Search This Blog

Showing posts with label Cyber Scams. Show all posts

ChatGPT Scams Up Since Darktrace Released It


Since the release of ChatGPT, Darktrace, a British cybersecurity firm, has warned that since the release of this application, criminals have been using an increase in the use of artificial intelligence to create sophisticated scams that con employees and compromise systems at businesses all over the world. 

As the Cambridge-based firm reported, operating profits had dropped 92% in the half-year to December. Furthermore, he said that artificial intelligence had made it easier for "hacktivists" to target businesses with ransomware attacks. 

Since ChatGPT was launched last November, the company has seen an increase in the number of convincing and complex scams by hackers. It said it was experiencing an increased number of attacks. 

While Darktrace has observed a steady increase in email-based attacks over the last few months since the release of ChatGPT, those attacks that use false links to trick victims into clicking them have declined as a result of ChatGPT's presence. As the complexity of the English language increased, in addition to the volume of the text, punctuation, and sentence length, other factors also increased. 

The results of this study indicate that cybercriminals might not just redirect their focus to creating more sophisticated social engineering scams. Instead, they are also likely to exploit victims' trust. 

Darktrace, on the other hand, told us that the phenomenon had not yet been accompanied by the emergence of a new wave of cybercriminals. Instead, it has been merely an adjustment in tactics. 

In spite of the fact that ChatGPT has not significantly lowered entry barriers for threat actors, it believes it has assisted adversaries with developing more targeted, personalized, and ultimately, successful attacks by enabling adversaries to create more sophisticated phishing emails. 

Aside from reporting its quarterly results, Darktrace also noted that in the last three months of last year, the number of companies signing up for its security products had shown a "noticeable" decline. 

In addition, Poppy Gustafsson and Cathy Graham, both of which are the chief financial officers for the company, have all received share awards in accordance with the vesting terms of their share awards, which has forced them to reduce their forecasts of free cash flow for this year as a result of the tax bill. 

A company with a market capitalisation of £1.9 billion, much slower than the heady heights of almost £7 billion it achieved after flotation months ago, has announced that in the six months to the end of December, its customer base has risen by a quarter from 6,573 to 8,178. 

In an interview with The Wall Street Journal, Darktrace, whose stock has been under continuous attack by short-sellers who doubt that the company can deliver what it promises in the cybersecurity arena dominated by the US, said it is not concerned by the recent slump in new orders.

Air Fryers are Offered by Scammers as a 'Free' Kitchen Gadget


The deputy chief executive officer of Sainsbury's and Argos has warned shoppers to be vigilant against an air fryer scam targeting them at the moment. 

Taking part in an online survey is the only way to receive a free Ninja Air Fryer, which is the subject of the air fryer scam. To receive the free item, they will need to enter their credit card details as well as their shipping address. 

There is a convincing scam out there, as reported by secure card payment provider Dojo, in which fraudsters pose as Argos to entice you into making a payment. 

Due to the ongoing cost of living crisis, many people are still keen to buy air fryers, mostly at the cheapest possible price, to get the most bang for their buck. Unfortunately, the scam came at an unfortunate time. You can reduce your energy bills and cooking time by using this handy kitchen gadget.

There is a phishing email going around now that claims to offer a free Ninja Air Fryer, but Dojo is warning people to be wary of it. To qualify for the free item, users must complete an online survey and submit their card payment details along with the survey to receive it. In many ways, this is quite similar to the scam that has been going around with Curry's Smeg kettle in recent weeks, 

A link to the survey is provided on the Argos UK website, which appears to be an official Argos survey page. There are, however, several red flags that consumers should be aware of when it comes to online shopping. It is important to note that the website address and email address are not from Argos or its parent company, Sainsbury's. 

As far as the currency is concerned, it is the dollar. The payment offers will disappear after a certain time, which adds to the pressure on victims by adding another dimension to the scam. It is also intended to encourage anyone who has not completed the survey to fill it out and input their personal information. 

A concept known as a survey scam is a form of communication through email, text messages, and social media that mostly looks legitimate and tries to entice consumers to enter a survey to get free stuff. Usually, once fraudsters gain access to the consumer's credit card details, they will use those details to make lavish online purchases or empty the victim's bank account with the money they stole. 

