing cost of living crisis, many people are still keen to buy air fryers, mostly at the cheapest possible price, to get the most bang for their buck. Unfortunately, the scam came at an unfortunate time. You can reduce your energy bills and cooking time by using this handy kitchen gadget.

There is a phishing email going around now that claims to offer a free Ninja Air Fryer, but Dojo is warning people to be wary of it. To qualify for the free item, users must complete an online survey and submit their card payment details along with the survey to receive it. In many ways, this is quite similar to the scam that has been going around with Curry's Smeg kettle in recent weeks, 

A link to the survey is provided on the Argos UK website, which appears to be an official Argos survey page. There are, however, several red flags that consumers should be aware of when it comes to online shopping. It is important to note that the website address and email address are not from Argos or its parent company, Sainsbury's. 

As far as the currency is concerned, it is the dollar. The payment offers will disappear after a certain time, which adds to the pressure on victims by adding another dimension to the scam. It is also intended to encourage anyone who has not completed the survey to fill it out and input their personal information. 

A concept known as a survey scam is a form of communication through email, text messages, and social media that mostly looks legitimate and tries to entice consumers to enter a survey to get free stuff. Usually, once fraudsters gain access to the consumer's credit card details, they will use those details to make lavish online purchases or empty the victim's bank account with the money they stole. 

According to Dojo's chief security officer Naveed Islam, one of the most common warning signs of a scam is to entice consumers with free items that seem too good to be true, thereby enticing them to become victims. As is visible in the Argos scam, these offers are usually time-limited to pressure victims into entering their bank details without any double-checking as to whether the transaction is legitimate, which is what many people do when they are scammed by these offers. 

The recent Currys scam, which has now spread to other retailers like Argos, has made consumers aware that they must remain vigilant about any offers they are presented with via their inboxes or social media accounts. If you are a victim of a scam, you should contact your bank immediately so that your credit card and account be suspended. Once that has taken place, your bank or building society's scam unit will provide you with specialized support.   

Warnings About Scams, Tips for Avoiding Them

 


There have been several frauds and scams that have been presented on various platforms daily and the Ontario Provincial Police (OPP) and the Canadian Anti-Fraud Centre (CAFC) continue to promote awareness to reduce the incidents of community members being victimized by fraud and scams. 

A total of 90,377 fraud reports were received by the Canadian Anti-Fraud Centre (CAFC) in 2022, with losses reported totalling over $530 million as a result of fraud. As of February 2010, over 19,400 victims belonged to the identity theft and fraud category. Over 19,400 victims were victims of identity theft and fraud, while over 4,251 victims found themselves victims of investment fraud. 

Phishing: Recognizing the Signs

To steal your passwords, account details, or Social Security numbers, scammers use emails or text messages to intercept your information. It is possible that if they gain access to this information, they will be able to access your email, your bank, and other accounts. The scammers may also sell your information to other scammers to steal more money from you. The phishing attacks we see here are launched every day by scammers, and many of them succeed - which is why they are so common. 

Here are some common tactics used by scammers in emails or text messages that are phishing email and text messages and are often updated to keep up with the latest news or trends: 

Emails and texts that are phishing sell you a story to get you to click on a link. You can also open an attachment or click on one of their links. You can receive an unexpected email or text message from a company or source that appears to be a well-known or trusted company. Banks, credit card companies, utility companies, or other organizations can serve as reference points. 

What You Can do to Protect Yourself?

  • To protect your accounts, it is imperative to create strong passwords. 
  • The most effective way to ensure that someone cannot access your account without your permission is to set up multi-factor authentication. 
  • If you have any social network accounts linked to yours, make sure that your privacy settings are updated. 
  • If you plan to use one of the payment methods, you should familiarize yourself with their terms of service and how they work. Ensure that you have a policy that protects you from fraud. 
  • You should not accept money from a third party, nor should you send any money to them. A criminal offense is money laundering, and being involved in money laundering is a felony. 
  • It is imperative not to react automatically when something happens. You may want to spend five minutes asking more questions and listening to your instincts before making a decision. 
  • It is imperative to ask someone you trust if you feel something is amiss or does not seem right. 
  • You should stay up-to-date with the latest frauds and share what you know with others to help protect them. It is possible to cover the entire population of Canada with a chain of 25 people telling two people. 
  • If you have an issue with your call display, do not rely on it because it can be easily manipulated by someone else. 
  • If you are requested to provide information about personal or financial matters, please do not do so. 
  • An email or text message that you receive from an unknown sender may have an attachment or a link that you should not open. 
The Canadian Anti-Fraud Centre makes it easy to report incidents involving cybercrime and fraud, as well as file them online through their online reporting system or by calling them at 1-888-495-8501 if you suspect you have been the victim of either. Even though you have suffered fraud or cybercrime if you wish to report such crimes to the CAFC you must. This is regardless of whether you are a victim or not.

