Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label FBI. Show all posts
Scam
Bangladesh Cybersecurity FBI Identity Fraud Privacy Scam

U.S. Authorities Shut Down Online Network Selling Fake Identity Templates

 



United States federal authorities have taken down an online operation accused of supplying tools used in identity fraud across multiple countries. The case centers on a Bangladeshi national who allegedly managed several websites that sold digital templates designed to imitate official government identification documents.

According to U.S. prosecutors, the accused individual, Zahid Hasan, is a 29-year-old resident of Dhaka. He is alleged to have operated an online business that distributed downloadable files resembling authentic documents such as U.S. passports, social security cards, and state driver’s licenses. These files were not physical IDs but editable digital templates that buyers could modify by inserting personal details and photographs.

Court records indicate that the operation ran for several years, beginning in 2021 and continuing until early 2025. During this period, the websites reportedly attracted customers from around the world. Investigators estimate that more than 1,400 individuals purchased these templates, generating nearly $2.9 million in revenue. Despite the scale of the operation, individual items were sold at relatively low prices, with some templates costing less than $15.

Law enforcement officials state that such templates are commonly used to bypass identity verification systems. Once edited, the counterfeit documents can be presented to banks, cryptocurrency platforms, and online services that rely on document uploads to confirm a user’s identity. This type of fraud poses serious risks, as it enables financial crimes, account takeovers, and misuse of digital platforms.

The investigation intensified after U.S. authorities traced a transaction in which Bitcoin was exchanged for fraudulent templates by a buyer located in Montana. Following this development, federal agents moved to seize multiple domains allegedly connected to the operation. These websites are now under government control and no longer accessible for illegal activity.

The case involved extensive coordination between agencies. The FBI’s Billings Division and Salt Lake City Cyber Task Force led the investigation, with support from the FBI’s International Operations Division. Authorities in Bangladesh, including the Dhaka Metropolitan Police’s Counterterrorism and Transnational Crime Unit, also assisted in tracking the alleged activities.

A federal grand jury has returned a nine-count indictment against Hasan. The charges include multiple counts related to the distribution of false identification documents, passport fraud, and social security fraud. If convicted, the penalties could include lengthy prison sentences, substantial fines, and supervised release following incarceration.

The case is being prosecuted by Assistant U.S. Attorney Benjamin Hargrove. As with all criminal proceedings, the charges represent allegations, and the accused is presumed innocent unless proven guilty in court.

Cybersecurity experts note that the availability of such tools highlights the growing sophistication of digital fraud networks. The case is an alarming call for the importance of international cooperation and continuous monitoring to protect identity systems and prevent large-scale misuse of personal data.



Read more »
Password Security
Compromised Passwords Cyber Security Cyberattacks CyberCrime Data Theft FBI FBI Alert Password Security

FBI Discovers 630 Million Stolen Passwords in Major Cybercrime Investigation

 

A newly disclosed trove of stolen credentials has underscored the scale of modern cybercrime after U.S. federal investigators uncovered hundreds of millions of compromised passwords on devices seized from a single suspected hacker. The dataset, comprising approximately 630 million passwords, has now been integrated into the widely used Have I Been Pwned (HIBP) database, significantly expanding its ability to warn users about exposed credentials. 

The passwords were provided to HIBP by the Federal Bureau of Investigation as part of ongoing cybercrime investigations. According to Troy Hunt, the security researcher behind the service, this latest contribution is particularly striking because it originates from one individual rather than a large breach aggregation. While the FBI has shared compromised credentials with HIBP for several years, the sheer volume associated with this case highlights how centralized and extensive credential theft operations have become. 

Initial analysis suggests the data was collected from a mixture of underground sources, including dark web marketplaces, messaging platforms such as Telegram, and large-scale infostealer malware campaigns. Not all of the passwords were previously unknown, but a meaningful portion had never appeared in public breach repositories. Roughly 7.4% of the dataset represents newly identified compromised passwords, amounting to tens of millions of credentials that were previously undetectable by users relying on breach-monitoring tools. 

