Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fraud. Show all posts
Privacy
AI Systems Bank Accounts Data protection DWP Financial Security Fraud Privacy

UK Government’s New AI System to Monitor Bank Accounts

 



The UK’s Department for Work and Pensions (DWP) is gearing up to deploy an advanced AI system aimed at detecting fraud and overpayments in social security benefits. The system will scrutinise millions of bank accounts, including those receiving state pensions and Universal Credit. This move comes as part of a broader effort to crack down on individuals either mistakenly or intentionally receiving excessive benefits.

Despite the government's intentions to curb fraudulent activities, the proposed measures have sparked significant backlash. More than 40 organisations, including Age UK and Disability Rights UK, have voiced their concerns, labelling the initiative as "a step too far." These groups argue that the planned mass surveillance of bank accounts poses serious threats to privacy, data protection, and equality.

Under the proposed Data Protection and Digital Information Bill, banks would be mandated to monitor accounts and flag any suspicious activities indicative of fraud. However, critics contend that such measures could set a troubling precedent for intrusive financial surveillance, affecting around 40% of the population who rely on state benefits. Furthermore, these powers extend to scrutinising accounts linked to benefit claims, such as those of partners, parents, and landlords.

In regards to the mounting criticism, the DWP emphasised that the new system does not grant them direct access to individuals' bank accounts or allow monitoring of spending habits. Nevertheless, concerns persist regarding the broad scope of the surveillance, which would entail algorithmic scanning of bank and third-party accounts without prior suspicion of fraudulent behaviour.

The joint letter from advocacy groups highlights the disproportionate nature of the proposed powers and their potential impact on privacy rights. They argue that the sweeping surveillance measures could infringe upon individual liberties and exacerbate existing inequalities within the welfare system.

As the debate rages on, stakeholders are calling for greater transparency and safeguards to prevent misuse of the AI-powered monitoring system. Advocates stress the need for a balanced approach that addresses fraud while upholding fundamental rights to privacy and data protection.

While the DWP asserts that the measures are necessary to combat fraud, critics argue that they represent a disproportionate intrusion into individuals' financial privacy. As this discourse takes shape, the situation is pronouncing the importance of finding a balance between combating fraud and safeguarding civil liberties in the digital sphere. 


Read more »
Skype call
arrest Cyber Fraud CyberCrime digital scam Fraud Noida online deception Rs 3.7 lakh Skype call

Woman in Noida Swindled of Rs 3.7 Lakh During 7-Hour Skype Call in Recent 'Digital Arrest' Scam

 

A 32-year-old female IT engineer residing in Noida fell victim to cyber criminals who reportedly swindled Rs 3.75 lakh from her during a seven-hour Skype call, where they held her "hostage" and gradually siphoned money from her account.

According to reports, the fraudsters posed as police officers and accused the woman of involvement in drug trafficking, claiming to have intercepted a parcel purportedly sent from Mumbai to Taiwan containing illicit substances.

The victim's husband, Chirag Varshney, disclosed that the incident occurred on February 28. His wife received a Skype call around 10:30 am, during which the criminals coerced her into staying put while they manipulated her into transferring funds under the guise of clearing her of the alleged drug charges.

Varshney explained that despite his presence in the office and his father being at home, his wife was too intimidated to seek help, allowing the fraud to unfold uninterrupted in an adjacent room. The perpetrators allegedly instilled fear in her by threatening harm to family members if she didn't comply.

"After receiving a call from a courier company, my wife was deceived through a Skype call," Varshney stated, adding that the call transitioned to someone claiming to be a police officer who demanded her bank account and family information. The intimidation tactics compelled her to surrender the money.

Initially reporting the incident on a cybercrime portal yielded no results, prompting Varshney to escalate the matter to the police. An FIR has been lodged at the Sector 39 police station, citing sections 420 (cheating) and 506 (criminal intimidation) of the Indian Penal Code, along with section 66D of the Information Technology (Amendment) Act. Additional Deputy Commissioner of Police, Manish Kumar Mishra, confirmed that necessary legal measures are being pursued in response to the complaint lodged by a resident of Amrapali Sapphire in Sector 45, Noida.
Read more »
scam tactics
Cyber Criminals Cyber Fraud Cyber Scam Cyber Threats CyberCrime Delhi cybercrime rise Delhi Police digital house arrest forged letterheads Fraud Online fraud police alert scam tactics

Delhi Police Alerts Citizens to New Cyber Scam

 

Authorities in Delhi are cautioning residents to remain vigilant against a recent surge in cyber fraud cases known as ‘digital house arrest,’ with over 200 incidents reported monthly in the capital.

Described as a serious threat by senior officials, this tactic employed by cybercriminals aims to coerce victims into parting with their money once ensnared in their schemes.

In this scheme, scammers posing as law enforcement officers deceive victims into believing their bank accounts, SIM cards, Aadhaar cards, or other linked documents have been compromised. The victims are then virtually confined to their homes and pressured into paying the scammers.

According to a senior officer from the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police, cases involving amounts exceeding Rs 50 lakh are investigated by their specialized team.

In a recent case, a man preparing for work received a call from someone claiming to be from the Mumbai Crime Branch. The caller accused the victim of involvement in drug trafficking using his Aadhaar card and instructed him not to leave his house during a prolonged interrogation session. The victim, fearing repercussions, complied. Eventually, the scammers gained remote access to his computer, drained his bank account, and vanished.

These fraudsters often employ forged police letterheads and use translation tools to enhance their communication. They specifically target vulnerable individuals, such as the elderly. Victims are urged to immediately report such incidents to the police helpline for assistance.

