Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Banking fraud. Show all posts

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

A 67-year-old Pune woman lost Rs 1.6 crore of her life savings to cyber crooks after receiving a call claiming that her phone number was used to send vulgar texts and that Mumbai police had arrested her.

She was issued an arrest order under the guise of a 'national security danger' and a 'Supreme Court case', and she was informed that disclosing her ordeal would result in the arrest of her children and seizure of their assets.

The deceptive call

The 67-year-old woman from Kothrud filed a First Information Report in the case at Pune's Cyber Crime Police Station earlier this week. In the first week of May, she received a call from a man posing as a Tilak Nagar police officer in Mumbai. While the individual presented himself as a sub-inspector, he used the identity of an IPS officer now stationed in Pune.

He informed her that vulgar messages had been sent from her phone number and requested her personal, financial, and Aadhar information for further clarity. He then stated that a 'FIR' had been registered in the 'Supreme Court' and that the charges included money laundering. The man said a CBI officer would call her and help.

The ‘fake’ CBI officer

The next day, she received a video call from a man pretending as a 'CBI officer' and providing the name of another working IPS officer. The officer informed her that to ensure that the money in her account was real and not used for money laundering, all funds from her account would have to be transferred to 'beneficiary accounts owned by the Reserve Bank of India.'

The officer informed her that the case against her was classified as 'national secrets' and that the account had been used to commit major crimes. Fearing legal repercussions, the victim made substantial transactions of Rs one crore and Rs 29 lakh from two separate accounts.

Coercion and surveillance: Imposing fear

During these transfers, the complainant was forced to remain on messenger calls, alleging she was under observation. The 'CBI official' informed her that if she shared the case with anyone in the family, her children would be detained and their possessions seized by the government. She was also instructed to make remittances of Rs 50 lakh to the 'Supreme Court.' The woman transferred more than Rs 30 lakh.

The aftermath

As the internet thieves increased their demands, the mother eventually confided in her daughter, who informed her that she had been duped by cybercriminals. She filed a complaint with the Cyber Crime Portal, and the case was then referred to the Cyber Crime Police Station in Pune City.

According to an officer from the Cybercrime Police Station, the crime's modus operandi is the same as that of drugs in parcel scams, but the grounds for threatening the victim differ. In a similar case recorded at Wakad police station in Pimpri Chinchwad, a software engineer in his 40s was duped of Rs 40 lakh after he was told that his number was being 'used to mistreat a woman' and threatened action under "national secret rule."

In these types of schemes, fraudsters mimic IPS personnel to defraud people. They pressure victims into transferring money for a variety of reasons, including customs taxes or legal expenses, as well as by saying that their bank accounts are under threat from hackers. Callers frequently threaten victims, stating they are under monitoring by the government.

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Bank frauds in India: A soaring trend

According to an analysis of frauds recorded across banks, the number of fraud cases filed in FY24 increased by approximately 300 percent from 9,046 in FY22. However, the sum involved has decreased from Rs 45,358 crore to Rs 13,930 crore, according to the central bank's annual report for fiscal year 24 released on Thursday.

Every year, the amount involved in total frauds reported decreased by 46.7% during fiscal year 24.

The numbers speak

The RBI stated that, while private sector banks reported the most frauds in the recent three years, public sector banks contributed the most to the fraud total. According to the RBI, digital payments (card payments and internet) were the most common source of fraud. 

According to the RBI, digital payments (card payments and internet) were the most common source of fraud. However, in terms of value, the frauds were concentrated in the loan portfolio.

While small value card/internet frauds accounted for the majority of frauds recorded by private sector banks, RBI investigation revealed that frauds in public sector banks were primarily in loan portfolios.

The number of scams involving card and internet payments jumped from 3,596 in FY22 to 29,082 in FY24. In terms of value, it rose from Rs 155 crore in FY22 to Rs 1,457 crore.

Observing the time lag

In an assessment of cases reported in FY23 and FY24, the RBI discovered a significant time lag between the date a fraud occurred and its identification.

According to the RBI, the amount engaged in frauds from prior fiscal years accounted for 94.0 percent of the frauds reported in FY23 in terms of value. Approximately 89% of the frauds recorded in FY24 by value occurred in previous fiscal years.

