Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Victim. Show all posts
Victim
bank account Cyber Fraud FBI warning Financial crime Identity Theft loss Phone Scam Security Breach Sim-swapping scam Victim

Phone Scam Siphons Over $200,000 from Bank Account Holder

A bank account holder recounts losing over $200,000 due to phone accessibility issues. Heidi Diamond became a victim of a cyber scam known as sim-swapping, resulting in the depletion of her bank account. Sim-swapping involves fraudsters deceiving cell phone companies by assuming someone else's identity, enabling them to access personal information and manipulate phone services.

The fraudulent tactic begins with perpetrators obtaining personal details online and contacting phone service providers, claiming the loss or theft of the targeted individual's device. Once convincing the company of ownership, they activate the phone using the victim's SIM card, thereby gaining control over the device and its data. This renders the original owner's SIM card and phone inactive.

Diamond said this factor made the ordeal particularly tedious,  according to InvestigateTV. “It was such a panic that you know that something was so out of your control,” she said.

Sim-swapping circumvents typical security measures such as two-factor authentication, allowing criminals to breach sensitive accounts like bank accounts. Despite her bank reimbursing the stolen funds, Diamond remains dissatisfied with the lack of apprehension of the perpetrators, expressing a desire for justice.

Acknowledging the increasing prevalence of sim-swapping, the FBI has cautioned the public about its risks. Many remain unaware of this form of fraud, unlike more commonly recognized scams. The FBI disclosed that sim-swapping has resulted in a staggering $141 million in losses thus far.

Echoing Diamond's plight, other victims have shared their harrowing experiences, including Sharon Hussey, who lost $17,000 despite having robust security measures in place. Hussey received an unauthorized purchase confirmation from Verizon before her funds vanished, underscoring the severity and sophistication of sim-swapping attacks.
Read more »
Victim
Court Data Breach Data Breaches Settlement User Data User Security Victim

OPM Data Breach: Federal Judge Finalizes $63 Million Settlement for 2015 Data Breach Case Victims

 

On October 14, a federal judge granted the final approval for a $63 million settlement in regard to the 2015 Office of Personnel Management (OPM) data breach, bringing an end to the seven-year-long lawsuit over one of the biggest publicly known and reported security failures by the Federal government. 
 
U.S. district judge Amy Berman Jackson gave approval for the settlement to proceed in a fairness hearing, held at the U.S District Court for the District of Columbia. The judge described the approved terms to be “fair, reasonable, and adequate, and in the best interest of named and class members.” 
 

OPM Data Breach, 2015 

 
The United States Office of Personnel Management (OPM) in June 2015 confirmed it has experienced a series of data breaches targeting personnel records. 
 
Reportedly, about 22.1 million personal records were affected in the breach, including those pertaining to government employees, other individuals who had undergone background checks, and their family and friends. 
 
The data breach is considered one of the largest breaches of government data in U.S. history. The information accessed unlawfully included personally identifiable information (PII) of victims, including their names, dates, place of birth, residential addresses, and Social Security numbers.  
 
The cyber attack was carried out by state-sponsored threat actors working for the Chinese government. 
 

Terms of the settlement 

 
Prospective participants will still have until December 23 to join the lawsuit, after the final fairness hearing, following which the validity of each claim will be accessed.  
 
Furthermore, payouts to the claimants are expected to take place in the first or second quarter of next year, assuming there are no appeals. 
 
In accordance with the settlement terms, the prospective claimant is entitled to a minimum of $700 per claim, and a maximum of $10,000 per claim.  
 
As per Everett Kelley, national president of the American Federation of Government Employees and a plaintiff in the lawsuit, the court ruling was a “significant victory for rank-and-file federal employees.” 
 
“We look forward to continuing to educate our members whose personal information was compromised in this data breach about how they can take part in this settlement and receive the compensation they are due under the law,” Kelley said.
Read more »
Victim
Cyber Fraud data security Hackers Information phishing Security Victim

Hackers Target National Portal of India Via ‘Unprecedented’ Phishing Method

 

On Thursday, cyber-security experts announced the discovery of an "unprecedented, sophisticated" phishing method that has been extorting people from official websites worldwide, including the Indian government's portal https://india.gov.in. 

According to AI-driven cyber-security startup CloudSEK, threat actors have been targeting the Indian government's webpage by using a fake URL to deceive users into entering sensitive information such as credit card numbers, expiration months, and CVV codes. 

In a most advanced phishing technique known as Browser-in-the-Browser (BitB) attack, hackers imitate the browser window of the Indian government website, most typically SSO (single sign-on) pages, with a unique login. BitB attacks impersonate reputable websites in order to steal user passwords and other sensitive data such as personally identifying information (PII). The new URL that emerges as a result of the BitB attack looks to be legitimate. 

"The bad actors have also replicated the original page's user interface. Once their victims click into the phishing page, a pop-up appears on the phoney window claiming that their systems have been blocked, posing as a notification from the Home Affairs Enforcement and Police," the researchers asserted. 

The users are then alerted that their excessive usage of pornographic websites is banned under Indian law, and they are asked to pay a Rs 30,000 fee in order to unlock their computers.

"They are given a form to fill out in order to pay the fine, which asks them to divulge personal information, including their credit card information. The victims become panicked because the warning has a sense of urgency and appears to be time-bound," the researchers stated. 

The information entered by the victims into the form is sent to the attacker's server. Once the attackers have obtained the card information, it may be sold to other purchasers in a bigger network of cyber criminals, or the victim may be extorted for more funds. 

When users attempt to connect to a website, they may click on a malicious link that appears as an SSO login pop-up window. Users are requested to check in to the website using their SSO credentials when they visit the provided URL. The victims are then sent to a fraudulent webpage that appears just like the SSO page. The attack often triggers single sign-on windows and presents bogus web pages that are identical to the legitimate page. 

"Combine SSO with MFA (multi-factor authentication) for secure login across accounts, check for suspicious logins and account takeovers and avoid clicking on email links from unknown sources," the researchers suggested.
Read more »
Subscribe to: Posts (Atom)