Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Frauds. Show all posts

Mewat: The New Cybercrime Hub in India

 

The Mewat region, situated between the Rajasthan and Haryana states of India is emerging as the new cyber fraud hub in India. 
 
After Jamtara, the infamous hotspot for cyber fraud cases where the young fraudsters involved in the racket would acquire SIM cards, open bank accounts, and dupe victims by posing as bank officials or representatives of telecom service providers, Mewat fraudsters have turned up with more malicious ways to dupe the online victims. 
 
Apparently, the Mewat fraudsters leverage sextortion, a blackmail category of cybercrime, as a weapon in order to deceive victims. 
 
The scammers target online victims while posing as young women, engaging them in conversations, and enticing the targets into sharing sexually explicit images. The scam is then followed by victims being threatened to leak the shared images unless paid.  
 
On being asked about the case's method of operation, Yusuf, one of the suspects held for the charges of sextortion revealed his gang's modus operandi. 
 
“It starts by writing a ‘hi’. He (the target) would usually ask about a video call. I’d do the video call. He’d be lured into going explicit. The woman on the phone does the same,” Yusuf says. 
 
On being asked about the ‘woman', Yusuf tells the investigating officer “It’s (actually the video) on the other phone. That device is placed right under the back camera of my phone, with a video of a woman playing over. It’s like a web call.” 
 
Reportedly, a phone on the other side uses screen recording software in order to capture the events. The victims are then threatened, and if they comply, the money is typically credited into a third party's account. 

In another cyber fraud case, a suspect was held for duping online victims via digital marketplaces.  
 
The scammer, Rahul Khan explains his fraud tactics as: Advertising expensive products for sale at deep discounts on online marketplaces such as OLX, claiming to be certain defence personnel, and fabricating a plausible story about distress. 
 
With the stats going higher in recent years, India recorded a total of 52,974 cases of cybercrime in 2021, up from 50,035 in 2020, 44,735 in 2019, and 27,248 in 2018.  
 
As per a report by the National Crime Records Bureau, nearly 60 percent of similar cybercrime cases were witnessed, pertaining to fraud followed by sexual exploitation (8.6 percent) and extortion (5.4 percent) in 2021.

Scylla: Ad Fraud Scheme in 85 Apps with 13 Million Downloads

 

Security researchers have exposed 85 apps involved in the ongoing ad frauds campaign that began in 2019. 75 apps of these apps are on Google Play, while 10 are present on the App store. The apps have collectively more than 13 million downloads to date. 
 
Researchers from HUMAN’s Satori Threat Intelligence have collectively named all the mobile apps that are being identified in the ad fraud campaign as ‘Scylla’.  
 
The malicious apps flooded the mobiles with advertisements, both visible and hidden ads. Additionally, the fraudulent apps garnered revenue by impersonating as legitimate apps in app stores. Although these apps are not seen as severe threats to the users, the adware operators can use them for more malicious activities.  
 
According to the researchers, Scylla is believed to be the third wave of an ad fraud campaign that came to light in August 2019, termed ‘Poseidon’. The second wave, called ‘Charybdis’ led up to the end of 2020. 

The original operation, Poseidon comprised over 40 fraudulent android apps, designed to display out-of-context ads or even ads hidden from the view of mobile users. 
 
The second wave, Charybdis, was a more sophisticated version of Poseidon, targeting advertising platforms via code obfuscation tactics. Scylla apps, on the other hand, expand beyond Android, to charge against the iOS ecosystem. In addition to this, Scylla relies on additional layers of code obfuscation, using Allatori Java obfuscator, making it hard for the researchers to detect or reverse engineer the adware. 
 
These fraudulent apps are engineered to commit numerous kinds of ad frauds, including mimicking popular apps (such as streaming services) to trick advertising SDKs into placing their ads, displaying out-of-context and hidden ads, generating clicks from the unaware users, and generating profit off ads to the operator. 
 
"In layman's terms, the threat actors code their apps to pretend to be other apps for advertising purposes, often because the app they're pretending to be is worth more to an advertiser than the app would be by itself," states HUMAN security. 
 
According to the sources, the researchers have informed Google and Apple about these fraudulent apps, following which the apps are being removed from Google Play and App Store. Users are recommended to simply remove the apps if they have downloaded one of the suspected adware by any chance. 
  
Furthermore, with regards to the increasing frauds, the Satori researchers have suggested certain precautionary measures that could be taken into account for the user to not fall for the adware frauds. It includes examining their apps before downloading them, looking out for apps that you do not remember downloading, and avoiding third-party app stores that could harbor malicious applications.

