Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Fraud. Show all posts

New Ghost Tap Assault Exploits NFC Mobile Payments to Steal Funds

 

The attackers are increasingly relying on a novel approach that employs near-field communication (NFC) to pay out victims' funds at scale. ThreatFabric's Ghost Tap technology enables fraudsters to cash out money from stolen credit cards related to mobile payment services such as Google Pay or Apple Pay while relaying NFC traffic. 

"Criminals can now misuse Google Pay and Apple Pay to transmit your tap-to-pay information globally within seconds," the Dutch security company stated. "This means that even without your physical card or phone, they can make payments from your account anywhere in the world.”

These attacks usually include deceiving victims into downloading malware for mobile banking, which subsequently uses an overlay attack or a keylogger to steal their banking credentials and one-time passwords. As an alternative, it can include a voice phishing feature.

Once the threat actors get the card information, they proceed to link the card to Apple Pay or Google Pay. However, the tap-to-pay information is sent to a mule, who is in charge of making fraudulent transactions at a business, in an effort to prevent the issuer from blocking the cards. A reliable research tool called NFCGate, which has the ability to record, examine, and alter NFC traffic, is used to achieve this. Using a server, NFC traffic can also be transferred between two devices. 

Researchers from TU Darmstadt's Secure Mobile Networking Lab stated that one device functions as a reader reading an NFC tag, while the other device emulates an NFC tag using the Host Card Emulation (HCE).

The most recent development is the first instance of NFCGate being misused to relay data, even though ESET previously noted that bad actors have previously utilised the technology to transfer NFC information from victims' devices to the attacker using NGate malware back in August 2024. 

"Cybercriminals can establish a relay between a device with stolen card and PoS [point-of-sale] terminal at a retailer, staying anonymous and performing cash-outs on a larger scale," ThreatFabric explained. "The cybercriminal with the stolen card can be far away from the location (even different country) where the card will be used as well as use the same card in multiple locations within a short period of time.” 

The approach has further benefits in that it can be employed to purchase gift cards at offline businesses without the fraudsters being physically present. Even worse, it can be utilised to expand the fraudulent operation by recruiting the assistance of multiple mules in different locations over a short period of time. 

Further complicating the detection of Ghost Tap assaults is the fact that the transactions appear as if they are originating from the same device, hence circumventing anti-fraud measures. It can be more difficult to determine their precise location and the fact that the associated card was not used to complete the transaction at the PoS terminal if the device is in flight mode.

Meet Daisy, the AI Grandmother Designed to Outwit Scammers

 

The voice-based AI, known as Daisy or "dAIsy," impersonates a senior citizen to engage in meandering conversation with phone scammers.

Despite its flaws, such as urging people to eat deadly mushrooms, AI can sometimes be utilised for good. O2, the UK's largest mobile network operator, has implemented a voice-based AI chatbot to trick phone scammers into long, useless talks. Daisy, often known as "dAIsy," is a chatbot that mimics the voice of an elderly person, the most typical target for phone scammers. 

Daisy's goal is to automate "scambaiting," which is the technique of deliberately wasting phone fraudsters' time in order to keep them away from potential real victims for as long as possible. Scammers employ social engineering to abuse the elderly's naivety, convincing them, for example, that they owe back taxes and would be arrested if they fail to make payments immediately.

When a fraudster gets Daisy on the phone, they're in for a long chat that won't lead anywhere. If they get to the point when the fraudster requests private data, such as bank account information, Daisy will fabricate it. O2 claims that it is able to contact fraudsters in the first place by adding Daisy's phone number to "easy target" lists that scammers use for leads. 

Of course, the risk with a chatbot like Daisy is that the same technology can be used for opposite ends—we've already seen cases where real people, such as CEOs of major companies, had their voices deepfaked in order to deceive others into giving money to a fraudster. Senior citizens are already exposed enough. If they receive a call from someone who sounds like a grandchild, they will very certainly believe it is genuine.

Finally, preventing fraudulent calls and shutting down the groups orchestrating these frauds would be the best answer. Carriers have enhanced their ability to detect and block scammers' phone numbers, but it remains a cat-and-mouse game. Scammers use automated dialling systems, which allow them to phone numbers quickly and only alert them when they receive an answer. An AI bot that frustrates fraudsters by responding and wasting their time is preferable to nothing.

Browser Warning: Fake Websites Steal Millions from Users

 



Cyber scammers give new warnings as they do not stop scamming unsuspecting web shoppers through a new phishing campaign posing to be online stores. Many of these fake stores Google has removed from its search results, but links remain on social media and other sites, hence why all internet users need to know how to spot these dangerous sites.


How the Scam Works

In its latest research, Human Security's Satori team has found that cyber thieves are taking advantage of a method that leads internet users from legitimate online platforms to fake online shopping. The attackers inject a malicious program that creates fake product listings in genuine websites. This tactic pushes these fake listings up to the top rank of the search results; hence, users who click on such pages are attracted by what seems to be a good deal. When you click on such links, you are redirected to a phishing site by a malicious person who actually controls the site.

On such rogue sites, they will force you to pay using the actual service providers that have a history of legitimacy, therefore giving you more confidence. After you pay, you never receive the product and lose your cash. Maybe some consumers have effectively filed a credit card chargeback, but recovery is not always possible.


A Massive Phishing Campaign

According to the latest research, the cybercrooks have managed to compromise more than 1,000 websites to spread false business proposals. The thieves had established 121 fake online shops, where the amount of dollars in money lost by hundreds of thousands of gullible people was going into millions. According to Human Security, hundreds of thousands of people have been duped by these cheats.

Be Alert with These False Sites Signs

The victim will not get caught again if he can see the following signs:

- Deals That Seem Too Good to Be True: Something that you bought a little below its selling price is a red flag. Confirm if the website is legit before you go further.

- Inconsistent Website Names: Sometimes, the domain name, popup titles, and payment processing pages can have different names. Fake sites often have inconsistent names in these details.

- Order Process Quality: Be cautious when the ordering process appears suspicious or lacks most normal security measures, such as autofill with an address.

- Check Reviews: Look for reviews of the website from outside sources. Recognize that some reviews are completely false. Some review sites are much better about guaranteeing legitimacy.


This phishing scam, they have called "Phish 'n' Ships." This campaign effectively makes use of search engine optimization tricks to push these phony listings up as top results, giving them a spurious sense of legitimacy to unsuspecting users. In spite of these having been largely removed by Google, the criminals' strategies are changing day by day.


Continued Threat Against Browser Users

These attacks are highly likely to be affected in all major web browsers, but researchers warn that "Phish 'n' Ships" has not been suppressed, because it remains active.

