Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Fraud. Show all posts
Malware Attack
Cyber Fraud Cyber Scams cybercriminals data security Financial Fraud Hacking WhatsApp Malicious Code Malware Attack

WhatsApp Image Scam Uses Steganography to Steal User Data and Money

 

With over three billion users globally, including around 500 million in India, WhatsApp has become one of the most widely used communication platforms. While this immense popularity makes it convenient for users to stay connected, it also provides fertile ground for cybercriminals to launch increasingly sophisticated scams. 

A recent alarming trend involves the use of steganography—a technique for hiding malicious code inside images—enabling attackers to compromise user devices and steal sensitive data. A case from Jabalpur, Madhya Pradesh, brought this threat into the spotlight. A 28-year-old man reportedly lost close to ₹2 lakh after downloading a seemingly harmless image received via WhatsApp. The image, however, was embedded with malware that secretly installed itself on his phone. 

This new approach is particularly concerning because the file looked completely normal and harmless to the user. Unlike traditional scams involving suspicious links or messages, this method exploits a far subtler form of cyberattack. Steganography is the practice of embedding hidden information inside media files such as images, videos, or audio. In this scam, cybercriminals embed malicious code into the least significant bits of image data or in the file’s metadata—areas that do not impact the visible quality of the image but can carry executable instructions. These altered files are then distributed via WhatsApp, often as forwarded messages. 

When a recipient downloads or opens the file, the embedded malware activates and begins to infiltrate the device. Once installed, the malware can harvest a wide range of personal data. It may extract saved passwords, intercept one-time passwords, and even facilitate unauthorized financial transactions. What makes this form of attack more dangerous than typical phishing attempts is its stealth. Because the malware is hidden within legitimate-looking files, it often bypasses detection by standard antivirus software, especially those designed for consumer use. Detecting and analyzing such threats typically requires specialized forensic tools and advanced behavioral monitoring. 

In the Jabalpur case, after downloading the infected image, the malware gained control over the victim’s device, accessed his banking credentials, and enabled unauthorized fund transfers. Experts warn that this method could be replicated on a much larger scale, especially if users remain unaware of the risks posed by media files. 

As platforms like WhatsApp continue working to enhance security, users must remain cautious and avoid downloading media from unfamiliar sources. In today’s digital age, even an innocent-looking image can become a tool for cyber theft.
Read more »
Pop-ups
Call Center Call Center Scam CBI Cyber Fraud Cyber Scam Fake Calls Fake IT Support Financial Fraud Japan Pop-ups

CBI Uncovers Tech Support Scam Targeting Japanese Nationals in Multi-State Operation

 

The Central Bureau of Investigation (CBI) has uncovered a major international scam targeting Japanese citizens through fake tech support schemes. As part of its nationwide anti-cybercrime initiative, Operation Chakra V, the CBI arrested six individuals and shut down two fraudulent call centres operating across Delhi, Haryana, and Uttar Pradesh. 

According to officials, the suspects posed as representatives from Microsoft and Apple to deceive victims into believing their electronic devices were compromised. These cybercriminals manipulated their targets—mainly Japanese nationals—into transferring over ₹1.2 crore (approximately 20.3 million Japanese Yen) under the pretense of resolving non-existent technical issues. 

The investigation, carried out in collaboration with Japan’s National Police Agency and Microsoft, played a key role in tracing the culprits and dismantling their infrastructure. The CBI emphasized that international cooperation was vital in identifying the criminal network and its operations. 

Among those arrested were Ashu Singh from Delhi, Kapil Ghakhar from Panipat, Rohit Maurya from Ayodhya, and three Varanasi residents—Shubham Jaiswal, Vivek Raj, and Adarsh Kumar. These individuals operated two fake customer support centres that mirrored legitimate ones in appearance but were in fact used to run scams. 

