Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Banking fraud. Show all posts
Police Scam
Banking fraud Cyber Crime Fake Arrest India Police Scam

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

A 67-year-old Pune woman lost Rs 1.6 crore of her life savings to cyber crooks after receiving a call claiming that her phone number was used to send vulgar texts and that Mumbai police had arrested her.

She was issued an arrest order under the guise of a 'national security danger' and a 'Supreme Court case', and she was informed that disclosing her ordeal would result in the arrest of her children and seizure of their assets.

The deceptive call

The 67-year-old woman from Kothrud filed a First Information Report in the case at Pune's Cyber Crime Police Station earlier this week. In the first week of May, she received a call from a man posing as a Tilak Nagar police officer in Mumbai. While the individual presented himself as a sub-inspector, he used the identity of an IPS officer now stationed in Pune.

He informed her that vulgar messages had been sent from her phone number and requested her personal, financial, and Aadhar information for further clarity. He then stated that a 'FIR' had been registered in the 'Supreme Court' and that the charges included money laundering. The man said a CBI officer would call her and help.

The ‘fake’ CBI officer

The next day, she received a video call from a man pretending as a 'CBI officer' and providing the name of another working IPS officer. The officer informed her that to ensure that the money in her account was real and not used for money laundering, all funds from her account would have to be transferred to 'beneficiary accounts owned by the Reserve Bank of India.'

The officer informed her that the case against her was classified as 'national secrets' and that the account had been used to commit major crimes. Fearing legal repercussions, the victim made substantial transactions of Rs one crore and Rs 29 lakh from two separate accounts.

Coercion and surveillance: Imposing fear

During these transfers, the complainant was forced to remain on messenger calls, alleging she was under observation. The 'CBI official' informed her that if she shared the case with anyone in the family, her children would be detained and their possessions seized by the government. She was also instructed to make remittances of Rs 50 lakh to the 'Supreme Court.' The woman transferred more than Rs 30 lakh.

The aftermath

As the internet thieves increased their demands, the mother eventually confided in her daughter, who informed her that she had been duped by cybercriminals. She filed a complaint with the Cyber Crime Portal, and the case was then referred to the Cyber Crime Police Station in Pune City.

According to an officer from the Cybercrime Police Station, the crime's modus operandi is the same as that of drugs in parcel scams, but the grounds for threatening the victim differ. In a similar case recorded at Wakad police station in Pimpri Chinchwad, a software engineer in his 40s was duped of Rs 40 lakh after he was told that his number was being 'used to mistreat a woman' and threatened action under "national secret rule."

In these types of schemes, fraudsters mimic IPS personnel to defraud people. They pressure victims into transferring money for a variety of reasons, including customs taxes or legal expenses, as well as by saying that their bank accounts are under threat from hackers. Callers frequently threaten victims, stating they are under monitoring by the government.

Read more »
RBI
Banking fraud Cyber Crime Loan Scam online frauds RBI

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Bank frauds in India: A soaring trend

According to an analysis of frauds recorded across banks, the number of fraud cases filed in FY24 increased by approximately 300 percent from 9,046 in FY22. However, the sum involved has decreased from Rs 45,358 crore to Rs 13,930 crore, according to the central bank's annual report for fiscal year 24 released on Thursday.

Every year, the amount involved in total frauds reported decreased by 46.7% during fiscal year 24.

The numbers speak

The RBI stated that, while private sector banks reported the most frauds in the recent three years, public sector banks contributed the most to the fraud total. According to the RBI, digital payments (card payments and internet) were the most common source of fraud. 

According to the RBI, digital payments (card payments and internet) were the most common source of fraud. However, in terms of value, the frauds were concentrated in the loan portfolio.

While small value card/internet frauds accounted for the majority of frauds recorded by private sector banks, RBI investigation revealed that frauds in public sector banks were primarily in loan portfolios.

The number of scams involving card and internet payments jumped from 3,596 in FY22 to 29,082 in FY24. In terms of value, it rose from Rs 155 crore in FY22 to Rs 1,457 crore.

Observing the time lag

In an assessment of cases reported in FY23 and FY24, the RBI discovered a significant time lag between the date a fraud occurred and its identification.