Even though Google succeeded in taking down some of its parts partially, criminals will most likely change their attack in order to continue scamming further.

Meanwhile, Malwarebytes has detected another threat in Bing search results. Cybercrooks have misused the terms "Keybank login" and other similar ones to reroute innocent surfers fraudulently to phishing sites aimed at stealing banking credentials. Sometimes, even the top result of the search is a malicious link.


Security Tips for Ad Campaigns

Before launching online ads, organisations should make sure that the advertising associates they hire are well-equipped to handle malvertising. Key best practices for this include ad monitoring for threats, latent "cloaked" malicious scanning and processes in place in case of attacks.

By being vigilant and checking websites, users can avoid becoming a victim of these very sophisticated scams.



Facebook, Nvidia Push SCOTUS to Limit Investor Lawsuits

 




The US Supreme Court is set to take two landmark cases over Facebook and Nvidia that may rewrite the way investors sue the tech sector after scandals. Two firms urge the Court to narrow legal options available for investment groups, saying claims made were unrealistic.


Facebook's Cambridge Analytica Case

The current scandal is that of Cambridge Analytica, which allowed third-party vendors access to hundreds of millions of user information without adequate check or follow-up. Facebook reportedly paid over $5 billion to the FTC and SEC this year alone due to purportedly lying to the users as well as to the investors about how it uses data. Still, investor class-action lawsuits over the scandal remain, and Facebook is appealing to the Supreme Court in an effort to block such claims.

Facebook argues that the previous data risks disclosed were hypothetical and therefore should not have been portrayed as if they already had happened. The company also argues that forcing it to disclose all past data incidents may lead to "over disclosure," making the reports filled with data not helpful but rather confusing for investors. Facebook thinks disclosure rules should be flexible; if the SEC wants some specific incidents disclosed, it should create new regulations for that purpose.


Nvidia and the Cryptocurrency Boom

The second is that of Nvidia, the world's biggest graphics chip maker, which, allegedly, had played down how much of its 2017-2018 revenue was from cryptocurrency mining. When the crypto market collapsed, Nvidia was forced to cut its earnings forecast, which was an unexpected move for investors. Subsequently, the SEC charged Nvidia with $5.5 million for not disclosing how much of its revenue was tied to the erratic crypto market.

Investors argue that the statements from Nvidia were misleading due to the actual risks but point out that Nvidia responds by saying that such misrepresentation was not done out of malice. However, they argue that demand cannot be predicted in such an ever-changing market and so would lead to unintentional mistakes. According to them, the existing laws for securities lawsuits already impose very high standards to deter the "fishing expedition," where investors try to sue over financial losses without proper evidence. Nvidia's lawyers opine that relaxing these standards would invite more cases; henceforth the economy is harmed as a whole.


Possible Impact of Supreme Court on Investor Litigation


The Supreme Court will hear arguments for Facebook on November 6th, and the case for Nvidia is scheduled for Nov 13th. Judgments could forever alter the framework under which tech companies can be held accountable to the investor class. A judgement in favour of Facebook and Nvidia would make it tougher for shareholders to file a claim and collect damages after a firm has suffered a crisis. It could give tech companies respite but, at the same time, narrow legal options open to shareholders.

These cases come at a time when the trend of business-friendly rulings from the Supreme Court is lowering the regulatory authority of agencies such as the SEC. Legal experts believe that this new conservative majority on the court may be more open than ever to appeals limiting "nuisance" lawsuits, arguing that these cases threaten business stability and economic growth.

Dealing with such cases, the Court would decide whether the federal rules must permit private investors to enforce standards of corporate accountability or if such responsibility of accountability should rest primarily with the regulatory bodies like the SEC.


Webflow Sites Employed to Trick Users Into Sharing Login Details

 

Security experts have warned of an upsurge in phishing pages built with Webflow, a website builder tool, as attackers continue to use legitimate services such as Microsoft Sway and Cloudflare. 

The malicious campaign targets login credentials for multiple corporate webmail services, Microsoft 365 login credentials, and sensitive data from cryptocurrency wallets like Coinbase, MetaMask, Phantom, Trezor, and Bitbuy.

According to the researchers, between April and September 2024, the number of visitors to Webflow-created phishing pages jumped tenfold, and the attacks targeted over 120 organisations worldwide. The majority of the people targeted work in the banking, technology, and financial services industries in North America and Asia.

Attackers have utilised Webflow to create standalone phishing pages as well as to redirect unsuspecting users to additional phishing pages under their control. Because there are no phishing lines of code to write and identify, the former provides attackers with convenience and stealth, but the latter allows them to carry out more complex activities as required. 

Webflow is far more appealing than Cloudflare R2 or Microsoft Sway since it allows clients to create custom subdomains for free, as opposed to auto-generated random alphanumeric subdomains, which are likely to raise suspicion.

To increase the chances of success, phishing sites are designed to resemble the login pages of their legitimate counterparts. This method is used to deceive users into disclosing their credentials, which are subsequently at times exfiltrated to another server. 

Security experts have also discovered Webflow cryptocurrency phoney websites that use screenshots of genuine wallet homepages as their landing pages. When a visitor clicks anywhere on the fake website, they are taken to the real scam site. The final goal of a crypto-phishing campaign is to gain the victim's seed phrases, allowing the attackers to take over cryptocurrency wallets and pilfer funds. 

When users enter the recovery phrase in one of the assaults identified by the cybersecurity firm, they are presented with an error message saying that their account has been suspended due to "unauthorised activity and identification failure." Additionally, the message directs the user to start an online chat session on Tawk.to to contact their support personnel. 

It is worth noting that Avast's CryptoCore fraud operation exploited chat services such as LiveChat, Tawk.to, and Smartsupp. Instead of using search engines or clicking on other links, users should always enter the URL into their web browser to access important pages like their webmail or banking portal.

The Evolution of Phishing Emails: From Simple Scams to Sophisticated Cyber Threats

 

Phishing emails have undergone significant changes over the past few decades. Once simple and easy to detect, these scams have now evolved into a sophisticated cyber threat, targeting even the most tech-savvy individuals and organizations. Understanding the development of phishing attacks is key to protecting yourself from these ever-evolving cyber dangers.

In the late 1990s and early 2000s, phishing emails were quite basic and easily identifiable. One of the most well-known scams was the "Nigerian Prince" email. These messages claimed to be from foreign royalty or officials, offering large sums of money in return for a small processing fee. The common signs included poor language, unrealistic promises, and large financial rewards—elements that eventually made these scams easy for users to recognize and dismiss.