Security experts warn that even recycled or older passwords remain highly valuable to attackers. Stolen credentials are frequently reused in credential-stuffing attacks, where automated tools attempt the same password across multiple platforms. Because many users continue to reuse passwords, a single exposed credential can provide access to multiple accounts, amplifying the potential impact of historical data leaks. 

The expanded dataset is now searchable through the Pwned Passwords service, which allows users to check whether a password has appeared in known breach collections. The system is designed to preserve privacy by hashing submitted passwords and ensuring no personally identifiable information is stored or associated with search results. This enables individuals and organizations to proactively block compromised passwords without exposing sensitive data. 

The discovery has renewed calls for stronger credential hygiene across both consumer and enterprise environments. Cybersecurity professionals consistently emphasize that password reuse and weak password creation remain among the most common contributors to account compromise. Password managers are widely recommended as an effective countermeasure, as they allow users to generate and store long, unique passwords for every service without relying on memory. 

In addition to password managers, broader adoption of passkeys and multi-factor authentication is increasingly viewed as essential. These technologies significantly reduce reliance on static passwords and make stolen credential databases far less useful to attackers. Many platforms now support these features, yet adoption remains inconsistent. 

As law enforcement continues to uncover massive credential repositories during cybercrime investigations, experts caution that similar discoveries are likely in the future. Each new dataset reinforces the importance of assuming passwords will eventually be exposed and building defenses accordingly. Regular password audits, automated breach detection, and layered authentication controls are now considered baseline requirements for maintaining digital security.
Read more »
Voice Cloning
AI Impersonation Cyber Attacks Encrypted Messaging Abuse FBI Government Cyber Threats Signal Exploits Smishing Attacks Social Engineering Vishing Scams Voice Cloning

Cyber Threat Actors Escalate Impersonation of Senior US Government Officials


Federal law enforcement officials are raising a lot of concern about an ongoing cybercrime operation involving threat actors impersonating senior figures across the American political landscape, including state government leaders, White House officials, Cabinet members, and congressional members. 

These threat actors continue to impersonate senior figures in the American political landscape. Based on information provided by the FBI, the social engineering campaign has been operating since at least 2023. 

The campaign relies on a calculated mix of both text-based and voice-based social engineering techniques, with attackers using smishing and increasingly sophisticated artificial intelligence-generated voice messages to bolster their legitimacy. 

There have been no shortages of victims in this operation, not only government officials, but also their family members and personal contacts, demonstrating the breadth of the operation and its persistence. 

Often when fraudsters initiate contact, they reference familiar or contextually relevant topics in order to elude detection while moving the fraud forward with the threat of taking down the target on encrypted messaging platforms. This tactic is often used to evade detection and further advance the fraud.

Several federal law enforcement agencies have identified this activity as part of a widespread espionage operation developed by a group of individuals who are impersonating United States government officials to obtain potentially sensitive information, as well as to perpetrate financial and influence-driven scams. 

In May, the bureau updated its report on the campaign, which indicated that it had been active since at least April 2025. However, in a follow-up update from Friday, it revised that assessment, adding that there is evidence that the impersonation campaign goes back to 2023, as well as the previous year. 

An FBI public service announcement revealed that malicious actors have posed as government officials and cabinet members of the White House, members of Congress and high-level officials of state governments in order to engage targets that have apparently included the officials' family members and personal acquaintances as targets. 

During the Trump administration, the government used encryption-enhanced messaging platforms, such as Signal, along with voice cloning technology that is designed to replicate the sounds of senior officials to convincingly mimic senior officials in government—taking advantage of the platform’s legitimate use during the administration as a way to communicate with government officials. 

It appears that the activity may have persisted across multiple administrations, including the Biden presidency, based on the expanded timeline, even though there has been no indication of how many individuals, groups, or distinct threat actors may have been involved during the period of the campaign. 

During the ongoing campaign, the FBI has published detailed guidelines that can assist individuals in recognizing and responding to suspicious communications in order to counter the ongoing campaign. In addition, the bureau advises consumers to do independent research before engaging anyone claiming to be a government official, such as researching the number, organization, or person from which the contact is coming, and verifying the legitimacy of that contact by using an independent contact method obtained separately. 