According to the National Crime Records Bureau (NCRB), cybercrime cases in Delhi nearly doubled in 2022, with reported incidents increasing from 345 to 685. This marks a significant rise from the 166 cases reported in 2020.
Read more »
Security
$10 billion 2023 Americans Cyber Fraud Fraud FTC record loss Safety Security

FTC Issues Alert: Americans' Fraud Losses Soar to $10 Billion in 2023

 

The U.S. Federal Trade Commission (FTC) has disclosed that in 2023, Americans fell victim to scammers, resulting in losses exceeding $10 billion, indicating a 14% surge compared to the preceding year.

In tandem, Chainalysis has reported that ransomware groups had a lucrative year, with ransom payments surpassing $1.1 billion in 2023.

Approximately 2.6 million consumers submitted fraud complaints to the FTC in the previous year, a figure mirroring that of 2022. Notably, imposter scams dominated the reported fraud cases, with noticeable increases in instances of business and government impersonation. Following closely were online shopping scams, trailed by reports related to prizes, sweepstakes, lotteries, investment scams, and business or job opportunity schemes.

According to the FTC, consumers reported the highest financial losses to investment scams, totaling over $4.6 billion in 2023, representing a 21% hike from 2022. Imposter scams accounted for the second-highest reported loss amount, nearing $2.7 billion. In 2023, consumers cited losing more money to bank transfers and cryptocurrency transactions than through all other methods combined.

The FTC added 5.4 million consumer reports to its secure online database, the Consumer Sentinel Network (Sentinel), in the previous year. Identity theft complaints, exceeding 1.1 million, were received through the agency's IdentityTheft.gov website.

Nevertheless, the FTC's data only scratches the surface of the extensive damage inflicted by scammers in 2023, as many fraud cases go unreported.

Victims of fraud are encouraged to report incidents on ReportFraud.ftc.gov or file identity theft reports on IdentityTheft.gov. These reports, upon inclusion in the FTC's Sentinel database, are accessible to approximately 2,800 law enforcement professionals, aiding in tracking down fraudsters, identifying trends, and raising public awareness to thwart scam attempts.

Samuel Levine, Director of the FTC's Bureau of Consumer Protection, emphasized the growing threat facilitated by digital tools, underscoring the importance of the released data in understanding and combating fraudulent activities targeting hard-working Americans.
Read more »
vishing scams prevention
Cyber Fraud Fraud Scams User Data User Safety User Security Vishing vishing scams prevention

Vishing Scams: Here's How to Spot & Defend Against Them

 

Vishing (voice or VoIP phishing) is a sort of cyber attack that uses voice and telephony technologies to deceive targeted persons into disclosing sensitive data to unauthorized entities. 

The information could be personal, such as a Social Security number or details about a financial account, or it could be tied to a commercial environment. For example, fraudsters may use vishing to entice an employee to provide network access information.

In 2022, "38% of the reports submitted to the FTC by consumers ages 80+ indicated phone calls as the initial contact method," according to Ally Armeson, executive program director of Cybercrime Support Network. (Calls were the most popular mode of contact for this age group.)"

"Vishing, also known as voice phishing," Aremson continues, "is a growing threat in the world of cybercrime, particularly targeting the elderly."  

The scam takes advantage of the fact that the elderly are more likely to trust phone contacts by impersonating false charities, appearing as relatives, or pretending to be trustworthy locations like government agencies. 

As a result, sharing credit card information, social security numbers, login credentials, or other valuable data is likely.

How to defend yourself?

  • Take the effort to confirm the caller's identification by visiting the organization's website.
  • Never give up personal or financial information over the phone. Legitimate organizations will never ask for credit card information, social security numbers, or passwords.
  • Do not be hesitant to call into question the legitimacy of unknown numbers. Legitimate organizations will never ask for credit card information, social security numbers, or passwords.
  • Don't be hesitant to question the legitimacy of unknown phone numbers, and be wary of providing important information over the phone without first verifying the caller's identity.
  • Since caller ID can be easily spoofed, don't rely on it alone to decide whether a call is real. I recommend remaining attentive and exercising caution while disclosing sensitive information.
  • Any unknown phone caller should be routed to voicemail so you can screen the call. Remember to notify the FTC of any unusual calls or suspected fraudulent activities at ReportFraud.ftc.gov.
  • In general, do not give any financial or Social Security information over the phone, by text, or via email.  
By following these tips, you can help protect yourself from vishing scams
Read more »
Tips
Authentication Cloud Defense Cyber Security Fraud MFA Multi-Factor Authentication (MFA) Online phishing Phishing Prevention Prevention Privacy Protection Scams Security Tips

Defend Against Phishing with Multi-Factor Authentication

 

Phishing has been a favored attack vector for threat actors for nearly three decades, and its utilization persists until it loses its effectiveness. The success of phishing largely hinges on exploiting the weakest link in an organization's cybersecurity chain—human behavior.

“Phishing is largely the same whether in the cloud or on-prem[ise], in that it’s exploiting human behavior more than it’s exploiting technology,” said Emily Phelps, director at Cyware.

These attacks primarily aim to pilfer credentials, granting threat actors unfettered access within an organization's infrastructure. Yet, successful cloud-based phishing assaults might be more intricate due to the nuanced ownership of the environment.

Phelps explained that in an on-premise scenario, a compromised ecosystem would be under the jurisdiction of an organization's security and IT team. However, in the cloud—like AWS or Azure—a breached environment is managed by respective organizations yet ultimately owned by Amazon or Microsoft.

Cloud Emerges as the Preferred Phishing Arena

As an increasing number of applications gravitate toward cloud computing, threat actors are unsurprisingly drawn to exploit this realm. Palo Alto Networks Unit 42's report unveiled a staggering 1100% surge in newly identified phishing URLs on legitimate SaaS platforms from June 2021 to June 2022.

