Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Security. Show all posts
User Security
Bribery Cyber Fraud Cypto Exchange Social Engineering Attack User Security

Coinbase Offers $20m Bounty to Take Down Perpetrators Behind Social Engineering Attack

 

Coinbase, a renowned cryptocurrency exchange, is offering a $20 million prize to anyone who can assist identify and bring down the culprits of a recent cyber-attack, rather than fulfilling their ransom demands. 

On May 15, Coinbase said that attackers bribed and recruited a group of rogue offshore support agents to steal client data and carry out social engineering attacks. The attackers intended to exploit the stolen data to imitate Coinbase and trick users into turning up their cryptocurrency holdings.

The US crypto firm was asked to pay a $20 million ransom to end the scam. However, Coinbase has openly refused to pay the ransom. Instead, it is collaborating with law enforcement and security sector experts to track down the stolen assets and hold those behind the scheme accountable. 

Coinbase introduced the 'Bounty' program, which includes the $20 million reward fund. The funds will be awarded to anyone who can offer information that leads to the arrest and conviction of the culprits responsible for the attack. 

Establishing safety protocols

Coinbase acted quickly against the insider offenders, firing them and reporting them to US and international law authorities. The crypto exchange will compensate consumers who were duped into sending funds to the perpetrators as a result of social engineering work. 

Furthermore, the crypto exchange suggested that it was putting in place additional measures, such as requesting extra ID checks for substantial withdrawals from flagged accounts and showing mandatory scam-awareness messages. 

The company is also expanding its support operations by establishing a new help hub in the United States and tightening security controls and monitoring across all sites. It is also strengthening its defences by investing more in insider threat detection and automated response, as well as replicating similar security risks to discover potential flaws. 

Coinbase is also working with law enforcement and the private sector to identify the attackers' addresses, allowing authorities to track down and perhaps recover the stolen assets. Finally, Coinbase wants to file criminal charges against those who carried out the cyberattack.
Read more »
User Security
Data Breach Lawsuit M&S Thompsons Solicitors User Security

M&S Faces Multi-million Lawsuit Following Major Data Breach

 

Following the cyberattack that affected the retailer for a month, Marks & Spencer is reportedly facing a multimillion-pound lawsuit over the loss of customer data.

It acknowledged earlier this month that customer information, including names, email addresses, postal addresses, and dates of birth, had been stolen by hackers. Chief Executive Stuart Machin stated that the "sophisticated nature of the incident" had allowed access to the data, although he emphasised that it does not include account passwords or payment and card information, which M&S claims it does not store on its servers. 

According to The Sunday Mail, Thompsons Solicitors is now pursuing a class action lawsuit against M&S for exposing customers to the risk of scams by failing to safeguard their data. 

Senior Partner Patrick McGuire of Thompsons Solicitors stated that the firm has been "inundated by Scots M&S clients who have been caught up in this online heist and are contacting Thompsons. We have a situation here where one of the most famous retailers in the UK has allowed criminals to pillage the personal details of hundreds of thousands of Scottish customers. I think this will be the biggest data theft case we have ever been involved in.”

Investors will be expecting that Marks & Spencer will provide further information on the impact of the disastrous cyber assault that has interrupted all online orders at the retail giant. On Friday, the company will provide an update to the stock market on its financial performance over the past year. However, emphasis will be focused on how the company is dealing with weeks of interruption. It's been a month since the retailer was hit by a major "cyber incident" allegedly tied to hacking organisation Scattered Spider.

As a result, the company has suspended online orders for the past three weeks, and payments and click-and-collect orders have also been affected. M&S's store availability was also impacted by the outage, resulting in some bare shelves as it replaced elements of its IT systems, but said it was recovering swiftly in an update last Thursday.

Its stores have remained open, and availability is "now in a much more normal place, with stores well stocked this week". The retailer is yet to reveal the financial cost of the incident, although it is believed to have lost tens of millions of pounds in sales. 

Analysts at Barclays believe the cyber attack might cost £200 million in the fiscal year 2025/26, but this will be mitigated by an insurance payout of roughly £100 million. The attack struck the business following an excellent run under Stuart Machin's leadership, with shares reaching a nearly nine-year high last month before falling recently.
Read more »
User Security
Ad-lite Cyber Security Data Privacy Premium Subscriptions User Security

Here's Why Websites Are Offering "Ad-Lite" Premium Subscriptions

 

Some websites allow you to totally remove adverts after subscribing, while others now offer "ad-lite" memberships. However, when you subscribe to ad-supported streaming services, you do not get the best value. 

Not removing all ads

Ads are a significant source of income for many websites, despite the fact that they can be annoying. Additionally, a lot of websites are aware of ad-blockers, so outdated methods may no longer be as effective.

For websites, complete memberships without advertisements are a decent compromise because adverts aren't going away. The website may continue to make money to run while providing users with an ad-free experience. In this case, everybody wins. 

However, ad-lite subscriptions are not always the most cost-effective option. Rather than fully blocking adverts, you do not see personalised ads. While others may disagree, I can't see how this would encourage me to subscribe; I'd rather pay an extra few dollars per month to completely remove them. 

In addition to text-based websites, YouTube has tested a Premium Lite tool. Although not all videos are ad-free, the majority are. Subscribing makes no sense for me if the videos with advertisements are on topics I'm interested in. 

Using personal data 

Many websites will track your behaviour because many advertisements are tailored to your preferences. Advertisers can then use this information to recommend items and services that they believe you would be interested in.

