Search This Blog

Showing posts with label Scam. Show all posts

The Infamous Cybercrime Marketplace Now Offers Pre-order Services for Stolen Credentials

 

In accordance with Secureworks, info stealer malware, which consists of code that infects devices without the user's knowledge and steals data, is still widely available for purchase through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing at alarming rates. 

Between June 2021 and May 2023, the Russian market alone grew by 670%. “Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access,” said Don Smith, VP of threat research, Secureworks CTU. 

“They are readily available for purchase, and within as little as 60 seconds of installation on an infected computer will immediately generate a return on investment in the form of stolen credentials and other sensitive information. However, what has really changed the game, as far as info stealers are concerned, is improvements in the various ways that criminals use to trick users into installing them. That, coupled with the development of dedicated marketplaces to sell and purchase this stolen data, has really upped the ante,” added Smith. 

Researchers at Secureworks examined the most recent trends in the underground info stealer market, including how this sort of malware is growing more complex and harder to detect, offering a challenge to corporate network defenders. Among the key findings are:

The number of info stealer logs for sale on underground forums grows with time. The number of logs for sale on the Russian market alone surged by 150% in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

The overall growth rate for the number of logs for sale on the Russian market was 670% over a roughly two-year period (measured on a single day in June 2021 and a single day in May 2023).

The Russian market continues to be the largest seller of info stealer logs. At the time of writing, Russian Market has five million logs for sale, which is around ten times more than its nearest competitor.t is well-known among Russian cybercriminals and is often utilized by threat actors globally. Recently, Russian Market has included logs from three new thieves, indicating that the site is adapting to the ever-changing e-crime scenario.

Raccoon, Vidar, and Redline remain the top three info stealer logs for sale. On a single day in February, the following logs, or data sets of stolen credentials, were for sale among these popular info stealers on the Russian Market:
  • The number of raccoons is 2,114,549.
  • Vidar: 1,816,800
  • The redline is 1,415,458.
The recent law enforcement effort against Genesis Market and Raid Forums has influenced the behavior of cybercriminals. Telegram has benefited from this, with more log buying and trading going to specialized Telegram channels for prominent stealers like RedLine, Anubis, SpiderMan, and Oski Stealer. Despite the arrests of several users and the removal of 11 domains affiliated with Genesis Market, the Tor site remains operating, with logs still for sale.

However, activity on the marketplace has nearly ceased, as criminals have begun debating the matter on underground forums, raising concerns about the platform's reliability. A rising market has evolved to address the demand for after-action solutions that aid with log parsing, a time-consuming and difficult operation that is often left to more experienced hackers.

As the number of info stealers and available logs grows, these tools are expected to become more popular and assist to decrease the entry barrier. The successful development and deployment of info stealers, like the overall cybercrime ecosystem, depends on individuals with diverse skills, jobs, and responsibilities. The growth of malware-as-a-service has encouraged developers to innovate in order to better their products and appeal to a broader spectrum of clients.

For example, Russian Market now allows customers to preorder stolen credentials for a certain organization, business, or program for a $1,000 deposit into the site's escrow mechanism. The pre-order service offers no guarantees but allows crooks to progress from opportunistic to targeted.

“What we are seeing is an entire underground economy and supporting infrastructure built around infostealers, making it not only possible but also potentially lucrative for relatively low skilled threat actors to get involved. Coordinated global action by law enforcement is having some impact, but cybercriminals are adept at reshaping their routes to market,” continued Smith.

“Ensuring that you implement multi-factor authentication to minimize the damage caused by the theft of credentials, being careful about who can install third-party software and where it is downloaded from, and implementing comprehensive monitoring across host, network and cloud are all key aspects of a successful defense against the threat of infostealers,” concluded Smith.

Phishing, compromised websites, malicious software downloads, and Google advertisements can all be used to install info stealers on a computer or device. Stolen credentials accounted for nearly one-tenth of the incident response engagements Secureworks was involved in 2022, and were the initial access vector (IAV) for more than a third (34%) of ransomware engagements from April 2022 to April 2023.

Royal Mail's £1bn Losses: Strikes, Cyber Attack, and Online Shopping Crash

The Royal Mail, the UK's national postal service, has reported losses surpassing £1 billion as a combination of factors, including strikes, a cyber attack, and a decrease in online shopping, has taken a toll on its post and parcels business. These significant losses have raised concerns about the future of the company and its ability to navigate the challenges it faces.

One of the key contributors to the Royal Mail's losses is the series of strikes that occurred throughout the year. The strikes disrupted operations, leading to delays in deliveries and increased costs for the company. The impact of the strikes was compounded by the ongoing decline in traditional mail volumes as more people turn to digital communication methods.

Furthermore, the Royal Mail was also targeted by a cyber attack, which further disrupted its services and operations. The attack affected various systems and required significant resources to mitigate the damage and restore normalcy. Such incidents not only incur immediate costs but also undermine customer trust and confidence in the company's ability to protect their sensitive information.

Another factor contributing to the losses is the decline in online shopping, particularly during the pandemic. With lockdowns and restrictions easing, people have been able to return to physical retail stores, leading to a decrease in online orders. This shift in consumer behavior has impacted Royal Mail's parcel business, which heavily relies on the growth of e-commerce.

To address these challenges and turn the tide, the Royal Mail will need to focus on several key areas. Firstly, the company should strive to improve its relationship with its employees and work towards resolving any ongoing disputes. By fostering a harmonious working environment, the Royal Mail can minimize disruptions caused by strikes and ensure the smooth functioning of its operations.

Secondly, it is crucial for the Royal Mail to enhance its cybersecurity measures and invest in robust systems to protect against future cyber attacks. Strengthening the company's digital defenses will not only safeguard customer data but also bolster its reputation as a reliable and secure postal service provider.

Lastly, the Royal Mail must adapt to changing consumer behaviors and capitalize on emerging opportunities in the e-commerce market. This could involve diversifying its services, expanding its international reach, and investing in innovative technologies that streamline operations and enhance the customer experience.




Police Blocked 20K+ Mobile Numbers Issued on Fake Papers

 

In accordance with a police officer, Haryana Police's cyber nodal unit has blocked 20,545 mobile phones issued on fraudulent and counterfeit paperwork. According to a Haryana police spokesman, the majority of the blocked SIM cards were issued in Andhra Pradesh, with West Bengal and Delhi following closely behind. 

Similarly, the police have detected and reported on the portal more than 34,000 cellphone numbers involved in cyber fraud operating across the state, including 40 hotspot villages in Nuh district. 