The fraud typically began when victims received pop-up messages on their computers claiming a security threat. They were prompted to call a number, which connected them to scammers based in India pretending to be technical support staff. Once in contact, the scammers gained remote access to the victims’ systems, stole sensitive information, and urged them to make payments through bank transfers or by purchasing gift cards. In one severe case, a resident of Hyogo Prefecture lost over JPY 20 million after the attackers converted stolen funds into cryptocurrency. 

Language discrepancies during calls, such as awkward Japanese and audible Hindi in the background, helped authorities trace the origin of the calls. Investigators identified Manmeet Singh Basra of RK Puram and Jiten Harchand of Chhatarpur Enclave as key figures responsible for managing lead generation, financial transfers, and the technical setup behind the fraud. Harchand has reportedly operated numerous Skype accounts used in the scam. 

Between July and December 2024, the operation used 94 malicious Japanese-language URLs, traced to Indian IP addresses, to lure victims with fake alerts. The scheme relied heavily on social engineering tactics and tech deception, making it a highly sophisticated cyber fraud campaign with international implications.
Read more »
pharma scam
Alkem Laboratories Cyber Fraud Cyber Security Email scam Financial Fraud Online Scam pharma scam

Alkem Laboratories Falls Victim to Rs 22.31 Crore Cyber Fraud

 

The pharmaceutical industry has been rocked by a major cyber fraud case, with Mumbai-based Alkem Laboratories suffering a financial loss of Rs 22.31 crore due to an elaborate scam. Fraudsters posed as executives from Alkem’s U.S. subsidiary, Ascend Laboratories LLC, to execute the scheme.

According to a Hindustan Times report, the incident began on October 27, 2023, when Alkem’s Mumbai office received an email seemingly from Amit Ghare, the head of international operations at Ascend Laboratories. The email claimed that a recent payment to Alkem would lead to significant tax liabilities. To circumvent these taxes, the company was asked to refund the amount to a different bank account.

On November 17, 2023, another email, allegedly from Mary Smith, Ascend Laboratories' accounting manager, provided details of a U.S.-based bank account for the refund. Acting on these instructions, Alkem’s treasury manager, Manoj Mishra, transferred Rs 51.30 crore to the specified account via a SWIFT transaction.

The fraud came to light on November 15, 2023, when Alkem received another email, supposedly from Ghare, requesting a refund of Rs 90 crore. Growing suspicious, Alkem officials contacted Ghare, who confirmed he had not sent the request. Further investigation revealed that the earlier emails originated from compromised email accounts with subtle alterations in the email addresses.

According to HT, U.S. authorities were able to recover Rs 28.98 crore from the stolen amount, which was returned to Alkem. However, the company still suffered a loss of Rs 22.31 crore.

Alkem Laboratories has reported the incident to the authorities, and an ongoing investigation aims to identify and apprehend the fraudsters while recovering the remaining funds. The company has also implemented enhanced cybersecurity measures to safeguard against similar threats, as reported by The Free Press Journal.
Read more »
Fraud Calls
Bengaluru call scams Cyber Fraud Cyber Scam Financial Fraud Financial Scam Fraud Calls

Bengaluru Woman Loses ₹2 Lakh to Sophisticated IVR-Based Cyber Scam

 

Cyber fraud continues to evolve, with scammers using increasingly sophisticated techniques to deceive victims. In a recent case from Bengaluru, a woman lost ₹2 lakh after receiving a fraudulent automated call that mimicked her bank’s Interactive Voice Response (IVR) system. The incident underscores the growing risk of technology-driven scams that exploit human vulnerability in moments of urgency. 

The fraud occurred on January 20 when the woman received a call from a number that closely resembled that of a nationalized bank. The caller ID displayed “SBI,” making it appear as though the call was from her actual bank. The pre-recorded message on the IVR system informed her that ₹2 lakh was being transferred from her account and asked her to confirm or dispute the transaction by pressing a designated key. Startled by the alert, she followed the instructions and selected the option to deny the transfer, believing it would stop the transaction. 