Phishing Scam Adds a Chatbot Like Twist to Steal Data

 

According to research published Thursday by Trustwave's SpiderLabs team, a newly uncovered phishing campaign aims to reassure potential victims that submitting credit card details and other personal information is safe. 

As per the research, instead of just embedding an information-stealing link directly in an email or attached document, the procedure involves a "chatbot-like" page that tries to engage and create confidence with the victim. 

Researcher Adrian Perez stated, “We say ‘chatbot-like’ because it is not an actual chatbot. The application already has predefined responses based on the limited options given.” 

Responses to the phoney bot lead the potential victim through a number of steps that include a false CAPTCHA, a delivery service login page, and finally a credit card information grab page. Some of the other elements in the process, like the bogus chatbot, aren't very clever. According to SpiderLabs, the CAPTCHA is nothing more than a jpeg file. However, a few things happen in the background on the credit card page. 

“The credit card page has some input validation methods. One is card number validation, wherein it tries to not only check the validity of the card number but also determine the type of card the victim has inputed,” Perez stated.

The campaign was identified in late March, according to the business, and it was still operating as of Thursday morning. The SpiderLabs report is only the latest example of fraudsters' cleverness when it comes to credit card data. In April, Trend Micro researchers warned that fraudsters were utilising phoney "security alerts" from well-known banks in phishing scams. 

Last year, discussions on dark web forums about deploying phishing attacks to capture credit card information grew, according to Gemini Advisory's annual report. Another prevalent approach is stealing card info directly from shopping websites. Researchers at RiskIQ claimed this week that they've noticed a "constant uptick" in skimming activity recently, albeit not all of it is linked to known Magecart malware users.

YouTube Scammers Steal $1.7M in Fake Crypto Giveaway

 

According to Group-IB, a group of online scammers made approximately $1.7 million by promising cryptocurrency giveaways on YouTube. 

The group allegedly aired 36 YouTube videos between February 16 and 18, gaining at least 165,000 views, according to the Singapore-based security company. To give validity to their efforts, they included footage of tech entrepreneurs and crypto enthusiasts like Elon Musk, Brad Garlinghouse, Michael Saylor, Changpeng Zhao, and Cathie Wood. 

According to Group-IB, the channels were either hacked or bought on the black market. They included links to at least 29 websites with instructions on how to double cryptocurrency investments in the streams they built. 

'Investors' were encouraged to send a tiny sum of virtual currency and promised that they would be paid back twice that amount. Some victims were prompted to enter seed phrases to 'link' their wallets, depending on the cryptocurrency and wallet type utilised. 

However, the fraudsters were able to take control of their wallet and withdraw all of their funds as a result of this. The scammers received 281 transactions totalling nearly $1.7 million into their crypto wallets in just three days. The precise number of victims and the overall amount stolen, however, are unknown. 

Group-IB stated, “The fake crypto giveaway scheme is not new, but apparently is still having a moment. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.” 

Crypto enthusiasts should be wary of freebies and avoid sharing personal information online, according to Group-IB. Users were also encouraged to double-check the authenticity of any promos and use a password manager to store any seed phrases.

Spanish Police Arrested SIM Swappers who Stole Money from Victims Bank Accounts

 

The Spanish National Police have arrested eight suspected members of a criminal organisation who used SIM swapping assaults to steal money from the victims' bank accounts. 

SIM switching assaults are used by criminals to get control of victims' phone numbers by duping mobile operator workers into transferring their numbers to SIMs controlled by the fraudsters. The attackers can steal money, cryptocurrency, and personal information, including contacts linked with online accounts, once a SIM has been stolen. Criminals could take over social media accounts and utilise SMS to circumvent 2FA services utilized by online services, including financial services. 

In the incident under investigation by Spanish police, the cybercriminal gained the victims' personal information and bank details via fraudulent emails in which they pretended to be their bank. The fraudsters were able to falsify the victims' official documents and use them to dupe phone store staff into issuing them with replica SIM cards. They were able to overcome SMS-based 2FA needed to access bank accounts and take the money once they had the SIM cards. 

The press release published by the Spanish National Police stated, “Agents of the National Police have dismantled a criminal organization dedicated, presumably, to bank fraud through the duplication of SIM cards. There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents. With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

The first SIM swapping attack linked to this group occurred in March 2021, when Spanish authorities received two reports about fraudulent transactions in different parts of the country. Crooks used bank transfers and digital quick payment services based in the region of Barcelona to launder the stolen funds. Seven people were arrested in Barcelona and one in Seville as a byproduct of the operation. The suspects' bank accounts were also banned by the authorities. 