Given that many people have been more concerned about their privacy in recent years, it's reasonable that some may wish to pay money to prevent having their data used. While this is occasionally the case, certain websites may continue to utilise your information even after you subscribe to an ad-lite tier. 

Websites continue to require user information in order to get feedback and improve their services. As a result, your data may still be used in certain scenarios. The key distinction is that it will rarely be used for advertising; while this may be sufficient for some, others may find it more aggravating. It is difficult to avoid being tracked online under any circumstances. You can still be tracked while browsing in incognito or private mode.

Use ad-free version

Many websites with ad-lite tiers also provide totally ad-free versions. When you subscribe to them, you will not receive any personalised or non-personalised advertisements. Furthermore, you frequently get access to exclusive and/or infinite content, allowing you to fully support your preferred publications. Rather than focussing on the price, evaluate how much value you'll gain from subscribing to an ad-free tier. It's usually less expensive than ad-lite. 

Getting an ad-lite membership is essentially the worst of everything you were attempting to avoid. You'll still get adverts, but they'll be less personal. Furthermore, you may see adverts on stuff you appreciate while paying for ad-free access to something you do not care about. It's preferable to pay for the complete version.
Read more »
User Security
blob URIs Cyber Fraud Fake Login Phishing Campaign User Security

Cybercriminals Employ Display Fake Login Pages in Your Browser

 

Cofense Intelligence cybersecurity researchers have discovered a new and increasingly successful technique that attackers are using to deliver credential phishing pages straight to users' email inboxes. 

This technique, which first surfaced in mid-2022, makes use of "blob URIs" (binary large objects-Uniform Resource Identifiers), which are addresses that point to temporary data saved by your internet browser on your own computer. Blob URIs have legitimate uses on the internet, such as YouTube temporarily storing video data in a user's browser for playback.

A key feature of blob URIs is their localised nature; that is, a blob URI created by one browser cannot be viewed by another, even on the same device. This inherent privacy feature, while advantageous for legal online services, has been abused by attackers for malicious objectives.

Cofense Intelligence's report, which was shared with Hackread.com, claims that security systems that monitor emails are unable to easily detect the malicious phoney login pages since Blob URI data isn't on the regular internet. As a result, the link in a phishing email does not lead directly to a fraudulent website. Instead, it directs you to a real website that the security systems trust, such as OneDrive from Microsoft. 

Subsequently, the user is directed to an attacker-controlled hidden webpage. The phoney login page is then created in your browser by this hidden website using a blob URI. This page can steal your username and password and send it to the cybercriminals even though it is only saved on your system. 

This poses a challenge for automated security systems, particularly Secure Email Gateways (SEGs), which analyse website content to detect phishing efforts, the researchers explained. AI-powered security models may not yet be sufficiently trained to differentiate between benign and malevolent usage due to the novelty of phishing attacks employing blob URIs. 

The lack of pattern recognition makes automated detection more difficult and raises the possibility that phishing emails will evade protection, especially when paired with the popular attacker technique of employing several redirects.

Cofense Intelligence has detected many phishing attempts using this blob URI method, with lures aimed to fool users into logging in to fraudulent versions of popular services such as OneDrive. These entices include notifications of encrypted messages, urges to access Intuit tax accounts, and financial institution alerts. Regardless of the many initial pretexts, the overall attack flow is similar.

Researchers worry that this sort of phishing may become more common due to its ability to bypass security. As a result, even if links in emails appear to lead to legitimate websites, it is critical to exercise caution and double-check before entering your login details. Seeing "blob:http://" or "blob:https://" in the webpage address may indicate this new trick.
Read more »
User Security
Dance of the Hillary Indo-Pak War Malicious Campaign malware Pahalgam Attack User Security

Pakistan’s ‘Dance of the Hillary’ Malware Targets Indians—Here’s How to Safeguard Yourself

 

In the aftermath of escalating cross-border tensions following the April 22 Pahalgam terror assault, Indian cybersecurity agencies have noticed a worrying shift in strategy: a digital onslaught aimed at civilians. The malware campaign, reportedly linked to Pakistani threat actors, has sparked widespread alarm about Indian residents' vulnerability to targeted cyber assaults. 

Officials believe the attack, known as the ‘Dance of the Hillary’ malware, is spreading via WhatsApp, Facebook, Telegram, and email. It disguises itself as video files or documents, frequently ending with suspicious extensions like as.exe—notably tasksche.exe—and, once downloaded, can acquire unauthorised access to mobile devices and computers. 

Experts warn that the ultimate purpose is to extract confidential information such as financial credentials, official IDs, and communication records. Intelligence services have declared a high alert and issued public warnings against opening unknown attachments, particularly at a period of global upheaval. 

Malware deployment

As India started targeted strikes on terror hubs in Pakistan, including major cities such as Islamabad, security experts believe the digital response is intended to do economic and psychological damage. In response to the Pahalgam massacre, the Indian Armed Forces destroyed numerous drone and missile installations while also targeting terror camps. 

In retaliation, Pakistani cyber cells allegedly recruited sleeper operatives and automated botnets to disseminate malware over Indian networks. 

The attack looks to be well-coordinated and designed to cause maximum social disruption. Officials believe it is part of a hybrid warfare plan that combines conventional military attack and digital infiltration. 

Dance of the Hillary has been identified by cyber researchers as a version of previously known data-stealing trojans that have been repackaged with deceptive file names and distributed through phishing tactics. "What makes it dangerous is its ability to blend into civilian channels of communication and exploit curiosity or emotional responses," explained a CERT-In analyst. 

