Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scam. Show all posts
US Schools
CAPTCHA Security cyber attack Cyber Attacks PHaas phishing Scam Storm-1575 Tycoon US Schools

Rise in Phishing Attacks Targeting US Schools Raises Concerns

 



Through a recent report by PIXM, a cybersecurity firm specialising in artificial intelligence solutions, public schools in the United States face a significant increase in sophisticated phishing campaigns. Threat actors are employing targeted spear phishing attacks, utilising stealthy patterns to target officials in large school districts, effectively bypassing Multi-Factor Authentication (MFA) protections.

Since December 2023, there has been a surge in MFA-based phishing campaigns targeting teachers, staff, and administrators across the US. The attackers, identified as the Tycoon and Storm-1575 threat groups, employ social engineering techniques and Adversary-in-the-Middle (AiTM) phishing to bypass MFA tokens and session cookies. They create custom login experiences and use services like dadsec and Phishing-as-a-Service (PhaaS) to compromise administrator email accounts and deliver ransomware.

The Tycoon Group's PhaaS, available on Telegram for just $120, boasts features like bypassing Microsoft's two-factor authentication. Meanwhile, Microsoft identifies Storm-1575 as a threat actor engaging in phishing campaigns through the Dadsec platform. The attacks involve phishing emails prompting officials to update passwords, leading them to encounter a Cloudflare Captcha and a spoofed Microsoft password page. If successful, attackers forward passwords to legitimate login pages, requesting two-factor authentication codes and bypassing MFA protections.

The attacks commonly target officials such as the Chief of Human Capital, finance, and payroll administrators. Some attempts involve altering Windows registry keys, potentially infecting machines with malicious scripts. The attackers conceal their tracks using stealth tactics, hiding behind Cloudflare infrastructure and creating new domains.

Despite using CAPTCHAs in phishing attacks providing a sense of legitimacy to end-users, there's potential for malicious trojan activity, including modifying Windows registry keys and injecting malicious files. These attacks can result in malware installation, ransomware, and data exfiltration.

Schools are the most targeted industry by ransomware gangs, with student data being a prominent prey of cybercrime. A concerning trend shows unprecedented data loss, with over 900 schools targeted in MOVEit-linked cyber attacks. Recent data leaks, such as the one involving Raptor Technologies, have exposed sensitive records belonging to students, parents, and staff, raising concerns about student privacy and school safety.

To protect against these phishing attacks, organisations are advised to identify high-priority staff, invest in tailored awareness efforts, caution users against suspicious links, and implement proactive AI-driven protections at the browser and email layers.

To take a sharp look at things, the surge in phishing attacks targeting US schools states the significance of cybersecurity measures and the need for increased awareness within educational institutions to safeguard sensitive information and ensure the privacy and safety of students and staff.


Read more »
Scam
2FA Cash App Cyber Security Data protection Financial Fraud Holiday Scam Identity Theft Money Transfer Scam

Fallen Victim to Zelle Scams During the Holiday Season

Identity theft is a serious concern at a time of rapid technology development and digital commerce. It becomes essential to strengthen our defenses against potential cyber threats as we negotiate the complexities of internet platforms and financial services. Identity protection must be prioritized immediately, as shown by several recent instances. 

A thorough analysis by CNET states that as more people become aware of the significance of protecting their personal information online, there is a growing demand for identity theft protection services. The paper emphasizes that because hackers have become more skilled, protecting sensitive data needs to be done proactively.

The holiday season, a time of increased financial activity, poses additional challenges. Fraudsters exploit popular money transfer services like Zelle, Venmo, and Cash App during this period. As we enter 2023, it is crucial to be aware of potential threats and adopt preventive measures. Emily Mason's analysis serves as a wake-up call, urging users to exercise caution and be vigilant in protecting their accounts.

One of the prevalent scams involves Zelle, as reported by sources. Victims of Zelle scams find themselves ensnared in a web of financial deceit, with the aftermath often leaving them grappling for solutions. Refund scams, in particular, have become a cause for concern, prompting financial experts to emphasize the need for enhanced security measures and user education.

To fortify your defenses against identity theft and financial fraud, consider implementing the following recommendations:
  • Employ Robust Identity Theft Protection Services: Invest in reputable identity theft protection services that monitor your personal information across various online platforms.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This additional step can thwart unauthorized access attempts.
  • Stay Informed and Vigilant: Keep abreast of the latest scams and fraud techniques. Awareness is your first line of defense.
  • Regularly Monitor Financial Statements: Review your bank and credit card statements regularly for any suspicious activity. Promptly report any discrepancies to your financial institution.
  • Educate Yourself on Common Scams: Familiarize yourself with the modus operandi of common scams, such as refund fraud and phishing attempts, to recognize and avoid potential threats.
Safeguarding your identity in the constantly changing world of digital transactions is a shared duty between users and the platforms they use. People can greatly lower their chance of being victims of identity theft and financial fraud by being informed and taking preventative action. As technology develops, maintaining the integrity of our personal data increasingly depends on taking a proactive approach to security.

Read more »
User Privacy
Banglore Cyber Security Data Privacy Investment fraud Law Enforcement Phising Attacks Scam User Privacy

Bengaluru Police Bust Rs 854 Crore Cyber Fraud

The Bengaluru Police have made significant progress in uncovering a sophisticated cyber investment fraud that involved an astonishing amount of Rs 854 crore. The study clarifies the complex network of mule accounts that was essential to carrying out this financial crime.

The cyber investment fraud, as reported by various news sources, involved the arrest of six individuals allegedly orchestrating the massive scam. The criminals exploited unsuspecting victims through promises of lucrative investment opportunities, ultimately siphoning off a colossal sum of money.

Mule accounts, a term less known to the general public, have emerged as a linchpin in cybercrime operations. These accounts act as intermediaries, facilitating the movement of illicit funds while providing a layer of anonymity for the perpetrators. The Bengaluru Police, in their diligent investigation, uncovered the intricate network of mule accounts that were instrumental in the success of this cyber investment fraud.

The criminals behind the fraud reportedly used a combination of advanced technology and social engineering tactics to lure victims into their scheme. Once hooked, the victims were persuaded to invest significant sums of money, which were then funneled through a complex web of mule accounts to conceal the illicit transactions. The scale and sophistication of this operation highlight the evolving nature of cybercrime and the challenges faced by law enforcement agencies in tackling such crimes.

The timely intervention of the Bengaluru Police showcases the importance of proactive measures in combating cybercrime. The investigation not only led to the arrest of the alleged perpetrators but also served as a wake-up call for individuals to exercise caution and due diligence in their online financial activities.

As the digital landscape continues to evolve, the need for cybersecurity awareness becomes more critical than ever. The Bengaluru case underscores the necessity for individuals, businesses, and law enforcement agencies to collaborate in developing robust cybersecurity measures. Education about the tactics employed by cybercriminals, such as the utilization of mule accounts, is crucial for staying one step ahead in the ongoing battle against online fraud.