The report delineated a tactic where visitors to legitimate web pages are enticed to click a link directing them to a credential-stealing site. By leveraging a legitimate webpage as the principal phishing site, attackers can modify the link to direct victims to a new malicious page, thereby sustaining the original campaign's efficacy.

Cloud applications provide an ideal launchpad for phishing assaults due to their ability to bypass conventional security systems. Cloud-based phishing is further facilitated by the ease of luring unsuspecting users into clicking malevolent email links. Beyond SaaS platforms, cloud applications such as video conferencing and workforce messaging are also being increasingly exploited for launching attacks.

The Role of Phishing-Resistant MFA

Among the most robust defenses against credential-stealing phishing attacks is multifactor authentication (MFA). This approach incorporates several security factors, including something known (like a password), something possessed (such as a phone or email for code reception), and/or something inherent (like a fingerprint). By requiring an additional code-sharing device or a biometric tool for authentication, MFA heightens the difficulty for attackers to breach these security layers.

In the event of a user falling prey to a phishing attack and credentials being compromised, MFA introduces an additional layer of verification inaccessible to threat actors. This may involve SMS verification, email confirmation, or an authenticator app, with the latter being recommended by Phelps.

However, as MFA proves effective against credential theft, threat actors have escalated their strategies to compromise MFA credentials. Phishing remains one of their favored methods, as cautioned by the Cybersecurity and Infrastructure Security Agency (CISA):

"In a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a threat actor-controlled website that mimics a company’s legitimate login portal. The user submits their username, password, as well as the 6-digit code from their mobile phone’s authenticator app.”

To counter this, CISA endorses phishing-resistant MFA as a strategy to enhance overall cloud security against phishing attacks. Fast ID Online/WebAuthn authentication stands out as a popular option. It operates through separate physical tokens linked to USB or NFC devices or embedded authenticators within laptops and mobile devices.

An alternative approach, albeit less common, is PKI-based phishing-resistant MFA, employing security-chip embedded smart cards linked to both an organization and the individual user. While highly secure, this method necessitates mature security and identity management systems.

While any form of MFA contributes to safeguarding cloud data against phishing, relying solely on commonly used code-sharing methods falls short. Threat actors have devised ways to manipulate users into revealing these codes, often relying on users' inconsistent MFA setup practices. Adopting phishing-resistant MFA and incorporating multiple layers of authentication offers the utmost security against this prevalent cyber threat.
Read more »
Security
Crime Cyber Attacks Cyber Gangs Data Fraud Safety Scams Security

Surge in 'Call Center Gangs' Linked to Organized Crime and Human Trafficking

 

Online, robocall, and other call scams are well-coordinated and often operated by criminal organizations based overseas. These scams primarily target older Americans.

Biocatch, a biometric company, conducted a recent study revealing a significant surge of 200% in call scams between 2022 and 2023. These scams are conducted by "call center gangs" located in Southeast Asia, engaging in various illegal activities, including investment fraud and human trafficking.

“These organized cybercriminal entities conduct a variety of scams,” the Biocatch report found, “including tech support, romance, and investment frauds, often targeting victims internationally and exploiting legal jurisdictional complexities to evade consequences.”

“The disconcerting link between these scams and human trafficking is hard to ignore,” Biocatch warns. 

Further, it added, “Amid the COVID-19 lockdowns, unsuspecting victims lured with job offers are detained in these call centers. Criminal rings are shifting from sex trafficking to human trafficking for scam call centers, with a higher profit margin in cybercrime.”

The primary objective of these scams is to deceive individuals into providing them with money or personal information. It is advised to disregard any unsolicited calls, text messages, or emails received.
Read more »
Security
Cyber Fraud Data Data Safety Fraud Safety Scam Security

The Robotic Falcon Manufacturer Falls Victim to Cyber Criminals, Lost £100,000

 

John Donald, an entrepreneur who sells robotic falcons worldwide, has become a victim of cybercrime during the pandemic, despite his tech-savvy background. 

Donald, a 72-year-old grandfather, revealed that fraudsters targeted his family business when it faced a drastic 95% decline in turnover. Reluctantly, he succumbed to their demands and transferred nearly £100,000 to a fraudulent bank account. The incident caused immense stress for Donald and was described by him as an experience he wouldn't wish upon anyone.

Recent statistics released by Police Scotland indicate a concerning 68% rise in fraud cases since 2018, with a majority of them occurring online. 

Donald's company, Robop, which manufactures robot peregrine falcons for bird pest control, experienced significant setbacks due to the COVID-19 pandemic. It was on a Friday afternoon in December 2020, at around 16:30, when Donald received a call that initiated this distressing ordeal. The caller, speaking with an Edinburgh accent, claimed to be part of a joint banking task force and informed Donald about fraudulent activities in his account.

Initially skeptical, Donald probed the caller, but their extensive knowledge about him and his business convinced him of their credibility. Unable to reach his bank on another phone, Donald's suspicions grew stronger. 

The caller then intensified the pressure, citing a limited time window to resolve the issue due to discrepancies between their system and his. In the course of an hour-long conversation, the fraudsters persuaded Donald to transfer funds between his accounts, leaving him feeling foolish afterward but seeing no alternative at the time.

Fortunately, a friend directed Donald to the Cyber and Fraud Centre, where he sought assistance and Donald's bank refunded the stolen amount six weeks later.

Jude McCorry, the center's CEO, revealed that others had not been as fortunate. She added, "We've seen a recent fraud where there was £700,000 transferred on a property deal that went to the wrong account.