According to the RBI, the amount engaged in frauds from prior fiscal years accounted for 94.0 percent of the frauds reported in FY23 in terms of value. Approximately 89% of the frauds recorded in FY24 by value occurred in previous fiscal years.

Factors contributing to the surge

  • Technological advancements: The digital revolution has transformed banking, making transactions faster and more accessible. However, it has also exposed vulnerabilities. Cybercriminals exploit weak security measures, phishing attacks, and identity theft to siphon off funds.
  • Lax oversight: Despite regulatory frameworks, some banks struggle to implement robust risk management practices. Inadequate internal controls and complacency contribute to the rising fraud numbers.
  • Insider threats: Employees with access to sensitive information can be both an asset and a liability. Insider fraud—whether intentional or due to negligence—poses a significant risk.
  • Complex financial products: As financial products become more intricate, so do the opportunities for fraud. From complex derivatives to shadow banking, the landscape is ripe for exploitation.

Mitigating the risk

  • Enhanced security measures: Banks must invest in cutting-edge cybersecurity tools. Multi-factor authentication, real-time monitoring, and AI-driven anomaly detection can help thwart fraud attempts.
  • Training and awareness: Educating bank staff and customers about fraud risks is crucial. Regular workshops, simulated phishing exercises, and awareness campaigns can empower everyone to stay vigilant.
  • Collaboration: Banks, regulators, and law enforcement agencies must collaborate closely. Sharing threat intelligence and best practices can strengthen the collective defense against fraud.
  • Strengthening legal frameworks: Stricter penalties and faster legal proceedings can act as deterrents. Swift action against fraudsters sends a strong message.

Read more »
UK Firms
Banking fraud Biometric Authentication Cyber Fraud Cybersecurity Financial crime UK Firms

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Read more »
Internet scammers
Banking fraud Cyber Fraud Financial Fraud Gujarat Police Internet scammers

Two Cyber Scammers Arrested; Police Uncover Transactions of ₹60 crore in Bank Accounts

 

Two cyber fraudsters were detained last week on Friday in Gujarat for allegedly being involved in a scheme that defrauded college students of lakhs of dollars by persuading them to like YouTube videos. Authorities investigated their bank records and discovered transactions of 60 crore in the previous three months. 

Rupesh Thakkar, 33, and Pankaj Od, 34, both natives of Gujarat's Gandhinagar district, were detained. They were traced as part of the investigation into a case filed by a 19-year-old student who was conned of $2.5 lakh in October of this year after taking up a part-time job that required liking YouTube videos.

The then-unknown offenders were charged under Indian Penal Code sections 419 (cheating by personation), 420 (cheating and dishonesty), 467 (forgery), 468 (forgery for the purpose of cheating), and 471 (using forged papers as genuine). 

"We determined where the accused were stationed through a technical investigation that involved tracing the accounts to which the complainant had made the payments. We arrested them early this week with the help of Gujarat police," said a Matunga police officer. 

The police have also seized several bank documents, including credit cards, debit cards, and cheque books, as well as devices, including six mobile phones and 28 SIM cards, from the two guys. They also discovered rubber stamps used to certify falsified documents shared with the accused's victims. 

"Analysis of their transaction history revealed that the two men have made 60 crore transactions in the last few months. However, the accounts we could link to only had 1.1 crore, which we froze," the officer explained. He went on to say that the remainder of the funds had already been transferred to other accounts that were also under investigation. 

Police believe that by thoroughly examining the accounts of the two accused, they will be able to solve several more incidents of cyber fraud. Both of the arrested suspects are currently in police custody.
Read more »
Thane
Banking fraud Cyber Crime Financial crime Money heist Payment Gateway Thane

Thane: Massive 16,180 Crore Bank Hacking Fraud Uncovered, National Probe Underway

 

An FIR has been filed by Thane Police against a group of individuals, among them an ex-banker, who is accused of hacking into the account of a supplier of payment gateway services and withdrawing money of Rs 16,180 crore. The heist was carried out over time using several different bank accounts. 