Safety measures 

In response, India's cybersecurity response units, including CERT-In and the Ministry of Electronics and Information Technology, launched an awareness campaign encouraging people to avoid downloading suspicious files and sharing unverified links or media. 

Citizens are asked to verify texts before forwarding them and to report any suspicious activity to cybercrime departments. The report also recommends installing trusted antivirus programs and updating device operating systems to address known vulnerabilities. Meanwhile, state cyber cells have been directed to monitor social media trends for dangerous content patterns.
Read more »
User Security
Cyber Attacks DOGE Fog Hackers Ransomware attack User Security

'Fog' Attackers Mock Victims With DOGE Ransom Notes

 

Fog ransomware assaults over the last month have included a new ransom note mentioning the US Department of Government Efficiency (DOGE) and enticing victims to propagate the malware to other PCs, Trend Micro said earlier this week. 

Analysis of the latest samples of Fog ransomware, which were published to VirusTotal between March 27 and April 2, 2025, found that they propagated via the transfer of a ZIP file containing an LNK file disguised as a PDF called "Pay Adjustment." This shows that attacks were carried out via phishing emails to employees.

Once the "Pay Adjustment" LNK file is clicked, a PowerShell script named stage1.ps1 is executed, which retrieves multiple payloads from a hacker-controlled domain. These include the ransomware loader cwiper.exe, a bring-your-own-vulnerable-driver (BYOVD) privilege escalation tool named Ktool.exe, a QR code image directing to a Monero wallet, a ransom letter called RANSOMNOTE.txt, and more malicious PowerShell scripts. 

Ktool.exe extracts the vulnerable Intel Network Adapter Diagnostic Driver iQVW64.sys to the %TEMP% folder, passing the target process ID (PID) and a hardcoded key as arguments. Lootsubmit.ps1 and Trackerjacker.ps1 are PowerShell scripts that collect and exfiltrate system information such IP addresses, CPU configurations, MAC addresses, and system geolocations. 

Before dropping the Fog ransomware, the ransomware loader checks to ensure it is not in a sandbox environment. It also drops dbgLog.sys, which tracks encryption-related activities, and readme.txt, an additional ransom note. This ransom note is identical to those found in past Fog ransomware assaults. 

Odd political references

While the final ransom note, readme.txt, is identical to prior attacks, the initial ransom note, RANSOMNOTE.txt, refers to DOGE and includes the names of specific individuals involved with the department. 

The note reads, "Give me five bullet points on what you accomplished for work last week," and refers to emails sent to federal employees in February as part of a DOGE campaign. The note further offers to decrypt the user's data for free if they deliver the malicious files to another person or manually execute the malicious PowerShell commands on someone else's PC. 

Earlier this year, the DoNex ransomware group followed a similar tactic, promising payment to targets in exchange for sharing sensitive company data or spreading the malware throughout their organisation. The PowerShell script also contains bizarre political references, such as the statement "The CIA didn't kill Kennedy, you idiot." The script also launched several politically orientated YouTube videos, including an episode of "Last Week Tonight with John Oliver.”
Read more »
User Security
Cyber Fraud Deepfakes Financial Scam Hong Kong Police User Security

Eight Arrested Over Financial Scam Using Deepfakes

 

Hong Kong police have detained eight people accused of running a scam ring that overcame bank verification checks to open accounts by replacing images on lost identification cards with deepfakes that included scammers' facial features. 

Senior Superintendent Philip Lui Che-ho of the force's financial intelligence and investigation division stated on Saturday that the raid was part of a citywide operation on scams, cybercrime, and money laundering that took place between April 7 and 17. Officers arrested 503 persons aged 18 to 80. Losses in the cases surpassed HK$1.5 billion (US$193.2 million. 

Officers arrested the eight suspects on Thursday for allegedly using at least 21 Hong Kong identification cards that were reported lost to make 44 applications to create local bank accounts, according to Chief Inspector Sun Yi-ki of the force's cybersecurity and technology crime branch. 

“The syndicate first tried to use deepfake technology to merge the scammer’s facial features with the cardholder’s appearance, followed by uploading the scammer’s selfie to impersonate the cardholder and bypass the online verification process,” Sun said. 

Following the successful completion of online identification checks at banks, thirty out of the forty-four applications were accepted. In half of the successful attempts, artificial intelligence was used to construct images that combined the identity card's face with the scammer's. The others just substituted the scammer's photo for the one on the ID.

Police claimed the bank accounts were used to apply for loans and make credit card transactions worth HK$860,000, as well as to launder more than HK$1.2 million in suspected illegal proceeds. Sun said the force was still looking into how the syndicate obtained the ID cards, which were claimed lost between 2023 and 2024. On suspicion of conspiracy to defraud and money laundering, police detained the six men and two women and seized numerous laptops, phones, and external storage devices. 

The accused range in age from 24 to 41, with the mastermind and main members of the ring allegedly belonging to local triad gangs. Lui urged the public against renting, lending, or selling access to their bank accounts to anyone.

The 333 men and 170 women arrested during the citywide raid were discovered to be engaged in 404 crimes, the most of which were employment frauds, financial swindles, and internet shopping scams. They were caught for conspiracy to defraud, gaining property by deception, and money laundering. Two cross-border money-laundering operations were busted in coordination with mainland Chinese authorities over the last two weeks. 

Lui claimed that one of the syndicates laundered alleged illicit earnings from fraud operations by hiring tourists from the mainland to purchase gold jewellery in Hong Kong. Between last December and March of this year, the syndicate was discovered to have been involved in 240 mainland scam instances, resulting in losses of 18.5 million yuan (US$2.5 million). 