“At the same time, the remaining 14,000 mobile numbers involved in cyber fraud will also be blocked soon through the Department of Telecom, Government of India,” the police officials said.

A police official told reporters today that the state crime division is currently monitoring all mobile numbers implicated in cybercrime and is collecting reports from districts on a daily basis. He stated that 102 teams of 5000 Haryana Police officers recently stormed 14 cybercrime hotspot villages in the Nuh district.

“For this reason, at present, Haryana is at the top position in blocking mobile numbers used in cyber fraud. At present more attention is being given to such areas and villages from where cyber fraud incidents are being carried out. Recently, 102 teams of 5000 policemen of Haryana Police raided 14 cybercrime hotspots villages in Nuh district,” he added.

He further stated that Andhra Pradesh has issued the most cellphone numbers implicated in cybercrime, and that they are being used to commit cybercrime in the state.

“Currently, out of the total identified mobile numbers issued on Fake ID, a maximum of 12,822 mobile numbers have been issued from Andhra Pradesh, 4365 from West Bengal, 4338 from Delhi, 2322 from Assam, 2261 from North East states and 2490 from Haryana state. All the numbers are currently operating from different areas of Haryana and the same has been intimated to the Department of Telecom to block them,” he added.

OP Singh, Chief of the State Crime Branch and Additional Director General of Police, stated that the state crime branch, as the state nodal agency for cybercrime, has a team of 40 highly skilled cyber police personnel who have been deployed at helpline 1930 to quickly register reported incidents and collect relevant data.

Verified Facebook Accounts Being Hijacked to Distribute Malware; Here's How You Can Protect Yourself

 

Hackers have been caught getting into popular verified Facebook pages and using them to distribute malware through adverts on the social media behemoth. Matt Navarra, a social strategist, was the first to notice the harmful effort, exposing the danger on Twitter. 

According to Navarra, whoever is behind the campaign targeted popular Facebook sites first (one of the victims has over seven million followers and has been active for over a decade). If they gained access, they would rename the page something like Meta (Facebook's parent company) or Google. They would then buy an ad on the social media network, targeting page managers and advertising specialists.

“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.

There are several issues with this campaign, according to Navarra, including how the accounts were compromised, how Facebook enabled the threat actors to change the page's name to something seemingly related to Meta while keeping the blue checkmark, and how they were able to buy and run ads that clearly redirect the target audience to a shady website at best. 

According to TechCrunch, Facebook has since disabled all of the affected accounts and shut down the malicious activities. It also stated that Facebook pages now disclose whether or not the page has changed its name in the past, and if so, from what, which is a nice move to increase openness. 

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”

Study: Artificial Intelligence is Fueling a Rise in Online Voice Scams

 

In accordance with McAfee, AI technology is supporting an increase in online speech scams, with only three seconds of audio required to duplicate a person's voice. McAfee studied 7,054 people from seven countries and discovered that one-quarter of adults have previously experienced some type of AI speech fraud, with one in ten being targeted directly and 15% reporting that it happened to someone they know. 77% of victims reported financial losses as a result. 

Furthermore, McAfee Labs security researchers have revealed their findings and analysis following an in-depth investigation of AI voice-cloning technology and its application by cyber criminals. Scammers replicating voices with AI technology. Everyone's voice is distinct, like a biometric fingerprint, which is why hearing someone speak is considered trustworthy.

However, with 53% of adults giving their speech data online at least once a week (through social media, voice notes, and other means) and 49% doing so up to 10 times a week, copying how someone sounds is now a potent tool in a cybercriminal's inventory.

With the popularity and usage of artificial intelligence techniques on the rise, it is now easier than ever to edit photos, videos, and, perhaps most alarmingly, the voices of friends and family members. According to McAfee's research, scammers are utilizing AI technology to clone voices and then send a phoney voicemail or phone the victim's contacts professing to be in crisis - and with 70% of adults unsure they could tell the difference between the cloned version and the genuine thing, it's no surprise this technique is gaining momentum.

45% of respondents stated they would respond to a voicemail or voice message claiming to be from a friend or loved one in need of money, especially if they believed the request came from their partner or spouse (40%), parent (31%), or child (20%).
 
At 41%, parents aged 50 and up are most likely to respond to a child. Messages saying that the sender had been in a car accident (48%), robbed (47%), lost their phone or wallet (43%), or required assistance when travelling abroad (41%), were the most likely to generate a response.

However, the cost of falling for an AI voice scam can be enormous, with more than a third of those who lost money stating it cost them more than $1,000, and 7% being fooled out of $5,000 to $15,000. The survey also discovered that the growth of deepfakes and disinformation has made people more skeptical of what they see online, with 32% of adults stating they are now less trusting of social media than they were previously.

“Artificial intelligence brings incredible opportunities, but with any technology, there is always the potential for it to be used maliciously in the wrong hands. This is what we’re seeing today with the access and ease of use of AI tools helping cybercriminals to scale their efforts in increasingly convincing ways,” said Steve Grobman, McAfee CTO.

McAfee researchers spent three weeks studying the accessibility, ease of use, and usefulness of AI voice-cloning tools as part of their analysis and assessment of this emerging trend, discovering more than a dozen publicly available on the internet.

There are both free and commercial tools available, and many just require a basic degree of skill and competence to utilize. In one case, three seconds of audio was enough to provide an 85% match, but with additional time and work, the accuracy can be increased.

McAfee researchers were able to achieve a 95% voice match based on a limited number of audio samples by training the data models. The more realistic the clone, the higher a cybercriminal's chances of duping someone into turning over their money or performing other desired actions. A fraudster might make thousands of dollars in only a few hours using these lies based on the emotional flaws inherent in close relationships.

“Advanced artificial intelligence tools are changing the game for cybercriminals. Now, with very little effort, they can clone a person’s voice and deceive a close contact into sending money,” said Grobman.

“It’s important to remain vigilant and to take proactive steps to keep you and your loved ones safe. Should you receive a call from your spouse or a family member in distress and asking for money, verify the caller – use a previously agreed codeword, or ask a question only they would know. Identity and privacy protection services will also help limit the digital footprint of personal information that a criminal can use to develop a compelling narrative when creating a voice clone,” concluded Grobman.

McAfee's researchers noticed that they had no issue mimicking accents from throughout the world, whether they were from the US, UK, India, or Australia, but more distinctive voices were more difficult to replicate.

For example, the voice of someone who speaks at an unusual pace, rhythm, or style requires more effort to effectively clone and is thus less likely to be targeted. The research team's overarching conclusion was that artificial intelligence has already changed the game for cybercriminals. The barrier to entry has never been lower, making it easier to perpetrate cybercrime.