However, moments after the call ended, she received a notification that ₹2 lakh had been debited from her account. Realizing she had been scammed, she rushed to her bank for assistance. The bank officials advised her to report the fraud immediately to the cybercrime helpline at 1930 and file a police complaint. Authorities registered a case under the Information Technology Act and IPC Section 318 for cheating. 

Cybercrime investigators believe this scam is more sophisticated than traditional IVR fraud. Typically, such scams involve tricking victims into providing sensitive banking details like PINs or OTPs. However, in this case, the woman did not explicitly share any credentials, making it unclear how the fraudsters managed to access her funds. 

A senior police officer suggested two possible explanations. First, the victim may have unknowingly provided critical information that enabled the scammers to complete the transaction. Second, cybercriminals may have developed a new technique capable of bypassing standard banking security measures. Investigators are now exploring whether this scam represents an emerging threat involving advanced IVR manipulation. This case serves as a stark reminder of the need for heightened awareness about cyber fraud. 

Experts warn the public to be wary of automated calls requesting banking actions, even if they appear legitimate. Banks generally do not ask customers to confirm transactions via phone calls. Customers are advised to verify any suspicious activity directly through their bank’s official app, website, or customer service helpline. 

If someone encounters a suspected scam, immediate action is crucial. Victims should contact their bank, report the fraud to cybercrime authorities, and avoid responding to similar calls in the future. By staying informed and cautious, individuals can better protect themselves from falling prey to such evolving cyber threats.
Read more »
WordPress
fake websites Financial Fraud phishing PhishWP WordPress

Hackers Use PhishWP to Steal Payment Info on WordPress Sites

 



Cybersecurity researchers have uncovered a malicious WordPress plugin called PhishWP that transforms legitimate websites into tools for phishing scams. This plugin allows attackers to set up fake payment pages mimicking trusted services like Stripe, tricking users into divulging sensitive details, including credit card numbers, expiration dates, billing information, and even one-time passwords (OTPs) used for secure transactions. 


How PhishWP Works

PhishWP works by setting up fake WordPress sites or hacking into legitimate ones. It then generates phishing checkout pages that closely mimic real payment interfaces. Victims receive this interface with false site addresses, where they enter sensitive financial information, including security codes and OTPs.

The stolen data is sent to attackers in real time because the plugin integrates with Telegram. Therefore, attackers can use or sell the information almost immediately. The browser details captured by PhishWP include IP addresses and screen resolutions, which attackers can use for future fraudulent activities.


Key Features 

What has made the phishing plugin more advanced is that it ensures operations are seamless and almost undetectable. 

Realistic Payment Interfaces: The plugin mimics the appearance of trusted services like Stripe.  

3D Secure Code Theft: It fetches the OTP sent to everyone in the verification processes to successfully process fraudulent transactions.

Real-time Data Transfer: Telegram is used to send stolen information to attackers in real time.  

Customizable and Worldwide: Multi-language support and obfuscation features enable phishing attacks across the globe.  

Fake Confirmations: Victims receive fake emails that confirm purchases, which delays the suspicion.  


Step-by-Step Analysis  

1. Setup: Attackers either hack a legitimate WordPress site or create a fake one.

2. Deceptive Checkout: PhishWP personalizes payment pages to resemble actual processors. 

3. Data Theft: Victims unknowingly provide sensitive information, including OTPs. 

4. Exploitation: The stolen data is immediately sent to attackers, who use it for unauthorized transactions or sell it on dark web markets.


How to Protect Yourself

To avoid falling victim to threats like PhishWP:  

1. Verify website authenticity before entering payment details.  

2.  Look for secure connections (HTTPS) and valid security certificates.  

3. Use advanced tools like SlashNext’s Browser Phishing Protection, which blocks malicious URLs and identifies phishing attempts in real time.

Protecting your personal and financial data begins with understanding how cyberattacks work, don’t let hackers take the upper hand.