"That involved an individual rather than a company. It was huge and the investigation is still going on. Instead of always reacting to these crimes, we need to look at how we prevent it."

Police Scotland acknowledges that cybercrime is significantly underreported, with the published figures representing only a fraction of the actual problem. 

The detection rate for fraud has halved in recent years, standing at a mere 16% of cases. Assistant Chief Constable Andy Freeburn warned about the increasing involvement of Scottish crime groups in cybercrime and fraud. 

He added, "What we have seen over the last year is emerging serious and organised crime groups operating in that space, trying to exploit the Scottish public through cyber, through fraud, and we are now actively working against those gangs.

"This is something we are not going to arrest our way out of. There is a significant threat in Scotland.

"We are having successes in identifying people and recovering money in consultation with banking and financial partners.

"But we are also improving our prevention messaging, making it very clear to the public how they can help themselves by not giving out details, making sure their software is up to date on their computers and reporting anything suspicious to us."

To address this escalating threat, Police Scotland has allocated an additional £4.3 million to its cybercrime strategy, focusing on acquiring new equipment and providing training to operational officers. 

The force has also developed an ethical protocol for the use of emerging technologies. Meanwhile, John Donald urges the public to recognize the sophistication of cyber scams and recommends keeping the bank's fraud helpline on speed dial while emphasizing the importance of prompt responses from banks when people call these numbers. 
Read more »
Security
Cyber Fraud Data Email Scams Fraud Safety Security

Email Scams v/s Phishing: Here's All You Need to Know

 

Becoming a victim of any crime can be emotionally distressing, financially burdensome, and socially humiliating. While some scams are easily recognizable, others are cleverly disguised, making it difficult to detect that you are being exploited. Scams exist in various aspects of life, encompassing business, taxation, and even identity theft, all driven by fraudulent intentions to take advantage of individuals. The primary motive behind these scams appears to be financial gain. 

Email scams and text scams have become abundant, especially with the widespread use of cell phones in recent times. It is evident that every single one of these scams falls under the category of phishing schemes. 

Phishing tactics are intended to fool you into submitting personal information that the cybercriminal will then use to get access to your financial accounts, steal your identity, download malware, or otherwise cause havoc. These schemes appear and sound like valid requests from legitimate sources, making it difficult to identify them as harmful.

Messages from a credible source urging you to reset your password, a supervisor or colleague asking you to help them out by sending them money, or a merchant offering a fantastic bargain on an item you want are all examples of email phishing. Some fraudsters have grown inventive, sending scary messages that appear to be from a tax collection agency, such as the IRS, with a deadline.

Email is an efficient method for phishing techniques to be exploited, but it is not the only location where they may be found. SMS phishing is currently used by scammers to deceive you into clicking over to a website or form in order to acquire information. Because it is more difficult to determine whether a text message is real than an email message, many individuals get duped in this manner.

Social networking platforms can also be used to spread phishing schemes. They appear to be fantastic deals and offers for cool new goods or services in your neighborhood. If you click the ad, you might be taken to a very professional-looking website. However, once your contact information is disclosed, your identity is jeopardized.

One of the greatest methods to prevent being a victim of an email or phishing scam is to avoid clicking on links or responding to communications from people you don't know. Check the sender's email address to ensure it is real. It never hurts to double-check because professional scammers will establish email addresses that look identical to legitimate ones.

Instead of clicking on a social network link to learn more about a new product, conduct a search on a trusted online shop such as Amazon, Newegg, or Walmart. If the product is decent, it will most likely be sold through legitimate channels.

Similarly, if you read about a company's sale or new subscription opportunity, go to the company's website first before committing to buy. The same deal will very certainly be offered there as well, so you may still take advantage of it.

Because phishing and email schemes are classified as malware, most antivirus programs contain anti-phishing capabilities or enhanced email security. You may enable Bitdefender's capabilities within your email program, whether it's a Google or Outlook account. This will help prevent scam communications from reaching your inbox.

The same can be said with text message fraud. Anti-phishing capabilities in Android antivirus apps reduce the number of SMS-based schemes. Mobile antivirus, like desktop antivirus, will block malware and sites with risks on them, ensuring that your device is not infected with malware and that you are not duped into providing sensitive information to an unknown solicitor.

If you open on a faulty link, the finest antivirus software will prevent you from reaching a harmful page. Furthermore, antivirus software will stop any dangerous file connected to a faulty link, preventing your machine from becoming infected with a bot, worm, or ransomware.

Read more »
Security
Cyber Fraud Fraud Fraudsters Mobile Numbers Safety Scam Security

Police Blocked 20K+ Mobile Numbers Issued on Fake Papers

 

In accordance with a police officer, Haryana Police's cyber nodal unit has blocked 20,545 mobile phones issued on fraudulent and counterfeit paperwork. According to a Haryana police spokesman, the majority of the blocked SIM cards were issued in Andhra Pradesh, with West Bengal and Delhi following closely behind. 

Similarly, the police have detected and reported on the portal more than 34,000 cellphone numbers involved in cyber fraud operating across the state, including 40 hotspot villages in Nuh district. 

“At the same time, the remaining 14,000 mobile numbers involved in cyber fraud will also be blocked soon through the Department of Telecom, Government of India,” the police officials said.

A police official told reporters today that the state crime division is currently monitoring all mobile numbers implicated in cybercrime and is collecting reports from districts on a daily basis. He stated that 102 teams of 5000 Haryana Police officers recently stormed 14 cybercrime hotspot villages in the Nuh district.

“For this reason, at present, Haryana is at the top position in blocking mobile numbers used in cyber fraud. At present more attention is being given to such areas and villages from where cyber fraud incidents are being carried out. Recently, 102 teams of 5000 policemen of Haryana Police raided 14 cybercrime hotspots villages in Nuh district,” he added.