To protect against AI voice cloning, it is recommended to establish a unique verbal "codeword" with trusted family members or friends and to always ask for it if they contact you for assistance, especially if they are elderly or vulnerable. When receiving calls, texts, or emails, it is important to question the source and consider if the request seems legitimate. If in doubt, it is advisable to hang up and contact the person directly to verify the information before responding or sending money. It is also important to be cautious about sharing personal information online and to carefully consider who is in your social media network. Additionally, consider using identity monitoring services to protect your personally identifiable information and prevent cyber criminals from posing as you.

Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

 

If you receive an unusual phone call from a family member in trouble, be cautious: the other person on the line could be a scammer impersonating a family member using AI voice technologies. The Federal Trade Commission has issued a warning about fraudsters using commercially available voice-cloning software for family emergency scams. 

These scams have been around for a long time, and they involve the perpetrator impersonating a family member, usually a child or grandchild. The fraudster will then call the victim and claim that they are in desperate need of money to deal with an emergency. According to the FTC, artificial intelligence-powered voice-cloning software can make the impersonation scam appear even more authentic, duping victims into handing over their money.

All he (the scammer) needs is a short audio clip of your family member's voice—which he could get from content posted online—and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one,” the FTC says in the Monday warning.

The FTC did not immediately respond to a request for comment, leaving it unclear whether the US regulator has noticed an increase in voice-cloning scams. However, the warning comes just a few weeks after The Washington Post detailed how scammers are using voice-cloning software to prey on unsuspecting families.

In one case, the scammer impersonated a Canadian couple's grandson, who claimed to be in jail, using the technology. In another case, the fraudsters used voice-cloning technology to successfully steal $15,449 from a couple who were also duped into believing their son had been arrested.

The fact that voice-cloning services are becoming widely available on the internet isn't helping matters. As a result, it's possible that scams will become more prevalent over time, though at least a few AI-powered voice-generation providers are developing safeguards to prevent potential abuse. The FTC says there is an easy way to detect a family emergency scam to keep consumers safe. "Don't believe the voice. Call the person who allegedly contacted you to confirm the story. 

“Don’t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs,” the FTC stated. “If you can’t reach your loved one, try to get in touch with them through another family member or their friends.”

Targeted victims should also consider asking the alleged family member in trouble a personal question about which the scammer is unaware.

How Scammers Trap Businesses

 

With significant ramifications for South African businesses that have vulnerabilities in their payment systems, the growth in financial and accounting hacking through phishing and Business Email Compromise (BEC) has made headlines. 

However, strong financial controls combined with strong server, IT, and email monitoring processes aren't enough if staff aren't savvy to the psychological tricks scammers use to manipulate people, making them more susceptible to tricker and deception,says Ryan Mer, CEO at eftsure Africa, a Know Your Payee™ (KYP) platform provider. 

The idea that only gullible people are victims of payment fraud and cybercrime is hazardous because it breeds complacency among highly educated people who hold senior positions in organisations. Criminals that engage in paying are frequently highly talented, well-equipped, and knowledgeable enough about their field to pass for professionals, Mer added. 

Manipulating credibility and trust

In order to obtain information or persuade targets to act, con artists rely on human instincts to be kind, avoid conflict, and find quick and efficient solutions to problems. An attempt to gain the trust of a potential victim by posing as a well-known or reliable individual is a common modus operandi. Examples include a worker getting a letter from the finance director of a company telling them to make a quick payment to a vendor or an HR manager getting a nice email from a worker asking that their bank information be altered for payroll purposes.

According to Mer, “an employee’s desire to perform their duties swiftly and competently, especially for a trusted figure of authority, is manipulated by criminals who rely on an instruction being actioned without question for a scam to be successful. In such instances, only an automated system for detecting red flags in outbound payments can offer the level of protection organisations really need to counter human error.” 

Making use of urgency 

Despite scammers' increasing creativity, a tried-and-true strategy that hackers frequently use is making their victims feel as though something is urgent. According to Mer, phishing emails and business email compromise scams are made to increase the likelihood that employees will report a potential concern by coaxing them into doing so. Scammers entice victims into taking rapid action before they have time to stop and consider the actions they are taking. Establishing procedures that force employees to take their time and carefully review all actions involving payments is essential. 

Before granting an urgent request, one should exercise caution and carefully verify any abrupt changes in a customer's or supplier's business operations, such as the addition of a new point of contact or a change to their email address or banking information. Scammers frequently rely on the herd effect, in which individuals in organisations behave as their peers do. 

There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. Even the most attentive teams can fall victim to sophisticated phishing and BEC scams, thus having sound business procedures and knowledgeable employees only goes so far in defending a company. 

Future threats

It is a moving target since cybercrime is always changing. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. The report estimated that the country's annual cost from cybercrime is an astounding R2.2 billion. For South African businesses, it is essential to maintain knowledge of the most recent scams and the methods used to carry them out. Moreover, independent third-party verification systems like eftsure can provide a much-needed additional layer of protection by automating payment checking and supplier verification, saving time on manual operations, and minimising human mistake.

Resecurity Discovered the Investment Scam Network Digital Smoke

 

Resecurity discovered one of the largest investment fraud networks in terms of size and volume of operations designed to defraud InteSecurity from Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, the United Arab Emirates, Saudi Arabia, Mexico, the United States, and other regions. The bad actors, acting as an organized crime syndicate, built a massive infrastructure to impersonate popular Fortune 100 corporations from the United States and the United Kingdom, using their brands and market reputation to defraud consumers. Once the victims' payments are received, they delete previously created resources and launch the next new campaign, which is why the group was dubbed "Digital Smoke" by investigators.

According to the FTC's most recent report, "The Top Scams of 2022," people reported losing $8.8 billion to scams. The total damage from investment fraud, including ponzi and pyramid schemes, exceeds $5.8 billion in the United States and more than $77 billion globally (2022), with significant rapid growth beginning in Q1 2023. Beyond monetary losses, investment fraud causes significant harm to investors. According to a FINRA survey, financial scams cause health, marital, and trust issues. Businesses suffer significant damage to customer loyalty and brand reputation, affecting sales and market profile in the long run.

Notably, bad actors have impersonated world-renowned brands such as ABRDN (UK), Blackrock (US), Baxter Medical (US), EvGo (US), Ferrari (Italy), ITC Hotels (India), Eaton Corporation (US/UK), Novuna Business Finance (UK), Tata (India), Valesto Oil (Malaysia), Lloyds Bank (UK), and many more.