“Syndicate masterminds would recruit stooges from various provinces on the mainland, bringing them to Hong Kong via land borders and provide hostel accommodation,” the senior superintendent stated.

Syndicate members would then arrange for the recruits to purchase gold jewellery in the city using digital payment methods, with each transaction costing tens to hundreds of thousands of Hong Kong dollars. On Tuesday last week, Hong Kong police apprehended three individuals who had just purchased 34 pieces of gold jewellery for HK$836,000 per the syndicate's orders. Two of them had two-way passes, which are travel documents that allow mainlanders to access the city. The third suspect was a Hong Konger.

On the same day, mainland police arrested 17 persons. The second cross-border syndicate arranged for mainlanders to create accounts in Hong Kong using fraudulent bank, employment, and utility bill documents. Police in Hong Kong and the mainland arrested a total of 16 persons in connection with the investigation. From December 2023 to April, the syndicate was involved in 61 scam instances in the city, resulting in losses of HK$26.7 million. Accounts were created to receive the scam money.
Read more »
User Security
Android devices Fraudulent Sites Malicious Campaign malware SpyNote User Security

SpyNote Malware Targets Android Users with Fraudulent Google Play Pages

 

The notorious SpyNote malware is making a comeback thanks to a novel campaign. This remote access trojan has many malicious features and is also quite challenging to remove from an infected Android smartphone.

According to security researchers, this time it is being spread through fake websites hosted on recently registered domains; the sites in question imitate Google Play Store app pages with incredibly accurate detail in order to deceive users into downloading infected files rather than the apps they're looking for.

The fraudulent sites include comprehensive details such as image carousels with screenshots of the supposed programs in issue, install buttons, and code traces, all of which are common visual aspects used to create an illusion of legitimacy. 

When a user clicks on the install button on one of these fake sites, JavaScript code is run, resulting in the download of a malicious APK file. This dropper APK calls a function to launch a second, embedded APK. This secondary payload contains the malware's basic functionality and allows it to communicate with the threat actors' command and control (C2) servers via hardcoded IP addresses and ports.

SpyNote can support both dynamic and hardcoded connections since the command-and-control parameters are incorporated in its DEX files. Additionally, the DNS settings and SSL certificates indicate that these malicious websites were deployed in a methodical and automated manner, which suggests that someone with access to a malware-as-a-service tool created them. 

SpyNote is a particularly malicious piece of malware because of its many features and capabilities: it can remotely activate a phone's camera and microphone, intercept text messages, call logs, and contacts; log keystrokes, including credentials and 2FA codes; track your GPS location; record phone calls; download and install apps; remotely wipe or lock devices, and avoid its own removal by abusing Android's accessibility services. 

Aggressive permission requests, which also enable SpyNote to continue operating even after rebooting, are mostly responsible for this. In order to keep running in the background, it can also exempt itself from battery optimisation, conceal its app icon, and relaunch itself immediately after a reboot. According to DomainTools LLC, the internet intelligence firm that uncovered this most recent campaign, a factory reset is frequently the only method to fully eradicate the malware due to its persistent nature.
Read more »
User Security
Cyber Crime Hospital Devices Medical Tool threat report User Security

Hospital Equipments Can be Used as Murder Weapons, Swiss Experts Warn

 

Swiss specialists have issued a grave warning that cyber attackers could use hospital devices to commit murder. In an alarming new research from Zurich-based cybersecurity firm Scip AG, specialists showed how they were simply able to hijack medical devices in a major healthcare facility and exploit them remotely. 

Png pacemakers, insulin pumps, and painkiller drips can all be automatically converted into twisted weapons of assassination.

“We could have overdosed patients with lethal amounts of drugs within minutes,” said Marc Ruef, head of research at Scip. “And we even hacked the monitors to fake the vital signs so no one would know it had happened.”

One expert admitted to hacking his own pain pump during a hospital stay, simply out of boredom. But the situation is far more serious, as perpetrators might not only silently kill victims in their beds, but they could also hide their tracks by showing completely normal health indicators. This isn't the first red flag either. A German university warned last year that pacemakers might be a 'perfect target for assassination.’

Johannes Rundfeldt, a cybersecurity expert and spokesperson for the independent expert organisation AG Kritis, claimed that this even applies to really powerful people, like world leaders, who may be subtly removed using a heart-hacking device.

“These can involve individual attacks on individuals: heads of state, generals, ministers, or similar individuals.How would we even prove it?...A sudden cardiac arrest wouldn't raise suspicion – and hackers leave no fingerprints,” Rundfeldt stated.

Cyber attacks have recently crippled entire hospitals, not simply devices. In January, cybercriminals took down a clinic in Lower Saxony, western Germany, and demanded a ransom to restore equipment. The first instance of a patient's death being specifically connected to a cyberattack occurred in 2020. 

Prosecutors in Cologne stated that a female patient from Düsseldorf was set to receive critical care at Düsseldorf University Hospital in Germany when the September 9 attack disrupted systems. The ransomware attack struck the hospital at night, encrypting data and rendering computer systems inoperable. When Düsseldorf could no longer provide care, she was moved 30 kilometres away to another hospital for life-saving therapy. 

Ciaran Martin, former CEO of the UK's National Cyber Security Centre, stated at the time: "If confirmed, this tragedy would be the first known case of a death directly linked to a cyber-attack.”

