Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Christmas. Show all posts

Scammers Target Christmas with Labour's Online Safety Bill

 


During the 12 days of Christmas, Labour has predicted that nearly £80m will be lost to online fraud and spam over the holiday season. Ministers were criticised for the delays in the passage of the bill concerning online safety.  

According to police force data that was analyzed by the party, the number of incidents of cybercrime was 312 per day in 2019/20 and 2020/21 on average. This constitutes a loss of £6.36 million per day or a loss of £76 million over the festive period as a result of fraud. There has been criticism of Labour regarding the delay in the parliamentary process of the online safety bill. It has been alleged that the delay is letting criminals and fraudsters off the hook. 

Several delays and amendments have been made to the bill over the past few years. It was anticipated that it would finish its Commons stages by the end of July. At the last minute, however, the government decided to hold a confidence vote for Boris Johnson. Despite a row among conservative MPs over whether or not it would unfairly stifle freedom of speech online, the bill has since been stalled as ministers rewrite key sections of it. 

As a result of this legislation, children will be better protected from hazardous online content and there will be a decrease in the amount of hate speech and self-harm content available online. 

The government is extending the current parliamentary session, which was supposed to end in May, so it can be used as an opportunity to pass major pieces of legislation. The bill on online safety is included in this category. 

Earlier this year, the Shadow Digital minister, Alex Davies-Jones MP, said that the government was giving fraudsters and criminals a free pass. However, the victim protection against fraudulent activity was broken. 

There has been a growing concern that the country's government is not taking fraud seriously - however, being the biggest crime in the UK. During this Christmas holiday season, families are at risk of falling victim to online fraud and cybercrime as they struggle to make ends meet. 

In addition, she stated that the online safety bill has been a significant success thanks to Labour, as it strengthens online fraud protections. But as a result of ministers' willingness to bow down to vested interests rather than stand up for consumers, the entire bill is now at risk. 

Speaking for the Department for Digital, Culture, Media, and Sport, a spokesperson said that the government remains committed to fighting fraud and economic crime. This is regardless of what it takes. 

As part of the DCMS's plans, £400m will be invested over the next three years to help police agencies respond to crimes more effectively. A report published by the company claims that over 2.7 million scams have been removed from the internet in the past year.  

To ensure that the UK is the safest place to be online in the world, the government is committed to passing a world-leading online safety bill. In addition, big tech firms will be required to tackle fraud, including romance scams and fraudulent advertisements. 

Consumers Warned of Rising Delivery Text Scams

 

Consumers are being advised to be wary of delivery scam texts while purchasing online for Christmas and Boxing Day sales. 

New research from cybersecurity firm Proofpoint shows that delivery 'smishing' scams are on the rise during the busiest shopping season of the year, according to UK Finance. So far in Q4, more than half (55.94%) of all reported smishing text messages impersonated parcel and package delivery firms. In Q4 2020, only 16.37 percent of smishing efforts were made. 

In comparison to Q4 2020, Proofpoint saw a considerable decrease in different types of smishing frauds in Q4 2021. Text scams mimicking financial institutions and banks, for example, accounted for 11.73 percent of all smishing attacks in 2021, compared to 44.57 percent in 2020. 

The information comes from Proofpoint's operation of the NCSC's 7726 text message system. Customers can use this method to report suspicious texts. 

Delivery smishing scams typically begin with a fraudster sending a bogus text message to the recipient alerting them that the courier was unable to make a delivery and demanding a charge or other information to rearrange. The consumer will be directed to a fake package delivery company's website, where they will be asked to provide personal and financial information. 

Following the significant development in online shopping during COVID-19, this form of scam has become increasingly common. Over two-thirds (67.4%) of all UK texts were reported as spam to the NCSC's 7726 text messaging system in the 30 days to mid-July 2021, according to Proofpoint. 

Which? revealed a very clever smishing fraud involving an extremely convincing DPD fake website in a recent investigation. 

Katy Worobec, managing director of economic crime at UK Finance, commented: “Scrooge-like criminals are using the festive season to try to trick people out of their cash. Whether you’re shopping online or waiting for deliveries over the festive period, it’s important to be on the lookout for scams. Don’t let fraudsters steal your Christmas – always follow the advice of the Take Five to Stop Fraud campaign and stop and think before parting with your information or money.” 

Steve Bradford, senior vice president EMEA at SailPoint, stated: “The sharp rise in text message scams – or smishing, which has increased tenfold compared to last year, should be a stark warning to the public. With parcel delivery scam texts expected to spike this Christmas, it’s clear cyber-criminals are using every opportunity available to target victims using new methods. This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterizes many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support."

“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities, and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.”

Watch out for Christmas 2021 Credential Stuffing Attacks!

 

As per Arkose Labs' research, there were over two billion credential stuffing attacks (2,831,028,247) in the last 12 months, with the number increasing exponentially between October 2020 to September 2021. 

This form of online fraud has increased by 98 percent over the previous year, and it is projected to spike during the Christmas shopping season. Credential stuffing attacks in 2021 accounted for 5% of all web traffic in the first half of 2021. 

Credential stuffing is the most recent cyber-attack technique used by online criminals to obtain unauthorized access to users' financial and personal accounts. Cybercriminals take control of real user accounts and monetize them in a variety of ways. These include draining money from compromised accounts, collecting and reselling personal information, selling databases of the known verified username and password combinations, and exploiting compromised accounts to launder money obtained from other illegal sources. People who reuse the same username/password combination across various sites are frequently targeted by cybercriminals. 

The anti-fraud community has highlighted credential stuffing as an increasing problem in recent years. However, due to the jump in internet activity in the pandemic and the growth of online purchasing, it has risen in recent months. Credential stuffing increased 56 percent during the Christmas and New Year shopping season last year, according to research analysts, with forecasts that the same period in 2021 will witness up to eight million attacks on consumers every day. 

The Arkose Labs network detected and blocked 285 million credential stuffing assaults in the first half of 2021, with spikes of up to 80 million in a single week. In just one week, one intensively targeted social media organization experienced 1.5 million credential stuffing attacks. 

Kevin Gosschalk, CEO at Arkose Labs stated, “The global e-commerce landscape is more connected than ever before and personal information has become the currency of fraudsters. Credential stuffing is prolific. It’s become an enormous concern to online businesses and is fast overtaking other well-known attack tactics, such as ransomware, as THE cyber attack to watch out for.” 

“Fraudsters are compelled to this type of cybercrime as the low barrier to entry makes it easy to deploy and online criminals can generate profits with just one successful compromised account. Their volumetric approach can come on abruptly, quickly overloading businesses’ servers and putting customers at risk.” 

Other key information 

According to the research team's newest findings, 
  • The top attacked industries by sector include gaming, digital and social media, and financial services. 
  • Credential stuffing assaults accounted for over half of all attacks aimed at the gaming industry. 
  • The United Kingdom was also named as one of the top three regions that carried out the most credential stuffing attacks against the rest of the world. 
  • Alongside, Asia and North America, both demonstrated massive amounts of fraudulent activity emanating from their respective regions.
  • During the first half of 2021, mobile-based attacks accounted for approximately one-quarter of all attacks.