Applied to financial services (FIs), oil and gas, renewable energy, EV batteries, electric vehicles, healthcare, semiconductors, and globally recognized investment corporations and funds. In Q4 of 2022, information about Digital Smoke, as well as the identities of key actors, was shared with the Indian Cybercrime Coordination Center and US Law Enforcement. The majority of scam projects have been terminated as a result of coordinated action and numerous domain takedowns.

The group's operating model was centered on investment opportunities in non-existent products and investment plans purportedly offered by Fortune 100 corporations and state-owned entities. The bad actors created a large network of WEB-resources and related mobile applications hosted on bulletproof hosting providers in jurisdictions not easily reachable for immediate takedowns - the total number of identified hosts in December 2022 alone exceeded 350+ with thousands of related domains used for'cloaking' (Black SEO), hidden redirects, and short URLs for protection of the payment gateway used by fraudsters to collect payments from victims lever Notably, a combination of these methods allowed fraudsters to process funds with great flexibility, including support for Google Pay (GPay), PhonePe, Paytm, and major online-banking platforms.

To attract investors, the bad actors registered multiple fake domain names with similar brand spelling and promoted them via social media and instant messenger apps. Notably, the links used by bad actors to register new victims included a referral code that was linked to affiliates promoting the scam on YouTube and WhatsApp IM. After the victim registers, the bad actors ask them to make a deposit by sending money to an Indian bank account.

Notably, Digital Smoke cybercriminals were interested in oil markets and renewable energy products. The impersonators included Shell, Glencore, Ovintiv, and Lukoil, as well as Velesto Oil, a Malaysia-based multinational provider of drilling for the upstream sector of the oil and gas industry. ACWA Power, based in the Kingdom of Saudi Arabia, was identified as one of the most recent brands abused in January 2023.

This aspect distinguishes the campaign because of the strong emphasis on oil traders, which is not commonly used by investment scammers. In some of the observed scams, bad actors offered victims the opportunity to invest in new oil fields, the construction of petroleum stations, and renewable energy technologies. It's worth noting that some of the language used in this pretext was lifted from existing investment programs aimed at entrepreneurs and franchises looking for new business opportunities in the oil and gas industry. This activity is unusual for cybercriminals and may serve as a clear differentiator for the Digital Smoke group. The activity spike occurred during the Christmas and New Year's holiday seasons when both Internet users and financial institutions were overwhelmed with logistics and payments. In the first quarter of 2023, the activity continued to include new impersonated brands from other industries, such as semiconductors and EV batteries.

Aside from businesses, the fraudsters had no qualms about targeting state-owned enterprises and using their profiles to defraud users. The India Brand Equity Foundation, a Trust established by the Government of India's Department of Commerce, Ministry of Commerce and Industry, was one of the organizations impersonated by Digital Smoke fraudsters. Following a similar pattern, the bad actors created a number of scams that impersonated government resources in the UAE by imitating the profile of the Minister of State for Foreign Trade.

The Digital Smoke case is noteworthy, and it may confirm how sophisticated investment scams have become in recent years. Fraudsters put in a lot of time and effort to create high-quality resources that look almost identical to their well-known investment product counterparts - in the case of Digital Smoke, they created a separate mobile app with a unique design for each investment scam they ran.

Digital Smoke has clearly demonstrated how bad actors use cross-border payments and different jurisdictions to make further investigation and identification of their victims more difficult. Investment fraudsters take advantage of this flaw to conceal the origin of the activity and distribute payment flows through multiple merchants and money mules located in different countries. Resecurity discovered a large network of money mules leveraging accounts in multiple Indian financial institutions that process victim payments. The accounts that were involved in fraudulent activity were reported to law enforcement.

“Proactive fraud intelligence gathering enables to protect consumers and keep financial institutions aware about merchants used by cybercriminals. Their timely identification along with tracking of involved money mules helps to minimize potential damage caused by illicit activity.” – said Christian Lees, Chief Technology Officer (CTO) at Resecurity, Inc.

Notably, legitimate businesses that have been impersonated suffer serious consequences, both in terms of reputation and customer loyalty - which is why an effective and ongoing brand protection system is one of the must-have solutions to mitigate the negative side effects of such scams. Business leaders should consider monitoring their brands' online exposure, which includes, but is not limited to, social media, mobile marketplaces, and instant messaging services.

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore


Ex Employee dupes Uber of Rs 1.17 Crore

A former Uber employee has been charged for duping the company of Rs. 1.17 crore by making 388 fake driver profiles and putting them on the company's server. The money was then transferred to only 18 bank accounts linked with these fake profiles. The accused was working with the company till December 2021 as a contractor. Uber's authorized signatory lodged the complaint in April last year. The accused's job was to look over driver payments and update the information of the authorized drivers in the company's spreadsheet so that the money could be transferred to the respective accounts.

FIR registered

Uber during its inquiry, discovered that out of the 388 fake driver profiles, 191 profiles were made using the same IP addresses associated with the accused man's system. 

"To avoid inconveniencing driver partners, a spreadsheet is automatically uploaded regularly. A large number of transactions were processed by this automated spreadsheet and the accused was responsible for updating the details of the driver-partner accounts to be paid," Uber said in the complaint. The man created and made various fake driver partners’ accounts in the spreadsheet.

According to the police, the accused has been booked under sections 408 (criminal breach of trust by a servant), 420 (cheating), 477-A (falsification of accounts), and 120-B (criminal conspiracy) of the IPC. 

The Uber complaint further read "191 cases out of 388 cases matched with the IP addresses used by Viney Gera to log into his work computer on the same day as the creation of the accounts. In the above manner, a total amount of Rs 1,17,03,033 has been fraudulently paid to these fake driver partners into only 18 bank accounts."

PTI quotes Inspector Deepak Kumar, SHO, Sushant Lok Police Station said "we are investigating the matter and the accused will be arrested as soon as possible," PTI reports.  

Handling of driver partner payments

An Indian Express report explained how Uber handles driver payments when their accounts show a negative balance. A negative balance in an Uber driver's account means payment is overdue. This is removed when the driver pays the amount to the company. After this, a positive payment is credited to the partner's account, and the details of the transaction are updated in a spreadsheet. 

The data (company spreadsheet) is then "uploaded to an Uber Payment Tool through an automated python script." The upload adds a positive balance to the driver partner's account to remove arrears that allow the driver to drive again. 


Hackers Target Chick-fil-A Customers Credentials

Chick-fil-A- is investigating concerns of suspicious transactions on its mobile app after multiple users claimed that hackers gained their personal data, including bank account details.