Read more »
Payment Scams
AI Scams Cyber Fraud deepfake scams Financial Fraud Identity Theft Online Safety Online Security Payment Scams

Protect Yourself from AI Scams and Deepfake Fraud

 

In today’s tech-driven world, scams have become increasingly sophisticated, fueled by advancements in artificial intelligence (AI) and deepfake technology. Falling victim to these scams can result in severe financial, social, and emotional consequences. Over the past year alone, cybercrime victims have reported average losses of $30,700 per incident. 

As the holiday season approaches, millennials and Gen Z shoppers are particularly vulnerable to scams, including deepfake celebrity endorsements. Research shows that one in five Americans has unknowingly purchased a product promoted through deepfake content, with the number rising to one in three among individuals aged 18-34. 

Sharif Abuadbba, a deepfake expert at CSIRO’s Data61 team, explains how scammers leverage AI to create realistic imitations of influencers. “Deepfakes can manipulate voices, expressions, and even gestures, making it incredibly convincing. Social media platforms amplify the impact as viewers share fake content widely,” Abuadbba states. 

Cybercriminals often target individuals as entry points to larger networks, exploiting relationships with family, friends, or employers. Identity theft can also harm professional reputations and financial credibility. To counter these threats, experts suggest practical steps to protect yourself and your loved ones. Scammers are increasingly impersonating loved ones through texts, calls, or video to request money. 

With AI voice cloning making such impersonations more believable, a pre-agreed safe word can serve as a verification tool. Jamie Rossato, CSIRO’s Chief Information Security Officer, advises, “Never transfer funds unless the person uses your special safe word.” If you receive suspicious calls, particularly from someone claiming to be a bank or official institution, verify their identity. 

Lauren Ferro, a cybersecurity expert, recommends calling the organization directly using its official number. “It’s better to be cautious upfront than to deal with stolen money or reputational damage later,” Ferro adds. Identity theft is the most reported cybercrime, making MFA essential. This adds an extra layer of protection by requiring both a password and a one-time verification code. Experts suggest using app-based authenticators like Microsoft Authenticator for enhanced security. 

Real-time alerts from your banking app can help detect unauthorized transactions. While banks monitor unusual activities, personal notifications allow you to respond immediately to potential scams. The personal information and media you share online can be exploited to create deepfakes. Liming Zhu, a research director at CSIRO, emphasizes the need for caution, particularly with content involving children. 

Awareness remains the most effective defense against scams. Staying informed about emerging threats and adopting proactive security measures can significantly reduce your risk of falling victim to cybercrime. As technology continues to evolve, safeguarding your digital presence is more important than ever. By adopting these expert tips, you can navigate the online world with greater confidence and security.
Read more »
Operation Serengeti
Afripol Cyber Crime digital scam Financial Fraud Interpol Operation Serengeti

Interpol and Afripol Arrest Kenyans Involved in Digital Scams

Interpol and Afripol Arrest Kenyans Involved in Digital Scams


Interpol and Afripol recently carried out “Operation Serengeti” a major international operation, cracking down on cybercrime throughout 19 African countries, arresting 1,006 and disrupting 134,089 malicious networks and infrastructures. The two agencies recovered USD 43,954,537, and more than 20 Kenyans were arrested in the two-month sting operation. The arrested Kenyans were involved in online credit card fraud. 

“Operation Serengeti shows what we can achieve by working together, and these arrests alone will save countless potential future victims from personal and financial pain,” said Valdecy Urquiza, Secretary General of INTERPOL. 

About Operation Serengeti 


The operation ran from September to October 2024, cracking down on various cybercrimes like business email compromise (BEC), ransomware, online scams, and digital extortion. The law agencies found 35,000 victims and cases linked to worldwide financial losses worth USD 193 million.  

The joint effort led to the disruption of cybercriminal activities and improved the efforts of law enforcement agencies in African Union member nations. 