The importance of paying attention to subtle variations in email addresses, phone numbers, URLs, and spelling must be stressed above all else, since attackers often rely on subtle differences in order to make their attacks appear legitimized. 

As part of the guidance, people also highlight the telltale signs of manipulated or artificially generated content, including visual irregularities, unnatural movements, distorted features, and discrepancies in light and shadow, as well as audio cues such as call lag, mismatched speech patterns, or unnatural sound. 

Since artificial intelligence-driven impersonation tools have become increasingly sophisticated, the FBI cautions that the message may not be easily distinguishable from a genuine communication if it is not carefully examined. Anyone who has any doubts is encouraged to contact their organization's security teams or report the activity to the FBI. 

According to CSIA, the activity is primarily aimed at targets in the United States, the Middle East, and Europe that are high-value targets, including current and former senior government officials, military personnel, and political officials, along with civil society organizations, and other at-risk individuals. 

There are three dominant techniques that are used by the group to conduct this operation: phishing campaigns and malicious QR codes that are used to link a malicious computer to a victim’s account, zero-click exploits, which do not require interaction from the victim, and impersonating widely trusted messaging platforms such as Signal and WhatsApp to persuade targets to install spyware or provide information. 

In a recent study published by Google, CISA cited how multiple Russian-aligned espionage groups have abused Signal's "linked devices" feature by causing victims to scan weaponized QR codes, which has allowed attackers to silently pair their own infrastructure with the victim's account and receive messages simultaneously without completely compromising the victim's device. 

Additionally, the advisory noted that there is a growing trend among threat actors that they use completely counterfeit messaging applications instead of phishing pages to deceive their targets. This tactic has been recently shown in the findings of Android spyware masquerading as Signal that was targeting individuals in the United Arab Emirates and siphoning their backups of chats, documents, media, and contacts. 

A warning has been issued following an intensified international crackdown on commercial spyware, including a landmark ruling from a federal court in October which permanently barred NSO Group from targeting WhatsApp. Meta previously referred to that ruling as being a significant step forward in user privacy. 

In total, these disclosures demonstrate the rapid evolution of impersonation techniques that are changing the threat landscape for both public institutions and individuals. As a result, traditional trust signals are eroded by the convergence of encrypted communications, artificial intelligence-enabled voice synthesis, and social engineering. This has forced both governments and businesses to rethink the way sensitive interactions are initiated and verified in the future. 

Experts in the field of cybersecurity are increasingly emphasizing the importance of stricter authentication protocols, routine cybersecurity training for high-risk individuals, and clearer guidelines on how encrypted platforms should be used in official business. 

The campaign, which has been widely seen in government circles, also serves as a warning to businesses, civil society groups, and individuals that proximity to famous figures can themselves pose a risk to hackers. 

In the process of investigating and refining their response to these threats, federal agencies will have to find ways to strike a balance between the legitimate benefits of modern communication tools and measures that protect them from being exploited by others. For such campaigns to be limited in effect and for trust to be preserved in both digital communications and democratic institutions, sustained vigilance, cross-agency coordination, and public awareness will be critical.
Read more »
Virtual Kidnapping
Cyber Crime FBI Hacking Scammers Sensitive Information Virtual Kidnapping

FBI Alerts Public about Scammers Using Altered Online Photos to Stage Fake Kidnappings

 



The Federal Bureau of Investigation has issued a new advisory warning people about a growing extortion tactic in which criminals take photos posted online, manipulate them, and present the edited images as supposed evidence during fake kidnapping attempts. The agency reports that these incidents, often described as virtual kidnappings, are designed to panic the target into paying quickly before verifying the claims.


How the scam begins

The operation usually starts when criminals search social media accounts or any platform where people share personal photos publicly. They collect pictures of individuals, including children, teenagers, and adults, and then edit those images to make it appear as though the person is being held against their will. Scammers may change facial expressions, blur backgrounds, add shadows, or alter body positions to create a sense of danger.

Once they prepare these altered images, they contact a relative or friend of the person in the photo. In most cases, they send a sudden text or place a call claiming a loved one has been kidnapped. The message is crafted to create immediate panic and often includes threats of harm if payment is not made right away.


