Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fraud Campaign. Show all posts
User Privacy
Cyber Crime Data Leak Fraud Campaign Southeast Asia User Privacy

Asia is a Major Hub For Cybercrime, And AI is Poised to Exacerbate The Problem

 

Southeast Asia has emerged as a global hotspot for cybercrimes, where human trafficking and high-tech fraud collide. Criminal syndicates operate large-scale "pig butchering" operations in nations like Cambodia and Myanmar, which are scam centres manned by trafficked individuals compelled to defraud victims in affluent markets like Singapore and Hong Kong. 

The scale is staggering: one UN estimate puts the global losses from these scams at $37 billion. And things may soon get worse. The spike in cybercrime in the region has already had an impact on politics and policy. Thailand has reported a reduction in Chinese visitors this year, after a Chinese actor was kidnapped and forced to work in a Myanmar-based scam camp; Bangkok is now having to convince tourists that it is safe to visit. Singapore recently enacted an anti-fraud law that authorises law enforcement to freeze the bank accounts of scam victims. 

But why has Asia become associated with cybercrime? Ben Goodman, Okta's general manager for Asia-Pacific, observes that the region has several distinct characteristics that make cybercrime schemes simpler to carry out. For example, the region is a "mobile-first market": popular mobile messaging apps including WhatsApp, Line, and WeChat promote direct communication between the fraudster and the victim. 

AI is also helping scammers navigate Asia's linguistic variety. Goodman observes that machine translations, although a "phenomenal use case for AI," can make it "easier for people to be baited into clicking the wrong links or approving something.” Nation-states are also becoming involved. Goodman also mentions suspicions that North Korea is hiring fake employees at major tech companies to acquire intelligence and bring much-needed funds into the isolated country. 

A new threat: Shadow AI 

Goodman is concerned about a new AI risk in the workplace: "shadow" AI, which involves individuals utilising private accounts to access AI models without firm monitoring. That could be someone preparing a presentation for a company review, going into ChatGPT on their own personal account, and generating an image.

This can result in employees unintentionally submitting private information to a public AI platform, creating "potentially a lot of risk in terms of information leakage. The lines separating your personal and professional identities may likewise be blurred by agentic AI; for instance, something associated with your personal email rather than your business one. 

And this is when it gets tricky for Goodman. Because AI agents have the ability to make decisions on behalf of users, it's critical to distinguish between users acting in their personal and professional capacities. “If your human identity is ever stolen, the blast radius in terms of what can be done quickly to steal money from you or damage your reputation is much greater,” Goodman warned.
Read more »
United States
Crypto Theft Cyber Crime DOJ Fraud Campaign United States

Crypto Crime Shocker: DOJ Charges 27 In $263 Million Crypto Theft

 

A multi-national cryptocurrency fraud ring that allegedly defrauded victims worldwide over a quarter of a billion dollars has come under increased scrutiny from the US Department of Justice (DOJ). 

The case now has 27 defendants in total after the charges were filed under the Racketeer Influenced and Corrupt Organisations Act (RICO). Malone Lam, a 20-year-old who is at the centre of the investigation, is charged with planning one of the biggest individual cryptocurrency thefts in American history. 

Lam is suspected of stealing over 4,100 Bitcoin, or about US $230 million, from a single victim in Washington, DC. Lam, who went by multiple internet aliases such as "Anne Hathaway" and "$$$," is accused of collaborating with Jeandiel Serrano (also known as "VersaceGod") to carry out a complex social engineering attack on a guy identified as an extremely wealthy early crypto investor. 

After bombarding the victim with phoney Google security warnings warning of unauthorised login attempts, Lam and Serrano are said to have called the guy and impersonated Google support professionals. Investigators say they misled the victim into revealing multi-factor authentication codes, allowing them to access his accounts and steal a fortune in cryptocurrency. 

Following the theft, Lam and Serrano are accused of laundering the stolen funds in a variety of ways and using their wealth to fund a lavish lifestyle. Lam is claimed to have bought at least 31 expensive cars, including custom Lamborghinis, Ferraris, Porsches, Mercedes G Waggons, a Rolls-Royce, and a McClaren, some of which were worth more than $3 million. He also rented many high-end residences in Los Angeles and Miami, some for up to $68,000 per month, and spent hundreds of thousands of dollars on nightclub trips. 

Now, the DOJ has revealed that more defendants have been indicted in connection with the racketeering scheme. According to court documents, the defendants, who met through online gaming platforms, performed a variety of roles, including database hackers, organisers, target identifiers, callers, money launderers, and burglars who physically broke into victims' homes to steal their hardware cryptocurrency wallets. 

According to court documents, one of the defendants, 21-year-old Joel Cortes of Laguna Niguel, California, assisted members of the gang by "changing stolen virtual currency into fiat currency and shipping the currency across the United States, hidden in squishmallow stuffed animals, each containing approximately $25,000 apiece.” 

When it came to drawing attention to themselves, other gang members allegedly adopted Lam's strategy by, among other things, renting private jets, buying luxury handbags valued at tens of thousands of dollars to give to young women they deemed attractive, and paying up to US $500,000 per night for nightclub services.