Factors contributing to the surge

  • Technological advancements: The digital revolution has transformed banking, making transactions faster and more accessible. However, it has also exposed vulnerabilities. Cybercriminals exploit weak security measures, phishing attacks, and identity theft to siphon off funds.
  • Lax oversight: Despite regulatory frameworks, some banks struggle to implement robust risk management practices. Inadequate internal controls and complacency contribute to the rising fraud numbers.
  • Insider threats: Employees with access to sensitive information can be both an asset and a liability. Insider fraud—whether intentional or due to negligence—poses a significant risk.
  • Complex financial products: As financial products become more intricate, so do the opportunities for fraud. From complex derivatives to shadow banking, the landscape is ripe for exploitation.

Mitigating the risk

  • Enhanced security measures: Banks must invest in cutting-edge cybersecurity tools. Multi-factor authentication, real-time monitoring, and AI-driven anomaly detection can help thwart fraud attempts.
  • Training and awareness: Educating bank staff and customers about fraud risks is crucial. Regular workshops, simulated phishing exercises, and awareness campaigns can empower everyone to stay vigilant.
  • Collaboration: Banks, regulators, and law enforcement agencies must collaborate closely. Sharing threat intelligence and best practices can strengthen the collective defense against fraud.
  • Strengthening legal frameworks: Stricter penalties and faster legal proceedings can act as deterrents. Swift action against fraudsters sends a strong message.

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Two Cyber Scammers Arrested; Police Uncover Transactions of ₹60 crore in Bank Accounts

 

Two cyber fraudsters were detained last week on Friday in Gujarat for allegedly being involved in a scheme that defrauded college students of lakhs of dollars by persuading them to like YouTube videos. Authorities investigated their bank records and discovered transactions of 60 crore in the previous three months. 

Rupesh Thakkar, 33, and Pankaj Od, 34, both natives of Gujarat's Gandhinagar district, were detained. They were traced as part of the investigation into a case filed by a 19-year-old student who was conned of $2.5 lakh in October of this year after taking up a part-time job that required liking YouTube videos.

The then-unknown offenders were charged under Indian Penal Code sections 419 (cheating by personation), 420 (cheating and dishonesty), 467 (forgery), 468 (forgery for the purpose of cheating), and 471 (using forged papers as genuine). 

"We determined where the accused were stationed through a technical investigation that involved tracing the accounts to which the complainant had made the payments. We arrested them early this week with the help of Gujarat police," said a Matunga police officer. 

The police have also seized several bank documents, including credit cards, debit cards, and cheque books, as well as devices, including six mobile phones and 28 SIM cards, from the two guys. They also discovered rubber stamps used to certify falsified documents shared with the accused's victims. 

"Analysis of their transaction history revealed that the two men have made 60 crore transactions in the last few months. However, the accounts we could link to only had 1.1 crore, which we froze," the officer explained. He went on to say that the remainder of the funds had already been transferred to other accounts that were also under investigation. 

Police believe that by thoroughly examining the accounts of the two accused, they will be able to solve several more incidents of cyber fraud. Both of the arrested suspects are currently in police custody.

Thane: Massive 16,180 Crore Bank Hacking Fraud Uncovered, National Probe Underway

 

An FIR has been filed by Thane Police against a group of individuals, among them an ex-banker, who is accused of hacking into the account of a supplier of payment gateway services and withdrawing money of Rs 16,180 crore. The heist was carried out over time using several different bank accounts. 

On Sunday, a police spokesperson from Thane stated that the fraud had been continuing for a while. However, it was discovered following the filing of a complaint regarding the hacking of the company's account and the theft of Rs25 crore. According to a Mint report, no arrests have been made as of yet in the Rs 16,180 crore robbery case. 

But when the police started investigating into the complaint, a major theft worth 16,180 crore rupees was discovered. Under Indian Penal Code sections 420 (cheating), 409 (criminal breach of trust), 467, 468 (forgery), 120B (criminal conspiracy), and 34 (common intention), an FIR has been filed against Sanjay Singh, Amol Andale @ Aman, Kedar @ Sameer Dighe, Jitendra Pandey, and another unidentified person. 

The suspected wrongdoers are charged with illegally forming unregistered partnership firms using fake documents in order to deceive the government. As many as 260 bank accounts have been found to be linked to these duplicitously formed partnership firms, enabling transactions totalling the enormous sum indicated.

A few months ago, an unknown person successfully breached the software of Safex Payout and carried out a Rs 25 crore fraud, which served as the initial impetus for this investigation. The legal counsel for the business quickly reported a hacking and cyber fraud incident to the Srinagar police station, which drove Thane police's cyber cell to take over the investigation. 

Investigators were able to further disentangle the complex web of deceit when they discovered a fraudulent transfer of Rs 1.39 crore to an account owned by Riyaal Enterprises, a company having branches in Navi Mumbai's Vashi and Belapur. Law enforcement authorities searched these places and found a treasure trove of paperwork, including multiple bank accounts and company contracts. 