The FBI announced this week that SIM swap attacks have increased, with the objective of stealing millions of dollars from victims by hijacking their mobile phone numbers. According to the FBI, US individuals have lost more than $68 million as a result of SIM switching assaults in 2021, with the number of complaints and damages nearly doubling since 2018. The FBI's Internet Crime Complaint Center (IC3) received 1,611 SIM switching assault reports in 2018, compared to 320 complaints between 2018 and 2002, resulting in a total loss of $12 million. 

Individuals should take the following steps, as per the FBI: 

• Do not post details regarding financial assets, such as bitcoin ownership or investment, on social networking platforms or forums. 
• Do not disclose the mobile number account details to representatives who ask for the account password or pin over the phone. Verify the call by calling the mobile carrier's customer support number. • Posting personal information online, such as your phone number, address, or other identifying information, is not a good idea. 
• To access online accounts, use a variety of unique passwords. 
• Any changes in SMS-based connectivity should be noted. 
• To gain access to online accounts, use strong multi-factor authentication solutions such as biometrics, physical security tokens, or standalone authentication software. 
• For easy login on mobile device applications, do not save passwords, usernames, or other information. 

On the other hand, mobile providers should take the following safety measures, according to the FBI: 

• Employees should be instructed and training sessions on SIM swapping should be held. 
• Examine incoming email addresses containing formal correspondence for minor differences that could make fraudulent addresses appear real and match the names of actual clients. 
• Establish stringent security standards that allow workers to effectively check customer credentials before transferring their phone numbers to a new device.

Intuit Alerted About Phishing Emails Threatening to Delete Accounts

 

Customers of accounting and tax software supplier Intuit have been warned of an ongoing phishing attack masquerading the organisation and attempting to mislead victims with fraudulent account suspension notifications. 

Customers who were notified and told that their Intuit accounts had been disabled as a result of a recent server security upgrade prompted Intuit to issue the advisory. 

The attackers stated in the phishing messages, masquerading as the Intuit Maintenance Team, "We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within next 24 hours. This is a result of recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season." 

To regain access to their accounts, the receivers need to visit https://proconnect.intuit.com/Pro/Update right away. By clicking the link, they will most likely be redirected to a phishing site controlled by the attacker, which will seek to infect them with malware or steal their financial or personal information. 

Those who hesitate before clicking the embedded link are warned that they risk losing access to their accounts permanently. The financial software company stated the sender "is not associated with Intuit, is not an approved agent of Intuit, nor is their use of Intuit's brands authorised by Intuit," and that it isn't behind the emails. 

Customers who have received phishing emails are advised not to click any embedded links or open attachments, according to the maker of TurboTax and QuickBooks. 

To avoid being infected with malware or redirected to a phishing landing page that would try to steal the credentials, it's best to delete the emails. Customers who have already opened attachments or clicked links in phishing emails should take the following steps: 
  • Delete any downloaded files immediately. 
  • Scan their systems using an up-to-date anti-malware solution. 
  • Change their passwords
On its support page, Intuit also provides information on how users can safeguard themselves from phishing assaults. 

QuickBooks clients were also cautioned in October about phishing attacks that used bogus renewal charges as bait. Fraudsters contacted QuickBooks users via websites in the same month, telling them to upgrade to prevent their databases from being destroyed or corporate backup files automatically erased, with the intent of taking over their accounts.  

$50 Million Lost to Fraudsters Impersonating as Broker-Dealers

 

A California man admitted his involvement in a large-scale and long-running Internet-based fraud scam that allowed him and other fraudsters to drain about $50 million from hundreds of investors.

Between 2012 and October 2020 Allen Giltman, 56, and his co-conspirators constructed phoney websites to collect money from people via the internet by advertising various investment opportunities (mainly the purchase of certificates of deposit). 

According to court documents, "The Fraudulent Websites advertised higher than average rates of return on the CDs, which enhanced the attractiveness of the investment opportunities to potential victims. At times, the fraudulent websites were designed to closely resemble websites being operated by actual, well-known, and publicly reputable financial institutions; at other times, the fraudulent websites were designed to resemble legitimate-seeming financial institutions that did not exist." 

They advertised the phoney investment sites in Google and Microsoft Bing search results for phrases like "best CD rates" and "highest cd rates." The scammers pretended to be FINRA broker-dealers in interactions with victims seeking investment possibilities, claiming to be employed by the financial companies they imitated on the scam sites. 

They employed virtual private networks (VPNs), prepaid gift cards to register web domains, prepaid phones, and encrypted applications to interact with their targets, and false invoices to explain the huge wire transfers they obtained from their victims to mask their genuine identities during their fraud schemes. 