Customers at Chick-fil-A, a well-known chicken restaurant business, may be the latest targets of hackers. According to a recent article in Nation's Restaurant News, the fast food chain is investigating potential hacks of mobile apps that have exposed customers' sensitive information.

According to Krebs on Security, one bank claimed it had nearly 9,000 customer card details listed in an alert sent to various financial institutions regarding a breach at an anonymous retailer that occurred between December 2, 2013, and September 30, 2014, and that Chick-fil-A locations were the only common point-of-purchase. As per Krebs, "the majority of the fraud, according to a financial source, appeared to be centered at sites in Georgia, Maryland, Pennsylvania, Texas, and Virginia."

Customers are recommended to promptly change their passwords to new ones that are distinct, complex, and therefore not used for other online platforms or accounts if they detect anything unusual.

In regard to the reports, Chick-fil-A posted a statement on social media stating that the company is aware of the matter and is working quickly to resolve it. The business does point out that it has not discovered proof that its internal security has been infiltrated by hackers or otherwise compromised.

Customers who are impacted can find information on what to do if they see any suspicious activity on their accounts, can see mobile orders placed without their consent, or discover that their loyalty points were fraudulently redeemed or used to purchase gifts on a support page on Chick-fil-One A's Membership Program customer service website.

Pig Butchering Scam: Here's Everything you Need to Know

 

Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of "social engineering" to deceive a victim into taking an unfavourable action, like transferring money into thin air or placing their faith in someone they shouldn't. These days, a new form of these schemes known as "pig butchering" is on the rise, entangling unwary victims to take all of their money and functioning on a big scale in large part due to forced labour. 

Due to a technique where attackers effectively fatten victims up and then take everything they have, pig butchering scams began in China, where they are known by the Chinese name shzhpán. The majority of these schemes use cryptocurrencies, however they can also incorporate other forms of financial trading.

Scammers use SMS texting or other social networking, dating, and communication platforms to make cold calls to potential victims. They frequently just greet you and say something like, "Hey Josh, it was great catching up last week!" The scammer takes advantage of the opportunity to start a discussion and lead the victim to believe they have a new friend if the recipient responds by saying that the attacker has the wrong number. After building a connection, the assailant will mention that they have been successful in investing in cryptocurrencies and urge the target to do the same while they still have the chance.

The scammer then installs a malicious app or web platform on the target that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims are frequently presented with curated real-time market data designed to demonstrate the investment's potential. And, once the target has funded their "investment account," they can begin to watch their balance "grow." The creation of malicious financial platforms that appear legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, such as allowing victims to make a video call with their new "friend" or withdraw a small amount of money from the platform to reassure them. The latter is a strategy used by scammers in traditional settings.

The swindle has some new twists, but you can see where it's going. The attackers close the account and disappear once the victim has deposited all of their money and everything the scammers can get them to borrow.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.” 

Though carrying out pig butchering scams requires a significant amount of communication and relationship building with victims over time, researchers claim that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborer's who are victims of human trafficking.

“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”

The idea is similar to ransomware attacks and digital extortion, in which law enforcement encourages victims not to pay hackers' ransom demands in order to disincentive them from trying again.

Although the Chinese government began cracking down on cryptocurrency scams in 2021, criminals were able to relocate their pig butchering operations to Southeast Asian countries such as Cambodia, Laos, Malaysia, and Indonesia. Governments all over the world have been warning about the threat. The FBI's Internet Crime Complaint Center received over 4,300 submissions related to pig butchering scams in 2021, totaling $429 million in losses. In addition, the US Department of Justice announced at the end of November that it had seized seven domain names used in pig butchering scams in 2022.

“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI stated in an October alert.

Government officials and researchers emphasize the importance of public education in preventing people from becoming victims of pig butchering schemes. People are less likely to be taken in if they recognize the warning signs and understand the concepts underlying the scams. The challenge, they say, is reaching out to a larger audience and convincing people who learn about pig butchering to share their knowledge with others in their families and social circles.

According to researchers, pig butchering scams, like romance scams and other highly personal and exploitative attacks, take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds another layer of trauma to the situation, making it even more crucial to address the threat.

“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”

How to Prevent Online Credit Card Frauds ?

 

Approximately 80% of Americans shop online. That's more than 263 million people, and the number is expected to grow by 31.2 million by 2025. (via Statista). E-commerce is popular because it is convenient, but the unforeseen result is cybercrime. 

According to a 2020 report by the FBI's Internet Crime Complaint Center (IC3), US citizens lost more than $1.8 billion to online skimming and related crimes that year. Shady characters continue to devise inventive methods to steal money from connected accounts by lifting or scraping unsuspecting victims' credit card information. Credit card fraud schemes vary — sometimes fraudsters create spoof websites and phish credit card information from the checkout page, and you will, of course, not receive the items you paid for.

Other times, they may send you text messages or emails claiming you are eligible for a refund for an item or service you never purchased, then demand your credit card information to "credit" you.
According to The Ascent research, approximately 35% of American consumers have been victims of credit card fraudsters. Because the likelihood of falling for these schemes increases with age, we'll share a few tips to help you avoid becoming a statistic. But first, let's go over the fundamentals.

Online credit card skimming:

Skimming is not a recent concept. Physical card skimming began with physical card skimming, which you may have viewed in movies: a scammers attaches a small device known as a skimmer to a card reader at a gas station, ATM, or other point of sale terminal. The skimmer steals unsuspecting customers' credit card information, which the fraudster then recovers and uses to make online purchases.

However, online skimming is not the same. Magecart attacks are a combination of Magento — the Adobe-owned e-commerce platform that was the original target of fraudsters — and cart. This is how it works: Instead of using physical hardware, hackers place malicious Javascript code called sniffers on websites, and those sniffers lift payment card numbers.

Malicious actors could also insert malicious fields into payment forms or create redirect links to steal customers' credit card information. Magecart skimmers typically sell the information they collect on the dark web for as little as $5. (via PCMag).

Magecart malware is difficult to detect on websites. Everything works and looks the same for the most part. However, being cautious can help you detect when something is amiss, such as being redirected to a website that does not appear secure. There are several ways to determine this.

To begin, click on the lock in the address bar to ensure the security of the website. If the lock is not closed, the connection is not secure, and the site may not be genuine. You could also look at the website's copyright date at the bottom. 