As people became aware of these early scams, phishing attacks shifted focus, aiming to steal sensitive financial information. By the mid-2000s, attackers began impersonating banks and financial institutions in their emails. These messages often used fear-inducing language, such as warnings of account breaches, to pressure recipients into handing over personal details like login credentials and credit card information. During this time, phishing attempts were still marked by clear warning signs: poorly written emails, generic greetings, and inaccurate logos. However, as technology advanced, so did the attackers' ability to produce more convincing content.

The evolution of phishing took a major step forward with the introduction of spear phishing. Unlike traditional phishing, which targets a broad audience, spear phishing focuses on specific individuals or companies. Attackers gather personal information through social media and public records to craft emails that appear highly legitimate, often addressing the victim by name and referencing workplace details. This tailored approach makes the scam more believable and increases the chances of success.

Phishing emails today have become highly sophisticated, utilizing advanced techniques such as email spoofing to mimic trusted sources. Attackers frequently impersonate colleagues, supervisors, or official entities, making it difficult for users to tell the difference between genuine and malicious messages. Modern phishing schemes often rely on psychological tactics, using fear or urgency to pressure recipients into clicking harmful links or downloading malware. This evolution reflects the growing complexity of cybercriminal activities, demanding greater awareness and stronger cybersecurity defenses.

In summary, phishing emails have evolved from basic scams to intricate, personalized attacks that are harder to detect. Being informed about these tactics and staying vigilant is critical in the digital age. If you're ever in doubt about an email’s legitimacy, contact your Information Security Team for verification.

Lounge Scam at Bengaluru Airport Costs Woman ₹ 87,000

 


Bhargavi Mani, 28, had her life turned upside down when she fell victim to a sophisticated scam that took place at Kempegowda International Airport in Bengaluru. While trying to gain access to the airport lounge before her flight, Bhargavi lost over Rs 87,000 and had to resort to legal action. 

In the wake of the incident that happened on September 29, Mani took to social media to share her experience, without giving details, calling attention to the dangers of fraud in public spaces, and warning others about the risks that can result. According to an article by the New York Times, Mani recounted her experience in a viral video in which she recounts how, before entering the airport lounge, she lost her credit card, which she could not find. 

She tried to gain access to the lounge by showing a photocopy of her credit card, but the staff would not let her in and instead, instructed her to download a mobile app called "Lounge Pass" and complete a facial scan to gain access.  It turns out that even though the woman downloaded the app, she has never used it. Instead, she chooses to go and get a cup of coffee at Starbucks before she takes off for her flight, she explained. She began to receive phone calls from friends notifying her they couldn't reach her by phone a few days after returning from the trip. This was initially attributed to ongoing problems she was experiencing with her Airtel service, which were going on for months now, and which she thought would go away soon. 

When a dear friend suggested that a man had been answering her calls, alarm bells went off in her head, and she dismissed it at the time because there was a personal matter preventing her from taking action. It was only after receiving a credit card statement that she received the real shock and learned that over Rs 87,000 had been transferred to a PhonePay account, which it was discovered were unauthorized transactions. According to her, the scammers may have gained access to her phone through the app she downloaded, allowing them to forward calls and possibly intercept one-time passwords (OTPs) to complete the fraudulent transactions through her phone. 

Ms Mani clarified in a new video posted today that there was never a point where she blamed Bengaluru International Airport or its authorities for anything that had happened. Furthermore, she also stated that the airport authorities have reached out to her and are actively helping her to be as prepared as possible for the situation. Her bank and credit card company have been notified of the incident, and she has since reported it to the cybercrime department of the police department. 

The feeling of security is particularly prevalent at places such as airports, where people are used to feeling safe. She has since notified the cybercrime department and blocked her HDFC credit card in addition to notifying her bank and informing them of her plight. Hopefully, travellers will take this story to act as a cautionary tale and be vigilant about downloading apps or revealing personal information to third parties without verifying the validity of the app. 

Mani took immediate action in reporting the fraud to the cybercrime department, alerting her bank, and blocking her credit card to prevent further losses. There is a lesson to be learned from her experiences: be cautious when sharing personal information and using unfamiliar apps, and use them with caution. She shared several important safety tips with the audience, including advice about avoiding downloading applications from unverified sources and being aware of unusual verification requests such as facial scanning. Earlier this month, a businessman in Chennai narrowly avoided losing nearly ₹2 crore in a sophisticated email scam. 

The fraudsters, posing as the businessman’s supplier, sent a meticulously crafted fake email that was a continuation of an ongoing business conversation. The email was convincing, even including a fraudulent invoice, which led the businessman to transfer ₹2 crore to a fraudulent account. The deception was so well executed that the businessman only realized he had fallen victim to a scam after contacting his actual supplier the following day. Upon discovering the fraud, he immediately reported the incident to the National Cyber Crime Reporting Portal. 

The cybercrime team handled the case with urgency, whose swift and coordinated response resulted in the recovery of the stolen funds. This incident underscores the growing threat of sophisticated cybercrime tactics, where scammers exploit seemingly legitimate communication channels to defraud unsuspecting victims. The businessman’s timely reporting and the cybercrime team’s prompt action were crucial in mitigating the financial damage in this case. It serves as a reminder to all businesses to remain vigilant and verify the authenticity of financial transactions, especially when dealing with large sums of money. 

These incidents highlight the increasing sophistication of cybercriminals, who are now targeting individuals and businesses alike through various means, including phishing emails, fraudulent apps, and unauthorized transactions. As seen in both the Bengaluru airport lounge scam and the Chennai businessman’s case, even trusted environments such as airports or established business relationships can be exploited by fraudsters.

Individuals must remain vigilant, exercise caution when downloading unfamiliar apps or sharing personal information, and regularly monitor financial statements for any unusual activity. In addition, businesses must ensure that internal communication channels are secure, and take immediate action when irregularities are detected. Both cases serve as stark reminders of the growing complexity of cybercrime, urging greater awareness and swift action to prevent significant financial losses. 

With the support of cybercrime departments, victims like Ms. Bhargavi Mani and the Chennai businessman have been able to mitigate the damage, but these incidents underscore the importance of proactive security measures to safeguard against the ever-evolving landscape of cyber threats.

Qantas Employee Data Misuse: Over 800 Bookings Affected by Rogue Staff

 

Qantas recently experienced a security breach involving employees of India SATS, its ground handler in India. These employees exploited their access to alter customer bookings and divert frequent flyer points into their own accounts. The fraud, which occurred in July and August 2024, impacted over 800 bookings and potentially exposed sensitive data, including passport information. 