"To date, law enforcement has identified at least 150 fraudulent websites created as part of the scheme," the Justice Department stated. 

"At least 70 victims of the fraud scheme nationwide, including in New Jersey, collectively transmitted approximately $50 million that they believed to be investments." 

The charge of wire fraud conspiracy, which Giltman consented, carries a possible sentence of 20 years in jail, while the charge of securities fraud carries a maximum sentence of five years in prison. Both are punishable by fines of $250,000 or double the gross gain or loss from the offence, whichever is greater. Giltman is scheduled to be sentenced on May 10, 2022. 

Stay Vigilant

The FBI's Criminal Investigative Division and the Securities and Exchange Commission cautioned investors in July 2021 that scammers posing as registered financial professionals such as brokers and investment advisers were posing as them. 

The July alert came after FINRA issued a similar fraud alert the same week regarding broker imposter frauds involving phishing sites that impersonate brokers and faked SEC or FINRA registration documents. 

"Fraudsters may falsely claim to be registered with the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) or a state securities regulator in order to lure investors into scams, or even impersonate real investment professionals who actually are registered with these organizations," the FBI and SEC stated. 

Investors should first use the Investor.gov search engine to see if people marketing investment possibilities are licensed or registered, and then ensure they're not scammers by contacting the seller using independently confirmed contact information from the firm's Client Relationship Summary (Form CRS).

Bracing for Evolving Phishing Frauds

 

Phishing scams are still the most common type of cybercrime. Unfortunately, as social engineering attacks get more advanced, this tendency is likely to continue in 2022. The numbers are worrisome and the phishing attacks account for more than 80% of all security issues reported. 

In fact, phishing attacks have been successful in 74 percent of firms in the United States. Companies must be watchful and proactive by implementing a defense strategy as phishing will remain the favoured method of attack for cybercriminals in the coming year. Phishing attacks have the potential to compromise infrastructure and organizations will need to plan ahead and anticipate investing more money in preventative measures in 2021 than they did in 2021. 

Phishing takes a new turn 

As cybercriminals get more sophisticated, here are some of the tactics that businesses should be aware of. It will be considerably difficult to distinguish between spoof and legitimate emails. Email recipients may be alarmed by clever subject lines. Email recipients may be alarmed by clever subject lines such as "Changes to your health benefits" or "Unusual login detected." 

Other common methods of attack include denied memberships, fraudulent subscription calls-to-action, and billing and payment warnings. Furthermore, fraudsters are becoming more sophisticated in their use of false links. Users who aren't paying attention may be scammed into clicking on links that lead to harmful websites. Phishing assaults will be elevated to a new level as a result of social engineering attempts. Artificial intelligence-based tactics, such as copying someone's voice to elicit sensitive information, will become more common. 

A good offense is the best defense

The good news for businesses is that they can use artificial intelligence (AI), email security, and cybersecurity training to protect themselves from more sophisticated phishing assaults. Investing in AI-based preventative tools that track and examine email communications is the first line of defence. 

A strong AI solution examines variables like the devices' external senders and employees, who they message, what time of day they communicate, and where they communicate from. This data is then used to create trusted email sender profiles, which are subsequently compared to incoming emails to authenticate the sender and detect and avoid sophisticated phishing efforts. Artificial intelligence-based monitoring software may even scan photos for fake login sites and altered signatures, then immediately quarantine malicious emails so that the end-user never sees them. 

Another preventative step is email security. Technology that displays warning banners and identifies problematic emails is beneficial since it allows users to quarantine or mark messages as safe with a single click. Passwords that have been compromised can be used to launch cyberattacks. Single sign-on (SSO), multifactor authentication (MFA), and password management are all included in an identity and access management (IAM) tool. 

Another option to mitigate the security concerns associated with passwords is to use passwordless authentication. This method confirms a user's identity by utilizing biometrics, such as fingerprints, and one-time passwords, which require users to enter a code that is either emailed, transmitted through SMS, or received via an authenticator app. 

Finally, a company is only as powerful as its employees, emphasising the importance of cybersecurity training. The first line of defence is employees. An organization's odds of experiencing a cybersecurity incident can be reduced by up to 70% by boosting security awareness. Security awareness training should always be included in onboarding, and phishing simulation campaigns should be run regularly, at least once a month. 

While this may appear excessive, research reveals that four to six months after each training session, trained employees begin to forget what they learned. With hybrid workplaces becoming increasingly widespread post-pandemic, over half of the remote workers use email as their major mode of contact, demonstrating the importance of security awareness training. 
 