Read more »
Social Media
Data Breach Goa Malicious actor Password Hacking Phising Attacks Scam senior citizens Sensitive Information Social Media

Protecting Goa's Seniors from Increasing Cyber Threats

Cybercrimes have increased alarmingly in recent years in Goa, primarily targeting elderly people who are more vulnerable. The number of cybercrime incidents in the state has been continuously increasing, according to reports from Herald Goa, raising concerns among the public and law enforcement.

Data from the Goa Police Department indicates a concerning rise in cases of cybercrime against senior citizens. Scammers frequently use sophisticated techniques to prey on this group's lack of digital literacy. To acquire unlawful access to private data and financial assets, they employ deceptive schemes, phishing emails, and bogus websites.

In an interview with Herald Goa, Inspector General of Police, Jaspal Singh, emphasized the need for enhanced awareness and education regarding online safety for senior citizens. He stated, "It is crucial for our senior citizens to be aware of the potential threats they face online. Education is our strongest weapon against cybercrime."

To address this issue, the Goa Police Department has compiled a comprehensive set of cybercrime prevention tips, available on their official website. These guidelines provide valuable insights into safeguarding personal information, recognizing phishing attempts, and securing online transactions.

Additionally, experts advise seniors to be cautious when sharing personal information on social media platforms. Cybercriminals often exploit oversharing tendencies to gather sensitive data, which can be used for malicious purposes. Individuals must exercise discretion and limit the information they disclose online.

Furthermore, the importance of strong, unique passwords cannot be overstated. A study conducted by cybersecurity firm Norton revealed that 65% of individuals use the same password for multiple accounts, making them vulnerable to hacking. Senior citizens are encouraged to create complex passwords and consider using password manager tools to enhance security.

The increasing number of cybercrimes in Goa that target senior folks highlights how urgent the problem is. It is essential to give priority to education, awareness, and preventative security measures to combat this expanding threat. Seniors can use the internet safely if they follow the advice for prevention and stay educated about potential risks. 
Read more »
Scam
Company Data Breach Job Scams Jobseekers Linkedin New Jobs Online Jobs Perfect Jobs Scam

Online Jobseekers Beware: Strategies to Outsmart Scammers

 


The number of employment scams is increasing, and the number of job seekers who are targets of cunning scammers is also on the rise. A person who is seeking a new job is advised to be vigilant to these scams and to be aware of what to look out for to better protect themselves against them if they are searching for one. 

Precisely what is the scam? 

On fake websites that look like they belong to reputable companies, criminals will pose as them to post fictitious job descriptions that require applicants to apply for fictitious jobs. The scammers will then make false job offers to candidates looking for a job. 

Sometimes, the fraudster may ask for personal information, like a person's address, bank details, or personal information like a passport number. It is becoming increasingly common for these scams to take the form of legitimate recruitment activities, and they often appear to be recruiting through third-party websites or direct email exchanges. 

It is becoming increasingly common for employers to be caught up in this sort of scam, which is known as recruitment fraud. A scammer has been known to target job seekers with fake job openings on LinkedIn as the social networking site receives more than 100 job application submissions per second. 

Approximately two-thirds of British users have been targeted in the last several years, according to a study conducted by NordLayer, a security firm. Scammers do not limit themselves to LinkedIn, with scammers exploiting other genuine, well-known job websites as well as sending email solicitations directly to university students by targeting them directly within their email addresses. 

Scammers employ two main methods to con their victims. A job offer with basic information about the company and its job position sounds very interesting to job seekers, and there is a link that says that if they click on it, a presentation with detailed information about the company and the job role will appear, says Jedrzej Pyzik, a recruitment consultant at the financial recruitment firm FTeam.

It has been observed that after clicking through the link, there are usually some landing pages that require the user to download a certain program, log in, and provide personal information - this is the most common one that has noticed the most, said Jedrzej. 

When that data is obtained, it can be used to steal the job seeker's identity, or even to open a bank account in their name or to apply for credit in their name if the job seeker is not present. Another popular scam involves asking "successful" job applicants to send over a substantial amount of money upfront to have the money paid back when they are hired - a practice known as advance fee scams. 

If a person is told that the amount can be credited towards training fees, criminal background checks by the Disclosure and Barring Service (DBS), travel fees like visas, or equipment that is needed for the job, they may feel more inclined to apply. 

The problem is that if a check is ever received to cover these costs, it will bounce. A large part of the problem is associated with fake job ads, which are especially common when it comes to the recruitment process for students and recent graduates, who may be considered to be less knowledgeable about it. 

Several scams have been targeting US university students lately, according to the security firm Proofpoint, offering jobs in biosciences, healthcare, and biotechnology fields, mostly in recent months. These scams appear to have targeted students in various parts of the country. 

Is there a way to protect from these Frauds? 

To identify phishing scams, follow these five tips: 

It is advisable to avoid generic emails at all costs. A lot of effort is put into casting a wide net when scammers do not include specific information in their scams. It is always a good idea to be cautious when receiving an email that seems overly generic. 

The spelling of domain names and email addresses should be checked very carefully. Even a slight change of lower and uppercase letters can result in a redirect to a different domain where the job seeker may be a victim of identity theft. 

A recruitment agent from an authentic company will most often ask applicants for an in-person interview if the candidate truly meets all the requirements for the job. 

A recruiter will never ask a prospective candidate for financial information or payments as part of an employment application or as a condition of employment or anything similar.

Those who post a job stating the position is the "perfect job" usually make this claim as they rely on the high pay they will offer for positions that do not require any skills and experience. 

It is likely that such a job is a scam and is just too good to be true. There is a concerted effort being made by job platforms to eliminate job scams in their platforms. 

A report from LinkedIn claims that 99.3% of the spam and scams it detects are caught by its automated defences, and 99.6% of the fake accounts it detects are blocked before members even know they exist. Additionally, job websites are also doing their part to help those looking for work. 

It is the company's policy to perform automatic verification processes that confirm the validity of its advertisers, according to Keith Rosser, director of group risk at Reed, a process which involves checking Company House information, the domain information of the company as well as the email addresses and physical addresses of the company's advertisers. 

The job seekers are advised, however, to be cautious and to check whether the employer is legitimate before sharing any personal information with them. Before sharing any personal information, it would be wise to verify that the organization exists.
Read more »
Security
attackers attacks CryptoLabs Cyber Fraud Data Data Safety data security hack Hackers Investors Safety Scam Scammers Security

CryptosLabs Scam Ring Preys on French-Speaking Investors, Amasses €480 Million

 

A group of cybersecurity researchers has uncovered the inner workings of a fraudulent organization known as CryptosLabs. This scam ring has allegedly generated illegal profits amounting to €480 million by specifically targeting individuals who speak French in France, Belgium, and Luxembourg since April 2018.