However, Qantas has emphasized that there is no evidence that the passport data has been misused. This breach was not a result of a cyberattack but rather an instance of insider fraud. Employees of India SATS, using a partner airline’s system, changed frequent flyer details, funneling the earned points into an account they controlled. Following the breach, Qantas promptly suspended the contractors involved, restored customers’ points, and fixed the altered bookings. Qantas reassured its customers that it has implemented new restrictions on accessing bookings to prevent a similar incident in the future. It also clarified that this was not a technical hack, but rather a case of “rogue employees” abusing their position. 

A spokesperson for Qantas further stated that they are unaware of any current bookings being affected by this incident and that an ongoing police investigation is in place. The breach has raised concerns about other airlines in the Oneworld Alliance potentially being affected. However, Qantas has not confirmed any involvement of other airlines in the scandal. Despite the breach, the airline continues to assert that this was an isolated incident tied to two contractors abusing their access. This breach follows another Qantas security issue earlier in 2024, when a technical error in the MyQantas app gave customers access to other users’ accounts. 

While there was no cyberattack involved, the error allowed some customers to view booking information, frequent flyer points, and boarding passes of other users. Qantas promptly fixed the issue and reassured its customers that no financial information was compromised. In both cases, Qantas has emphasized the importance of security and quickly worked to remedy the problems. 

As cybersecurity threats continue to evolve, the airline is working to strengthen its internal systems and access controls, protecting customer data from potential breaches, whether caused by technical errors or human misconduct.

Mamba 2FA Emerges as a New Threat in Phishing Landscape

 

In the ever-changing landscape of phishing attacks, a new threat has emerged: Mamba 2FA. Discovered in late May 2024 by the Threat Detection & Research (TDR) team at Sekoia, this adversary-in-the-middle (AiTM) phishing kit specifically targets multi-factor authentication (MFA) systems. Mamba 2FA has rapidly gained popularity in the phishing-as-a-service (PhaaS) market, facilitating attackers in circumventing non-phishing-resistant MFA methods such as one-time passwords and app notifications.

Initially detected during a phishing campaign that imitated Microsoft 365 login pages, Mamba 2FA functions by relaying MFA credentials through phishing sites, utilizing the Socket.IO JavaScript library to communicate with a backend server. According to Sekoia's report, “At first, these characteristics appeared similar to the Tycoon 2FA phishing-as-a-service platform, but a closer examination revealed that the campaign utilized a previously unknown AiTM phishing kit tracked by Sekoia as Mamba 2FA.” 

The infrastructure of Mamba 2FA has been observed targeting Entra ID, third-party single sign-on providers, and consumer Microsoft accounts, with stolen credentials transmitted directly to attackers via Telegram for near-instant access to compromised accounts.

A notable feature of Mamba 2FA is its capacity to adapt to its targets dynamically. For instance, in cases involving enterprise accounts, the phishing page can mirror an organization’s specific branding, including logos and background images, enhancing the believability of the attack. The report noted, “For enterprise accounts, it dynamically reflects the organization’s custom login page branding.”

Mamba 2FA goes beyond simple MFA interception, handling various MFA methods and updating the phishing page based on user interactions. This flexibility makes it an appealing tool for cybercriminals aiming to exploit even the most advanced MFA implementations.

Available on Telegram for $250 per month, Mamba 2FA is accessible to a broad range of attackers. Users can generate phishing links and HTML attachments on demand, with the infrastructure shared among multiple users. Since its active promotion began in March 2024, the kit's ongoing development highlights a persistent threat in the cybersecurity landscape.

Research from Sekoia underscores the kit’s rapid evolution: “The phishing kit and its associated infrastructure have undergone several significant updates.” With its relay servers hosted on commercial proxy services, Mamba 2FA effectively conceals its true infrastructure, thereby minimizing the likelihood of detection.

DoT Introduces New System to Block Spoofed Calls

 


There has been an increase in fraudulent telephone calls disguised as local numbers in recent years which has alarmed Indian citizens. Messages sent by cybercriminals operating internationally originate from Calling Line Identity (CLI) systems that allow them to mask their true origins by masking their callers' actual localizations. Some victims have reported threats of being disconnected from their mobile phone service, being falsely arrested, being impersonated as government officials, and being falsely accused of marijuana and sex fraud. 

To deal with this escalating threat, the Department of Telecommunications (DoT) is taking significant steps to ensure citizens' safety while enhancing the security of the telecommunication ecosystem as a whole. As a result of the unfortunate development of a fraudulent call in Agra, the Department of Telecommunications (DoT) has decided to deactivate the WhatsApp account which was linked to the scam call in Agra, but it couldn't be deactivated until Friday. 

Governing bodies are urging citizens to report any suspicious messages or calls via the Chakshu portal at http://sancharsaathi.gov.in/chakshu so that the DoT can investigate. DoT has introduced a new system for the detection and blocking of international or spoofed calls before they enter Indian territory in response to the increased threat of scams of this nature. This system has been developed in collaboration with Telecom Service Providers (TSPs) to prevent such scams from reaching Indian users. This system will be implemented at both a local level and at a central level. 

The first stage will be on the local level where calls will be blocked with numbers won from subscribers belonging to TSPs, and a second stage will be implemented at a central level where spoofed calls will be blocked with numbers won from other TSPs. It wants to put a stop to the rising number of fraudulent calls, which are being disguised as coming from Indian mobile numbers, according to a statement released by the Department of Telecommunications on Friday. 

A large number of these calls are being manipulated by cybercriminals operating from distant locations.  It was stated in the statement that criminals were utilizing Calling Line Identity (CLI) to mask the actual origin of the phone calls. This has led to a spate of incidents where mobile numbers were threatened to be disconnected, false digital arrests were made, and even law enforcement officials were impersonated. 

There has been an increase in the number of false accusations related to drugs, narcotics, and sex rackets in recent years, further intensifying public concerns about these activities. The Indian Department of Telecom (DoT) recently announced that it had implemented the system successfully in all four TSPs and that about one-third of the total spoofed calls at 4.5 million spoofed calls have been intercepted before they can enter the Internet. 

The next phase of this project, which involves a centralized system to eliminate all spoofed calls throughout all TSPs, is expected to be completed within a short timeframe. Moreover, the Department of Transport has established the Sanchar Saathi portal, which acts as a citizen-centric platform by allowing citizens to report suspected fraudulent messages and communications, report stolen or lost devices, verify whether a mobile device is genuine before buying it, and report incoming international calls made from Indian numbers to the DoT. 

Aside from that, the Department of Transportation launched a Digital Intelligence Platform (DIP), which is a secure online platform that will allow stakeholders such as banks and telecom companies to exchange real-time information with one another to prevent the misuse of telecommunications services.  According to the DoT, the department also announced that 1.77 million mobile connections were disconnected as a result of fake documentation. 