When these documents were thoroughly examined, it became clear that five partnership firms had been created at the same address using forgeries and counterfeits to use several people's names. According to Nagpur Today, inquiries posed to workers of Riyaal Enterprises resulted in information on an astounding 250 bank accounts and notarized partnership company agreements, all of which raised red flags.

IcedID: A New Era with 'Lite and Fork' Malware

 

Proofpoint, a cybersecurity research firm, recently discovered two new variants of the IcedID malware namely "Lite" and "Forked." The original IcedID malware has been around since 2017 and is commonly used by cybercriminals, but these new versions were only seen for the first time in late 2022 and early 2023. 

The Lite IcedID Variant was first discovered in November 2022 in a malware campaign found to be distributed as a follow-up payload in a malware campaign known as TA542 Emotet. Unlike other malware campaigns that aim to steal sensitive data, the Emotet campaign primarily delivers the Lite version of the IcedID Bot. 

This Lite variant, however, lacks certain important features that are typically used for banking fraud. Despite this, the IcedID Lite still poses a significant threat as it can be used to deliver other types of malware, such as ransomware, and can compromise the security of a victim's computer system. 

On the other hand, the Forked IcedID Variant was first seen in February 2023 and it has been used in seven different campaigns. This variant is similar to the original IcedID in that it downloads from a server, but it also has some similarities to the Lite version. 

IcedID is a type of malware that was originally designed to steal banking information and is also capable of facilitating the installation of other types of malware, such as ransomware, into a victim's computer. 

According to the data, it was first discovered in 2017, and since then, there has been only one version of it that remained unchanged. This particular variant of IcedID includes an initial loader that communicates with a Loader C2 server and then downloads a standard DLL Loader, which ultimately installs the IcedID Bot into the targeted computer. 

Furthermore, the company found out that IcedID malware has been used in numerous campaigns by threat actors between 2022 and 2023. At least five different groups have been directly distributing the malware in these campaigns. The majority of the threat actors have been identified as initial access brokers, whose primary goal is to facilitate infections that lead to ransomware attacks. 

While most of the threat actors are using the standard IcedID variant, researchers at Proofpoint have found evidence of modified versions being used by a particular group of actors who appear to be shifting their focus away from banking fraud and toward delivering malicious payloads, potentially including ransomware. This suggests that the group is attempting to expand its criminal activities and become more versatile in its tactics.

Furthermore, based on the timing and association with Emotet infections, Proofpoint researchers suspect that the creators of Emotet have partnered with IcedID operators to expand their activities. This partnership may include testing the new Lite variant of IcedID through existing Emotet infections.

U.S. Charged Eight in $45 Million Cyber Crime Scheme

The United States Department of Justice charged eight people on Wednesday in connection with a racketeering (RICO) conspiracy. 

Following a multimillion-dollar fraud that took place, threat actors stole money from hacked accounts at banks and financial institutions, laundered it, and sent it overseas. 

The defendants, Dickenson Elan, Andi Jacques, Jenkins, Louis Noel Michel, Monika Shauntel Jeff Jordan Propht-Francisque, Vladimyr Cherelus, Michael Jean Poix, and Louisaint Jolteus, allegedly worked together to perform computer fraud and scams. 

According to the Department of Justice, the campaign was started in 2011 when threat actors began to gain access to accounts at 15 big financial institutions including Citibank, E-Trade, PayPal and TD Ameritrade, JP Morgan Chase, payroll processor Automated Data Processing (ADP), and niche organizations including the U.S. military's Defense Finance and Accounting Service. 

As per the data, the defendants along with others from 2015 and 2019, including a now-deceased conspirator referred to as Rich4Ever4430, banded together in a cybercrime and fraud scheme involving tax returns. 

The indictment claims, Jenkins, Michel, Propht-Francisque, Cherelus, and Rich4Ever4430, purchased on the dark web server credentials for Certified Public Accounting (CPA) and tax preparation firms and used the data to gain access and exfiltrate the tax returns of thousands of people. 

"Hackers only need to find one vulnerability to cause millions of dollars of damage," said Mark Rasch, a former federal cyber crimes prosecutor, based in Bethesda, Maryland. 

Overall, they have stolen more than $36 million in false tax refunds. The estimated loss surpasses $4 million however, the exact amount is yet to be confirmed. 

The eight defendants have been charged with conspiracy to commit wire fraud, conspiracy to commit identity theft, and conspiracy to commit money laundering. According to the law, defendants could face fines and up to 20 years in prison on each of the first two charges, and 15 years on the third. 