According to a comprehensive report by Group-IB, the scam ring's modus operandi revolves around elaborate investment schemes. They impersonate 40 prominent banks, financial technology companies, asset management firms, and cryptocurrency platforms. The scam infrastructure they have established includes over 350 domains hosted on more than 80 servers.

Group-IB, headquartered in Singapore, describes CryptosLabs as an organized criminal network with a hierarchical structure. The group comprises kingpins, sales agents, developers, and call center operators. These individuals are recruited to lure potential victims by promising high returns on their investments.

"CryptoLabs made their scam schemes more convincing through region-focused tactics, such as hiring French-speaking callers as 'managers' and creating fake landing pages, social media ads, documents, and investment platforms in the French language," Anton Ushakov, deputy head of Group-IB's high-tech crime investigation department in Amsterdam, stated.

"They even impersonated French-dominant businesses to resonate with their target audience better and be successful in exploiting them."

The scam begins by enticing targets through advertisements on social media, search engines, and online investment forums. The scammers masquerade as the "investment division" of the impersonated organization and present attractive investment plans, aiming to obtain the victims' contact details.

Once engaged, the victims are contacted by call center operators who provide them with additional information about the fraudulent platform and the credentials needed for trading. After logging into the platform, victims are encouraged to deposit funds into a virtual balance. They are then shown fabricated performance charts, enticing them to invest more in pursuit of greater profits. However, victims eventually realize they cannot withdraw any funds, even if they pay the requested "release fees."

"After logging in, the victims deposit funds on a virtual balance," Ushakov said. "They are then shown fictitious performance charts that trigger them to invest more for better profits until they realize they cannot withdraw any funds even when paying the 'release fees.'"

Initially, the victims are required to deposit around €200-300. However, the scam is designed to manipulate victims into depositing larger sums by presenting them with false evidence of successful investments.

Group-IB initially uncovered this large-scale scam-as-a-service operation in December 2022. Their investigation traced the group's activities back to 2015 when they were experimenting with various landing pages. CryptosLabs' involvement in investment scams became more prominent in June 2018 after a preparatory period of two months.

A key aspect of the fraudulent campaign is the utilization of a customized scam kit. This kit enables the threat actors to execute, manage, and expand their activities across different stages of the scam, ranging from deceptive social media advertisements to website templates used to facilitate the fraud.

The scam kit also includes auxiliary tools for creating landing pages, a customer relationship management (CRM) service that allows the addition of new managers to each domain, a leads control panel used by scammers to onboard new customers to the trading platform, and a real-time VoIP utility for communicating with victims.

"Analyzing CryptosLabs, it is evident that the threat group has given its activities a well-established structure in terms of operations and headcount, and is likely to expand the scope and scale of its illicit business in the coming years," Ushakov said.
Read more »
Security
Cyber Fraud Data Data Safety Fraud Safety Scam Security

The Robotic Falcon Manufacturer Falls Victim to Cyber Criminals, Lost £100,000

 

John Donald, an entrepreneur who sells robotic falcons worldwide, has become a victim of cybercrime during the pandemic, despite his tech-savvy background. 

Donald, a 72-year-old grandfather, revealed that fraudsters targeted his family business when it faced a drastic 95% decline in turnover. Reluctantly, he succumbed to their demands and transferred nearly £100,000 to a fraudulent bank account. The incident caused immense stress for Donald and was described by him as an experience he wouldn't wish upon anyone.

Recent statistics released by Police Scotland indicate a concerning 68% rise in fraud cases since 2018, with a majority of them occurring online. 

Donald's company, Robop, which manufactures robot peregrine falcons for bird pest control, experienced significant setbacks due to the COVID-19 pandemic. It was on a Friday afternoon in December 2020, at around 16:30, when Donald received a call that initiated this distressing ordeal. The caller, speaking with an Edinburgh accent, claimed to be part of a joint banking task force and informed Donald about fraudulent activities in his account.

Initially skeptical, Donald probed the caller, but their extensive knowledge about him and his business convinced him of their credibility. Unable to reach his bank on another phone, Donald's suspicions grew stronger. 

The caller then intensified the pressure, citing a limited time window to resolve the issue due to discrepancies between their system and his. In the course of an hour-long conversation, the fraudsters persuaded Donald to transfer funds between his accounts, leaving him feeling foolish afterward but seeing no alternative at the time.

Fortunately, a friend directed Donald to the Cyber and Fraud Centre, where he sought assistance and Donald's bank refunded the stolen amount six weeks later.

Jude McCorry, the center's CEO, revealed that others had not been as fortunate. She added, "We've seen a recent fraud where there was £700,000 transferred on a property deal that went to the wrong account.

"That involved an individual rather than a company. It was huge and the investigation is still going on. Instead of always reacting to these crimes, we need to look at how we prevent it."

Police Scotland acknowledges that cybercrime is significantly underreported, with the published figures representing only a fraction of the actual problem. 

The detection rate for fraud has halved in recent years, standing at a mere 16% of cases. Assistant Chief Constable Andy Freeburn warned about the increasing involvement of Scottish crime groups in cybercrime and fraud. 

He added, "What we have seen over the last year is emerging serious and organised crime groups operating in that space, trying to exploit the Scottish public through cyber, through fraud, and we are now actively working against those gangs.

"This is something we are not going to arrest our way out of. There is a significant threat in Scotland.

"We are having successes in identifying people and recovering money in consultation with banking and financial partners.

"But we are also improving our prevention messaging, making it very clear to the public how they can help themselves by not giving out details, making sure their software is up to date on their computers and reporting anything suspicious to us."

To address this escalating threat, Police Scotland has allocated an additional £4.3 million to its cybercrime strategy, focusing on acquiring new equipment and providing training to operational officers. 

The force has also developed an ethical protocol for the use of emerging technologies. Meanwhile, John Donald urges the public to recognize the sophistication of cyber scams and recommends keeping the bank's fraud helpline on speed dial while emphasizing the importance of prompt responses from banks when people call these numbers. 
Read more »
Stolen Credentials
Cyber Fraud data security Fraudsters Safety Scam Stolen Credentials

The Infamous Cybercrime Marketplace Now Offers Pre-order Services for Stolen Credentials

 

In accordance with Secureworks, info stealer malware, which consists of code that infects devices without the user's knowledge and steals data, is still widely available for purchase through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing at alarming rates. 

Between June 2021 and May 2023, the Russian market alone grew by 670%. “Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access,” said Don Smith, VP of threat research, Secureworks CTU. 

“They are readily available for purchase, and within as little as 60 seconds of installation on an infected computer will immediately generate a return on investment in the form of stolen credentials and other sensitive information. However, what has really changed the game, as far as info stealers are concerned, is improvements in the various ways that criminals use to trick users into installing them. That, coupled with the development of dedicated marketplaces to sell and purchase this stolen data, has really upped the ante,” added Smith. 