On Sunday, a police spokesperson from Thane stated that the fraud had been continuing for a while. However, it was discovered following the filing of a complaint regarding the hacking of the company's account and the theft of Rs25 crore. According to a Mint report, no arrests have been made as of yet in the Rs 16,180 crore robbery case. 

But when the police started investigating into the complaint, a major theft worth 16,180 crore rupees was discovered. Under Indian Penal Code sections 420 (cheating), 409 (criminal breach of trust), 467, 468 (forgery), 120B (criminal conspiracy), and 34 (common intention), an FIR has been filed against Sanjay Singh, Amol Andale @ Aman, Kedar @ Sameer Dighe, Jitendra Pandey, and another unidentified person. 

The suspected wrongdoers are charged with illegally forming unregistered partnership firms using fake documents in order to deceive the government. As many as 260 bank accounts have been found to be linked to these duplicitously formed partnership firms, enabling transactions totalling the enormous sum indicated.

A few months ago, an unknown person successfully breached the software of Safex Payout and carried out a Rs 25 crore fraud, which served as the initial impetus for this investigation. The legal counsel for the business quickly reported a hacking and cyber fraud incident to the Srinagar police station, which drove Thane police's cyber cell to take over the investigation. 

Investigators were able to further disentangle the complex web of deceit when they discovered a fraudulent transfer of Rs 1.39 crore to an account owned by Riyaal Enterprises, a company having branches in Navi Mumbai's Vashi and Belapur. Law enforcement authorities searched these places and found a treasure trove of paperwork, including multiple bank accounts and company contracts. 

When these documents were thoroughly examined, it became clear that five partnership firms had been created at the same address using forgeries and counterfeits to use several people's names. According to Nagpur Today, inquiries posed to workers of Riyaal Enterprises resulted in information on an astounding 250 bank accounts and notarized partnership company agreements, all of which raised red flags.
Read more »
Ransomware
Banking fraud E-Commerce IceID malware Money Fraud Ransomware

IcedID: A New Era with 'Lite and Fork' Malware

 

Proofpoint, a cybersecurity research firm, recently discovered two new variants of the IcedID malware namely "Lite" and "Forked." The original IcedID malware has been around since 2017 and is commonly used by cybercriminals, but these new versions were only seen for the first time in late 2022 and early 2023. 

The Lite IcedID Variant was first discovered in November 2022 in a malware campaign found to be distributed as a follow-up payload in a malware campaign known as TA542 Emotet. Unlike other malware campaigns that aim to steal sensitive data, the Emotet campaign primarily delivers the Lite version of the IcedID Bot. 

This Lite variant, however, lacks certain important features that are typically used for banking fraud. Despite this, the IcedID Lite still poses a significant threat as it can be used to deliver other types of malware, such as ransomware, and can compromise the security of a victim's computer system. 

On the other hand, the Forked IcedID Variant was first seen in February 2023 and it has been used in seven different campaigns. This variant is similar to the original IcedID in that it downloads from a server, but it also has some similarities to the Lite version. 

IcedID is a type of malware that was originally designed to steal banking information and is also capable of facilitating the installation of other types of malware, such as ransomware, into a victim's computer. 

According to the data, it was first discovered in 2017, and since then, there has been only one version of it that remained unchanged. This particular variant of IcedID includes an initial loader that communicates with a Loader C2 server and then downloads a standard DLL Loader, which ultimately installs the IcedID Bot into the targeted computer. 

Furthermore, the company found out that IcedID malware has been used in numerous campaigns by threat actors between 2022 and 2023. At least five different groups have been directly distributing the malware in these campaigns. The majority of the threat actors have been identified as initial access brokers, whose primary goal is to facilitate infections that lead to ransomware attacks. 

While most of the threat actors are using the standard IcedID variant, researchers at Proofpoint have found evidence of modified versions being used by a particular group of actors who appear to be shifting their focus away from banking fraud and toward delivering malicious payloads, potentially including ransomware. This suggests that the group is attempting to expand its criminal activities and become more versatile in its tactics.