He further stated that Andhra Pradesh has issued the most cellphone numbers implicated in cybercrime, and that they are being used to commit cybercrime in the state.

“Currently, out of the total identified mobile numbers issued on Fake ID, a maximum of 12,822 mobile numbers have been issued from Andhra Pradesh, 4365 from West Bengal, 4338 from Delhi, 2322 from Assam, 2261 from North East states and 2490 from Haryana state. All the numbers are currently operating from different areas of Haryana and the same has been intimated to the Department of Telecom to block them,” he added.

OP Singh, Chief of the State Crime Branch and Additional Director General of Police, stated that the state crime branch, as the state nodal agency for cybercrime, has a team of 40 highly skilled cyber police personnel who have been deployed at helpline 1930 to quickly register reported incidents and collect relevant data.
Read more »
Security
Cyber Security Data Privacy Fraud Medical Recrds Safety Security

Concerns Over NHS Data Privacy After a 'Stalker' Doctor Shared a Woman's Private Details

 

The anonymity of NHS medical records has been called into question after a "stalker" hospital doctor obtained and communicated very sensitive information about a lady who had begun dating her ex-boyfriend regardless the fact that he wasn't involved in her care. The victim was left in "fear, shock, and horror" after learning that the doctor had exploited her hospital's medical records system to look at the woman's GP records and read - and share - private data about her and her children accessible only to a few others. 

“I felt violated when I learned that this woman, who I didn’t know, had managed to access on a number of occasions details of my life that I had shared with my GP and only my family and very closest friends. It was about something sensitive involving myself and my children, about a family tragedy,” the woman said.

The case has spurred worries that any doctor in England could misuse their privileged access to confidential medical records for purposes other than clinical.

Sam Smith, of the health data privacy group MedConfidential, said: “This is an utterly appalling case. It’s an individual problem that the doctor did this. But it’s a systemic problem that they could do it, and that flaws in the way the NHS’s data management systems work meant that any doctor can do something like this to any patient. If you’re registered with the NHS in England, this could happen to you.”

The victim and the doctor,  consultant at Addenbrooke's Hospital in Cambridge, have not been named by the Guardian. The woman was originally perplexed as to how the doctor had obtained very intimate information about her, her sister, and her children, which the doctor then passed to her ex-boyfriend in the early stages of his new connection with the woman last July.

“The doctor said that she had got it from friends, or from people in her choir or parents at my children’s school. That left my sister and I wondering if some of our close friends had betrayed us as we knew that only a few people knew those details. She had an unhealthy interest in us.”

The mystery was answered when Addenbrooke's provided the woman with a full audit of all its staff members who had exposure to her medical information at her request. It was discovered that the doctor viewed her medical information seven times between August and September of last year. The clinician first accessed Epic, Addenbrooke's own hospital medical records system, three times.

She then navigated to a different records system known as GP Connect, which contained comprehensive notes of conversations her former partner's new girlfriend had with her GP regarding the tragic impact of the accident and the well-being of one of her children.

On one occasion, the doctor, whom the woman had never seen, called the victim, asked her name, provided it, and then hung up. The victim felt it was a planned effort by the doctor to demonstrate that she had obtained personal information about her

Addenbrooke's first disputed that its employees could access GP Connect via Epic. However, after a meeting with the victim, its deputy medical director, Dr. John Firth, acknowledged that her full GP records were available. Michelle Ellerbeck, the company's head of information governance, later emailed the woman to thank her for demonstrating that it was possible in case "this inquiry ever comes up again."

Dr. Nicola Byrne, the NHS national data protector for England, offers advice on how to keep patients' information safe and how to utilize it correctly. She stated that she was "concerned about the seriousness of the allegations" when the patient wrote to her about the inappropriate intrusion into her medical history.

Byrne identified the doctor's actions as "absolutely unacceptable" and attempted to comfort patients who may be concerned about the incident by emphasizing that it was the first time she had heard of a medic violating rules governing the secure handling of a patient's medical records in order to gather information about them. She did, however, left open the possibility that others were doing the same.
Read more »
Scam
Cyber Security Data data security Facebook Accounts Fraud Hackers Hacking Safety Scam

Verified Facebook Accounts Being Hijacked to Distribute Malware; Here's How You Can Protect Yourself

 

Hackers have been caught getting into popular verified Facebook pages and using them to distribute malware through adverts on the social media behemoth. Matt Navarra, a social strategist, was the first to notice the harmful effort, exposing the danger on Twitter. 

According to Navarra, whoever is behind the campaign targeted popular Facebook sites first (one of the victims has over seven million followers and has been active for over a decade). If they gained access, they would rename the page something like Meta (Facebook's parent company) or Google. They would then buy an ad on the social media network, targeting page managers and advertising specialists.

“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.

There are several issues with this campaign, according to Navarra, including how the accounts were compromised, how Facebook enabled the threat actors to change the page's name to something seemingly related to Meta while keeping the blue checkmark, and how they were able to buy and run ads that clearly redirect the target audience to a shady website at best. 

According to TechCrunch, Facebook has since disabled all of the affected accounts and shut down the malicious activities. It also stated that Facebook pages now disclose whether or not the page has changed its name in the past, and if so, from what, which is a nice move to increase openness. 

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”
Read more »
Voice Cloning
Cyber Fraud data security Fraud Safety Scam Voice Cloning

Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

 

If you receive an unusual phone call from a family member in trouble, be cautious: the other person on the line could be a scammer impersonating a family member using AI voice technologies. The Federal Trade Commission has issued a warning about fraudsters using commercially available voice-cloning software for family emergency scams. 