The role of fake “proof of life”

One recurring tactic is the use of emotionally charged photos or short video clips that appear to show the victim in distress. These materials are presented as proof that the kidnapping is real. However, investigators have observed that the content often contains mistakes that reveal it has been edited. The inconsistencies can range from missing tattoos or scars to unnatural lighting, distorted facial proportions, or visual elements that do not match known photos of the person.

Criminals also try to limit the victim’s ability to examine the images closely. Some use disappearing messages or apps that make screenshots difficult. Others send messages in rapid succession to prevent the victim from taking a moment to reach out to the supposed abducted individual.


Why these scams escalate quickly

Scammers depend on speed and emotional intensity. They frequently insist that any delay will lead to harm, which pressures victims to make decisions without checking whether their loved one is actually safe. In some situations, criminals exploit posts about missing persons by inserting themselves into ongoing searches and providing false updates.

The FBI urges people to be mindful of the information they share online, especially when it involves personal photos, travel details, or locations. The agency recommends that families set up a private code word that can be used during emergencies to confirm identity. Individuals should avoid sharing personal information with unknown callers or strangers while traveling.

If someone receives a threatening call or message, the FBI advises them to stay calm and attempt to contact the alleged victim directly through verified communication channels. People should record or capture any messages, screenshots, phone numbers, images, or audio clips connected to the incident. These materials can help law enforcement determine whether the event is a hoax.

Anyone who believes they have been targeted by a virtual kidnapping attempt is encouraged to submit a report to the FBI’s Internet Crime Complaint Center at IC3.gov. The agency requests detailed information, including phone numbers used by the scammer, payment instructions, message transcripts, and any photos or videos that were provided as supposed evidence.





Read more »
User Security
Cyber Fraud FBI IC3 Impersonation phishing User Security

FBI Warns of Cybercriminals Impersonating IC3 to Steal Personal Data

 

The FBI has issued a public service announcement warning that cybercriminals are impersonating the FBI’s Internet Crime Complaint Center (IC3) and even cloning its website to steal victims’ personal and financial data.Attackers are exploiting public trust in federal law enforcement by creating fake IC3-branded domains and lookalike reporting portals, then driving victims to these sites via phishing emails, messages, and search engine manipulation so people think they are filing a legitimate cybercrime report. 

The alert—referenced as PSA I-091925—describes threat actors spoofing the official IC3 website and related communications, with the goal of harvesting names, home addresses, phone numbers, email addresses, and banking details under the pretext of gathering evidence for an investigation or helping recover lost funds.The FBI stresses that visiting these fake sites or responding to unsolicited “IC3” outreach could lead not only to identity theft and financial fraud but also to further compromise through follow‑on scams using the stolen data.

Security experts situates this campaign within a broader surge in impersonation attacks, noting that law enforcement, government agencies, and major brands have all been targets of cloned sites and spoofed communications, often enhanced by AI to appear more convincing. It highlights that scammers may blend IC3 impersonation with other fraud patterns, such as bogus refund or recovery services, “phantom hacker” style tech‑support narratives, or messages claiming to fix account compromises, all framed as official FBI assistance. 

The FBI has issued guidelines to safeguard Americans from phishing campaign. The real IC3 does not charge fees, will never ask for payment or direct victims to third‑party companies to recover funds, and does not operate any official presence on social media. Genuine IC3 reporting should be done only through the official ic3.gov domain, accessed by typing the URL directly into the browser or using trusted bookmarks, rather than clicking on links in unsolicited messages or search ads. 

Additionally, to mitigate risk the FBI recommends treating any unexpected communication claiming to be from the FBI or IC3 with skepticism, independently verify contact details through official channels, and avoid sharing sensitive information or making payments based on pressure tactics. It closes by urging individuals and organizations to train staff on recognizing impersonation scams, double‑check domains and email addresses, and promptly report suspected fake FBI or IC3 activity using confirmed, legitimate FBI contact points.
Read more »
Salesforce
BreachForums Cyber Attacks Data Leak FBI LAPSUS$ Salesforce

BreachForums Taken Down by FBI and French Authorities as LAPSUS$-Linked Group Threatens Salesforce Data Leak

 



U.S. and French law enforcement agencies have seized the latest version of BreachForums, a cybercrime platform known for hosting stolen databases and leaked information. The takedown was carried out by the Federal Bureau of Investigation (FBI), the U.S. Department of Justice, and French cybercrime authorities, who placed an official seizure notice on the site on October 9.