Additionally, cybercriminals have been punished for their crimes with targeted actions, including the blocking of 33.48 lakh connections and 49,930 handsets that they used.  As part of this program, 12.02 lakh out of the 21.03 lakh reported lost and stolen smartphones were traced and 2.29 lakh devices linked to cybercrime activities were blocked.  As a citizen, the Sanchar Saathi platform offers a tool for citizens to report suspected incidents of fraud through the Chakshu feature, which can help deter identity theft, exploitation, and other forms of cybercrime. 

There are various ways to report scams, including providing screenshots, describing the type of scams, providing details on the medium using which they were communicated, including the time and date when the suspicious contact occurred, etc. To make sure that the submission process is as secure as possible, OTP-based verification is included in the process. This is why DoT has issued an advisory urging citizens to report suspicious calls and messages through the 'Chakshu' facility on the Sanchar Saathi (https://sancharsaathi.gov.in/) platform to play a more active role in combating this issue. 

The user can also provide additional information about suspected fraudulent communications, including screenshots, the medium of receipt, and a description of the intended type of fraud, in addition to the screenshots. Authentication of the identity will be carried out through the use of a one-time password (OTP). Citizens must safeguard themselves from cyber fraud by taking proactive measures such as the Chakshu facility. As a result, it can be used by fraud investigators as a tool to help detect scams earlier and prevent significant losses from occurring.

The Department of Transportation is undertaking a broad range of initiatives. The Department of Telecommunications (DoT) has implemented several initiatives aimed at addressing the misuse of telecom resources, with a focus on combating cybercrime and financial fraud. One of the key measures introduced is the Digital Intelligence Unit (DIU). This initiative is designed to strengthen the monitoring of telecom activities and intervene effectively to prevent cybercrime and fraudulent activities. 

The DIU works to improve oversight by utilizing advanced systems that enhance the detection of suspicious activities across the telecom network. Another significant platform launched by the DoT is the Sanchar Saathi Portal. This citizen-focused portal empowers users to actively report cases of telecom fraud, track all mobile connections registered under their name, and block devices that have been lost or stolen. 

Additionally, the portal allows users to verify the authenticity of mobile handsets, ensuring they are not using counterfeit or compromised devices. The DoT has also introduced the Digital Intelligence Platform (DIP), which serves as a secure online interface for various stakeholders, including Telecom Service Providers (TSPs), banks, and law enforcement agencies. This platform facilitates the sharing of critical information related to the misuse of telecom resources. 

Through DIP, real-time updates on disconnected mobile connections are made available, allowing for swift action to be taken in fraud prevention and mitigation. Moreover, the DoT has deployed AI-based tools to enhance the detection of mobile connections obtained through fraudulent documentation. These tools identify connections linked to illegal or fake credentials, as well as the associated devices used in fraudulent activities. Once detected, these connections and devices are systematically removed from the telecom ecosystem, thereby enhancing the integrity and security of the network.

Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

 

A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment scam known as "pig butchering," where fraudsters lure victims into investments by posing as romantic partners or financial advisors.

Victims are manipulated into losing funds, with scammers often requesting additional fees before disappearing with the money.

Group-IB, based in Singapore, noted that the campaign targets victims globally, with reports from regions like Asia-Pacific, Europe, the Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, are labeled under "UniShadowTrade" and have been active since mid-2023, offering promises of quick financial gains.

One app, SBI-INT, even bypassed Apple’s App Store review process, giving it an illusion of legitimacy. The app disguised itself as a tool for algebraic formulas and 3D graphics calculations but was eventually removed from the marketplace.

The app used a technique that checked if the date was before July 22, 2024, and, if so, displayed a fake screen with mathematical formulas. After being taken down, scammers began distributing it via phishing websites for Android and iOS users.

For iOS, downloading the app involved installing a .plist file, requiring users to trust an Enterprise developer profile manually. Once done, the fraudulent app became operational, asking users for their phone number, password, and an invitation code.

After registration, victims went through a six-step process involving identity verification, providing personal details, and agreeing to terms for investments. Scammers then instructed them on which financial instruments to invest in, falsely promising high returns.

When victims tried to withdraw their funds, they were asked to pay additional fees to retrieve their investments, but the funds were instead stolen.

The malware also included a configuration with details about the URL hosting the login page, hidden within the app to avoid detection. One of these URLs was hosted by a legitimate service, TermsFeed, used for generating privacy policies and cookie consent banners.

Group-IB discovered another fake app on the Google Play Store called FINANS INSIGHTS, which had fewer than 5,000 downloads. A second app, FINANS TRADER6, was also linked to the same developer. Both apps targeted countries like Japan, South Korea, Cambodia, Thailand, and Cyprus.

Users are advised to be cautious with links, avoid messages from unknown sources, verify investment platforms, and review apps and their ratings before downloading.

UK Scammer Made Millions by Breaching Into Execs’ Office365 Inboxes

 

A man has been charged by federal authorities for allegedly engaging in a "hack-to-trade" scam that allowed him to profit millions of dollars by breaching the Office365 accounts of executives at publicly traded firms and accessing their quarterly financial reports ahead of time. 

Robert B. Westbrook, a citizen of the United Kingdom, is accused of making approximately $3.75 million in 2019 and 2020 from stock trades that profited from the illegally obtained information, according to the lawsuit filed by the US Attorney's office for the district of New Jersey. 

Prosecutors claimed that after gaining access to it, he made stock trades. He was able to take action and profit from the information before the wider public did thanks to the prior notice. The US Securities and Exchange Commission filed a separate civil claim against Westbrook, seeking an order to pay civil fines and refund all illicit gains. 

“The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud,” Jorge G. Tenreiro, acting chief of the SEC’s Crypto Assets and Cyber Unit, noted in a statement. “As this case demonstrates, even though Westbrook took multiple steps to conceal his identity—including using anonymous email accounts, VPN services, and utilizing bitcoin—the Commission’s advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking.” 

According to a federal indictment issued in the US District Court for the District of New Jersey, Westbrook hacked the email accounts of executives from five publicly traded US firms. He carried out the intrusions by misusing Microsoft's password reset feature for Office365 accounts. Westbrook allegedly went on to establish forwarding rules in certain cases, that led all incoming emails to be automatically forwarded to an email address under his control. 

Once an individual secures unauthorized access to an email account, it’s possible to hide the breach by disabling or deleting password reset alerts and burying password reset rules deep inside account settings. 

Prosecutors charged Westbrook with one count each of securities and wire fraud, as well as five counts of computer fraud. The securities fraud count has a maximum punishment of up to 20 years in prison and $5 million in fines. 