These scams have been around for a long time, and they involve the perpetrator impersonating a family member, usually a child or grandchild. The fraudster will then call the victim and claim that they are in desperate need of money to deal with an emergency. According to the FTC, artificial intelligence-powered voice-cloning software can make the impersonation scam appear even more authentic, duping victims into handing over their money.

All he (the scammer) needs is a short audio clip of your family member's voice—which he could get from content posted online—and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one,” the FTC says in the Monday warning.

The FTC did not immediately respond to a request for comment, leaving it unclear whether the US regulator has noticed an increase in voice-cloning scams. However, the warning comes just a few weeks after The Washington Post detailed how scammers are using voice-cloning software to prey on unsuspecting families.

In one case, the scammer impersonated a Canadian couple's grandson, who claimed to be in jail, using the technology. In another case, the fraudsters used voice-cloning technology to successfully steal $15,449 from a couple who were also duped into believing their son had been arrested.

The fact that voice-cloning services are becoming widely available on the internet isn't helping matters. As a result, it's possible that scams will become more prevalent over time, though at least a few AI-powered voice-generation providers are developing safeguards to prevent potential abuse. The FTC says there is an easy way to detect a family emergency scam to keep consumers safe. "Don't believe the voice. Call the person who allegedly contacted you to confirm the story. 

“Don’t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs,” the FTC stated. “If you can’t reach your loved one, try to get in touch with them through another family member or their friends.”

Targeted victims should also consider asking the alleged family member in trouble a personal question about which the scammer is unaware.
Read more »
Scam McAfee
Cyber Data Cyber Fraud Data Safety data security Fraud Scam McAfee

McAfee Invoice Fraud Email Pretending to be a Subscription Renewal Receipt

 

Readers should beware of clicking links in a McAfee invoice scam email that claims to be a "confirmation receipt" for the subscription renewal of the company's products. This email does not come from McAfee Corp. Email scams that use the names of antivirus and security companies are probably as old as the internet, but this particular one for McAfee apparently tried to combine two different threats into one: malware and phishing. 

Snopes reviewed one of the McAfee invoice scam emails. The subject line read, "Confirmation Receipt ID.6030955553." The following message came from an email address associated with uilsducoach.com, not the official company website mcafee.com:
  • Reassure your McAfee is up to date.
  • Check now as it may have ended.
  • Your subscription of McAfee for your computer may ended soon.
  • After the ending date has passed your computer will become susceptible to many different virus and threats.
  • Your PC might be unprotected, it can be exposed to viruses and other malware...
  • You are eligible for discount: -70%*
A malicious URL scanner scan of the links revealed that the email was "hosting malware" and contained a "phishing link."

The link started on an Amazon Web Services page. Vestingsupper.com was one of the redirects. More information was not available at the time this story was published. McAfee has previously published several articles about these types of scams, including details on what to do if you believe you've been a victim of one.

It's recommended, "if you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device. Once the scan is complete, backup all of your files and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it's important to change all the passwords you use online in the wake of a suspected phishing attack."

Malwarebytes and Norton are two other companies that are recommended for malware scans. If readers provided financial information to scammers, such as a credit card number, we recommend contacting that financial institution right away to notify them of the problem. To ensure that scammers do not use the compromised card in the future, a new credit card with a new number may need to be mailed to you in some cases.
Read more »
Security
Cyber Fraud Data Fraud Research Safety Security

One-fifth of British Folks Have Fallen Victim to Online Fraudsters

 

As per F-Secure, millions of UK adults have been victims of digital scammers in the past, but a quarter has no security controls in place to safeguard their online activity. As part of a global Living Secure study into cybersecurity awareness and behavior, the Finnish security vendor polled 1000 Britons. 

It discovered that 19%, or approximately 12.6 million British citizens, had previously been duped by online fraud such as a phishing attack. According to F-Secure, the consequences of these incidents ranged from identity theft to data and password loss and even the theft of life savings. 

Despite spending an average of eight hours per day on the internet, a significant minority still do not protect themselves online, based on a report. One reason could be that many people are scared of the prospect: 60% of respondents said cybersecurity is too complicated.

The report also emphasized a disparity in respondents' attitudes and awareness. While more than three-quarters (77%) said they could spot a scam, nearly two-thirds said they are concerned about their own and their families' online safety, and half (48%) said they have no idea if their devices are secure or not.

According to the FBI, phishing was the most common type of cybercrime in 2021, with identity theft, romance fraud, tech support scams, and investment fraud also ranking among the top ten.

“Our research has highlighted a clear disconnect between what we do online and how vulnerable we feel online, versus the concrete actions we take to reduce that vulnerability,” argued F-Secure CEO, Timo Laaksonen.

“Despite many Britons often feeling unsafe online they still aren’t putting adequate security measures in place. In the physical world you wouldn’t willingly give out passwords and personal data to strangers, so why go online and do it, and risk being a target for online criminals?”

According to the same report, investment and romance fraud cost cybercriminals a total of $2.4 billion that year. The conclusions of the F-Secure report appear to indicate a risk for businesses if employees exhibit the same low levels of security awareness in the workplace as they do at home.
Read more »
uber
Cyber Attacks Fraud Identity Theft Money Laundering Scam uber

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore


Ex Employee dupes Uber of Rs 1.17 Crore

A former Uber employee has been charged for duping the company of Rs. 1.17 crore by making 388 fake driver profiles and putting them on the company's server. The money was then transferred to only 18 bank accounts linked with these fake profiles. The accused was working with the company till December 2021 as a contractor. Uber's authorized signatory lodged the complaint in April last year. The accused's job was to look over driver payments and update the information of the authorized drivers in the company's spreadsheet so that the money could be transferred to the respective accounts.