The case is referred as "United States of America v. Oleksiy Sharapka, Leonid Yanovitsky, Oleg Pidtergerya, Richard Gundersen, Robert Dubuc, Lamar Taylor, Andrey Yarmoltskiy and Ilya Ostapyuk," number 13-06089, at the U.S. District Court for the District of New Jersey.

KeyBank Suffers Data Breach, Third Party Steals Personal Information


KeyBank hit by data breach 

Hackers stole personal data: addresses and account numbers of home mortgage holders at KeyBank, social security numbers, the bank reports, in the compromise of the third party vendor that serves multiple corporate clients. 

The hackers stole the information on July 5 after hacking into computers at the insurance service provider Overby Seawell Company. 

KeyBank has its operations across 15 states, and has around $200 Billion in assets, the bank hasn't disclosed how many customers were affected or to respond to any other queries related to the breach. 

KeyBank's stand

In statement, KeyBank told that it came to know about the data theft on 4th August, and KeyBank systems and operations weren't compromised. Overby Seawell Company hasn't replied to any phone messages and emails that were sent to executives for comment. 

It sent a statement to the Associated Press, KeyBank mentions Kennesaw, Georgia based Overby Seawell was hit by a cybersecurity incident that breached data of its corporate clients. It refused to comment further. 

Further information 

As per the website, Overby Seawell's customers are banks, credit unions, finance companies and property investors, and mortgage servicers. The products consist a tracking system for real-time insurance monitoring that can be combined with other financial industry software forums. 

In an August 26 letter sent to Associated Press by an impacted mortgage holder, KeyBank said the information included in the Overby-Seawell breach linked to their mortgage consists their name, mortgage account number, address, and the first eight digits of their nine digits social security number. 

That is enough information for identity theft which the hackers can use while carrying out a serious fraud. 

Breach into Mahesh Bank's Servers, Transfer Massive Amounts

 

The investigation into the hacking of A.P. Mahesh Co-operative Urban Bank Limited's servers has been taken up by Hyderabad city police's cybercrime officials.

The Bank has achieved a position of prominence by not sacrificing the spirit of cooperative ideals, while also attempting to integrate and implement innovative techniques of work organization and administration, all while remaining committed to its goals.

According to authorities, the incident occurred around 12 p.m. after bank staff discovered unauthorized access and over Rs. 12.50 crore was deposited to more than 100 trust funds in Telangana. Nearly 2.5 crores of the combined worth of the unauthorized charges have already been frozen by the police. Some individuals hacked into the bank's servers before logging into the major accounts and transferring the funds to over 100 separate bank accounts. 

The fraud was discovered by bank personnel, and a report was filed at the Hyderabad Cybersecurity police station after testing. A preliminary investigation was undertaken by the police, who investigated Mahesh Bank's main branch and examined the security features and procedures used by the management. Bank payment channels operate 24 hours a day, seven days a week, including holidays, and officials are constantly monitoring them. 

Three clients in Mahesh Bank's two city branches were reportedly questioned about the scam. The authorities were also looking into the connection between suspects and account holders at other banks across the country. 

Four teams have been created to examine the crime, according to Addl. Commissioner (Crimes) A.R. Srinivas, and bank personnel in the technical departments have been questioned. The money was transferred to 128 accounts in multiple banks in Delhi, Bihar, and the northeastern provinces by the cybercrooks. 

The RBI has awarded the Bank an Authorised Dealer – Category – II license, allowing it to conduct money transfer activity as well as certain non-trade current account transactions. In the states of Telangana and Andhra Pradesh, Mahesh Bank is the first Co-operative Urban Bank to have this license.

According to a police officer, a case has been filed and an investigating team has visited the bank's core branch. It is worth noting that, this is considered to be the city's first e-fraud attack on a bank.

New types of fraud related to Bank cards of Russian Banks have been spotted

Fraudsters encourage Bank customers to withdraw funds at a branch or ATM on their own and then transfer money to the account of the attackers

"There are cases when fraudsters, through psychological influence on the client, ask to transfer funds through an ATM and/or withdraw funds through the cashier, while providing fake documents from the Bank," said Mikhail Ivanov, Director of the Information Security Department of RosBank.

Stanislav Pavlunin, Vice President and Security Director of Pochta Bank, noted that this is one of the latest schemes of cybercriminals, which is a kind of the most common method of fraud - social engineering.