Researchers at Secureworks examined the most recent trends in the underground info stealer market, including how this sort of malware is growing more complex and harder to detect, offering a challenge to corporate network defenders. Among the key findings are:

The number of info stealer logs for sale on underground forums grows with time. The number of logs for sale on the Russian market alone surged by 150% in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

The overall growth rate for the number of logs for sale on the Russian market was 670% over a roughly two-year period (measured on a single day in June 2021 and a single day in May 2023).

The Russian market continues to be the largest seller of info stealer logs. At the time of writing, Russian Market has five million logs for sale, which is around ten times more than its nearest competitor.t is well-known among Russian cybercriminals and is often utilized by threat actors globally. Recently, Russian Market has included logs from three new thieves, indicating that the site is adapting to the ever-changing e-crime scenario.

Raccoon, Vidar, and Redline remain the top three info stealer logs for sale. On a single day in February, the following logs, or data sets of stolen credentials, were for sale among these popular info stealers on the Russian Market:
  • The number of raccoons is 2,114,549.
  • Vidar: 1,816,800
  • The redline is 1,415,458.
The recent law enforcement effort against Genesis Market and Raid Forums has influenced the behavior of cybercriminals. Telegram has benefited from this, with more log buying and trading going to specialized Telegram channels for prominent stealers like RedLine, Anubis, SpiderMan, and Oski Stealer. Despite the arrests of several users and the removal of 11 domains affiliated with Genesis Market, the Tor site remains operating, with logs still for sale.

However, activity on the marketplace has nearly ceased, as criminals have begun debating the matter on underground forums, raising concerns about the platform's reliability. A rising market has evolved to address the demand for after-action solutions that aid with log parsing, a time-consuming and difficult operation that is often left to more experienced hackers.

As the number of info stealers and available logs grows, these tools are expected to become more popular and assist to decrease the entry barrier. The successful development and deployment of info stealers, like the overall cybercrime ecosystem, depends on individuals with diverse skills, jobs, and responsibilities. The growth of malware-as-a-service has encouraged developers to innovate in order to better their products and appeal to a broader spectrum of clients.

For example, Russian Market now allows customers to preorder stolen credentials for a certain organization, business, or program for a $1,000 deposit into the site's escrow mechanism. The pre-order service offers no guarantees but allows crooks to progress from opportunistic to targeted.

“What we are seeing is an entire underground economy and supporting infrastructure built around infostealers, making it not only possible but also potentially lucrative for relatively low skilled threat actors to get involved. Coordinated global action by law enforcement is having some impact, but cybercriminals are adept at reshaping their routes to market,” continued Smith.

“Ensuring that you implement multi-factor authentication to minimize the damage caused by the theft of credentials, being careful about who can install third-party software and where it is downloaded from, and implementing comprehensive monitoring across host, network and cloud are all key aspects of a successful defense against the threat of infostealers,” concluded Smith.

Phishing, compromised websites, malicious software downloads, and Google advertisements can all be used to install info stealers on a computer or device. Stolen credentials accounted for nearly one-tenth of the incident response engagements Secureworks was involved in 2022, and were the initial access vector (IAV) for more than a third (34%) of ransomware engagements from April 2022 to April 2023.
Read more »
Sensitive Data Leak
Data Breach E-Commerce Phishing Mails Royal Mail Scam Sensitive Data Leak

Royal Mail's £1bn Losses: Strikes, Cyber Attack, and Online Shopping Crash

The Royal Mail, the UK's national postal service, has reported losses surpassing £1 billion as a combination of factors, including strikes, a cyber attack, and a decrease in online shopping, has taken a toll on its post and parcels business. These significant losses have raised concerns about the future of the company and its ability to navigate the challenges it faces.

One of the key contributors to the Royal Mail's losses is the series of strikes that occurred throughout the year. The strikes disrupted operations, leading to delays in deliveries and increased costs for the company. The impact of the strikes was compounded by the ongoing decline in traditional mail volumes as more people turn to digital communication methods.

Furthermore, the Royal Mail was also targeted by a cyber attack, which further disrupted its services and operations. The attack affected various systems and required significant resources to mitigate the damage and restore normalcy. Such incidents not only incur immediate costs but also undermine customer trust and confidence in the company's ability to protect their sensitive information.

Another factor contributing to the losses is the decline in online shopping, particularly during the pandemic. With lockdowns and restrictions easing, people have been able to return to physical retail stores, leading to a decrease in online orders. This shift in consumer behavior has impacted Royal Mail's parcel business, which heavily relies on the growth of e-commerce.

To address these challenges and turn the tide, the Royal Mail will need to focus on several key areas. Firstly, the company should strive to improve its relationship with its employees and work towards resolving any ongoing disputes. By fostering a harmonious working environment, the Royal Mail can minimize disruptions caused by strikes and ensure the smooth functioning of its operations.

Secondly, it is crucial for the Royal Mail to enhance its cybersecurity measures and invest in robust systems to protect against future cyber attacks. Strengthening the company's digital defenses will not only safeguard customer data but also bolster its reputation as a reliable and secure postal service provider.

Lastly, the Royal Mail must adapt to changing consumer behaviors and capitalize on emerging opportunities in the e-commerce market. This could involve diversifying its services, expanding its international reach, and investing in innovative technologies that streamline operations and enhance the customer experience.




Read more »
Security
Cyber Fraud Fraud Fraudsters Mobile Numbers Safety Scam Security

Police Blocked 20K+ Mobile Numbers Issued on Fake Papers

 

In accordance with a police officer, Haryana Police's cyber nodal unit has blocked 20,545 mobile phones issued on fraudulent and counterfeit paperwork. According to a Haryana police spokesman, the majority of the blocked SIM cards were issued in Andhra Pradesh, with West Bengal and Delhi following closely behind. 

Similarly, the police have detected and reported on the portal more than 34,000 cellphone numbers involved in cyber fraud operating across the state, including 40 hotspot villages in Nuh district. 

“At the same time, the remaining 14,000 mobile numbers involved in cyber fraud will also be blocked soon through the Department of Telecom, Government of India,” the police officials said.

A police official told reporters today that the state crime division is currently monitoring all mobile numbers implicated in cybercrime and is collecting reports from districts on a daily basis. He stated that 102 teams of 5000 Haryana Police officers recently stormed 14 cybercrime hotspot villages in the Nuh district.

“For this reason, at present, Haryana is at the top position in blocking mobile numbers used in cyber fraud. At present more attention is being given to such areas and villages from where cyber fraud incidents are being carried out. Recently, 102 teams of 5000 policemen of Haryana Police raided 14 cybercrime hotspots villages in Nuh district,” he added.

He further stated that Andhra Pradesh has issued the most cellphone numbers implicated in cybercrime, and that they are being used to commit cybercrime in the state.