FIR registered

Uber during its inquiry, discovered that out of the 388 fake driver profiles, 191 profiles were made using the same IP addresses associated with the accused man's system. 

"To avoid inconveniencing driver partners, a spreadsheet is automatically uploaded regularly. A large number of transactions were processed by this automated spreadsheet and the accused was responsible for updating the details of the driver-partner accounts to be paid," Uber said in the complaint. The man created and made various fake driver partners’ accounts in the spreadsheet.

According to the police, the accused has been booked under sections 408 (criminal breach of trust by a servant), 420 (cheating), 477-A (falsification of accounts), and 120-B (criminal conspiracy) of the IPC. 

The Uber complaint further read "191 cases out of 388 cases matched with the IP addresses used by Viney Gera to log into his work computer on the same day as the creation of the accounts. In the above manner, a total amount of Rs 1,17,03,033 has been fraudulently paid to these fake driver partners into only 18 bank accounts."

PTI quotes Inspector Deepak Kumar, SHO, Sushant Lok Police Station said "we are investigating the matter and the accused will be arrested as soon as possible," PTI reports.  

Handling of driver partner payments

An Indian Express report explained how Uber handles driver payments when their accounts show a negative balance. A negative balance in an Uber driver's account means payment is overdue. This is removed when the driver pays the amount to the company. After this, a positive payment is credited to the partner's account, and the details of the transaction are updated in a spreadsheet. 

The data (company spreadsheet) is then "uploaded to an Uber Payment Tool through an automated python script." The upload adds a positive balance to the driver partner's account to remove arrears that allow the driver to drive again. 


Read more »
Hackers
Child Identity Theft Data Breach Email Fraud Fraud Hackers

Synthetic Identity Fraud: What Is It?

Frankenstein ID, the use of fake identities by scammers, has become prevalent over the last 12 to 18 months, with US financial institutions (FIs) reporting losses of $20 billion in 2021 as compared to $6 billion in 2016.

Synthetic Identity Fraud: What Is It? 

When a Social Security number is stolen, synthetic identity fraud occurs. Hackers then use it in conjunction with bits of accurate personal data obtained from various sources or entirely false information to build an identity in order to commit theft.

Synthetic identity theft is unknown, thus allowing fraudsters to carry out their crimes undetected. Researchers discovered that two out of every three American adults were extremely unaware of fake identity theft.

What is the Frequency of Child Identity Theft and Fraud?

In contrast to adults, stealing the identities of minors gives hackers a wider window to utilize the credentials since the majority of victims who had their identities taken as children do not become aware of the fraud until they are adults. Social media, personal health information, and school forms pose the greatest threats to data theft involving minors, which is a concern for nearly two-thirds of adults. 

SSNs can be found by hackers in different spots, like your email account or the database of your chosen merchant. Even student data is stolen and published on the dark web by ransomware groups. Hackers take SSNs to commit synthetic ID theft. As they are more likely to belong to minors, they favor numbers that were granted within the last 18 years. Children generally wait until they are 18 to apply for loans or credit, giving criminals ten or even fifteen years to cause havoc before anyone takes notice.

A hacker will start seeking credit online if they have a social security number. Users, then, simply build a credit history just by seeking credit. A creditor will eventually grant them a $500 or perhaps $1,000 credit line. A breakout occurs once hackers have access to $10,000 to $15,000 in credit. After a final flurry of charges, the attackers fade. 

86 % of parents do not check their kids' credit, so hackers can ruin it for years. Due to this, synthetic identity has severe repercussions that frequently prevent its young victims from beginning their adult lives. The fact that children lack control over their credit or financial information makes them vulnerable as well.


Read more »
Technology
cryptocurrency data security digital currency Fraud Scams Technology

Report: Crypto Crime Hits Record $20 Billion in 2022

 

The unlawful use of cryptocurrencies reached a new high of $20.1 billion last year, as transactions involving companies sanctioned by the United States skyrocketed, as per data from blockchain analytics firm Chainalysis released on Thursday.

In 2022, the cryptocurrency market lost momentum as risk appetite started to wane and various crypto firms went bankrupt. Investors suffered significant losses, and regulators increased calls for greater consumer protection. 

Despite a drop in overall crypto transaction volumes, the value of unlawful crypto transactions increased for the second year in a row, according to Chainalysis. As per Chainalysis, transactions linked with sanctioned entities increased more than 100,000-fold in 2022 and accounted for 44% of illicit activity last year. 

Funds received by Garantex, a Russian exchange sanctioned by the US Treasury Department in April, accounted for "much of 2022's illicit volume," according to Chainalysis, adding that the majority of that activity is "likely Russian users using a Russian exchange." 

According to a Chainalysis spokesperson, wallets are labelled as "illicit" if they are not part of a sanctioned entity.

Garantex did not respond immediately to an emailed request for comment.

Last year, the US also sanctioned cryptocurrency mixing services Blender and Tornado Cash, alleging that they were being used by hackers, including those from North Korea, to launder billions of dollars in cybercrime proceeds.
 
The volume of stolen crypto funds increased by 7% last year, but volumes of other illicit crypto transactions, such as those related to scams, ransomware, terrorism financing, and human trafficking, decreased.

"The market downturn may be one reason for this. We've found in the past that crypto scams, for instance, take in less revenue during bear markets," Chainalysis said.

Chainalysis stated that its $20.1 billion estimate only encompasses blockchain activity and excludes "off-chain" crime such as fraudulent accounting by crypto firms.

According to Chainalysis, the figure also excludes instances where cryptocurrencies are the proceeds of non-crypto-related crimes, such as when cryptocurrency is used as a means of payment in drug trafficking.