The vast majority of fraudulent operations are carried out using social engineering methods, explained Ilya Suloev, Director of the Information Security Department of Otkritie Bank. This was confirmed by Sberbank, which since the beginning of 2020 has recorded almost 2.9 million customer requests about fraudulent attempts. In comparison with 2019, the number of such requests has more than doubled.

The most popular way to influence potential victims is still phone calls. According to OTP Bank, fraudsters can be represented by employees of the security service of the Bank or government agencies. 

The number of telephone fraud attempts has increased this year, confirmed Oleg Kuserov, Managing Director of Absolut Bank.

"The growth of such attacks is associated, in our opinion, both with an increase in the number of fraudulent call centers and with major data leaks in 2020 from various enterprises, including online stores," said Vyacheslav Kasimov, Director of the Information Security Department of Credit Bank of Moscow.

Sergey Afanasyev, Executive Director and Head of the Statistical Analysis Department of Renaissance Credit Bank, also noted that another common type of Bankcard fraud, in addition to social engineering, is phishing — stealing money through fraudulent duplicate sites.


Mumbai Techie Loses Rs 3 Lakh, Card Info Used 56 Times Abroad



A few days before Diwali, a Mumbai based engineer on a maternity leave to look after her new-born woke up to a shocking discovery from her bank as she was informed that she has fallen prey to a debit card fraud. While she was asleep, her debit card was used online to carry out 56 transactions, resulting in a loss of Rs 3.3 lakh, reported Times of India.

Around 2:30 am an automated phone call from the bank in which she has a savings account, alerted her about transactions carried out on her debit card and told her to reach out to customer care if the transactions had not been made by her. Upon receiving her response, customer care got her card blocked immediately and she also lodged a complaint with the Kanjumarg police, however, there are no remarkable leads on the case yet.

The unfortunate incident happened just a few days before Diwali and ruined the Diwali plans for the Mumbai techie's family. Notably, the transactions were made internationally and the owner did not receive any text or call requesting a one-time password (OTP). According to the statements given by the victim and her husband, they had never used the particular debit card internationally before. They had used it lately on domestic websites while shopping for baby products.

What experts have to say about the fraud? 


While commenting on the matter, cybersecurity expert, Vicky Shah said, "There could be various reasons how this happened. One of the possibilities is that the card could have been cloned. When a card is used internationally, an OTP is not required. Another possibility is that the card details were compromised. There were recent reports about details of 1.3 million cards being leaked. It’s a matter under police investigation." He also pointed out the RBI norms, which bound the bank to reverse the lost amount back into the victim's bank account within a time frame of 10 days as the transaction was carried out internationally.

Meanwhile, the victim's husband tweeted, "Bank representatives should have noticed that something was wrong when dozens of transactions were made so early in the morning. They should have called us before approving the transactions."

Banking customers are tricked by SCA checks

Online scammers are using changes to European banking rules around customer authentication to trick consumers into handing over their sensitive financial details, according to Which?

The consumer rights group warned that attackers are spoofing the emails being sent from banks, payment firms and e-commerce providers asking for up-to-date info, as part of new Strong Customer Authentication (SCA) requirements.

Firms across the EU are gearing up for the changes, part of PSD2, which will require a form of two-factor authentication on any online transactions over €30, although some exceptions apply.

Ironically, payments providers and e-commerce firms in the UK have been given a further 18 months to comply with the new rules, originally set for a September 14 deadline.

Yet that hasn’t stopped the scammers: Which? claimed it has already spotted phishing emails imitating emails from Santander, Royal Bank of Scotland (RBS) and HSBC.

Urging the recipient to update their banking information ahead of “new procedures,” they include links designed to take the victim to a legitimate-looking page designed to harvest banking details.

Which? argued that in many cases, legitimate brands are making it harder for consumers to spot phishing emails, by including links in their own emails, and by using multiple unusual domains for various landing pages.

The group claimed that 78% of its members think banks and other financial firms should never include links in emails, to make phishing attempts easier to spot.

Tripwire VP, Tim Erlin, agreed, arguing that companies can’t simultaneously tell customers not to follow links in emails but then continue to send them emails urging them to click through.

“As long as banks send legitimate emails as a means of communicating with customers, scammers will attempt the same with fake emails,” he added.

“Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold.”

State Farm suffered a credential stuffing attack



US banking and insurance giant State Farm has informed customers that it suffered a credential stuffing attack through which hackers were able to confirm valid usernames and passwords to attempt access into online accounts.

The company is writing a letter to notify its customers, calling "bad actor" behind accessing the credentials by hacking a third party website to gain access to State Farm online accounts.