According to Dojo's chief security officer Naveed Islam, one of the most common warning signs of a scam is to entice consumers with free items that seem too good to be true, thereby enticing them to become victims. As is visible in the Argos scam, these offers are usually time-limited to pressure victims into entering their bank details without any double-checking as to whether the transaction is legitimate, which is what many people do when they are scammed by these offers. 

The recent Currys scam, which has now spread to other retailers like Argos, has made consumers aware that they must remain vigilant about any offers they are presented with via their inboxes or social media accounts. If you are a victim of a scam, you should contact your bank immediately so that your credit card and account be suspended. Once that has taken place, your bank or building society's scam unit will provide you with specialized support.   

Warnings About Scams, Tips for Avoiding Them


There have been several frauds and scams that have been presented on various platforms daily and the Ontario Provincial Police (OPP) and the Canadian Anti-Fraud Centre (CAFC) continue to promote awareness to reduce the incidents of community members being victimized by fraud and scams. 

A total of 90,377 fraud reports were received by the Canadian Anti-Fraud Centre (CAFC) in 2022, with losses reported totalling over $530 million as a result of fraud. As of February 2010, over 19,400 victims belonged to the identity theft and fraud category. Over 19,400 victims were victims of identity theft and fraud, while over 4,251 victims found themselves victims of investment fraud. 

Phishing: Recognizing the Signs

To steal your passwords, account details, or Social Security numbers, scammers use emails or text messages to intercept your information. It is possible that if they gain access to this information, they will be able to access your email, your bank, and other accounts. The scammers may also sell your information to other scammers to steal more money from you. The phishing attacks we see here are launched every day by scammers, and many of them succeed - which is why they are so common. 

Here are some common tactics used by scammers in emails or text messages that are phishing email and text messages and are often updated to keep up with the latest news or trends: 

Emails and texts that are phishing sell you a story to get you to click on a link. You can also open an attachment or click on one of their links. You can receive an unexpected email or text message from a company or source that appears to be a well-known or trusted company. Banks, credit card companies, utility companies, or other organizations can serve as reference points. 

What You Can do to Protect Yourself?

  • To protect your accounts, it is imperative to create strong passwords. 
  • The most effective way to ensure that someone cannot access your account without your permission is to set up multi-factor authentication. 
  • If you have any social network accounts linked to yours, make sure that your privacy settings are updated. 
  • If you plan to use one of the payment methods, you should familiarize yourself with their terms of service and how they work. Ensure that you have a policy that protects you from fraud. 
  • You should not accept money from a third party, nor should you send any money to them. A criminal offense is money laundering, and being involved in money laundering is a felony. 
  • It is imperative not to react automatically when something happens. You may want to spend five minutes asking more questions and listening to your instincts before making a decision. 
  • It is imperative to ask someone you trust if you feel something is amiss or does not seem right. 
  • You should stay up-to-date with the latest frauds and share what you know with others to help protect them. It is possible to cover the entire population of Canada with a chain of 25 people telling two people. 
  • If you have an issue with your call display, do not rely on it because it can be easily manipulated by someone else. 
  • If you are requested to provide information about personal or financial matters, please do not do so. 
  • An email or text message that you receive from an unknown sender may have an attachment or a link that you should not open. 
The Canadian Anti-Fraud Centre makes it easy to report incidents involving cybercrime and fraud, as well as file them online through their online reporting system or by calling them at 1-888-495-8501 if you suspect you have been the victim of either. Even though you have suffered fraud or cybercrime if you wish to report such crimes to the CAFC you must. This is regardless of whether you are a victim or not.

RedZei Group Targets Chinese Students in U.K.


Chinese students studying in the UK have been one of the most common targets of scammers. RedZei (aka RedThief) Group, a Chinese-speaking scammer group that operates online and is becoming more common these days, bypasses all the precautions that users and service providers have taken to prevent scams.  

This is how it works

Chinese students were fooled into paying millions of dollars to avoid deportation as part of a visa scam, according to a report in The Guardian.  According to researchers, this incident is likely to be the result of the RedZei campaign that began in August of last year. 

Redzepi fraudsters carefully selected their victims by researching them, they also sought out a potential victim who was wealthy enough to be a profitable target. Fraudsters would use new pay-as-you-go U.K. phone numbers for each wave of the attack to bypass the phone number-based blocking on each wave. There are several mobile carriers used by the attackers, such as Telia, Three, EE, O2, and Tesco Mobile, with which they move between SIM cards.  