This development comes just hours before an extortion deadline announced by a threat group calling itself Scattered LAPSUS$ Hunters, which had threatened to leak data allegedly stolen from Salesforce and Salesloft if ransom demands were not met by October 10.

The seizure was first noticed on Telegram before it became official. A threat actor using the alias “emo” had observed that BreachForums’ domain was using Cloudflare name servers associated with previously seized FBI sites, suggesting law enforcement action was imminent.

Following the seizure, Scattered LAPSUS$ Hunters confirmed the action on its Telegram channel through a PGP-signed message, claiming that all their BreachForums-related domains and backend infrastructure were taken offline and destroyed. The group, however, asserted that its members had not been arrested and that their Tor-based data leak site remained active.

“The era of forums is over,” the message read, warning members to maintain operational security and avoid new BreachForums clones, which the group claimed could be “honeypots” operated by law enforcement.


Compromised Infrastructure and Data

The group stated that during the seizure, all BreachForums database backups dating from 2023 to the present were compromised, along with escrow and server systems. They also alleged that their onion hidden service was affected because the underlying infrastructure had been seized and destroyed.

Despite this, Scattered LAPSUS$ Hunters insisted that the takedown would not affect their planned Salesforce data leak campaign. The group reiterated that the October 10 deadline for victims to comply with their ransom demands remained unchanged.

This marks the fourth major seizure in the history of BreachForums and its predecessors, including the earlier RaidForums. Both forums have been repeatedly targeted by global law enforcement operations and linked to several high-profile arrests over the years.

The group also revealed that the widely known administrator “pompompurin,” believed to have launched BreachForums after RaidForums’ closure, had merely been a “front,” suggesting that the forum’s operations were coordinated by a wider network of individuals from the start.


What Lies Ahead

While the seizure has temporarily disrupted the group’s clearnet operations, cyber experts caution that criminal forums often migrate to the dark web or encrypted channels to continue their activities. Authorities are expected to pursue further investigations in the coming weeks to identify and apprehend those involved.

For cybersecurity professionals and enterprises, it's high time to give importance to monitoring data exposure risks and staying alert to potential secondary leaks, especially when extortion groups remain active through alternate platforms.



Read more »
Software
FBI financial transactions Fraud phantom hacker Privacy schemes Software

FBI Warns Against Screen Sharing Amid Rise in “Phantom Hacker” Scam

 



The Federal Bureau of Investigation (FBI) has issued an urgent alert about a fast-spreading scam in which cybercriminals gain access to victims’ devices through screen-sharing features, allowing them to steal money directly from bank accounts.

Known as the “phantom hacker” scheme, the fraud begins with a phone call or message that appears to come from a legitimate bank or support service. The caller warns that the user’s account has been compromised and offers to “help” by transferring funds to a secure location. In reality, the transfer moves the victim’s money straight to the attacker’s account.

Traditionally, these scams relied on tricking users into installing remote-access software, but the FBI now reports a troubling shift. Scammers are increasingly exploiting tools already built into smartphones, specifically screen-sharing options available in widely used communication apps.

One such example involves WhatsApp, a messaging service used by over three billion people worldwide. The app recently introduced a screen-sharing feature during video calls, designed for legitimate collaboration. However, this function also allows the person on the other end of the call to see everything displayed on a user’s screen, including sensitive details such as login credentials and banking information.

Although WhatsApp notifies users to only share their screens with trusted contacts, attackers often use social engineering to bypass suspicion. The FBI notes that fraudsters frequently begin with a normal phone call before requesting to continue the conversation over WhatsApp, claiming that it offers greater security. Once the victim joins the call and enables screen sharing, scammers can observe financial transactions in real time without ever needing to install malicious software.

Experts emphasize that encryption, while essential for privacy, also prevents WhatsApp or any external authority from monitoring these fraudulent activities. The FBI therefore urges users to remain cautious and to never share their screen, banking details, or verification codes during unsolicited calls.