“Currently, out of the total identified mobile numbers issued on Fake ID, a maximum of 12,822 mobile numbers have been issued from Andhra Pradesh, 4365 from West Bengal, 4338 from Delhi, 2322 from Assam, 2261 from North East states and 2490 from Haryana state. All the numbers are currently operating from different areas of Haryana and the same has been intimated to the Department of Telecom to block them,” he added.

OP Singh, Chief of the State Crime Branch and Additional Director General of Police, stated that the state crime branch, as the state nodal agency for cybercrime, has a team of 40 highly skilled cyber police personnel who have been deployed at helpline 1930 to quickly register reported incidents and collect relevant data.
Read more »
Scam
Cyber Security Data data security Facebook Accounts Fraud Hackers Hacking Safety Scam

Verified Facebook Accounts Being Hijacked to Distribute Malware; Here's How You Can Protect Yourself

 

Hackers have been caught getting into popular verified Facebook pages and using them to distribute malware through adverts on the social media behemoth. Matt Navarra, a social strategist, was the first to notice the harmful effort, exposing the danger on Twitter. 

According to Navarra, whoever is behind the campaign targeted popular Facebook sites first (one of the victims has over seven million followers and has been active for over a decade). If they gained access, they would rename the page something like Meta (Facebook's parent company) or Google. They would then buy an ad on the social media network, targeting page managers and advertising specialists.

“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.

There are several issues with this campaign, according to Navarra, including how the accounts were compromised, how Facebook enabled the threat actors to change the page's name to something seemingly related to Meta while keeping the blue checkmark, and how they were able to buy and run ads that clearly redirect the target audience to a shady website at best. 

According to TechCrunch, Facebook has since disabled all of the affected accounts and shut down the malicious activities. It also stated that Facebook pages now disclose whether or not the page has changed its name in the past, and if so, from what, which is a nice move to increase openness. 

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”
Read more »
Voice Scam
AI Artificial Intelligence Scam Technology Voice Scam

Study: Artificial Intelligence is Fueling a Rise in Online Voice Scams

 

In accordance with McAfee, AI technology is supporting an increase in online speech scams, with only three seconds of audio required to duplicate a person's voice. McAfee studied 7,054 people from seven countries and discovered that one-quarter of adults have previously experienced some type of AI speech fraud, with one in ten being targeted directly and 15% reporting that it happened to someone they know. 77% of victims reported financial losses as a result. 

Furthermore, McAfee Labs security researchers have revealed their findings and analysis following an in-depth investigation of AI voice-cloning technology and its application by cyber criminals. Scammers replicating voices with AI technology. Everyone's voice is distinct, like a biometric fingerprint, which is why hearing someone speak is considered trustworthy.

However, with 53% of adults giving their speech data online at least once a week (through social media, voice notes, and other means) and 49% doing so up to 10 times a week, copying how someone sounds is now a potent tool in a cybercriminal's inventory.

With the popularity and usage of artificial intelligence techniques on the rise, it is now easier than ever to edit photos, videos, and, perhaps most alarmingly, the voices of friends and family members. According to McAfee's research, scammers are utilizing AI technology to clone voices and then send a phoney voicemail or phone the victim's contacts professing to be in crisis - and with 70% of adults unsure they could tell the difference between the cloned version and the genuine thing, it's no surprise this technique is gaining momentum.

45% of respondents stated they would respond to a voicemail or voice message claiming to be from a friend or loved one in need of money, especially if they believed the request came from their partner or spouse (40%), parent (31%), or child (20%).
 
At 41%, parents aged 50 and up are most likely to respond to a child. Messages saying that the sender had been in a car accident (48%), robbed (47%), lost their phone or wallet (43%), or required assistance when travelling abroad (41%), were the most likely to generate a response.

However, the cost of falling for an AI voice scam can be enormous, with more than a third of those who lost money stating it cost them more than $1,000, and 7% being fooled out of $5,000 to $15,000. The survey also discovered that the growth of deepfakes and disinformation has made people more skeptical of what they see online, with 32% of adults stating they are now less trusting of social media than they were previously.

“Artificial intelligence brings incredible opportunities, but with any technology, there is always the potential for it to be used maliciously in the wrong hands. This is what we’re seeing today with the access and ease of use of AI tools helping cybercriminals to scale their efforts in increasingly convincing ways,” said Steve Grobman, McAfee CTO.

McAfee researchers spent three weeks studying the accessibility, ease of use, and usefulness of AI voice-cloning tools as part of their analysis and assessment of this emerging trend, discovering more than a dozen publicly available on the internet.

There are both free and commercial tools available, and many just require a basic degree of skill and competence to utilize. In one case, three seconds of audio was enough to provide an 85% match, but with additional time and work, the accuracy can be increased.

McAfee researchers were able to achieve a 95% voice match based on a limited number of audio samples by training the data models. The more realistic the clone, the higher a cybercriminal's chances of duping someone into turning over their money or performing other desired actions. A fraudster might make thousands of dollars in only a few hours using these lies based on the emotional flaws inherent in close relationships.

“Advanced artificial intelligence tools are changing the game for cybercriminals. Now, with very little effort, they can clone a person’s voice and deceive a close contact into sending money,” said Grobman.

“It’s important to remain vigilant and to take proactive steps to keep you and your loved ones safe. Should you receive a call from your spouse or a family member in distress and asking for money, verify the caller – use a previously agreed codeword, or ask a question only they would know. Identity and privacy protection services will also help limit the digital footprint of personal information that a criminal can use to develop a compelling narrative when creating a voice clone,” concluded Grobman.

McAfee's researchers noticed that they had no issue mimicking accents from throughout the world, whether they were from the US, UK, India, or Australia, but more distinctive voices were more difficult to replicate.

For example, the voice of someone who speaks at an unusual pace, rhythm, or style requires more effort to effectively clone and is thus less likely to be targeted. The research team's overarching conclusion was that artificial intelligence has already changed the game for cybercriminals. The barrier to entry has never been lower, making it easier to perpetrate cybercrime.

To protect against AI voice cloning, it is recommended to establish a unique verbal "codeword" with trusted family members or friends and to always ask for it if they contact you for assistance, especially if they are elderly or vulnerable. When receiving calls, texts, or emails, it is important to question the source and consider if the request seems legitimate. If in doubt, it is advisable to hang up and contact the person directly to verify the information before responding or sending money. It is also important to be cautious about sharing personal information online and to carefully consider who is in your social media network. Additionally, consider using identity monitoring services to protect your personally identifiable information and prevent cyber criminals from posing as you.

Read more »
Voice Cloning
Cyber Fraud data security Fraud Safety Scam Voice Cloning

Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

 

If you receive an unusual phone call from a family member in trouble, be cautious: the other person on the line could be a scammer impersonating a family member using AI voice technologies. The Federal Trade Commission has issued a warning about fraudsters using commercially available voice-cloning software for family emergency scams. 