The Use of Voicemail and Other Tricks

As part of the operation, a UK phone number would be used to contact each targeted student once or twice every month. An unusual automated voicemail is left if these calls are not answered. 

Students are being steered into revealing their personal information by voicemails. These voicemails impersonate China Mobile, the Bank of China, and the Chinese embassy to social engineer them into doing so. In addition, there are also voicemail messages that are posed as voicemails from Chinese government officials. 

These include the Chinese Ministry of Industry and Information Technology, the Chinese Embassy in the United Kingdom, and the Chinese Communications Administration. Additionally, courier services such as DHL and Royal Mail can be used to distribute such messages. Aside from these themes, RedZei has also adopted other themes, such as abnormally high NHS number usage and DHL international delivery of parcels. 

Keep yourself as safe as possible

It appears that RedZei started this tremendously profitable campaign in August 2019. The scam was an attempt to deceive Chinese international students by duping them into transferring enormous amounts of money. This was so that they could avoid deportation to save their lives.

If any scam of this nature is suspected by students, they are advised to report it to the university as soon as possible. This will enable them to stay vigilant against such frauds. Moreover, universities can also share information regarding scams that target international students and keep them posted on the same.

Dark Web Metaparasites & Scammers: A Quick Look


In many cases, cybercriminals are seen as parasites, always looking for victims of all sizes and stripes and preying on them. 

The trend has resulted in an array of bottom-feeding "metaparasites" flocking to the Dark Web marketplace, seeking to take advantage of their own set of victims. 

A common side effect of this phenomenon is that it provides researchers with a rich vein of threat intelligence, including contact details and locations of cybercriminals. This intelligence can help them identify threats. 

Matt Wixey, the Sophos senior threat researcher, spoke at Black Hat Europe 2022 about the ecosystem of metaparasites. In his talk titled, "Scammers Who Scam Scammers, Hackers Who Hack Hackers," he explained how this contributes to the proliferation of scams and phishing scams. 

According to the research Wixey and his fellow researcher, Angela Gunn, conducted, the underground economy is riddled with a large variety of fraudsters. Every year these fraudsters collect millions of dollars from fellow cybercriminals who collaborate with them. 

A study conducted by The Dark Web Research team (Russian-speaking Exploit and XSS forums as well as English-speaking Breach forums) reveals that there have been thousands of successful scam attempts in the past 12 months. 

According to the report, scammers have cheated users by about $2.5 million over the past year. The amount can vary from as little as $2 up to low six-figure money. The amount per scam varies, depending on the type of scam. 

Even though tactics vary, a common and effortless tactic is called "rip and run." There are two versions of the term "rip." First, a buyer receives goods, such as an exploit, sensitive data, valid credentials, credit card numbers, etc. In the second version, a seller receives the payment but never delivers what he promised. There is also the phrase "run." This refers to how the scammer has disappeared from the marketplace and has refused to answer any questions that they have received. 
It depends on the dine-and-dash concept on the Dark Web. 

In addition to the vast number of scammers hawking fake goods out there, those scammers can also be found hawking fake accounts - often nonexistent crypto accounts, macro builders that create nothing malicious, fake data, or databases that have previously been leaked or are available online. Depending on the situation, they can get pretty creative, according to Wixey. 

"Our research led us to find a service that claimed it could bind an. EXE script to a PDF so that when a victim taps on the PDF to open it, the. EXE would run silently in the background while the PDF would load," Wixey further explained. 

The scammer sent the buyer a document with the PDF icon, but it did not contain a PDF, nor did it contain an. EXE. He just sent them a document appearing as a PDF. They hoped that buyers would not know what they were asking for or how to check it. 

A scam is also common when a seller publicized that the goods they are selling are of a certain quantity but the quality of the goods might not live up to what has been advertised, like credit card data that claims to work 30% of the time when only 10% of these cards are working. The databases might be real, but they are being marketed as "exclusive" while the seller is reselling them to, a multitude of parties to make a profit. 

The fraudsters may often work in conjunction in some cases, and they may be involved for a longer period, Wixey said. According to Wixey, the fact that most sites are exclusive makes it possible for them to create "a degree of intrinsic trust" that they can play off of." 