Cybersecurity professionals advise that individuals should hang up immediately if asked to join a video call or screen-sharing session by anyone claiming to represent a bank or technology company. Instead, contact the organization directly through verified customer-care numbers or official websites. Reporting suspicious incidents can also help prevent future cases.

The scale of financial fraud has reached alarming levels in the United States. According to new findings from the Aspen Institute, scams now cost American households over $158 billion annually, prompting calls for a national strategy to combat organized online crime. More than 80 leaders from public and private sectors have urged the creation of a National Task Force on Fraud and Scam Prevention to coordinate efforts between government bodies and financial institutions.

This rise in screen-sharing scams highlights the growing sophistication of cybercriminals, who are increasingly using everyday digital tools for exploitation. As technology advances, experts stress that public vigilance, real-time verification, and responsible digital habits remain the strongest defenses against emerging threats.



Read more »
Social Engineering
Corporate data Data Breach Extortion Scheme FBI Hackers Salesforce Social Engineering

FBI Warns of Hackers Exploiting Salesforce to Steal Corporate Data

 



The Federal Bureau of Investigation (FBI) has issued a pressing security alert regarding two cybercriminal groups that are breaking into corporate Salesforce systems to steal information and demand ransoms. The groups, tracked as UNC6040 and UNC6395, have been carrying out separate but related operations, each using different methods to compromise accounts.

In its official advisory, the FBI explained that attackers are exploiting weaknesses in how companies connect third-party tools to Salesforce. To help organizations defend themselves, the agency released a list of warning signs, including suspicious internet addresses, user activity patterns, and malicious websites linked to the breaches.


How the Attacks took place 

The first campaign, attributed to UNC6040, came to light in mid-2024. According to threat intelligence researchers, the attackers relied on social engineering, particularly through fraudulent phone calls to employees. In these calls, criminals pretended to be IT support staff and convinced workers to link fake Salesforce apps to company accounts. One such application was disguised under the name “My Ticket Portal.” Once connected, the attackers gained access to sensitive databases and downloaded large amounts of customer-related records, especially tables containing account and contact details. The stolen data was later used in extortion schemes by criminal groups.

A newer wave of incidents, tied to UNC6395, was detected a few months later. This group relied on stolen digital tokens from tools such as Salesloft Drift, which normally allow companies to integrate external platforms with Salesforce. With these tokens, the hackers were able to enter Salesforce systems and search through customer support case files. These cases often contained confidential information, including cloud service credentials, passwords, and access keys. Possessing such details gave the attackers the ability to break into additional company systems and steal more data.

Investigations revealed that the compromise of these tokens originated months earlier, when attackers infiltrated the software provider’s code repositories. From there, they stole authentication tokens and expanded their reach, showing how one breach in the supply chain can spread to many organizations.


The Scale of this Campaign 

The campaigns have had far-reaching consequences, affecting a wide range of businesses across different industries. In response, the software vendors involved worked with Salesforce to disable the stolen tokens and forced customers to reauthenticate. Despite these steps, the stolen data and credentials may still pose long-term risks if reused elsewhere.

According to industry reports, the campaigns are believed to have impacted a number of well-known organizations across sectors, including technology firms such as Cloudflare, Zscaler, Tenable, and Palo Alto Networks, as well as companies in finance, retail, and enterprise software. Although the FBI has not officially attributed the intrusions, external researchers have linked the activity to criminal collectives with ties to groups known as ShinyHunters, Lapsus$, and Scattered Spider.


FBI Recommendations

The FBI is urging organizations to take immediate action by reviewing connected third-party applications, monitoring login activity, and rotating any keys or tokens that may have been exposed. Security teams are encouraged to rely on the technical indicators shared in the advisory to detect and block malicious activity.

Although the identity of the hackers remains uncertain, the scale of the attacks highlights how valuable cloud-based platforms like Salesforce have become for criminals. The FBI has not confirmed the groups’ claims about further breaches and has declined to comment on ongoing investigations.

For businesses, the message is clear: protecting cloud environments requires not only technical defenses but also vigilance against social engineering tactics that exploit human trust.



Read more »
Subscribe to: Comments (Atom)