The maximum penalty for wire fraud is up to 20 years in jail and a fine of either $250,000 or double the gain or loss from the offence, whichever is greater. Each computer fraud count is punishable by up to five years in prison and a maximum penalty of $250,000 or twice the offense's gain or loss, whichever is greater.

BMJ Warns: Deepfake Doctors Fueling Health Scams on Social Media

 

Deepfake videos featuring some of Britain's most well-known television doctors are circulating on social media to sell fraudulent products,  as per report by the British Medical Journal (BMJ).

Doctors like Hilary Jones, Rangan Chatterjee, and the late Michael Mosley are being used in these manipulated videos to endorse remedies for various health conditions, as reported by journalist Chris Stokel-Walker.

The videos promote supposed solutions to issues such as high blood pressure and diabetes, often advertising supplements like CBD gummies. "Deepfaking" refers to the use of AI to create a digital likeness of a real person, overlaying their face onto another body, leading to realistic but false videos.

John Cormack, a retired Essex-based doctor, has been working with the BMJ to assess the scope of these fraudulent deepfake videos online. He found that the videos are particularly prevalent on platforms like Facebook. “It's far more cost-effective to invest in video creation than in legitimate research and development,” Cormack said.

Hilary Jones, a general practitioner and TV personality, voiced his concerns over the growing issue of his identity being deepfaked. He employs a specialist to locate and remove these videos, but the problem persists. “Even when we take them down, they reappear almost immediately under different names,” he remarked.

While many deepfakes may appear convincing at first, there are several ways to identify them:
  • Pay attention to small details: AI often struggles with rendering eyes, mouths, hands, and teeth accurately. Misaligned movements or blinking irregularities can be a sign.
  • Look for inconsistencies: Glasses with unnatural glare or facial hair that appears artificial are common red flags, according to experts at MIT.
  • Consider the overall appearance: Poor lighting, awkward posture, or blurred edges are common indicators of deepfake content, according to Norton Antivirus.
  • Verify the source: If the video is from a public figure, ensure it has been posted by a credible source or an official account.
The increase in deepfakes has sparked wider concerns, particularly regarding their use in creating revenge porn and manipulating political elections.

A spokesperson for Meta, the social media giant behind Facebook and Instagram, shared: “We will be investigating the examples highlighted by the British Medical Journal.

"We don’t permit content that intentionally deceives or seeks to defraud others, and we’re constantly working to improve detection and enforcement.

"We encourage anyone who sees content that might violate our policies to report it so we can investigate and take action.”

Top Travel Scams to Watch Out For: Protect Your Vacation from Common Fraud Schemes

 

Travel scams can turn a well-deserved vacation into a stressful ordeal, with numerous ways for scammers to exploit unsuspecting tourists. These scams have been around for years, but advancements in technology have made them more prevalent and sophisticated. According to Julian Moro of International SOS, technological advancements have made travelers easier targets throughout their journeys, with cyber scams particularly on the rise.

Booking.com reported a significant increase in travel scams, driven by artificial intelligence, with occurrences rising by 500-900% over the past 18 months. Cybercriminals now use AI to quickly and inexpensively create undetectable scams, as noted by Ally Armeson from the Cybercrime Support Network.

The likelihood of encountering a scam can vary based on your destination. Common scams include fake travel document websites, where fraudulent sites pretend to offer services like passport renewals or TSA PreCheck enrollments, ultimately stealing money and personal information.

Another prevalent scam is taxi overcharging, where drivers claim their meters are broken and set exorbitant flat rates. Fake Wi-Fi networks at airports or hotels are also used by hackers to access personal data. Additionally, car rental scams can involve phony customer service numbers or fraudulent damage claims upon returning the vehicle.

Scammers may also impersonate family members in distress to solicit emergency funds or claim popular tourist spots are closed to lead you to expensive alternatives. Other tricks include setting up fake ATMs or booking websites that steal sensitive information or money.

To avoid these traps, experts suggest using legitimate, verified sources for bookings and payments, being cautious of unsecured Wi-Fi networks, and staying alert to unusual behaviors or requests when traveling. If you suspect you've been scammed, cease communication with the scammers, report the incident, and monitor your financial accounts closely to minimize potential damage.

The Threat of Bots and Fake Users to Internet Integrity and Business Security

 

 
The bots account for 47% of all internet traffic, with "bad bots" making up 30% of that total, as per a recent report by Imperva .These significant numbers threaten the very foundation of the open web.Even when a user is genuinely human, it's likely that their account is a fake identity, making "fake users" almost as common online as real ones.

In Israel, folks are well-acquainted with the existential risks posed by bot campaigns. Following October 7, widespread misinformation campaigns orchestrated by bots and fake accounts swayed public opinion and policymakers.

The New York Times, monitoring online activity during the war, discovered that “in a single day after the conflict began, roughly 1 in 4 accounts on Facebook, Instagram, TikTok, and X, formerly Twitter, discussing the conflict appeared to be fake... In the 24 hours following the Al-Ahli Arab hospital blast, more than 1 in 3 accounts posting about it on X were fake.” With 82 countries holding elections in 2024, the threat posed by bots and fake users is reaching critical levels. Just last week, OpenAI had to disable an account belonging to an Iranian group using its ChatGPT bot to create content aimed at influencing the US elections.

The influence of bots on elections and their broader impact is alarming. As Rwanda geared up for its July elections, Clemson University researchers identified 460 accounts spreading AI-generated messages on X in support of President Paul Kagame. Additionally, in the last six months, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) detected influence campaigns targeting Georgian protesters and spreading falsehoods about the death of an Egyptian economist, all driven by inauthentic accounts on X.

Bots and fake users pose severe risks to national security, but online businesses are also significantly affected.Consider a scenario where 30-40% of all digital traffic for a business is generated by bots or fake users. This situation results in skewed data that leads to flawed decision-making, misinterpretation of customer behaviors, misdirected efforts by sales teams, and developers focusing on products that are falsely perceived as in demand. The consequences are staggering. A study by CHEQ.ai, a Key1 portfolio company and go-to-market security platform, found that in 2022 alone, over $35 billion was wasted on advertising, and more than $140 billion in potential revenue was lost.

Ultimately, fake users and bots undermine the very foundations of modern business, creating distrust in data, results, and even among teams.

The introduction of Generative AI has further complicated the issue by making it easier to create bots and fake identities, lowering the barriers for attacks, increasing their sophistication, and expanding their reach. The scope of this problem is immense. 