RedZei Group Targets Chinese Students in U.K.

 


Chinese students studying in the UK have been one of the most common targets of scammers. RedZei (aka RedThief) Group, a Chinese-speaking scammer group that operates online and is becoming more common these days, bypasses all the precautions that users and service providers have taken to prevent scams.  

This is how it works

Chinese students were fooled into paying millions of dollars to avoid deportation as part of a visa scam, according to a report in The Guardian.  According to researchers, this incident is likely to be the result of the RedZei campaign that began in August of last year. 

Redzepi fraudsters carefully selected their victims by researching them, they also sought out a potential victim who was wealthy enough to be a profitable target. Fraudsters would use new pay-as-you-go U.K. phone numbers for each wave of the attack to bypass the phone number-based blocking on each wave. There are several mobile carriers used by the attackers, such as Telia, Three, EE, O2, and Tesco Mobile, with which they move between SIM cards.  


The Use of Voicemail and Other Tricks

As part of the operation, a UK phone number would be used to contact each targeted student once or twice every month. An unusual automated voicemail is left if these calls are not answered. 

Students are being steered into revealing their personal information by voicemails. These voicemails impersonate China Mobile, the Bank of China, and the Chinese embassy to social engineer them into doing so. In addition, there are also voicemail messages that are posed as voicemails from Chinese government officials. 

These include the Chinese Ministry of Industry and Information Technology, the Chinese Embassy in the United Kingdom, and the Chinese Communications Administration. Additionally, courier services such as DHL and Royal Mail can be used to distribute such messages. Aside from these themes, RedZei has also adopted other themes, such as abnormally high NHS number usage and DHL international delivery of parcels. 

Keep yourself as safe as possible

It appears that RedZei started this tremendously profitable campaign in August 2019. The scam was an attempt to deceive Chinese international students by duping them into transferring enormous amounts of money. This was so that they could avoid deportation to save their lives.

If any scam of this nature is suspected by students, they are advised to report it to the university as soon as possible. This will enable them to stay vigilant against such frauds. Moreover, universities can also share information regarding scams that target international students and keep them posted on the same.

Dark Web Metaparasites & Scammers: A Quick Look

 


In many cases, cybercriminals are seen as parasites, always looking for victims of all sizes and stripes and preying on them. 

The trend has resulted in an array of bottom-feeding "metaparasites" flocking to the Dark Web marketplace, seeking to take advantage of their own set of victims. 

A common side effect of this phenomenon is that it provides researchers with a rich vein of threat intelligence, including contact details and locations of cybercriminals. This intelligence can help them identify threats. 

Matt Wixey, the Sophos senior threat researcher, spoke at Black Hat Europe 2022 about the ecosystem of metaparasites. In his talk titled, "Scammers Who Scam Scammers, Hackers Who Hack Hackers," he explained how this contributes to the proliferation of scams and phishing scams. 

According to the research Wixey and his fellow researcher, Angela Gunn, conducted, the underground economy is riddled with a large variety of fraudsters. Every year these fraudsters collect millions of dollars from fellow cybercriminals who collaborate with them. 

A study conducted by The Dark Web Research team (Russian-speaking Exploit and XSS forums as well as English-speaking Breach forums) reveals that there have been thousands of successful scam attempts in the past 12 months. 

According to the report, scammers have cheated users by about $2.5 million over the past year. The amount can vary from as little as $2 up to low six-figure money. The amount per scam varies, depending on the type of scam. 

Even though tactics vary, a common and effortless tactic is called "rip and run." There are two versions of the term "rip." First, a buyer receives goods, such as an exploit, sensitive data, valid credentials, credit card numbers, etc. In the second version, a seller receives the payment but never delivers what he promised. There is also the phrase "run." This refers to how the scammer has disappeared from the marketplace and has refused to answer any questions that they have received. 
It depends on the dine-and-dash concept on the Dark Web. 

In addition to the vast number of scammers hawking fake goods out there, those scammers can also be found hawking fake accounts - often nonexistent crypto accounts, macro builders that create nothing malicious, fake data, or databases that have previously been leaked or are available online. Depending on the situation, they can get pretty creative, according to Wixey. 

"Our research led us to find a service that claimed it could bind an. EXE script to a PDF so that when a victim taps on the PDF to open it, the. EXE would run silently in the background while the PDF would load," Wixey further explained. 

The scammer sent the buyer a document with the PDF icon, but it did not contain a PDF, nor did it contain an. EXE. He just sent them a document appearing as a PDF. They hoped that buyers would not know what they were asking for or how to check it. 