“It is not surprising that the cause of this is a ransomware attack by criminals rather than an attack by a nation state or terrorists. Although the purpose of ransomware is to make money, it stops systems working. So if you attack a hospital, then things like this are likely to happen. There were a few near misses across Europe earlier in the year and this looks, sadly, like the worst might have come to pass.”
Read more »
User Security
Cyber Fraud Frankenstein fraud Identity Theft Online Safety Synthetic Identity Fraud User Security

Frankenstein Scam: Here's How to Safeguard Yourself Against Synthetic Identity Fraud

 

Identity theft is not always as straightforward as acquiring one person's information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or "Frankenstein fraud," involves combining someone's Social Security number with information from other people to establish a new, fake identity.

To safeguard yourself from this and other types of identity theft, look into the finest identity theft protection services. Criminals frequently target the most vulnerable people, including children, the homeless, and the elderly. The offender can then use his new name to borrow money. If a fraudster succeeds, the real owner of the SSN may be held liable.

Modus operandi

Synthetic identity fraud requires patience on the part of the criminal, especially if they use a child's Social Security number. The identity is created by combining a valid Social Security number with an unrelated name, address, date of birth, phone number, or other piece of identifying information to make a new "whole" identity. Criminals can buy Social Security numbers on the dark web, acquire them from data breaches, or defraud people using phishing attacks and other frauds. 

Synthetic identity theft thrives because of a basic vulnerability in the American financial and credit systems. When a criminal creates a synthetic identity to request for a loan, the lender often denies credit because there is no record of that identity in their system. The thieves anticipate this because youngsters and teenagers may have little credit or a limited history, and the elderly may have poor credit scores. 

When an identity applies for an account and is reported to a credit bureau, it is shared with other credit agencies. That conduct is sufficient to allow credit bureaus to identify the synthetic identity as a real person, even if there is minimal activity or evidence to corroborate its authenticity. Once the identity has been established, the fraudsters can begin borrowing credit from lenders.

Prevention tips

Synthetic identity fraud may seem frightening, but there are actions you can take to limit how thieves can utilise your identifying data. 

Freeze your credit report: No one can open new credit lines in your name since a credit freeze stops creditors from viewing your credit reports. Unless your credit is first unfrozen with each of the major credit agencies, this also applies to you. 

Although the procedure for freezing a child's credit is a little more complicated, freezing their credit is also one of the greatest ways to cut off the source of synthetic identity fraud, which mostly depends on obtaining the Social Security numbers of children and the elderly. In a similar vein, you may help stop someone from using your Social Security number without your knowledge by freezing it.

Check credit reports regularly: If you do not freeze your credit reports, make sure to check them on a regular basis for any questionable activity. Be especially aware of any other names, residences, or employers associated with your credit file. You can also join up for free credit monitoring, such as Capital One's CreditWise, which searches the dark web for your personally identifiable information. 

Additionally, you can utilise an identity theft protection service to automate reviewing your credit reports or to alert you if your information is compromised in a breach. AnnualCreditReport.com also offers a free weekly credit report.
Read more »
User Security
Bank Scam Cyber Fraud Data Leak Financial Scam Fraudulent Message User Security

Five Ways to Identify a Bank Fraud And Stay Safe

 

It is not unusual for your bank to try to contact you. However, some of those emails and phone calls are simply scammers taking advantage of your trust in your bank to scam you. In general, you should be extremely sceptical of any unexpected messages. 

Modus operandi

You receive a phone call claiming to be from your bank informing you of a problem with your account. This is typically used for security purposes, such as informing you when someone is unlawfully accessing your account or has stolen your identity. 

Their response is to ask you to transfer all funds to a safe account' while the problem is resolved. The problem is that no one is attempting to access your account, and you are sending money directly to the crooks. The funds are then moved swiftly to other accounts around the world. 

Additionally, bank transfer scams might be the most common telephone, or vishing, scam, but they are far from the only one. Others may attempt to gain remote control of your computer by claiming there is a problem with your internet connection or that you have a virus.

In reality, they use this time to install malware on your computer and steal your personal information. Another strategy is to claim you're eligible for a refund or compensation but have received too much. You will then be asked to return the difference. 

How to detect a scam  

Urgency:  Fraudulent mails can generate a sense of urgency or mislead you into acting quickly. They may warn you about account termination, blocking your ATM card, or missing out on a limited-time promotion. Be wary of messages that urge you to take immediate action. 

Sender information: Legitimate banks usually send messages from certain phone numbers or email addresses. Be wary of messages from unknown phones or addresses that use generic greetings such as "Dear Customer" instead of your name. 

Personal data: Real banks would never request critical information such as your password, CVV code, OTP (One Time Password), or entire account number over SMS or email. If a message prompts you to update or verify such information, do not answer and instead contact your bank immediately. 

Grammatical errors: Legitimate bank messages are usually well-written and formatted. Typos, grammatical errors, and unprofessional language can all be indicators of a fake message. 

Verify: If you are unsure regarding a message, always contact your bank immediately using their official contact information (phone number or website) to enquire about its legality.

Better safe than sorry

The Federal Trade Commission reports that last year, fraud cost consumers over $12.5 billion. You can take measures to make it difficult for a bad actor to leave with anything, even though it could be simple for them to contact you by email, text, or social media. It's wise to use caution when dealing with something as important as your finances.
Read more »
User Security
Cyber Crime Pressure Tactics Ransom Payment ransomware attacks User Security

Turning The Screws: Pressure Techniques Used by Ransomware Outfits

 

Over the past ten years, ransomware attacks have increased in frequency and sophistication. While exploits like social engineering and unpatched software may help with an initial breach, it's the coercive tactics that force victims to make rash and emotionally charged decisions, like paying the ransom. 