Education is a crucial element in fighting the online epidemic of fake accounts. By raising awareness of the tactics used by bots and fake users, society can be empowered to recognize and reduce their impact. Identifying inauthentic users—such as those with incomplete profiles, generic information, repetitive phrases, unusually high activity levels, shallow content, and limited engagement—is a critical first step. However, as bots become more sophisticated, this challenge will only grow, highlighting the need for continuous education and vigilance.

Moreover, public policies and regulations must be implemented to restore trust in digital spaces. For instance, governments could mandate that large social networks adopt advanced bot-mitigation tools to better police fake accounts.

Finding the right balance between preserving the freedom of these platforms, ensuring the integrity of posted information, and mitigating potential harm is challenging but necessary for the longevity of these networks.

On the business side, various tools have been developed to tackle and block invalid traffic. These range from basic bot mitigation solutions that prevent Distributed Denial of Service (DDoS) attacks to specialized software that protects APIs from bot-driven data theft attempts.

Advanced bot-mitigation solutions use sophisticated algorithms that conduct real-time tests to verify traffic integrity. These tests assess account behavior, interaction levels, hardware characteristics, and the use of automation tools. They also detect non-human behavior, such as abnormally fast typing, and review email and domain histories.

While AI has contributed to the bot problem, it also offers powerful solutions to combat it. AI’s advanced pattern recognition capabilities allow for more precise and rapid differentiation between legitimate and fake bots. Companies like CHEQ.ai are leveraging AI to help marketers ensure their ads reach real human users and are placed in secure, bot-free environments, countering the growing threat of bots in digital advertising.

From national security to business integrity, the consequences of the “fake internet” are vast and serious. However, there are several effective methods to address the problem that deserve renewed focus from both the public and private sectors. By raising awareness, enhancing regulation, and instituting active protection, we can collectively contribute to a more accurate and safer internet environment.

Scammers Exploit Messaging Apps and Social Media in Singapore


 


Singapore is experiencing the dread of scams and cybercrimes in abundance as we speak, with fraudsters relying more on messaging and social media platforms to target unsuspecting victims. As per the recent figures from the Singapore Police Force (SPF), platforms like Facebook, Instagram, WhatsApp, and Telegram have become common avenues for scammers, with 45% of cases involving these platforms. 

There was a marked increase in the prevalence of scams and cybercrime during the first half of 2024, accounting for 28,751 cases from January to June, compared to 24,367 in 2023. Scams, in particular, made up 92.5% of these incidents, reflecting a 16.3% year-on-year uptick. Financial losses linked to these scams totaled SG$385.6 million (USD 294.65 million), marking a substantial increase of 24.6% from the previous year. On average, each victim lost SG$14,503, a 7.1% increase from last year.

Scammers largely employed social engineering techniques, manipulating victims into transferring money themselves, which accounted for 86% of reported cases. Messaging apps were a key tool for these fraudsters, with 8,336 cases involving these platforms, up from 6,555 cases the previous year. WhatsApp emerged as the most frequently used platform, featuring in more than half of these incidents. Telegram as well was a go-to resort, with a 137.5% increase in cases, making it the platform involved in 45% of messaging-related scams.

Social media platforms were also widely used, with 7,737 scam cases reported. Facebook was the most commonly exploited platform, accounting for 64.4% of these cases, followed by Instagram at 18.6%. E-commerce scams were particularly prevalent on Facebook, with 50.9% of victims targeted through this platform.

Although individuals under 50 years old represented 74.2% of scam victims, those aged 65 and older faced the highest average financial losses. Scams involving impersonation of government officials were the most costly, with an average loss of SG$116,534 per case. Investment scams followed, with average losses of SG$40,080. These scams typically involved prolonged social engineering tactics, where fraudsters gradually gained the trust of their victims to carry out the fraud.

On a positive note, the number of malware-related scam cases saw a notable drop of 86.2% in the first half of 2024, with the total amount lost decreasing by 96.8% from SG$9.1 million in 2023 to SG$295,000 this year.

Despite the reduction in certain scam types, phishing scams and impersonation scams involving government officials continue to pose serious threats. Phishing scams alone accounted for SG$13.3 million in losses, making up 3.4% of total scam-related financial losses. The SPF reported 3,447 phishing cases, which involved fraudulent emails, text messages, and phone calls from scammers posing as officials from government agencies, financial institutions, and other businesses. Additionally, impersonation scams involving government employees increased by 58%, with 580 cases reported, leading to SG$67.5 million in losses, a 67.1% increase from the previous year.

As scammers continue to adapt and refine their methods, it remains crucial for the public to stay alert, especially when using messaging and social media platforms. Sound awareness and cautious behaviour is non negotiable in avoiding these scams.


Cybercriminals Place 85-Year-Old Woman Under 'Digital Arrest' in Hyderabad, Cheat Her of ₹5.9 Crore

 

Cybercriminals recently targeted an 85-year-old woman from the city, subjecting her to what can be described as a 'digital arrest' and extorting a staggering ₹5.9 crore from her. This elaborate scam involved convincing the elderly woman that her Aadhaar details were allegedly linked to serious money laundering cases involving Bollywood actress Shilpa Shetty and Jet Airways founder Naresh Goyal. 

The fraudsters, posing as officials from the Mumbai Cybercrime Wing, manipulated the woman into believing that her bank accounts and fixed deposits were under investigation and needed immediate verification by the Reserve Bank of India (RBI). Under this false pretext, they coerced her into transferring significant sums of money into specific accounts that they claimed were set up by the RBI for verification purposes.

When the woman attempted to contact her son for advice, the criminals threatened her, insisting that the matter was of utmost confidentiality. They warned that any attempt to inform her family would lead to severe consequences, including potential legal trouble for her son and the entire family. 

The incident came to light when her son, a software professional based in Bengaluru, visited her after about a week. He noticed her distress and learned of the fraudulent activities. Realizing his mother was in a state of psychological manipulation and fear, he immediately contacted the Telarigarra Cyber Security Bureau (TGCSB) to report the crime.

Fearful for her family's safety, the woman complied with their demands, transferring large sums into various accounts. It was only when her son arrived and intervened that the ongoing fraud was halted. He quickly reassured his mother, explaining that she had been deceived, and together, they reported the incident to the authorities. The police are now investigating the case, and efforts are underway to trace the criminals responsible for this heinous act.

Costa Rican Authorities Issue Warning as Social Media Identity Theft Cases Double

 

With the rapid evolution of technology, there has been a concerning rise in cybercrime, particularly in the realm of identity theft on social media platforms. The Cybercrime Unit of the Public Prosecutor's Office has observed a significant surge in such cases, prompting heightened attention to this growing threat.