These scams have been around for a long time, and they involve the perpetrator impersonating a family member, usually a child or grandchild. The fraudster will then call the victim and claim that they are in desperate need of money to deal with an emergency. According to the FTC, artificial intelligence-powered voice-cloning software can make the impersonation scam appear even more authentic, duping victims into handing over their money.

All he (the scammer) needs is a short audio clip of your family member's voice—which he could get from content posted online—and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one,” the FTC says in the Monday warning.

The FTC did not immediately respond to a request for comment, leaving it unclear whether the US regulator has noticed an increase in voice-cloning scams. However, the warning comes just a few weeks after The Washington Post detailed how scammers are using voice-cloning software to prey on unsuspecting families.

In one case, the scammer impersonated a Canadian couple's grandson, who claimed to be in jail, using the technology. In another case, the fraudsters used voice-cloning technology to successfully steal $15,449 from a couple who were also duped into believing their son had been arrested.

The fact that voice-cloning services are becoming widely available on the internet isn't helping matters. As a result, it's possible that scams will become more prevalent over time, though at least a few AI-powered voice-generation providers are developing safeguards to prevent potential abuse. The FTC says there is an easy way to detect a family emergency scam to keep consumers safe. "Don't believe the voice. Call the person who allegedly contacted you to confirm the story. 

“Don’t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs,” the FTC stated. “If you can’t reach your loved one, try to get in touch with them through another family member or their friends.”

Targeted victims should also consider asking the alleged family member in trouble a personal question about which the scammer is unaware.
Read more »
User Security
Cyber Fraud Email Fraud Psychological Tricks Scam User Privacy User Security

How Scammers Trap Businesses

 

With significant ramifications for South African businesses that have vulnerabilities in their payment systems, the growth in financial and accounting hacking through phishing and Business Email Compromise (BEC) has made headlines. 

However, strong financial controls combined with strong server, IT, and email monitoring processes aren't enough if staff aren't savvy to the psychological tricks scammers use to manipulate people, making them more susceptible to tricker and deception,says Ryan Mer, CEO at eftsure Africa, a Know Your Payee™ (KYP) platform provider. 

The idea that only gullible people are victims of payment fraud and cybercrime is hazardous because it breeds complacency among highly educated people who hold senior positions in organisations. Criminals that engage in paying are frequently highly talented, well-equipped, and knowledgeable enough about their field to pass for professionals, Mer added. 

Manipulating credibility and trust

In order to obtain information or persuade targets to act, con artists rely on human instincts to be kind, avoid conflict, and find quick and efficient solutions to problems. An attempt to gain the trust of a potential victim by posing as a well-known or reliable individual is a common modus operandi. Examples include a worker getting a letter from the finance director of a company telling them to make a quick payment to a vendor or an HR manager getting a nice email from a worker asking that their bank information be altered for payroll purposes.

According to Mer, “an employee’s desire to perform their duties swiftly and competently, especially for a trusted figure of authority, is manipulated by criminals who rely on an instruction being actioned without question for a scam to be successful. In such instances, only an automated system for detecting red flags in outbound payments can offer the level of protection organisations really need to counter human error.” 

Making use of urgency 

Despite scammers' increasing creativity, a tried-and-true strategy that hackers frequently use is making their victims feel as though something is urgent. According to Mer, phishing emails and business email compromise scams are made to increase the likelihood that employees will report a potential concern by coaxing them into doing so. Scammers entice victims into taking rapid action before they have time to stop and consider the actions they are taking. Establishing procedures that force employees to take their time and carefully review all actions involving payments is essential. 

Before granting an urgent request, one should exercise caution and carefully verify any abrupt changes in a customer's or supplier's business operations, such as the addition of a new point of contact or a change to their email address or banking information. Scammers frequently rely on the herd effect, in which individuals in organisations behave as their peers do. 

There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. Even the most attentive teams can fall victim to sophisticated phishing and BEC scams, thus having sound business procedures and knowledgeable employees only goes so far in defending a company. 

Future threats

It is a moving target since cybercrime is always changing. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. The report estimated that the country's annual cost from cybercrime is an astounding R2.2 billion. For South African businesses, it is essential to maintain knowledge of the most recent scams and the methods used to carry them out. Moreover, independent third-party verification systems like eftsure can provide a much-needed additional layer of protection by automating payment checking and supplier verification, saving time on manual operations, and minimising human mistake.
Read more »
Security
Cyber Security Data Digital Smoke Safety Scam Security

Resecurity Discovered the Investment Scam Network Digital Smoke

 

Resecurity discovered one of the largest investment fraud networks in terms of size and volume of operations designed to defraud InteSecurity from Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, the United Arab Emirates, Saudi Arabia, Mexico, the United States, and other regions. The bad actors, acting as an organized crime syndicate, built a massive infrastructure to impersonate popular Fortune 100 corporations from the United States and the United Kingdom, using their brands and market reputation to defraud consumers. Once the victims' payments are received, they delete previously created resources and launch the next new campaign, which is why the group was dubbed "Digital Smoke" by investigators.

According to the FTC's most recent report, "The Top Scams of 2022," people reported losing $8.8 billion to scams. The total damage from investment fraud, including ponzi and pyramid schemes, exceeds $5.8 billion in the United States and more than $77 billion globally (2022), with significant rapid growth beginning in Q1 2023. Beyond monetary losses, investment fraud causes significant harm to investors. According to a FINRA survey, financial scams cause health, marital, and trust issues. Businesses suffer significant damage to customer loyalty and brand reputation, affecting sales and market profile in the long run.

Notably, bad actors have impersonated world-renowned brands such as ABRDN (UK), Blackrock (US), Baxter Medical (US), EvGo (US), Ferrari (Italy), ITC Hotels (India), Eaton Corporation (US/UK), Novuna Business Finance (UK), Tata (India), Valesto Oil (Malaysia), Lloyds Bank (UK), and many more.

Applied to financial services (FIs), oil and gas, renewable energy, EV batteries, electric vehicles, healthcare, semiconductors, and globally recognized investment corporations and funds. In Q4 of 2022, information about Digital Smoke, as well as the identities of key actors, was shared with the Indian Cybercrime Coordination Center and US Law Enforcement. The majority of scam projects have been terminated as a result of coordinated action and numerous domain takedowns.

The group's operating model was centered on investment opportunities in non-existent products and investment plans purportedly offered by Fortune 100 corporations and state-owned entities. The bad actors created a large network of WEB-resources and related mobile applications hosted on bulletproof hosting providers in jurisdictions not easily reachable for immediate takedowns - the total number of identified hosts in December 2022 alone exceeded 350+ with thousands of related domains used for'cloaking' (Black SEO), hidden redirects, and short URLs for protection of the payment gateway used by fraudsters to collect payments from victims lever Notably, a combination of these methods allowed fraudsters to process funds with great flexibility, including support for Google Pay (GPay), PhonePe, Paytm, and major online-banking platforms.