According to the FBI, firms in the United States lost more than $1.8 billion in costs due to business email compromise (BEC) or spearphishing last year. Phishing scams resulted in adjusted losses of more than $54 million, according to the FBI. Given that phishing remains a popular type of intrusion, it's reasonable to assume that number will continue to rise. 

Organizations may help defend their businesses from being hacked by utilising AI's complete functionality to construct a powerful security platform that detects threats, as well as strengthened email security measures and employee training.

US SEC Alerts Investors of Ongoing Fraud

 

The Securities and Exchange Commission (SEC) is alerting investors about scammers posing as SEC officials and attempting to mislead them. 

Fraudsters are contacting investors via phone calls, voicemails, emаils, and letters, according to the SEC's Office of Investor Educаtion and Advocаcy (OIE). 

The alert stated, “We аre аwаre thаt severаl individuаls recently received phone cаlls or voicemаil messаges thаt аppeаred to be from аn SEC phone number. The cаlls аnd messаges rаised purported concerns аbout unаuthorized trаnsаctions or other suspicious аctivity in the recipients’ checking or cryptocurrency аccounts. These phone cаlls аnd voicemаil messаges аre in no wаy connected to the Securities аnd Exchаnge Commission.” 

The SEC warned it never asks for payments linked to enforcement activities, offer to confirm trades, or seek sensitive personal and financial information in unsolicited communication, including emails and letters. It further stated that SEC officials will not inquire about shareholdings, account numbers, PINs, passwords, or other personal information. 

Scammers appear to be employing a growing number of strategies in order to boost their chances of success. Investors should not disclose any personal information if they get communication that seems to be from the Securities and Exchange Commission, as per the notice. They are encouraged to contact the commission directly.

Investors can use the SEC's personnel locаtor at (202) 551-6000, call (800) SEC-0330, or emаil help@SEC.gov to confirm the identity of people behind calls or messages. Investors can also register a complaint with the Securities and Exchange Commission's Office of Inspector General by visiting www.sec.gov/oig or calling (833) SEC-OIG1 (732-6441). 

Further, the alert stated, “Bewаre of government impersonаtor schemes. Con аrtists hаve used the nаmes of reаl SEC employees аnd emаil messаges thаt fаlsely аppeаr to be from the Securities аnd Exchаnge Commission to trick victims into sending the frаudster’s money. Impersonаtion of US Government аgencies аnd employees (аs well аs of legitimаte finаnciаl services entities) is one common feаture of аdvаnce fee solicitаtions аnd other frаudulent schemes. Even where the frаudsters do not request thаt funds be sent directly to them, they mаy use personаl informаtion they obtаin to steаl аn individuаl’s identity or misаppropriаte their finаnciаl аssets.”

Child Identity Fraud Costs Nearly $1 Billion per Year

 

On November 2, Javelin Strategy & Research published a new study that stated the yearly cost of child identity theft and fraud in the United States is estimated to be approximately $1 billion. 

Tracy Kitten, director of fraud & security at Javelin Strategy & Research, published the 2021 Child Identity Fraud research, which examined the variables that put children at the most risk of identity theft and fraud. The research examined habits, characteristics, and social media platforms as risk factors. 

Children who use Twitch (31%), Twitter (30%), and Facebook (25%), as per the survey, are most prone to have their personal information compromised in a data breach. Another significant result was that in the previous year, more than 1.25 million children in the United States were victims of identity theft and fraud. On average, the family spent more than $1,100 to resolve the matter, and it took a long time. 

Surprisingly, the survey indicated that over half of all child identity theft and fraud instances include children aged nine and under, with the majority of victims (70 percent) knowing their attackers.

Kitten added, “One of the most eye-opening findings from our research was just how much risk children are exposed to when they are not supervised online. Add to that nearly 90% of the households with internet access say they have children on social media, and the picture our findings paint quickly becomes dark, grim, and scary.” 

Criminals utilised social media to gain access to vulnerable minors, according to Kitten, a journalist and cybersecurity subject specialist. 

“Predators and cybercriminals lurk in the wings of all social media platforms, waiting for the moment to prey on overly trusting minors who may not fully understand safe online behaviour.” 

Families should limit and supervise children' usage of social media and messaging platforms, and be on the watch for cyber-bullying, according to Javelin. 

“Platforms that allow users to direct/private message (DM), friend, or follow other users via public search pose the greatest concern,” stated a company spokesperson. 

Parents were advised not to reveal their children's personal information on social media and to set a good example for their children by demonstrating safe online conduct.