To protect visitors from compromise, secure websites frequently update the interface and protocols, ensuring that the copyright is always up-to-date or at least recent. If a website's copyright is out of date, this is a red flag (via Norton). Finally, avoid clicking on links or downloading attachments from text messages or emails. Unfortunately, being cautious will not completely protect you from skimming.

Magecart attackers steal the payment application infrastructure, which is typically provided to e-commerce merchants by third-party service providers, so even completely secure websites may contain skimming malware (via SISA). However, there is a better line of defence.  

As the number of skimming attacks grows, banks and other financial institutions are taking steps to safeguard their customers from fraud, and virtual cards are one of those solutions. They are linked to your credit card, but they can generate one-time use account numbers, security codes, expiration dates, and CVV codes for online transactions while protecting your actual credit card information.

It's also a good idea to use only one credit card for online shopping so that you can keep track of it easily. Also, contact your bank and request that international purchases on your credit card be disabled. The majority of skimming scams are card-not-present (CNP) transactions, which means that the fraudsters will use a compromised card to make a purchase in a location other than the card owner's. The victim could be in Milwaukee and receive strange debit alerts for purchases made in Miami.  

How Con Artists are Getting Conned? Here’s All You Need to Know

 

Scammers keep demonstrating how evil never sleeps. While their goals—to acquire peoples' financial and personal information—remain the same, their strategies frequently change to stay relevant. In fact, con artists have improved their methods and abilities to the point where some of them even con fellow con artists since their familiarity with the techniques makes it simpler to evade discovery and extort something from them. 

According to a recent Sophos study, cybercriminals are allegedly defrauding one another of millions of dollars and utilizing arbitration to settle disputes over the schemes. The findings also reveal how attackers carry out their schemes against one another using tried-and-true techniques, some of which are decades old, such as typosquatting, phishing, backdoored software, and false marketplaces. 

Let's go through each technique one at a time for those who are not familiar with how they operate: 

Typosquatting: An attack that targets users who inadvertently enter the incorrect website address into their browser's URL field. Internet users frequently have no notion that the websites they are viewing or buying from are phony. This identity theft could be used by dishonest website operators to trick users into disclosing their personal information. 

Phishing: An online scam in which victims are duped by receiving emails purporting to be from banks, mortgage lenders, or internet service providers. 

Backdoor malware: Malware that bypasses standard authentication procedures to access the system.  As a result, application resources are accessible remotely, giving attackers the ability to remotely update malware and run system commands. 

Fake marketplace: The website acts as a launchpad for scams like fraudulent goods, catfishing, and even hacking. 

Hackers and fraudsters are now more prevalent than only knowledgeable software developers and computer specialists. Today's technology is so user-friendly that "noobs" could be in charge of a fraud occurrence that costs companies and clients millions of dollars. 

The number of fraud incidents rose by more than doubling (178%) in Asia-Pacific alone in the first quarter of 2021 compared to the same time in 2020. The two most frequent occurrence categories are online banking fraud and account takeovers, with increases of 250 percent and 650 percent, respectively. 

Scammers getting the taste of their own medicine 

For this research, BreachForums, an English-language cybercrime forum and marketplace that focuses on data leaks, as well as Exploit and XSS, were examined by Sophos X-Ops experts. Russian-language cybercrime forums Exploit and XSS provide access-as-a-service (AaaS) listings. All three locations have dedicated arbitration rooms. 

Even while it occasionally causes chaos between "plaintiffs and defendants," the scamming of fraudsters is lucrative. Some alleged offenders simply disappear or call the complainants themselves "rippers." Sophos examined 600 scams over the course of a year, with claims ranging from US$ 2 to US$ 160,000, costing hackers more than US$ 2.5 million between them on just three sites. 

Not all scams are conducted merely for financial gain. Matt Wixey, a Senior Security Researcher at Sophos, claims that interpersonal conflicts and rivalries were common. They also found cases where con artists would defraud those who had defrauded them. 

“In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying US$ 250 to join a fake underground forum. The ‘winner’ of the contest received US$ 100,” Wixey stated. Additionally, Sophos discovered that the dispute resolution and arbitration procedures left a wealth of unused intelligence behind, which security professionals and law enforcement might use to better understand and stop cybercriminal tactics.

Fake Festive Scams Set to Surge as AFP Alerts of Fake Delivery Texts

 

The Australian Federal Police is gearing up for an uptick in the number of Australians falling victim to fake delivery scams as criminal syndicates take advantage of the Christmas shopping season. Scammers use legitimate-looking text messages to deceive people into providing personal information, which is then sold on the dark web for a profit or used to defraud victims out of thousands of dollars. 

The messages purport to be a delivery status update and encourage the recipient to click on a link to track, redirect, or collect a parcel. They may occasionally request that the recipient confirm a postal address. Scammers frequently use a technique known as "spoofing," which involves using software technology to disguise a phone number and make it appear to be from a legitimate source to impersonate businesses and popular delivery services, including Australia Post, DHL and Amazon.

When the recipient clicks on the link, they are taken to a bogus company website where they are asked to enter their personal information in order to complete the delivery. The scams are engineered to steal personal and financial information from victims and install malware on their devices, enabling criminals to access their usernames and passwords.

According to the Australian Competition and Consumer Commission, Australians will lose more than $2 billion to scams in 2021. This figure is expected to exceed $4 billion by the end of the year.

Phishing is the most common type of scam, with over 57,000 reports of suspicious calls and messages to the commission in the first ten months of this year. Criminals sought to exploit people who were stressed and less attentive in the run-up to the holiday season, according to AFP cybercrime operations commander Chris Goldsmid.

He stated that criminals used the information gained from the scams to extract money from the recipients' bank accounts, apply for loans in their name, or sell their information online to other criminals for profit.

“Scam activity, in particular, is profit-driven,” he said. “Whatever the criminals can do to monetize the information they steal from the public, they’ll do that.”

According to Goldsmid, online cybercrime services that provide "phishing kits" and other spoofing software to would-be scammers have flourished in recent years. The website, which was shut down by UK authorities as part of the "biggest ever fraud operation" in British history, offered software services to scammers for as little as $36.

Before clicking on a link, Goldsmid advised consumers to check the legitimacy of the message and look for red flags such as grammatical errors, requests for personal information, and suspicious URLs. Most delivery companies, including Australia Post and Amazon, do not call or email customers to request personal information, payment, or software installation. Unbranded web addresses and an unusual sense of urgency in messages, according to an Australia Post spokesperson, are also signs of fraudulent texts.

“We’re seeing a greater public awareness of scams and cybersecurity, however, we encourage customers to be aware of how to spot a scam,” she said.