To attract investors, the bad actors registered multiple fake domain names with similar brand spelling and promoted them via social media and instant messenger apps. Notably, the links used by bad actors to register new victims included a referral code that was linked to affiliates promoting the scam on YouTube and WhatsApp IM. After the victim registers, the bad actors ask them to make a deposit by sending money to an Indian bank account.

Notably, Digital Smoke cybercriminals were interested in oil markets and renewable energy products. The impersonators included Shell, Glencore, Ovintiv, and Lukoil, as well as Velesto Oil, a Malaysia-based multinational provider of drilling for the upstream sector of the oil and gas industry. ACWA Power, based in the Kingdom of Saudi Arabia, was identified as one of the most recent brands abused in January 2023.

This aspect distinguishes the campaign because of the strong emphasis on oil traders, which is not commonly used by investment scammers. In some of the observed scams, bad actors offered victims the opportunity to invest in new oil fields, the construction of petroleum stations, and renewable energy technologies. It's worth noting that some of the language used in this pretext was lifted from existing investment programs aimed at entrepreneurs and franchises looking for new business opportunities in the oil and gas industry. This activity is unusual for cybercriminals and may serve as a clear differentiator for the Digital Smoke group. The activity spike occurred during the Christmas and New Year's holiday seasons when both Internet users and financial institutions were overwhelmed with logistics and payments. In the first quarter of 2023, the activity continued to include new impersonated brands from other industries, such as semiconductors and EV batteries.

Aside from businesses, the fraudsters had no qualms about targeting state-owned enterprises and using their profiles to defraud users. The India Brand Equity Foundation, a Trust established by the Government of India's Department of Commerce, Ministry of Commerce and Industry, was one of the organizations impersonated by Digital Smoke fraudsters. Following a similar pattern, the bad actors created a number of scams that impersonated government resources in the UAE by imitating the profile of the Minister of State for Foreign Trade.

The Digital Smoke case is noteworthy, and it may confirm how sophisticated investment scams have become in recent years. Fraudsters put in a lot of time and effort to create high-quality resources that look almost identical to their well-known investment product counterparts - in the case of Digital Smoke, they created a separate mobile app with a unique design for each investment scam they ran.

Digital Smoke has clearly demonstrated how bad actors use cross-border payments and different jurisdictions to make further investigation and identification of their victims more difficult. Investment fraudsters take advantage of this flaw to conceal the origin of the activity and distribute payment flows through multiple merchants and money mules located in different countries. Resecurity discovered a large network of money mules leveraging accounts in multiple Indian financial institutions that process victim payments. The accounts that were involved in fraudulent activity were reported to law enforcement.

“Proactive fraud intelligence gathering enables to protect consumers and keep financial institutions aware about merchants used by cybercriminals. Their timely identification along with tracking of involved money mules helps to minimize potential damage caused by illicit activity.” – said Christian Lees, Chief Technology Officer (CTO) at Resecurity, Inc.

Notably, legitimate businesses that have been impersonated suffer serious consequences, both in terms of reputation and customer loyalty - which is why an effective and ongoing brand protection system is one of the must-have solutions to mitigate the negative side effects of such scams. Business leaders should consider monitoring their brands' online exposure, which includes, but is not limited to, social media, mobile marketplaces, and instant messaging services.

Read more »
uber
Cyber Attacks Fraud Identity Theft Money Laundering Scam uber

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore


Ex Employee dupes Uber of Rs 1.17 Crore

A former Uber employee has been charged for duping the company of Rs. 1.17 crore by making 388 fake driver profiles and putting them on the company's server. The money was then transferred to only 18 bank accounts linked with these fake profiles. The accused was working with the company till December 2021 as a contractor. Uber's authorized signatory lodged the complaint in April last year. The accused's job was to look over driver payments and update the information of the authorized drivers in the company's spreadsheet so that the money could be transferred to the respective accounts.

FIR registered

Uber during its inquiry, discovered that out of the 388 fake driver profiles, 191 profiles were made using the same IP addresses associated with the accused man's system. 

"To avoid inconveniencing driver partners, a spreadsheet is automatically uploaded regularly. A large number of transactions were processed by this automated spreadsheet and the accused was responsible for updating the details of the driver-partner accounts to be paid," Uber said in the complaint. The man created and made various fake driver partners’ accounts in the spreadsheet.

According to the police, the accused has been booked under sections 408 (criminal breach of trust by a servant), 420 (cheating), 477-A (falsification of accounts), and 120-B (criminal conspiracy) of the IPC. 

The Uber complaint further read "191 cases out of 388 cases matched with the IP addresses used by Viney Gera to log into his work computer on the same day as the creation of the accounts. In the above manner, a total amount of Rs 1,17,03,033 has been fraudulently paid to these fake driver partners into only 18 bank accounts."

PTI quotes Inspector Deepak Kumar, SHO, Sushant Lok Police Station said "we are investigating the matter and the accused will be arrested as soon as possible," PTI reports.  

Handling of driver partner payments

An Indian Express report explained how Uber handles driver payments when their accounts show a negative balance. A negative balance in an Uber driver's account means payment is overdue. This is removed when the driver pays the amount to the company. After this, a positive payment is credited to the partner's account, and the details of the transaction are updated in a spreadsheet. 

The data (company spreadsheet) is then "uploaded to an Uber Payment Tool through an automated python script." The upload adds a positive balance to the driver partner's account to remove arrears that allow the driver to drive again. 


Read more »
User Privacy
Data Breach Food Delivery Apps Hackers Phishing Attacks Private Data Scam Spoofing User Privacy

Hackers Target Chick-fil-A Customers Credentials

Chick-fil-A- is investigating concerns of suspicious transactions on its mobile app after multiple users claimed that hackers gained their personal data, including bank account details.

Customers at Chick-fil-A, a well-known chicken restaurant business, may be the latest targets of hackers. According to a recent article in Nation's Restaurant News, the fast food chain is investigating potential hacks of mobile apps that have exposed customers' sensitive information.

According to Krebs on Security, one bank claimed it had nearly 9,000 customer card details listed in an alert sent to various financial institutions regarding a breach at an anonymous retailer that occurred between December 2, 2013, and September 30, 2014, and that Chick-fil-A locations were the only common point-of-purchase. As per Krebs, "the majority of the fraud, according to a financial source, appeared to be centered at sites in Georgia, Maryland, Pennsylvania, Texas, and Virginia."

Customers are recommended to promptly change their passwords to new ones that are distinct, complex, and therefore not used for other online platforms or accounts if they detect anything unusual.