Below are three of the most common tactics used by ransomware perpetrators to persuade victims into complying with their extortion demands.

1. Fear and humiliation 

Fear is a potent emotion that threat actors use. When a victim's documents are encrypted, the message is usually clear: pay the ransom or lose your data forever. In addition to the fear of data loss, cybercriminals use the threat of humiliation to demand ransom in order to prevent the disclosure of sensitive information such as company files, financial data, or personal images. 

Cybercriminals sometimes go one step further by threatening legal action, especially in highly regulated sectors like healthcare or finance: Pay the ransom, or we'll denounce you to the authorities. Due to the increased pressure, victims are compelled to take action out of fear about possible legal action. 

2. Deadlines and ultimatums

Most ransomware demands include a tight deadline to intensify the pressure. Attackers usually give victims a deadline, like 48 hours, to comply, frequently along with a clear warning of the repercussions. Some ransomware programs show a countdown meter, which acts as a continual reminder that time is running out, to further exacerbate panic. Attackers may raise the stakes, such as making some of the stolen material publicly available, or double the ransom if the deadline is missed.

3. False hope and fake assurances 

False promises are another tactic used by ransomware operators to trick victims into believing there is a possible solution. However, victims are merely coerced into complying by this hope. Attackers may provide a solution like a trial decryption tool to "prove" their solution works, a discount for speedy payment, or an extension on the payment deadline—tactics intended to strengthen the notion that paying the ransom would result in a complete recovery.

In reality, just 4% of individuals who pay are able to restore all their data. Furthermore, criminals frequently say that if the ransom is paid, the stolen data will be completely destroyed and the victim will be left alone. However, 78% of victims who pay report recurring attacks, proving that these assurances are nothing more than intentional deception. 

Mitigation tips 

The following are some best practices that can help organisations in handling these pressure tactics: 

Preparedness:    Ransomware attacks can happen to anyone. Employers must provide clear instructions and techniques for their employees to follow, as well as teach them how to respond and report in stressful situations while remaining calm and composed. 

Avoiding impulsiveness:  Avoid making decisions primarily based on emotional factors such as anxiousness or desperation. Evaluate all available information and investigate possible solutions and alternatives. 

Not making a payment right away: Don't ever give in to the urge to pay. Speak with law enforcement, cybersecurity experts, and skilled ransomware negotiators, or get advice from cyber insurance companies. Investigate backups and other recovery options. Online decryptors may even be accessible for some ransomware strains.
Read more »
User Security
Data Breach Data Leak Ransomware attack Retirement Service Firm United States User Security

Ransomware Attack on Retirement Services Firm Exposes Thousands of US School Data

 

A ransomware assault targeting retirement service firm Carruth Compliance Consulting has resulted in a data breach affecting dozens of school districts and thousands of individuals in the US. Carruth Compliance Consulting (CCC) administers retirement savings accounts for public schools and non-profit organisations.

Carruth announced on its website on January 13, 2025, that it had detected suspicious activity on its computer systems on December 21, 2024. An investigation revealed that hackers gained access to company networks between December 19 and December 26, and stole some files. 

The company claims that private information such as name, Social Security number, financial account information, and, in specific circumstances, driver's license numbers, medical billing information, W-2 information, and tax filings were among the hacked files. Free identity restoration and credit monitoring services are being provided to affected consumers. 

A relatively new ransomware organisation called Skira claimed responsibility for the Carruth attack this week, claiming to have taken about 469 gigabytes of data, including databases, source code, and the data the company had included in their customer notification. Only four additional victims are listed on Skira's Tor-based leak website as of this writing; the first victim was revealed in December 2024. 

While Carruth has not disclosed the number of impacted organisations and individuals, dozens of school districts and institutions across multiple states have confirmed in recent weeks that they have been affected by the cybersecurity issue. School districts notified state attorneys general that Carruth was unable to identify affected individuals, and each educational institution is seeking to identify current and former employees whose personal information was provided with the retirement services provider. 

To date, nine school districts in Maine have reported identifying more than 20,000 individuals affected by a data breach, as mandated by the attorney general. The Carruth data breach comes just weeks after it was revealed that hackers may have stolen the personal information of millions of students and instructors in the United States and Canada after a cyberattack on education software and services company PowerSchool.
Read more »
User Security
Data Breach Lawsuit Treasury Department US Citizens User Security

19 US States Sue to Prevent DOGE From Accessing Americans' Private Data

 

In an effort to prevent Elon Musk's Department of Government Efficiency from gaining access to Treasury Department documents that hold private information like Social Security numbers and bank account numbers for millions of Americans, 19 Democratic attorneys general filed a lawsuit against President Donald Trump on Friday last week. 

Filed in federal court in New York City, the lawsuit claims that the Trump administration violated federal law by giving Musk's team access to the Treasury Department's central payment system. 

The payment system manages tax refunds, Social Security payments, veterans' benefits, and much more. It sends out trillions of dollars annually and contains a vast network of financial and personal information about Americans. To identify and cut out what the Trump administration has determined to be unnecessary federal spending, Musk established his Department of federal Efficiency, or DOGE. 

Supporters have applauded the concept of limiting bloated government finances, but critics have expressed wide concern over Musk's growing authority as a result of DOGE's access to Treasury documents and its review of other government agencies. 

The case was filed by the office of New York Attorney General Letitia James, who stated that DOGE's access to the Treasury Department's data presents security issues and the potential for an illegal federal fund freezing. 