Key events in Sting Operation 


The arrested Kenyans were involved in online credit card fraud and responsible for global banking systems losing US$8.6 million. 

The stolen money was sent via SWIFT to digital asset firms to countries Nigeria, China, and the UAE. The joint operation also resulted in the arrest of digital scammers in other countries Cameroon, Angola, Senegal, and Nigeria. 

“Through Serengeti, AFRIPOL has significantly enhanced support for law enforcement in African Union Member States. We have facilitated key arrests and deepened insights into cybercrime trends. Our focus now includes emerging threats like AI-driven malware and advanced attack techniques,” Jalela Chelba, AFRIPOL’s Executive Director said. 

Rise of financial fraud in Kenya 


TransUnion report analysis reveals Kenya is 10th in Digital Fraud suspects out of 19 countries in the first half of 2024. In the case of digital transactions carried out in Kenya, around 4.6% were traced as suspected Digital Fraud. 

Credit card fraud is the leading problem in the financial sector, scammers steal the card info of victims and access their accounts. They do this via application fraud and account takeovers.
Read more »
User Security
Cyber Scam Data Privacy Financial Fraud Mobile Security Phone Scam User Security

Here's How to Safeguard Yourself Against Phone Scams

 

Sophisticated phone scams are becoming more common and more relentless. The numbers are mind-boggling. According to the FTC, impostor fraudsters cost US consumers $2.7 billion in 2023, and the figure is rising year after year. 

These are merely the listed losses; many people who have been duped are embarrassed and refuse to acknowledge they fell for such a scam. You may believe that you will not be misled, yet many of those who are duped thought this before the incident. 

Scammers have refined their strategies to sound trustworthy and legitimate, and AI is just making matters worse. When combined with the strain or situation, it only takes a few moments to fall for it. 

The best defence against phone scams is to be prepared to face them, as they are likely to occur at some point. We've compiled a list of some of the most popular phone scams in 2024 and how to prevent them.

AI-powered scams

The most obvious example of fraudsters exploiting new technology to power existing scams is artificial intelligence (AI). For instance, scammers might use AI to: 

  • Generate more convincing and genuine sounding phishing emails and text messages. 
  • Create deepfakes of celebrities to lure victims into thinking they're investing in a good company or project.
  • Impersonate an employer and ask for private information. 

Student loan forgiveness scams 

The back-and-forth adjustments in student loan forgiveness create an ideal scenario for scammers. Fraudsters know that individuals want to believe that their student loans will be forgiven, and they will use this need for personal benefit.

For example, scammers may call you or set up fake application sites to steal your Social Security number or bank account information. They may put pressure on their victims by sending bogus urgent messages encouraging them to seek debt relief "before it's too late." Then they will charge you a high application fee. In reality, this is a scam.

Zelle scams

Scammers are using Zelle, a peer-to-peer payment tool, to steal people's money. The fraudster might email, text, or contact you, claiming to work for your bank or credit union's fraud department. They'll claim that a thief intended to steal your money via Zelle and that they need to walk you through "fixing" the issue. 

Subsequently, fraudsters may advise you to pay the money to yourself, but the funds will actually go to their account. Starting in mid-2023, Zelle began refunding victims of some frauds. However, you may not always be eligible for reimbursement, so be aware of these financial frauds. 

Prevention tips 

Avoid clicking on unknown links: Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the firm using a number that you look up on your own to confirm its legitimacy. 

Be skeptical: Scammers can spoof calls and emails to appear to be from a number of sources, including government institutions, charities, banks, and major companies. Do not provide any personal information, usernames, passwords, or one-time codes that others could use to gain access to your accounts or steal your identity. 

Don't refund or forward overpayments: Beware whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later. Following simple safety precautions and reviewing the most recent scam alerts might help you stay safe. However, mistakes might occur, especially when you are stressed or overwhelmed.
Read more »
Subscribe to: Posts (Atom)