There are a variety of ways one can use this technique. First, one builds rapport with a target and suggests they can help; then the victim will say that they know someone else who can do the job much better, who is an expert in this field.  

Most often, they direct the victim to a fake forum that is operated and monitored by another person. This forum often asks for a deposit or registration fee, which is then paid by the victim. Both scammers then simply disappear. 

What forum moderators are doing to fight back

Wixey noted that the activity has a detrimental impact on the use of Dark Web forums - acting as an "effective tax on criminal marketplaces, which makes them more expensive and more dangerous for everyone, as well as more unsafe for the criminal community." Despite this, ironically, many markets are implementing security measures to curb the tide of fraud in the market. 

Putting protections on forums can be difficult due to the following factors. Firstly, there is no recourse to law enforcement or regulatory authorities. Secondly, it is a semi-anonymous culture, which makes it challenging to track down perpetrators. To combat fraud, anti-fraud controls have been implemented to track activity and issue warnings to prevent fraud. 

A popular industry-standard practice of some sites is to provide a plug-in that checks a URL to check if it links to a verified cybercrime forum, as opposed to a fake site where users are defrauded through a bogus "joining fee." Other sites offer a "blacklist" of known scammers and their tools and user names. Users can also file a scam report with many of the companies that have a dedicated arbitration process in place. 

According to Wixey, "If you have been scammed by another person of a forum, you should go to one of these arbitration rooms and create a forum thread and provide some information about what you have been scammed by." As much information as possible is required, such as a username, contact information for the scammer, proof of a purchase or wallet transfer, screenshots, as well as chat logs, and screenshots, as well as any additional details of the scam. 

"A moderator will review and respond to the report, requesting more information if necessary to complete the process. Later, they will tag the accused person and give them somewhere between 12 and 72 hours to respond to the complaint, depending on what forum it is on," Wixey explained. 

There may be cases where the accused makes restitution, but that is not very common. What is more common is that the scammer disputes the report, claiming that the report was wrong and there was a misunderstanding about the terms of the sale. 

The use of a guarantee is another security option available to forum users. This is because it shows that this resource has been verified by the site and acts as an escrow account. Until the goods or services involved in the exchange are confirmed as legitimate, the money destined for trading is parked there. 

Despite this, it is common for fraudsters to impersonate the guarantees themselves.

57% of All Digital Crimes in 2021 Were Scams Says Group IB


Group-IB, headquartered in Dubai, U.A.E.,  a prominent name in the world of cybersecurity –has recently shared its analysis of the most widespread cyber threat in the world 'scams'.

As per the analysis, 57% of all cyber scams are financially motivated cybercrime. Phishing attacks accounted for 18% of cybercrimes, while malware infections and reputational attacks were 25%. As the scam industry is becoming more advanced, it now involves more and more parties divided into hierarchical groups. 

“A strong trend that we observed in 2021 was no-frills scammers merging into groups controlled by highly technically skilled villains,” says Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB. 

At present, such groups have increased by 390, which is 3.5 times more than the last year, when the record of active groups was close to 110. Alongside, the brand-impersonating scam has also jumped high. 

The Group-IB analysts reported an increase of 150% in the Middle East and African region. This number is marginally high in comparison with the APAC region where such crimes are reported at 83% and in Europe, it is 89%. 

Due to SaaS (Scam-as-a-Service), in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020, now climbing upto 100. 

“Group-IB’s AI-based platform identified somewhere between 75 and 110 scam groups last year, and the average number of cybercriminals per group was 10 members. The average number of scam links per group reached 100. SaaS helped grow not only fraudsters’ appetites but also the industry itself. In 2021 our DRP system tracked 350 groups, reaching up to 390 scam groups at the peak time. The number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group. In turn, their infrastructure has grown proportionally: the average number of scam links per group was between 2,000 and 3,000”, said Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB. 

Following the research, analysts reported that traffic has become the circulatory system of scams. The number of websites that uses illegal traffic to lure victims into fraudulent schemes has increased by 1.5 times. With the advancement of technology, cyber gangs have also raised the sophistication level of scam techniques. One such technique, 'scam attack automation' is becoming more and more popular amongst fraudsters. Through this scheme hackers attract specific groups of victims to increase conversion rates, social media is the fastest doorway to establish contact between scammers and their potential victims.