“This unelected group, led by the world’s richest man, is not authorized to have this information, and they explicitly sought this unauthorized access to illegally block payments that millions of Americans rely on, payments for health care, child care and other essential programs,” James noted in a video message published by her office. 

James, a Democrat who has been one of Trump's main opponents, stated that the president cannot stop federal payments that Congress has authorised or give out Americans' private information to anybody he wants. Moreover, Arizona, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, North Carolina, Oregon, Rhode Island, Vermont, and Wisconsin are parties to the complaint.

The suit claims that DOGE's access to Treasury records may interfere with funding already approved by Congress, which would go beyond the Treasury Department's legislative power. The case further contends that DOGE access violates federal administrative law as well as the separation of powers doctrine of the US Constitution. 

It also accuses Treasury Secretary Scott Bessent of altering the department's long-standing policy of safeguarding sensitive personally identifiable information and financial information in order to grant Musk's DOGE team access to the payment systems. 

The Treasury Department has stated that the review is intended to assess the system's integrity and that no adjustments would be made. According to two people familiar with the situation, Musk's team began exploring ways to block payments made by the US Agency for International Development, which Trump and Musk are aiming to abolish. The two persons spoke to The Associated Press on the condition of anonymity for fear of punishment.
Read more »
User Security
Cyber Fraud phishing QR code Quishing User Security

Quishing On The Rise: Strategies to Avert QR Code Phishing

 

QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing. 

What is Quishing? 

Quishing (QR code phishing) is the process of placing a malicious URL into a QR code. Rather than linking to a legitimate website, the code will load a page that attempts to steal information, infect your device with malware, or execute another malicious act.

It's a goofy name, but it poses a serious threat. While we're all aware that you shouldn't browse suspicious websites or download unfamiliar files, the nature of QR codes makes it impossible to tell what's on the other side. With a scan and a tap, you're whisked away to a website that may contain material you don't want to see, or routed to a malware download. 

It's also possible to be duped into scanning a QR code: many businesses build their QR codes using third-party services and URL shorteners, which means that the embedded links may not always redirect to their actual websites. This makes it challenging to determine whether a QR code has been tampered by someone carrying out a quishing assault.

Is quishing a real threat? 

Yes. It is already happening and has proven to be beneficial. QR codes for parking meters, restaurant payments and tip systems, and phoney advertisements are being tampered with all across the world to perpetrate quishing frauds, typically by simply sticking a sticker with a bogus QR over an already existing official code.

These trick codes then lead to false login pages and payment sites, where you can either pay the scammer directly or give them your information (which can be used to steal your money later or push further scams). 

Safety tips 

There are a few efficient strategies to safeguard yourself from quishing: 

  • Make use of your device's built-in QR code scanner. App shops' QR scanners have a bad reputation for security and privacy.
  • Avoid clicking on links that employ URL shorteners and make sure the destination a QR code is attempting to direct you to is genuine before clicking on the link. 
  • Avoid paying with QR codes whenever you can, especially if the payment link takes you to an unidentified address. 
  • Additionally, be aware that phoney websites often use names that sound similar to legitimate ones, so double-check your spelling.
Read more »
User Security
Cyber Attacks Malicious Campaign Mishing PDF Files User Security

Cybercriminals Exploit PDFs in Novel Mishing Campaign

 

In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations.

Dubbed as the "PDF Mishing Attack," the effort exposes new vulnerabilities in mobile platforms by taking advantage of the general belief that PDFs are a secure file format. 

The phishing campaign poses as the United States Postal Service (USPS) to earn consumers' trust and trick them into downloading infected PDFs. Once opened, the hidden links take victims to phishing pages designed to steal credentials.

"PDFs are used extensively for contracts, reports, manuals, invoices, and other critical business communications," said the zLabs team at Zimperium, who uncovered the campaign. “Their ability to incorporate text, images, hyperlinks, and digital signatures while maintaining integrity makes them ideal for enterprises prioritizing professionalism and compliance.” 

Hidden in plain sight 

Threat analysts at zLabs have been keeping a close eye on the phishing campaign, which targets only mobile devices and poses as the US Postal Service (USPS). It has discovered 630 phishing pages and over 20 malicious PDF files.

“This campaign employs sophisticated social engineering tactics and a never-before-seen means of obfuscation to deliver malicious PDF files designed to steal credentials and compromise sensitive data,” the researchers noted. 

Advanced evasion techniques hide clickable malicious URLs within PDF documents, easily bypassing traditional endpoint security solutions. This assault is primarily aimed at mobile device users, capitalising on the limited accessibility that mobile platforms provide while previewing file contents. Unlike desktop platforms, where PDFs are often used with security overlays, mobile devices lack the same safeguards, leaving users vulnerable to covert attacks. 

On threat detection 

This latest attack highlights the need for enhanced mobile threat defenses. PDFs have long been thought to be safe for sharing and storing information, however this is not the case. 

According to an HP Wolf Security report, PDF threats are on the rise. While online criminals used to primarily use PDF lures to steal credentials and financial data via phishing, there has been a shift and an increase in malware distribution via PDFs, including strains such as WikiLoader, Ursnif, and Darkgate. 

Zimperium emphasises the value of on-device threat detection to find and eliminate these scourges before they can do any damage because traditional endpoint security systems, which are sometimes made with desktop settings in mind, may not be able to detect sophisticated attacks on mobile platforms.
Read more »
User Security
Banshee Stealer Infostealer macOS malware User Security

New Version of Banshee Malware Targets macOS Users

 

According to the latest study published this week, a new variant of the info-stealing malware known as "Banshee" has been targeting macOS users' passwords, cryptocurrency wallets, browser credentials, and other data for at least the past four months.