Amazon stated that it had spent more than $900 million globally to hire an additional 12,000 workers to combat cybercrime and online fraud and that it had "zero tolerance for fraud."

 “Amazon impersonation scams put our customers at risk, and while these happen outside our stores, we will continue to invest in protecting them,” the statement read.

A DHL representative advised customers to always use the official DHL website and to avoid disclosing personal information. Those who believe they have been a victim of cybercrime should contact their bank and file a report with the Australian Cyber Security Centre online. If the scam involves Australia Post branding, please report it to scams@auspost.com.au.

Hackers Construct Fraudulent Websites & Steal Data During 'Black Friday' Sales

 

In accordance with a new report, threat actors are hosting websites for malicious campaigns centered on the Black Friday theme, with e-commerce, cryptocurrency, and travel being the top targets. 

Researchers discovered that cybercrime forums in various languages are buzzing with talk about Black Friday. According to CloudSEK researchers, who also discovered an Ethereum giveaway scam website, while some actors promote their malicious services/campaigns, others seek to use them.

“Compromised personal identifiable information (PII) and banking credentials can be used to perform unauthorized transactions and social engineering attacks,” they warned.

CloudSEK's contextual AI digital risk platform 'XVigil' discovered hundreds of registered and operational Black Friday-themed domains. The impersonation of legitimate websites, services for Google/Facebook ads, and the spread of malicious applications were all common types of attacks.

The discovery revealed that website cloning is a common technique used by hackers of all levels of sophistication to host bogus copies of legitimate websites.

"The iconic Black Friday sale has now become a global theme, with cybercriminals of all levels and expertise attempting to launch malicious campaigns." "The majority of these campaigns misrepresent or impersonate popular brands and companies offering sales and services in order to defraud the public," Desai added.

The researchers cautioned against accepting freebies, attractive deals, or third-party solutions that appear suspicious.

Sophos 2023 Threat Report: Cryptocurrency Will Fuel Cyberattacks

The Sophos 2022 Threat Report, released by Sophos, a pioneer in next-generation cybersecurity, illustrates how the gravitational influence of ransomware is attracting other cyber threats to building one vast, linked ransomware delivery system, having essential ramifications for IT security.

Entry-level hackers can buy malware and spyware installation tools from illicit markets like Genesis, and also sell illegal passwords or other data in mass. Access brokers increasingly sell other criminal groups' credentials and susceptible software exploits.

A new ransomware-as-a-service economy has emerged in the last decade due to the rising popularity of ransomware. In 2022, this as-a-service business model has grown, and almost every component of the cybercrime toolkit from initial infection to methods of evading detection is now accessible for purchase, according to the researchers.

Several step-by-step tools and methods that attackers might use to spread the ransomware were revealed when an affiliate of the Conti ransomware published the deployment guide supplied by the operators. RaaS affiliates and other ransomware operators can use malware distribution platforms and IABs to discover and target potential victims once they have the virus they require. The second significant trend predicted by Sophos is being fueled by this.

Gootloader was launching innovative hybrid operations in 2021, as per Sophos's research, that blended broad campaigns with rigorous screening to identify targets for particular malware packs.

Ransomware distribution and delivery will continue to be adapted by well-known cyber threats. Which include spam, spyware, loaders, droppers, and other common malware in addition to increasingly sophisticated, manually handled first access brokers.

Data theft and exposure, threatening phone calls, distributed denial of service (DDoS) assaults, and other pressure tactics were all included in the list of ten pressure methods Sophos incident responders compiled in 2021.

Cryptocurrency will continue to feed cybercrimes like ransomware and unlawful crypto mining. In 2021, Sophos researchers discovered crypto miners like Lemon Duck and MrbMiner, which installed themselves on machines and servers by using newly revealed vulnerabilities and targets that had already been compromised by ransomware operators. Sophos anticipates that the trend will continue until international cryptocurrencies are better regulated.

In addition to promoting their products, cybercrime vendors sometimes post job openings to hire attackers with specialized capabilities. In addition to profiles of their abilities and qualifications, job seekers are posting help-wanted sites on some markets, which also have technical hiring personnel.

As web services grow, different kinds of credentials, particularly cookies, can be utilized in a variety of ways to penetrate networks more deeply and even get through MFA. Credential theft continues to be one of the simplest ways for new criminals to enter gray markets and start their careers.

An Online Date Led to an Inquiry into 'Systemic' Failures at American Express

 

Last summer, John Smith* had just returned to Sydney after more than a decade abroad when he met someone online. He began chatting with a man named Tahn Daniel Lee on the dating app Grindr. Lee was undergoing treatment for COVID at the time, so they communicated online for a few weeks before meeting in Sydney's Surry Hills for their first date - a Japanese dinner followed by Messina ice cream. The date would be one of many in a relationship that progressed quickly before taking a dark turn when Smith began to suspect Lee was watching his bank accounts.

The Age and The Sydney Morning Herald can disclose that American Express, one of the world's largest financial companies, would not only dismiss Smith's initial complaint without proper investigation but would also provide misleading information during an external inquiry. It comes after two major ASX-listed companies, Optus and Medibank, revealed sensitive identification and health data to criminals, igniting a national debate about how to best deal with emerging cyber threats.

The "insider threat," according to cybersecurity experts, is a major risk, and the Privacy Commissioner's inability to penalize companies that violate the law has created a culture of impunity among corporate Australia.

“Because, what is the recourse? Businesses just aren’t doing the risk management that’s required. The tone starts from the top, ” says former Australian Federal Police investigator turned cyber expert Nigel Phair.

Smith's first assumption of Lee was that he had a charming smile, and the relationship developed quickly. Lee worked as a relationship manager for American Express Centurion, an exclusive club for black cardholders who spend at least $500,000 per year.

Smith had a platinum American Express card from living in the United States, but Lee suggested he sign up in Australia so he could illustrate how to maximize the benefits. He consented and began using American Express as his primary banking card shortly thereafter. After a series of comments about items Smith had purchased, places he had been, or payments he had made, he became skeptical that Lee was watching his transactions.

“I asked him how he was able to do this without my consent or authority (one-time pin etc), and he replied, ‘because the system is completely open, I have god mode’,” Smith wrote in a complaint later filed with American Express.

Smith has autism, and while he is classified as "high functioning," he occasionally struggles to recognize inappropriate behavior. He noticed "warning signs" about Lee but ignored them while traveling to Hawaii and Hamilton Island with his new partner, he claims.

During one of these trips, Smith became uneasy with the manner in which Lee discussed his clients' affairs, including major food distributor Primo Foods, which he claimed siphoned millions of dollars to the Cayman Islands. Lee later texted, "FYI, everything I tell you about work is highly confidential." 