In regard to the reports, Chick-fil-A posted a statement on social media stating that the company is aware of the matter and is working quickly to resolve it. The business does point out that it has not discovered proof that its internal security has been infiltrated by hackers or otherwise compromised.

Customers who are impacted can find information on what to do if they see any suspicious activity on their accounts, can see mobile orders placed without their consent, or discover that their loyalty points were fraudulently redeemed or used to purchase gifts on a support page on Chick-fil-One A's Membership Program customer service website.

Read more »
Scammers
Cyber Fraud Fraud Pig Butchering Scam Scammers

Pig Butchering Scam: Here's Everything you Need to Know

 

Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of "social engineering" to deceive a victim into taking an unfavourable action, like transferring money into thin air or placing their faith in someone they shouldn't. These days, a new form of these schemes known as "pig butchering" is on the rise, entangling unwary victims to take all of their money and functioning on a big scale in large part due to forced labour. 

Due to a technique where attackers effectively fatten victims up and then take everything they have, pig butchering scams began in China, where they are known by the Chinese name shzhpán. The majority of these schemes use cryptocurrencies, however they can also incorporate other forms of financial trading.

Scammers use SMS texting or other social networking, dating, and communication platforms to make cold calls to potential victims. They frequently just greet you and say something like, "Hey Josh, it was great catching up last week!" The scammer takes advantage of the opportunity to start a discussion and lead the victim to believe they have a new friend if the recipient responds by saying that the attacker has the wrong number. After building a connection, the assailant will mention that they have been successful in investing in cryptocurrencies and urge the target to do the same while they still have the chance.

The scammer then installs a malicious app or web platform on the target that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims are frequently presented with curated real-time market data designed to demonstrate the investment's potential. And, once the target has funded their "investment account," they can begin to watch their balance "grow." The creation of malicious financial platforms that appear legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, such as allowing victims to make a video call with their new "friend" or withdraw a small amount of money from the platform to reassure them. The latter is a strategy used by scammers in traditional settings.

The swindle has some new twists, but you can see where it's going. The attackers close the account and disappear once the victim has deposited all of their money and everything the scammers can get them to borrow.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.” 

Though carrying out pig butchering scams requires a significant amount of communication and relationship building with victims over time, researchers claim that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborer's who are victims of human trafficking.

“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”

The idea is similar to ransomware attacks and digital extortion, in which law enforcement encourages victims not to pay hackers' ransom demands in order to disincentive them from trying again.

Although the Chinese government began cracking down on cryptocurrency scams in 2021, criminals were able to relocate their pig butchering operations to Southeast Asian countries such as Cambodia, Laos, Malaysia, and Indonesia. Governments all over the world have been warning about the threat. The FBI's Internet Crime Complaint Center received over 4,300 submissions related to pig butchering scams in 2021, totaling $429 million in losses. In addition, the US Department of Justice announced at the end of November that it had seized seven domain names used in pig butchering scams in 2022.

“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI stated in an October alert.

Government officials and researchers emphasize the importance of public education in preventing people from becoming victims of pig butchering schemes. People are less likely to be taken in if they recognize the warning signs and understand the concepts underlying the scams. The challenge, they say, is reaching out to a larger audience and convincing people who learn about pig butchering to share their knowledge with others in their families and social circles.

According to researchers, pig butchering scams, like romance scams and other highly personal and exploitative attacks, take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds another layer of trauma to the situation, making it even more crucial to address the threat.

“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”
Read more »
Security
Credit Card Fraud Cyber Fraud Financial Data Fraud Safety Scam Security

How to Prevent Online Credit Card Frauds ?

 

Approximately 80% of Americans shop online. That's more than 263 million people, and the number is expected to grow by 31.2 million by 2025. (via Statista). E-commerce is popular because it is convenient, but the unforeseen result is cybercrime. 

According to a 2020 report by the FBI's Internet Crime Complaint Center (IC3), US citizens lost more than $1.8 billion to online skimming and related crimes that year. Shady characters continue to devise inventive methods to steal money from connected accounts by lifting or scraping unsuspecting victims' credit card information. Credit card fraud schemes vary — sometimes fraudsters create spoof websites and phish credit card information from the checkout page, and you will, of course, not receive the items you paid for.

Other times, they may send you text messages or emails claiming you are eligible for a refund for an item or service you never purchased, then demand your credit card information to "credit" you.
According to The Ascent research, approximately 35% of American consumers have been victims of credit card fraudsters. Because the likelihood of falling for these schemes increases with age, we'll share a few tips to help you avoid becoming a statistic. But first, let's go over the fundamentals.

Online credit card skimming:

Skimming is not a recent concept. Physical card skimming began with physical card skimming, which you may have viewed in movies: a scammers attaches a small device known as a skimmer to a card reader at a gas station, ATM, or other point of sale terminal. The skimmer steals unsuspecting customers' credit card information, which the fraudster then recovers and uses to make online purchases.

However, online skimming is not the same. Magecart attacks are a combination of Magento — the Adobe-owned e-commerce platform that was the original target of fraudsters — and cart. This is how it works: Instead of using physical hardware, hackers place malicious Javascript code called sniffers on websites, and those sniffers lift payment card numbers.

Malicious actors could also insert malicious fields into payment forms or create redirect links to steal customers' credit card information. Magecart skimmers typically sell the information they collect on the dark web for as little as $5. (via PCMag).

Magecart malware is difficult to detect on websites. Everything works and looks the same for the most part. However, being cautious can help you detect when something is amiss, such as being redirected to a website that does not appear secure. There are several ways to determine this.

To begin, click on the lock in the address bar to ensure the security of the website. If the lock is not closed, the connection is not secure, and the site may not be genuine. You could also look at the website's copyright date at the bottom. 

To protect visitors from compromise, secure websites frequently update the interface and protocols, ensuring that the copyright is always up-to-date or at least recent. If a website's copyright is out of date, this is a red flag (via Norton). Finally, avoid clicking on links or downloading attachments from text messages or emails. Unfortunately, being cautious will not completely protect you from skimming.

Magecart attackers steal the payment application infrastructure, which is typically provided to e-commerce merchants by third-party service providers, so even completely secure websites may contain skimming malware (via SISA). However, there is a better line of defence.  

As the number of skimming attacks grows, banks and other financial institutions are taking steps to safeguard their customers from fraud, and virtual cards are one of those solutions. They are linked to your credit card, but they can generate one-time use account numbers, security codes, expiration dates, and CVV codes for online transactions while protecting your actual credit card information.

It's also a good idea to use only one credit card for online shopping so that you can keep track of it easily. Also, contact your bank and request that international purchases on your credit card be disabled. The majority of skimming scams are card-not-present (CNP) transactions, which means that the fraudsters will use a compromised card to make a purchase in a location other than the card owner's. The victim could be in Milwaukee and receive strange debit alerts for purchases made in Miami.  
Read more »
Subscribe to: Posts (Atom)