Spokesperson of the State Farm told ZDNet that they discovered the hack on July 6, 2019. However, the company restrained to comment on a direct question regarding the number of affected accounts.

"We have implemented additional controls and continue to evaluate our information security efforts to mitigate future attacks," a State Farm spokesperson told ZDNet.

"We encourage customers to regularly change their passwords to a new and unique password, use multi-factor authentication whenever possible, and review all personal accounts for signs of unusual activity," the company added.

Moreover, State Farm says, they have not found any fraudulent activity till now, but to further secure the data of the customers they have reset passwords to block future malicious activity.

Trickbot Trojan Gets 'BokBot' Proxy Module to Steal Banking Info.




In 2017, IBM's X-Force team discovered a banking trojan named as 'BokBot', which redirects users to malicious online banking websites or can link victims to a browser procedure in order to insert unauthorized content onto official bank pages, it's also known as IcedID.

The authors of Trickbot trojan have begun to distribute a custom proxy module to the users; Trickbot trojan is a new component originated from BokBot's code for web injection, it works with some of the widely used web browsers.

The new variant came with its separate configuration file, it was detected on an infected system on 5th of July as "shadnewDll".

How does the malware work?

The malicious process begins with an infected Office Word document that downloads the Ursnif trojan after deploying a PowerShell script. Then, a Trickbot version along with the IcedID proxy module is received by the compromised host, it is programmed to intercept and modify web traffic.

After examining the component, Vitali Kremez, security researcher, said that it can be attached to the following web browsers: Microsoft Edge, Mozilla Firefox, Internet Explorer and Google Chrome.

Upon further inspection, the module appeared to be particularly adapted for TrickBot or other fraud bank operations which is based on the installion of this malware and its variants.

Referencing from the research of FireEye, "The TrickBot administrator group, which is suspected to be based in Eastern Europe, most likely provide the malware to a limited number of cyber criminal actors to use in operations." 

The Central Bank of Russia detected a new type of fraud during the transfer of funds through an ATM




According to the publication of the Center for monitoring and responding to computer attacks in the financial sphere of the General Directorate of protection and information security at Bank of Russia (FinCERT), the Central Bank reported a new type of fraud during the transfer of funds between cards through ATMs.
The document says, "previously expected  TRF-attacks (transaction reversal fraud) did not occur, but a new method of such an attack was recorded based on the imperfection of the scenarios for processing transfers from card to card using ATMs."
The fraud method is connected with the imperfection of the p2p-transfer scenario (transfer between individuals). In particular, when the transaction is cancelled, the fraudster has the opportunity to withdraw the transferred amount from another card and at the same time keep the money in his account.
The algorithm is quite simple. First, a transfer operation between individuals is selected and the card number of the beneficiary is indicated. The terminal sends two authorization messages to the beneficiary's Bank and to the sending Bank. After two approvals have arrived, the actual translation is performed.
However, the ATM then asks the sender for confirmation of the debit fee, but he does not agree, and a message about the return is sent to both Banks. As a result, the temporary holding of funds is removed from the sender's account, he saves all the money, but the beneficiary during this time withdraws the transfer from his card.
The Central Bank advises Banks to check the correctness of ATM scenarios. So, the approval for the cancellation of the operation to the sender should come only after the message about the successful return of the transferred funds from the beneficiary's Bank.
Another measure to combat this type of fraud is to obtain consent to charge a transfer fee before sending authorization messages for the operation.
The sender bank is responsible for the success of such attacks, said Alexei Golenishchev, the Director of e-business monitoring at Alfa-Bank.
In May, Ehackingnews described another type of fraud with Sberbank ATMs. The attacker did not insert a Bankcard into the machine, chose any operation and did not complete it. When the next customer came to the machine, he saw on the screen of ATM a proposal to insert the card and enter the pin code. When he did all, the operation of the attacker was automatically completed, after which the money was debited from the cardholder's account. Later, Sberbank said that Bank solved this problem and the attackers could not withdraw money anymore.

Criminals use new method to steal money from Sberbank customers



A new type of fraud using Sberbank ATMs appeared in Russia. Criminals use the imperfection of technology and inattention of citizens.

According to police, the attacker did not insert a Bankcard into the machine, chose any operation and did not complete it. When the next customer came to the machine, he saw on the screen of ATM a proposal to insert the card and enter the pin code. When he did all, the operation of the attacker was automatically completed, after which the money was debited from the cardholder's account.

First cases of such theft appeared six months ago. But in the last two weeks, the number of complaints from citizens to the police about this has increased rapidly. In all cases, the theft was committed when there was a queue at the ATM.