A scam is also common when a seller publicized that the goods they are selling are of a certain quantity but the quality of the goods might not live up to what has been advertised, like credit card data that claims to work 30% of the time when only 10% of these cards are working. The databases might be real, but they are being marketed as "exclusive" while the seller is reselling them to, a multitude of parties to make a profit. 

The fraudsters may often work in conjunction in some cases, and they may be involved for a longer period, Wixey said. According to Wixey, the fact that most sites are exclusive makes it possible for them to create "a degree of intrinsic trust" that they can play off of." 

There are a variety of ways one can use this technique. First, one builds rapport with a target and suggests they can help; then the victim will say that they know someone else who can do the job much better, who is an expert in this field.  

Most often, they direct the victim to a fake forum that is operated and monitored by another person. This forum often asks for a deposit or registration fee, which is then paid by the victim. Both scammers then simply disappear. 

What forum moderators are doing to fight back

Wixey noted that the activity has a detrimental impact on the use of Dark Web forums - acting as an "effective tax on criminal marketplaces, which makes them more expensive and more dangerous for everyone, as well as more unsafe for the criminal community." Despite this, ironically, many markets are implementing security measures to curb the tide of fraud in the market. 

Putting protections on forums can be difficult due to the following factors. Firstly, there is no recourse to law enforcement or regulatory authorities. Secondly, it is a semi-anonymous culture, which makes it challenging to track down perpetrators. To combat fraud, anti-fraud controls have been implemented to track activity and issue warnings to prevent fraud. 

A popular industry-standard practice of some sites is to provide a plug-in that checks a URL to check if it links to a verified cybercrime forum, as opposed to a fake site where users are defrauded through a bogus "joining fee." Other sites offer a "blacklist" of known scammers and their tools and user names. Users can also file a scam report with many of the companies that have a dedicated arbitration process in place. 

According to Wixey, "If you have been scammed by another person of a forum, you should go to one of these arbitration rooms and create a forum thread and provide some information about what you have been scammed by." As much information as possible is required, such as a username, contact information for the scammer, proof of a purchase or wallet transfer, screenshots, as well as chat logs, and screenshots, as well as any additional details of the scam. 

"A moderator will review and respond to the report, requesting more information if necessary to complete the process. Later, they will tag the accused person and give them somewhere between 12 and 72 hours to respond to the complaint, depending on what forum it is on," Wixey explained. 

There may be cases where the accused makes restitution, but that is not very common. What is more common is that the scammer disputes the report, claiming that the report was wrong and there was a misunderstanding about the terms of the sale. 

The use of a guarantee is another security option available to forum users. This is because it shows that this resource has been verified by the site and acts as an escrow account. Until the goods or services involved in the exchange are confirmed as legitimate, the money destined for trading is parked there. 

Despite this, it is common for fraudsters to impersonate the guarantees themselves.

57% of All Digital Crimes in 2021 Were Scams Says Group IB

 

Group-IB, headquartered in Dubai, U.A.E.,  a prominent name in the world of cybersecurity –has recently shared its analysis of the most widespread cyber threat in the world 'scams'.

As per the analysis, 57% of all cyber scams are financially motivated cybercrime. Phishing attacks accounted for 18% of cybercrimes, while malware infections and reputational attacks were 25%. As the scam industry is becoming more advanced, it now involves more and more parties divided into hierarchical groups. 

“A strong trend that we observed in 2021 was no-frills scammers merging into groups controlled by highly technically skilled villains,” says Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB. 

At present, such groups have increased by 390, which is 3.5 times more than the last year, when the record of active groups was close to 110. Alongside, the brand-impersonating scam has also jumped high. 

The Group-IB analysts reported an increase of 150% in the Middle East and African region. This number is marginally high in comparison with the APAC region where such crimes are reported at 83% and in Europe, it is 89%. 

Due to SaaS (Scam-as-a-Service), in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020, now climbing upto 100. 

“Group-IB’s AI-based platform identified somewhere between 75 and 110 scam groups last year, and the average number of cybercriminals per group was 10 members. The average number of scam links per group reached 100. SaaS helped grow not only fraudsters’ appetites but also the industry itself. In 2021 our DRP system tracked 350 groups, reaching up to 390 scam groups at the peak time. The number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group. In turn, their infrastructure has grown proportionally: the average number of scam links per group was between 2,000 and 3,000”, said Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB. 

Following the research, analysts reported that traffic has become the circulatory system of scams. The number of websites that uses illegal traffic to lure victims into fraudulent schemes has increased by 1.5 times. With the advancement of technology, cyber gangs have also raised the sophistication level of scam techniques. One such technique, 'scam attack automation' is becoming more and more popular amongst fraudsters. Through this scheme hackers attract specific groups of victims to increase conversion rates, social media is the fastest doorway to establish contact between scammers and their potential victims.