Lam is accused of continuing to engage with the group even after his arrest in September 2024, assisting them in stealing cryptocurrencies and arranging for his claimed associates to purchase luxury Hermes Birkin handbags for his girlfriend in Miami, Florida. 

This case serves as a stark reminder of the ever-increasing confluence of cyber fraud and psychology. While the crypto technology is new, the scam is old as time: acquire trust, play the long game, and walk away with the loot.
Read more »
Investement Apps
Chinese Investment Cyber Fraud Fraud Campaign Hawala Hyderabad Police Investement Apps

Hyderabad Police Exposes Rs 903 Crore Chinese Investment Fraud Campaign

 

Hyderabad Cyber Crime Police this week disclosed they have busted a Chinese investment scam of Rs 903 crore with the arrest of 10 individuals including a Chinese resident. 
The arrested accused from Mumbai, Delhi and Hyderabad include Sahil Bajaj, Sunny, Virender Singh, Sanjay Yadav, Navneeth Kaushik, Md. Parvez, Syed Sultan, Mirza Nadeem Baig, Lec alis Li Zhongjun and Chu Chun-yu. 

According to Police Commissioner C.V. Anand, the fraudsters employed online investment apps to trap investors. The money collected from the victims was moved via virtual route till it reached the AMCs bank account, from where the currency was exchanged, and finally, the value was transferred out to Chinese operators via a hawala route. So far, Rs 1.91 crore has been frozen in various bank accounts in this case. 

The fraud campaign was unraveled after a Hyderabad citizen who lost Rs 1.6 lakh after investing in an app named LOXAM approached the police in July. 

In the investigation, police identified that the complainant's money was deposited in the bank account of Indusind Bank in the name of Xindai Technologies Pvt Ltd. This bank account was opened by the accused, Virender Singh, who disclosed that he opened a bank account in the name of Xindai Technologies Pvt Ltd on the orders of Jack, a Chinese national who used to operate the account. 

Another firm involved in the same scam, Betench Networks Pvt Ltd, shared the same phone as Xindai’s, and further investigation led to the account holder Sanjay Yadav of Delhi, who allegedly opened on the instruction of Lec and Pei of China. Yadav opened 15 other bank accounts and sent their details to Taiwan’s Chu Chun-yu, who was arrested in Mumbai. 

The local account holders received a commission of ₹1.2 lakh for opening fake accounts. Identical accounts were also unearthed from Hyderabad with instructions and commission from Dubai, the police added.

From Xindai Technologies, money was transferred to 38 bank accounts and finally landed with authorized money change companies Ranjan Money Corp and KDS Forex Pvt Ltd, owned by Naveen Kaushik. “The AMCs flouted all exchange and anti-money laundering rules mandated by the RBI. It is also a clear case of negligence on part of the banking system,” Mr. Anand concluded.
Read more »
User Privacy
Fraud Campaign Malicious Android Apps Mobile Security Phony Apps User Privacy

UltimaSMS Premium Fraud Campaign Exploits Millions of Android Devices

 

Avast researchers have unearthed a global SMS premium fraud campaign on the Google Play Store, dubbed UltimaSMS. Scammers used 151 Android apps with 10.5 million downloads from over 80 countries to trick users into signing up for premium services that can cost up to Rs.3,000 per month depending on their cell carrier and location. 

Scammers used a fake photo editor, spam call blockers, camera filter, games, and other apps and promoted them via Instagram and TikTok channels. Such phony apps were downloaded in large numbers by people in Pakistan, Saudi Arabia, Egypt, UAE, USA, Poland, and many countries in the Middle East. After discovering the fraud, Google has banned 150 malicious apps and also removed them from its PlayStore. 

Upon installing the malicious apps, scammers analyze the user’s location, International Mobile Equipment Identity (IMEI), and phone number to determine the language in which they must communicate with the user. When a user opens the app, a screen is displayed that requests user to enter their phone number, and in some cases, email address to secure access to the app’s advertised service or product. 

Avast researchers named the fraud campaign “UltimaSMS” because one of the first app researchers discovered in May 2021 was called Ultima Keyboard 3D pro. 

“Upon entering the requested details, the user is subscribed to premium SMS services that can charge upwards of $40 per month depending on the country and mobile carrier. Instead of unlocking the apps’ advertised features, which users might assume should happen, the apps will either display further SMS subscriptions options or stop working altogether.” reads the blog post published by Avast.” The sole purpose of the fake apps is to deceive users into signing up for premium SMS subscriptions.”

Tips to protect yourself from fraudulent SMS apps 

• Deactivate the premium SMS option from your carrier. Deactivating this option will nullify the UltimaSMS scam. 
• Make sure to read the reviews before downloading any such app. Reading reviews can help you find out the intent of the app. 
• Unless you trust the app, don't register your mobile number. 
• Read every notification that comes up while installing the app carefully and give any permission only after reading.
Read more »
Subscribe to: Posts (Atom)