The the scheme worked only if the pin code was entered within one and a half minutes, otherwise, the terminal interrupted the operation. Police noted that attackers started using this scheme half a year ago but in the last two weeks the number of such incidents increased sharply.

Some experts believe that the problem is in the technology: normally, you must first to insert the card and then choose the operation. The second problem, according to experts, is a too long time-out. The basic time-out is 30 seconds. According to Yevgeny Tsarev, the RTM Group expert, a 90 seconds timeout is a serious vulnerability, and not technical, but social because an unprepared user can easily insert his card without looking at the monitor. Sberbank must reconfigure ATMs and reduce the time of the session, believes Mr. Tsarev.

An interesting fact is that on the channel "Russia 1" on the show with the participation of the head of Sberbank German Gref TV host said that customers of Sberbank are protected by graduates from the Faculty of Cybersecurity of leading Russian technical universities, while still being students. The youngest employee is about 20 years old.

Hackers stole money from Kukuruza(Kykyryza) cards using Apple Pay


83 Kykyryza(Kukuruza) cardholders suffered from the theft of funds. The fraudsters gained access to the logins and passwords from the mobile and Internet banking, and then they connected Apple Pay and withdrew funds. Now the problem is solved, the money is returned.

The Kykyryza card is a multifunctional bonus payment card, which is offered to its customers by the United Russian company Svyaznoy/Euroset. The card works in the Mastercard payment system.

Since May 2 complaints of Kykyryza cardholders about the theft of their funds began to appear on the website Banki.ru. Victims of the attack received SMS that their card is connected to Apple Pay, immediately after that, the money was withdrawn to the Tele2* number. All victims indicate that they did not receive SMS or Push-notifications with a verification code to connect to Apple Pay.

It turned out that hackers attacked a social service, where they received data about the owners of Kykyryza cards to log into the account and then they checked if the victims used the same username and password in the mobile or Internet Bank. If the data was the same, then the attackers connected mobile application Kykyryza to the Apple Pay and proceeded to withdraw money.

The company Svyaznoy/Euroset confirmed the theft of funds from Kykyryza card owners, noting that the number of victims is small, as only 20 million cards were issued. According to Alexander Malis, the SEO of the company, only 83 cardholders suffered.

“The hackers stole about 2 million rubles ($ 31 000),— said Mr. Malis.— The stolen funds were already returned to all the victims.”

Vladimir Dryukov, the Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the mobile application with this method of theft showed two serious vulnerabilities — the lack of protection from the change device when you log in to the mobile Bank and the lack of protection from the selection of the numbers.

However, according to Mr. Malis, Kykyryza card showed a high level of security in the conditions of a mass attack. He also clarified that a special update has already been released, which will not allow an unauthorized user to change the mobile device.

Can Aadhaar card data be misused to open bank accounts?

Can your Aadhaar Card data be misused by fraudsters to open bank accounts? Don’t worry! Aadhaar Card holders often ask what will happen if some fraudster tries to open a bank account against their names without their knowledge by obtaining a copy of their Aadhaar. People have raised apprehensions about whether they would be harmed or not. The Unique Identification Authority of India (UIDAI), the nodal authority for issuing Aadhaar, claims that Aadhaar Card data is completely safe and secured.

UIDAI has clearly stated that one can not open a bank account merely by presenting or submitting a physical Aadhaar Card or its photocopy. As per Prevention of Money-laundering (Maintenance of Records) Rules, 2005, and Reserve Bank of Indian circulars, a bank will go through a certain process of security checking. The process involves banks to perform verification through either biometric data or OTP authentication. Apart from this, there are another due diligence that need to be done by the bank before the Aadhaar Card can be accepted for banking transactions or KYC, says UIDAI. So as per the rules, no fraudster can open a bank account against your name using your Aadhaar Card details without verification through biometric or OTP.

However, if someone manages to open an account in a bank using your Aadhaar Card details without biometric or OTP authentication and other verification, then the bank will be held responsible for the loss, says UIDAI.

If you are still not sure about the security of your Aadhaar Card, then UIDAI provides another option for the verifiable 12-digit identification number. The Masked Aadhaar card is a viable option if you want to secure your Aadhaar Card details. While downloading Aadhaar Card details, you can opt for a more safer option of Masked Aadhaar card. This Masked Aadhaar Card only shows the last 4 digits of the 12-digit Aadhaar number. So, instead of carrying a phyiscal copy of your Aadhaar Card or a photocopy, it is advisable to have a Masked Aadhaar card, which in case of being misplaced or stolen is less likely to be misused. However, the Masked Aadhaar card does display other key details such as photograph, smart QR Code and demographic info.