Furthermore, based on the timing and association with Emotet infections, Proofpoint researchers suspect that the creators of Emotet have partnered with IcedID operators to expand their activities. This partnership may include testing the new Lite variant of IcedID through existing Emotet infections.
Read more »
U.S
Banking fraud Cyber Crime Scheme Cyber Fraud Tax Fraud U.S

U.S. Charged Eight in $45 Million Cyber Crime Scheme

The United States Department of Justice charged eight people on Wednesday in connection with a racketeering (RICO) conspiracy. 

Following a multimillion-dollar fraud that took place, threat actors stole money from hacked accounts at banks and financial institutions, laundered it, and sent it overseas. 

The defendants, Dickenson Elan, Andi Jacques, Jenkins, Louis Noel Michel, Monika Shauntel Jeff Jordan Propht-Francisque, Vladimyr Cherelus, Michael Jean Poix, and Louisaint Jolteus, allegedly worked together to perform computer fraud and scams. 

According to the Department of Justice, the campaign was started in 2011 when threat actors began to gain access to accounts at 15 big financial institutions including Citibank, E-Trade, PayPal and TD Ameritrade, JP Morgan Chase, payroll processor Automated Data Processing (ADP), and niche organizations including the U.S. military's Defense Finance and Accounting Service. 

As per the data, the defendants along with others from 2015 and 2019, including a now-deceased conspirator referred to as Rich4Ever4430, banded together in a cybercrime and fraud scheme involving tax returns. 

The indictment claims, Jenkins, Michel, Propht-Francisque, Cherelus, and Rich4Ever4430, purchased on the dark web server credentials for Certified Public Accounting (CPA) and tax preparation firms and used the data to gain access and exfiltrate the tax returns of thousands of people. 

"Hackers only need to find one vulnerability to cause millions of dollars of damage," said Mark Rasch, a former federal cyber crimes prosecutor, based in Bethesda, Maryland. 

Overall, they have stolen more than $36 million in false tax refunds. The estimated loss surpasses $4 million however, the exact amount is yet to be confirmed. 

The eight defendants have been charged with conspiracy to commit wire fraud, conspiracy to commit identity theft, and conspiracy to commit money laundering. According to the law, defendants could face fines and up to 20 years in prison on each of the first two charges, and 15 years on the third. 

The case is referred as "United States of America v. Oleksiy Sharapka, Leonid Yanovitsky, Oleg Pidtergerya, Richard Gundersen, Robert Dubuc, Lamar Taylor, Andrey Yarmoltskiy and Ilya Ostapyuk," number 13-06089, at the U.S. District Court for the District of New Jersey.
Read more »
KeyBank
Banking fraud Data Breach Identity Fraud Identity Theft KeyBank

KeyBank Suffers Data Breach, Third Party Steals Personal Information


KeyBank hit by data breach 

Hackers stole personal data: addresses and account numbers of home mortgage holders at KeyBank, social security numbers, the bank reports, in the compromise of the third party vendor that serves multiple corporate clients. 

The hackers stole the information on July 5 after hacking into computers at the insurance service provider Overby Seawell Company. 

KeyBank has its operations across 15 states, and has around $200 Billion in assets, the bank hasn't disclosed how many customers were affected or to respond to any other queries related to the breach. 

KeyBank's stand

In statement, KeyBank told that it came to know about the data theft on 4th August, and KeyBank systems and operations weren't compromised. Overby Seawell Company hasn't replied to any phone messages and emails that were sent to executives for comment. 

It sent a statement to the Associated Press, KeyBank mentions Kennesaw, Georgia based Overby Seawell was hit by a cybersecurity incident that breached data of its corporate clients. It refused to comment further. 

Further information 

As per the website, Overby Seawell's customers are banks, credit unions, finance companies and property investors, and mortgage servicers. The products consist a tracking system for real-time insurance monitoring that can be combined with other financial industry software forums. 

In an August 26 letter sent to Associated Press by an impacted mortgage holder, KeyBank said the information included in the Overby-Seawell breach linked to their mortgage consists their name, mortgage account number, address, and the first eight digits of their nine digits social security number. 

That is enough information for identity theft which the hackers can use while carrying out a serious fraud. 

Read more »
Subscribe to: Posts (Atom)