"We have to stress that this is a lower bound estimate - our measure of illicit transaction volume is sure to grow over time," the report said, noting that the figure for 2021 was revised to $18 billion from $14 billion as more scams were discovered.





Read more »
Scammers
Cyber Fraud Fraud Pig Butchering Scam Scammers

Pig Butchering Scam: Here's Everything you Need to Know

 

Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of "social engineering" to deceive a victim into taking an unfavourable action, like transferring money into thin air or placing their faith in someone they shouldn't. These days, a new form of these schemes known as "pig butchering" is on the rise, entangling unwary victims to take all of their money and functioning on a big scale in large part due to forced labour. 

Due to a technique where attackers effectively fatten victims up and then take everything they have, pig butchering scams began in China, where they are known by the Chinese name shzhpán. The majority of these schemes use cryptocurrencies, however they can also incorporate other forms of financial trading.

Scammers use SMS texting or other social networking, dating, and communication platforms to make cold calls to potential victims. They frequently just greet you and say something like, "Hey Josh, it was great catching up last week!" The scammer takes advantage of the opportunity to start a discussion and lead the victim to believe they have a new friend if the recipient responds by saying that the attacker has the wrong number. After building a connection, the assailant will mention that they have been successful in investing in cryptocurrencies and urge the target to do the same while they still have the chance.

The scammer then installs a malicious app or web platform on the target that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims are frequently presented with curated real-time market data designed to demonstrate the investment's potential. And, once the target has funded their "investment account," they can begin to watch their balance "grow." The creation of malicious financial platforms that appear legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, such as allowing victims to make a video call with their new "friend" or withdraw a small amount of money from the platform to reassure them. The latter is a strategy used by scammers in traditional settings.

The swindle has some new twists, but you can see where it's going. The attackers close the account and disappear once the victim has deposited all of their money and everything the scammers can get them to borrow.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.” 

Though carrying out pig butchering scams requires a significant amount of communication and relationship building with victims over time, researchers claim that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborer's who are victims of human trafficking.

“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”

The idea is similar to ransomware attacks and digital extortion, in which law enforcement encourages victims not to pay hackers' ransom demands in order to disincentive them from trying again.

Although the Chinese government began cracking down on cryptocurrency scams in 2021, criminals were able to relocate their pig butchering operations to Southeast Asian countries such as Cambodia, Laos, Malaysia, and Indonesia. Governments all over the world have been warning about the threat. The FBI's Internet Crime Complaint Center received over 4,300 submissions related to pig butchering scams in 2021, totaling $429 million in losses. In addition, the US Department of Justice announced at the end of November that it had seized seven domain names used in pig butchering scams in 2022.

“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI stated in an October alert.

Government officials and researchers emphasize the importance of public education in preventing people from becoming victims of pig butchering schemes. People are less likely to be taken in if they recognize the warning signs and understand the concepts underlying the scams. The challenge, they say, is reaching out to a larger audience and convincing people who learn about pig butchering to share their knowledge with others in their families and social circles.

According to researchers, pig butchering scams, like romance scams and other highly personal and exploitative attacks, take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds another layer of trauma to the situation, making it even more crucial to address the threat.

“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”
Read more »
User Safety
Data Data Breach Fraud Information Security User Data User Privacy User Safety

LastPass: Hackers Stole Customers’ Password Vaults, Breach Worse Than Initially Thought

 

This past August witnessed a breach at LastPass, one of the most well-known password manager services available. The harm caused by the unidentified hackers is significantly worse than was initially believed, according to the company. Passwords should be changed immediately by users. LastPass stated that "only" the company's source code and confidential information were compromised in the initial report on the data breach event that was detected in August. 

Passwords and user information remained clean and secure. The hostile actors were able to access some users' data as well, according to a subsequent security notification on the same issue. The hat in black According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. 

By copying a backup that contained "basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," they were able to further undermine the platform's security.

The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secure notes, and data entered into forms.

According to LastPass, hackers were able to access the cloud storage and decrypt the dual storage container keys. By copying a backup that contained "basic customer account data and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," they were able to further undermine the platform's security.

The encrypted storage container, which holds customer vault data in a proprietary binary format, also allowed the cybercriminals to replicate a backup of that data. The container contains both encrypted and unencrypted information, including sensitive areas like online usernames and passwords, secure notes, and data entered into forms.

Since they were created using a 256-bit AES-based encryption algorithm and "can only be decrypted with a unique encryption key derived from each user's master password using our Zero Knowledge architecture," the encrypted fields "remain secure," according to LastPass, even when in the hands of cybercriminals. Zero Knowledge signifies that LastPass is unaware of the master password required to unlock the data, and that the decryption process itself is always carried out locally, never online.

LastPass partially stores credit card information in a different cloud environment. Furthermore, there are currently no signs that such data has been accessed. All things considered, LastPass is attempting to convey the idea that users' encrypted data should still be protected in spite of the extensive breach of the company's technology.

However, that doesn't mean there aren't any risks or dangers associated with the breach. Despite the fact that the firm routinely tests "the newest password cracking tools against our algorithms to maintain pace with and improve upon our cryptographic controls," LastPass claims that a determined hostile actor might attempt to brute-force the encrypted passwords.

Additional dangers could be associated with phishing or brute-force attacks against online accounts linked to users' LastPass vaults. LastPass stated that they would never contact a user by phone, email, or text and ask them to click on a link to confirm their personal information. They also won't inquire for a vault's master password. Users of the online password manager are urged to update both their master password and every password kept in the vault as a last line of defense.

Read more »
Subscribe to: Posts (Atom)