SIM SWAP Fraud: A Mumbai Businessman Gets Robbed Off Of 1.86 Crore Via Missed Calls






A terrifying banking fraud, the researchers are calling “SIM SWAP”, recently preyed upon a Mumbai based businessman.
Reportedly, Rs.1.86 crore were harvested from this man’s bank balance via 6 late night missed calls.




Numerous other such cases of “SIM-SWAPPING” have also come to light in the metro cities of Bengaluru, Delhi, Bombay and Kolkata and the police cyber-cells are working on them.


This baffling fraud is not just subjective to people with lack of cyber knowledge or lack of critical thinking, technologically active people could also easily get drowned in the scam.


This seemingly stupid and unbelievable method of scamming people is fairly obvious to other parts of the cyber-world.


Despite being quite fresh in India, it has already affected a lot of people around the country and has targeted a fair number of “not-so-aware” mobile phone users, leaving their bank accounts pretty light.


When users switch from their old generation SIM cards to the upgraded versions, meaning when they change their 3G cards to 4G they use a technology called, “SIM SWAP” to register the new SIM card.


This technology had also come into play when the older SIM cards got switched by nano cards.




SIM SWAP:- WHAT? AND HOW?
SIM SWAP is a technique of replacing the existing SIM card by a duplicate one.

It can only be done when the attacker knows the unique 20 digit SIM number embarked on the SIM card.

Either the SIM-con would persuade the user into telling them the number or would hack into it on their own.




WHAT HAPPENED TO THE VICTIM!
Reportedly, the scammers had gotten the access to the victim’s 20 digit card number and had set the SIM SWAP process on, in the night time.

The scam broadly takes place in 2 steps, the SIM SWAP being the second step of the scamming technique.


Already privy to the banking ID and passwords, all that’s left for the fraudulent cons to find is the OTP on the registered mobile number and behold, the transactions begin!


Possibly, the victim was previously victimised by a phishing attack and unawares, mentioned his real password and account ID into a fake website fabricated by the cons.


The businessman had received 6 missed calls between the hours of 11pm and 2 am. These calls were initiated from 2 separate numbers, one beginning from +44(UK’s code).


The calls weren’t attended to as his phone was on the silent mode. Almost all the money got withdrawn from around 14 bank accounts the man had across the country, except for the 20 lakhs he somehow managed to recover.



When a user SIM SWAPS or basically EXCHANGES SIM CARD, all they do is register their phone number with their new SIM card.


This way the phone number is harvested and once that’s done the OTPs could be easily received, opening avenues of online shopping and ludicrous transactions in the owner’s name.


SIM SWAP could also affect people who communicate about their passwords or IDs via cell phones.


The technique depends upon who is a part of the communication. In actual and legitimate SIM exchanges, the users are connected to the servers of service providing organizations like Vodafone or Airtel.


These operators have ‘specifically designed official USSD codes’ for the SIM Swap process.


But when the swapping is not done by the user, the 20 digit SIM card number might fall into wrong hands.


If the wrongly swapped SIM card falls into the hands of the scammer, the victim would fall into immense danger.




HOW THE SCAM GOES ABOUT

The user would get call from the scammer, pretending to be from Idea or Jio. The caller would then, engage the user by saying that the call is for improving the call experience.


Once, set and familiar, the caller would guide the user’s way to SIM exchange, all the way wanting to extract the 20 digit SIM code.


The caller would try all means possible and would trick the user with any trickery possible to haul those 20 digits out.


After having persuaded the user about the 20 digits, the caller would ask them to press 1 or confirm the SIM swap.


The fraudster would then actually initiate the SWAP, having extracted the 20 digit SIM code, they were after.



Meaning, if supposedly the user has an Airtel SIM, the fraudster will too use an Airtel SIM to officially go through with the SIM swap.


Airtel would then send a confirmation text to the user’s cell number. Airtel would be sure that the SIM swap has actually happened and the attacker would have the cell number.


The actual user’s mobile will be left with no signals at all, whereas the fraudster will have full signals on the SIM and complete control over the cell number.


The fraudster would then incessantly call to make the user switch off the phone, in order to get a window to complete the fraud. Once that’s done, the user wouldn’t have any idea about it.



 
Aadhar number could also be an important credential that you would never want to share over the phone.

Also, always keep a close check on your bank account, and if any weird activity is speculated, immediately contact the bank and put a stop to the questionable transaction.