By April, he had attempted to end the relationship and had warned Lee that he would report his behavior to American Express. Lee reacted negatively to this. He begged Smith to continue the relationship and, at one point, called Smith's close friend out of the blue to persuade her not to file a complaint. This was the breaking point. He was hell-bent on reporting Lee.

Amex: ‘No inappropriate access’

At the same time, another American Express employee noticed unusual activity on Smith's account. Lee was subjected to an internal investigation, which swiftly cleared him of any wrongdoing. On May 26, the company wrote to Smith, claiming Lee was not in a position to access his account and, in any case, there was training and processes in place to protect customer data.

Unconvinced, Smith asked American Express to confirm that Lee's access to his account had been blocked and reported the Primo Foods discussions. Smith claims that the following week, during a phone call, he was told that if Lee had looked at his account, it was no big deal because they were partners, and discussing Centurion's clients was also no cause for concern.

Smith filed a complaint with the Privacy Commissioner, who directed it to the Australian Financial Complaints Authority. AFCA immediately requested a meeting with American Express to verify that Lee had lost the rights to Smith's account.

The company's response was quick, but it turned out to be incorrect.  “We confirm that the employee has no access to [Smith]’s account,” Amex responded.

In subsequent letters between AFCA, Smith, and American Express, the company continued to imply that there had been no inappropriate access or violation of privacy laws. Until the plot shifted. In August, three months after Lee's suspicious activity was discovered, Smith was notified by American Express that Lee had indeed accessed his personal information.  

Lee accessed Smith's private account nine times between February and April of this year, according to digital access logs. American Express then stated that while it was impossible to prevent Lee from accessing the account, he would be disciplined and the account would be monitored to ensure no further intrusions.

“American Express is unable to practically restrict American Express employees from being able to access any specific Card member data. We acknowledge that [Smith] feels uncomfortable with his previous partner access to his personal information and have made every effort to implement controls to further protect his data,” the company wrote in a letter.

In a final decision issued this month, AFCA determined that American Express violated privacy laws by letting Lee to access his accounts without authorization both before and after the relationship. It awarded Smith $2000 in damages but did not order an apology or absolve the company of any wrongdoing.

“I am satisfied the financial firm has investigated the matters raised by the complainant, and in the circumstances, it has responded appropriately,” AFCA found.

American Express declined to answer specific questions about how it investigated Smith's complaint or what action it took against Lee, but stated it maintains the "highest levels of integrity" and has cooperated with AFCA.

“Whilst they made a determination against us, they concluded that American Express had investigated and responded appropriately,” the company said. “We are satisfied that this matter poses no risk to the integrity of our systems. Protecting the privacy of our customers and the integrity of our systems remains our utmost priority.”

Current laws allow for fines of up to $2.2 million for each unauthorized access. The federal government is considering raising the penalty to $50 million per breach, which would mean that American Express could have faced penalties totaling $450 million for the nine breaches.

“Companies need to take this issue around unauthorized access to information more seriously because the penalties are significant,” CyberCX privacy law expert David Batch says. “But in reality, the Privacy Commissioner has historically not handed down those fines.”

Smith was informed in October that AFCA's systemic issues team had agreed to investigate American Express's handling of Smith's case. This team investigates serious violations and systemic issues and has the authority to refer cases to other regulators, such as the Privacy Commissioner, however, its findings are a little transparent. AFCA was unable to comment on whether the promised investigation would be carried out.

According to Nigel Phair, Professor of Cybersecurity at the University of New South Wales, the "insider threat" is a major concern for businesses, where the actions of rogue employees can jeopardize the security of the entire organization.

He claims that the government's failure to implement harsh penalties on companies that mishandle their customers' data fosters a culture of impunity among Australian corporations.

For Smith, American Express and the system designed to hold companies accountable have let him down. He now makes a point of only using the card in ways that do not reveal his location. Requests for comment from Lee and Primo Foods were not returned.

*Not his real name. He asked that his identity be kept confidential.

China-Based Sophisticated Phishing Campaign Utilizes 42K Domains

 

In a widespread phishing campaign, a Chinese hacking group known as "Fangxiao" is using thousands of imposter domains to target victims. Thousands are at risk from the Fangxiao phishing campaign. Thousands of people are at risk as a result of a massive phishing campaign run by the Chinese hacking group "Fangxiao." 

To facilitate phishing attacks, this campaign used 42,000 imposter domains. These bogus domains are intended to direct users to adware (advertising malware) apps, giveaways, and dating websites. The 42,000 phony domains used in this campaign were discovered by Cyjax, a cybersecurity and threat solutions company. The scam was described as sophisticated in a Cyjax blog post by Emily Dennison and Alana Witten, with the ability to "exploit the reputation of international, trusted brands in multiple verticals including retail, banking, travel, pharmaceuticals, travel, and energy".

The scam commences with a nefarious WhatsApp message impersonating a well-known brand. Emirates, Coca-Cola, McDonald's, and Unilever are examples of such brands. This message contains a link to a webpage that has been enticingly designed. The redirection site is determined by the target's IP address as well as their user agent.

For example, McDonald's may advertise a free giveaway. When the victim completes their registration for the giveaway, the Triada Trojan malware can be downloaded. Malware can also be installed through the download of a specific app, which victims are instructed to install in order to continue participating in the giveaway.

Fangxiao's infrastructure is mostly protected by CloudFlare, an American Content Delivery Network, according to Cyjax's blog post about this campaign (CDN). It was also discovered that the imposter domains were registered on GoDaddy, Namecheap, and Wix, with their names shifting on a regular basis.

The majority of these phishing domains were registered with.top, with the rest mostly with.cn,.cyou,.xyz,.tech, and.work.

The Fangxiao Group Is Not a New Concept

The Fangxiao hacking collective has been active for some time. The domains used in this campaign were discovered by Cyjax in 2019 and have been increasing in number since then. Fangxiao added over 300 unique domains in just one day in October 2022.

.The group's location in China is not 100% confirmed, but Cyjax has determined it with high confidence. The use of Mandarin in one of the group's exposed control panels is one indication of this. Cyjax also speculated that the campaign's goal is most likely monetary gain.
 
Phishing is one of the most common cybercrime tactics today, and it can take many different forms. Phishing attacks, especially those that are highly sophisticated, can be difficult to detect. Although spam filters and antivirus software can help to reduce phishing attacks, it's still important to trust your instincts and avoid any communications that don't seem quite right.