Esteban Aguilar, the lead prosecutor of the Cybercrime Unit, shed light on the methods employed by cybercriminals to carry out identity theft. He explained that these crimes often target individuals, corporations, and even trademarks, using social networks, websites, or other digital platforms as their primary vehicles. Aguilar highlighted the severity of this issue, noting that identity theft has become the second most rapidly increasing form of cybercrime in the country, trailing only behind cyber fraud in its expansion.

The prosecutor emphasized the gravity of the situation by discussing the legal repercussions associated with identity theft. According to Aguilar, the Cybercrime Unit frequently receives reports of false profiles on social networks, which can lead to serious legal consequences, including imprisonment for up to three years. He stressed the importance of educating young people, who are the most active users of social media, on the legal and ethical responsibilities they must uphold online. Aguilar warned that any involvement in such illicit activities could result in severe penalties.

Statistical data from the Public Prosecutor's Office further underscore the growing concern. Since 2019, the number of identity theft cases has nearly doubled, rising from 449 reported incidents that year to 950 cases in 2023. This sharp increase reflects the escalating nature of cyber threats and the need for stronger measures to combat them.

The Costa Rican Penal Code specifically addresses the crime of identity theft, prescribing imprisonment ranging from one to three years for offenders. The law is clear: anyone who impersonates the identity of a natural person, legal entity, or trademark on any social network, website, or digital platform will face serious legal consequences.

The impact of identity theft has not been limited to individuals. Businesses, too, have been affected, with several high-profile companies falling victim to this crime. For instance, Pozuelo, a well-known cookie brand, has issued warnings to the public about fraudulent schemes where criminals have misappropriated the company's identity. Similarly, financial institutions, including banks, have alerted their customers to various scams designed to exploit their trust.

In a particularly alarming development, the country recently reported its first case of identity theft involving social networks. The case involves a man accused of accessing his ex-girlfriend's social media accounts and business profiles without her permission. According to the Prosecutor's Office, the accused had knowledge of her passwords and used them to infiltrate her personal and business accounts, raising serious concerns about privacy and the misuse of personal information.

This case serves as a stark reminder of the far-reaching consequences of cybercrime, particularly identity theft, and the urgent need for vigilance, both online and offline. As technology continues to advance, so too must the efforts to protect individuals and businesses from the growing threat of cybercriminals.

Fintechs Encouraged to Join National Cyber Fraud Reporting System


The Fintech Association of India (FACE) has urged its members to register on the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS). This platform, part of the broader National Cybercrime Reporting Portal, facilitates the reporting and management of financial cyber frauds. By joining, fintech companies can better handle customer complaints and collaborate with law enforcement to prevent fraud.

This initiative by FACE is noteworthy, especially as it seeks approval to become a self-regulatory organisation (SRO) for fintech lenders. The Reserve Bank of India (RBI) is expected to announce its decision soon, with FACE and the Digital Lenders’ Association of India both in the running to be recognised as an SRO. The establishment of an SRO will likely lead to more stringent industry oversight, promoting higher standards of operation and better consumer protection within the fintech sector.

The push for fintechs to join the CFCFRMS comes at a critical time. As digital transactions grow more common, the opportunities for cyber fraud have increased. The convergence of various financial entities— such as banks, non-banking financial companies, insurance providers, and payment services—has created more potential points of vulnerability. The CFCFRMS is designed to coordinate the efforts of all stakeholders, enabling action to block fraudulent transactions before they can be completed.

RBI’s New Platform to Combat Payment Frauds

In a parallel effort to bolster cybersecurity, the RBI is developing the Digital Payments Intelligence Platform (DPIP). This platform aims to use cutting-edge technology to detect and prevent payment fraud. A committee led by A P Hota, former CEO of the National Payments Corporation of India, is currently formulating recommendations for the DPIP, which is expected to upgrade the ability to share real-time data across the payment ecosystem. This initiative is especially important in addressing frauds where victims are tricked into making payments or divulging sensitive information.

Alarming Increase in Cyber Fraud Losses

The importance of these measures is empathised by recent statistics from the Ministry of Finance. Financial losses due to cyber fraud have more than doubled in the last fiscal year, rising to Rs 177.05 crore in FY24 from Rs 69.68 crore in FY23. This sharp increase underlines the growing threat posed by cybercriminals and the need for more robust security measures.

Public Awareness and Digital Payment Safety

While the rise in cyber fraud is concerning, a survey by the RBI offers some reassurance. According to the survey, 94.5% of digital payment users have not experienced fraud. However, the risk remains, especially in semi-urban areas, where fraud attempts are slightly more common than in metropolitan regions. The most prevalent form of fraud is vishing, or voice phishing, where criminals trick individuals into revealing sensitive information over the phone. Other common tactics include phishing emails, misuse of payment requests, and remote access scams.

As digital payments become increasingly integrated into everyday life, ensuring their safety is crucial. Initiatives like CFCFRMS and DPIP are essential in building a secure and trustworthy digital financial environment. By building up on fraud prevention measures, these platforms can help maintain public confidence and encourage wider adoption of digital payment systems.


Chemical Giant Orion Loses $60 Million in Email Scam

 

Luxembourg-based Orion S.A., a leading supplier of carbon black, has been defrauded of a staggering $60 million. The company alerted the US Securities and Exchange Commission (SEC) on August 10th through an official filing (Form 8-K).

The filing reveals that a non-executive employee became the target of a criminal operation. The document states: "On August 10, 2024, Orion S.A. determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulent wire transfers to accounts controlled by unknown individuals."

While Orion refrained from sharing specific details about the attack, the nature of the incident - multiple fraudulent wire transfers initiated by an employee - strongly suggests a BEC scam.

In a typical BEC scam, cybercriminals gain access to a legitimate email account belonging to a high-ranking official within a company or impersonate them through a spoofed email address. They then target employees with access to company finances, tricking them into authorizing unauthorized payments.

Common tactics employed by BEC scammers include:

  • Urgency and secrecy: Criminals may claim the company is in the process of acquiring a competitor and needs to expedite the transaction confidentially to avoid media attention or alerting rivals.
  • Impersonation: Scammers may use stolen email credentials or create lookalike email addresses to convincingly impersonate executives.
  • Phone calls: In some cases, the attackers may even follow up with phone calls to pressure the targeted employee into acting swiftly.

The effectiveness of BEC scams lies in their ability to exploit gaps in communication within large organizations. Many employees may not have personal interactions with senior management, making them more susceptible to falling for impersonations and deceptive tactics.

Reports indicate that BEC attacks are a major form of cybercrime, causing significant financial losses, and rivaling the damage inflicted by ransomware attacks.