Check Point researchers discovered that the latest version targets anyone using a Mac and can be downloaded mostly through malicious GitHub uploads, but also through other websites (GitHub's policies prohibit malware, but this does not mean there is no malware on GitHub). 

This latest Banshee malware often disguises itself as the Telegram messaging app or the Google Chrome browser, two popular apps that other malware attackers use to trick users. This version first surfaced in September last year and attempts to evade detection by using Apple's proprietary string encryption algorithm, XProtect.

This malware targets your browsing activities in Chrome, Brave, Edge, or Vivaldi. It also attempts to steal your cryptocurrency if you have any crypto wallet browser extensions installed, and it may show macOS victims fake login pages in an attempt to steal their usernames and passwords, which it then uses to steal accounts and funds. It will target your Coinbase, Ronin, Slope, TONNE, MetaMask, and other cryptocurrency wallet extensions if you have them. 

The source code for Banshee was leaked online in November. This could have helped antivirus companies ensure their software catches the sneakier version in the months since. Prior versions of this malware were marketed as "stealer-as-a-service" malware on cybercriminal channels, including attacker-controlled Telegram channels, for $3,000 per "license.” 

To stay protected from info-stealer malware, it's a good idea to consider getting a crypto hardware wallet like one from Ledger or Trezor if you have over $1,000 in crypto. In general, it's also a good practice to avoid storing more than $1,000 in any browser extension-based crypto wallet (you can also store funds with an exchange like Coinbase, Robinhood, or Kraken). 

Additionally, passwords should never be kept in an unsecured digital document on your computer (no Google Docs). Instead, think about keeping your crypto seed phrases on paper in a closed box or safe at home.
Read more »
User Security
Data Breach Data Leak Russian State Silent Crow User Security

Silent Crow Claims Hack of Russia’s Rosreestr, Leaks Citizens’ Personal Data

 



The hacking group Silent Crow has claimed responsibility for breaching Russia's Federal Service for State Registration, Cadastre, and Cartography (Rosreestr), releasing what it describes as a fragment of the agency’s database. The leak reportedly includes sensitive personal information of Russian citizens, raising significant cybersecurity and privacy concerns.

According to the Telegram channel Information Leaks, which first reported the incident, the exposed data set contains nearly 82,000 records. These records reportedly include:
  • Full Names
  • Birth Dates
  • Residential Addresses
  • Phone Numbers and Email Addresses
  • SNILS Numbers: Russian equivalents of Social Security numbers
  • Rosreestr IDs
Silent Crow shared details of the breach via its anonymous Telegram channel on January 6, 2025, claiming the leaked data includes approximately 90,000 entries from Russia's Unified State Register of Real Estate.

Journalist Andrey Zakharov examined 15 randomly selected entries from the leaked data and confirmed their authenticity. In several cases, the leaked property addresses matched individuals' known residences. However, the dataset notably omits cadastral numbers, which could directly link properties to their owners. Zakharov suggested this omission may have been intentional to conceal the full extent of the breach.

Rosreestr has not officially acknowledged the breach, stating only that "additional checks" are underway regarding the circulating reports on Telegram. No formal confirmation or denial has been issued as of now.

Rosreestr’s Role in Investigations

Rosreestr’s real estate data has historically been instrumental for journalists and independent investigators uncovering corruption. Investigations led by the late Alexey Navalny’s Anti-Corruption Foundation (FBK) frequently utilized Rosreestr records to expose properties owned by government officials, often purchased far beyond their declared incomes.

In response to these investigations, the Russian government restricted access to property ownership data. In March 2023, Rosreestr implemented stricter privacy controls under a personal data law passed in July 2022, allowing property owner information to be disclosed only with the owner's consent.

The Rosreestr breach highlights severe vulnerabilities in the cybersecurity infrastructure of large state agencies. Silent Crow’s statement emphasized this, stating, “Rosreestr has become a vivid example of how large state structures can fall in just a few days.” The leak raises serious concerns about the protection of sensitive government data and the potential misuse of this information.

As cybersecurity threats escalate globally, this incident underscores the urgent need for robust security measures within government databases to safeguard citizen data against malicious actors.
Read more »
User Security
14C Cyber Crime Digital Fraud Indian Government User Security

India Launches 'Report and Check Suspect' Feature to Combat Cybercrime

 

India’s National Cyber Crime Reporting Portal now features a ‘Report and Check Suspect’ tool, allowing users to verify UPI IDs, phone numbers, emails, and social media handles against a database of known cyber fraudsters.

Focusing on Digital Arrest Scams

The system targets scams where fraudsters impersonate officials to extort money under the pretense of “digital arrests.” Users can search the database at cybercrime.gov.in to identify potential threats.

Integrated Cybersecurity Measures

The tool complements other initiatives like blocking 669,000 fake SIM cards and implementing enhanced KYC protocols for digital lending. Major tech firms, including Google and Facebook, are collaborating with the Indian Cyber Crime Coordination Centre (I4C) to share threat intelligence and curb misuse of platforms like Google Firebase and Android banking malware.

The Ministry of Home Affairs has also established a Cyber Volunteer Framework, enabling citizens to report illegal online content and promote cyber hygiene. Additionally, the Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS) expedites action against financial frauds.

These initiatives align with India’s broader efforts to secure digital transactions, including mandating multi-factor authentication for government services by 2025.

Read more »
Subscribe to: Posts (Atom)