Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Fraud. Show all posts
Malicious Campaign
Cyber Fraud Fake Hiring GitHub Infostealer Malicious Campaign

Developers Face a Challenge with Fake Hiring That Steals Private Data

 

Cyble threat intelligence researchers discovered a GitHub repository posing as a hiring coding challenge, tricking developers into downloading a backdoor that steals private data. The campaign employs a variety of novel approaches, including leveraging a social media profile for command and control (C&C) activities rather than C&C servers. Cyble Research and Intelligence Labs (CRIL) researchers discovered invoice-themed lures, suggesting that the campaign may be moving beyond a fake hiring challenge for developers. 

According to a blog post by Cyble researchers, 
the campaign appears to target Polish-speaking developers, and the malware exploits geofencing to restrict execution. The researchers believed that the campaign is disseminated through career sites such as LinkedIn or regional development forums. 

The fake recruitment test, dubbed "FizzBuzz," dupes users into downloading an ISO file containing a JavaScript exercise and a malicious LNK shortcut. When executed, the LNK file ("README.lnk") invokes a PowerShell script that installs a stealthy backdoor known as "FogDoor" by the researchers. 

Instead of employing C&C servers, FogDoor communicates with a social media platform using a Dead Drop Resolver (DDR) mechanism to retrieve attack directives from a profile, according to the researchers. The malware employs geofencing to limit execution to Polish victims. 

When it becomes operational, "it systematically steals browser cookies, Wi-Fi credentials, and system data, staging them for exfiltration before deleting traces," Cyble told reporters. The malware employs remote debugging to collect Chrome cookies and can work in the background, while Firefox credentials are obtained from profile directories. 

PowerShell script establishes persistence 

The PowerShell script also opens a "README.txt" file "to trick consumers into believing they are interacting with a harmless file," Cyble stated. This paper includes instructions for a code bug patch task, "making it appear innocuous while ensuring the PowerShell script executes only once on the victim's machine to carry out malicious activities." 

The PowerShell script also downloads an executable file and saves it as "SkyWatchWeather.exe" in the "C:\Users\Public\Downloads" folder. It then creates a scheduled task called "Weather Widget," which executes the downloaded file using mshta.exe and VBScript and is set to run every two minutes indefinitely. 

SkyWatchWeather.exe serves as a backdoor by utilising a social networking platform (bark.lgbt) and a temporary webhook service (webhookbin.net) as its command and control infrastructure. After authenticating its location, the malware attempts to connect to "bark.lgbt/api" in order to get further orders embedded in a social media platform's profile information. Cyble added that this setup complicates identification and removal operations.
Read more »
User Security
Cyber Fraud Frankenstein fraud Identity Theft Online Safety Synthetic Identity Fraud User Security

Frankenstein Scam: Here's How to Safeguard Yourself Against Synthetic Identity Fraud

 

Identity theft is not always as straightforward as acquiring one person's information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or "Frankenstein fraud," involves combining someone's Social Security number with information from other people to establish a new, fake identity.

To safeguard yourself from this and other types of identity theft, look into the finest identity theft protection services. Criminals frequently target the most vulnerable people, including children, the homeless, and the elderly. The offender can then use his new name to borrow money. If a fraudster succeeds, the real owner of the SSN may be held liable.

Modus operandi

Synthetic identity fraud requires patience on the part of the criminal, especially if they use a child's Social Security number. The identity is created by combining a valid Social Security number with an unrelated name, address, date of birth, phone number, or other piece of identifying information to make a new "whole" identity. Criminals can buy Social Security numbers on the dark web, acquire them from data breaches, or defraud people using phishing attacks and other frauds. 

Synthetic identity theft thrives because of a basic vulnerability in the American financial and credit systems. When a criminal creates a synthetic identity to request for a loan, the lender often denies credit because there is no record of that identity in their system. The thieves anticipate this because youngsters and teenagers may have little credit or a limited history, and the elderly may have poor credit scores. 

When an identity applies for an account and is reported to a credit bureau, it is shared with other credit agencies. That conduct is sufficient to allow credit bureaus to identify the synthetic identity as a real person, even if there is minimal activity or evidence to corroborate its authenticity. Once the identity has been established, the fraudsters can begin borrowing credit from lenders.

Prevention tips

Synthetic identity fraud may seem frightening, but there are actions you can take to limit how thieves can utilise your identifying data. 

Freeze your credit report: No one can open new credit lines in your name since a credit freeze stops creditors from viewing your credit reports. Unless your credit is first unfrozen with each of the major credit agencies, this also applies to you. 

Although the procedure for freezing a child's credit is a little more complicated, freezing their credit is also one of the greatest ways to cut off the source of synthetic identity fraud, which mostly depends on obtaining the Social Security numbers of children and the elderly. In a similar vein, you may help stop someone from using your Social Security number without your knowledge by freezing it.

Check credit reports regularly: If you do not freeze your credit reports, make sure to check them on a regular basis for any questionable activity. Be especially aware of any other names, residences, or employers associated with your credit file. You can also join up for free credit monitoring, such as Capital One's CreditWise, which searches the dark web for your personally identifiable information. 

Additionally, you can utilise an identity theft protection service to automate reviewing your credit reports or to alert you if your information is compromised in a breach. AnnualCreditReport.com also offers a free weekly credit report.
Read more »
User Security
Bank Scam Cyber Fraud Data Leak Financial Scam Fraudulent Message User Security

Five Ways to Identify a Bank Fraud And Stay Safe

 

It is not unusual for your bank to try to contact you. However, some of those emails and phone calls are simply scammers taking advantage of your trust in your bank to scam you. In general, you should be extremely sceptical of any unexpected messages. 

Modus operandi

You receive a phone call claiming to be from your bank informing you of a problem with your account. This is typically used for security purposes, such as informing you when someone is unlawfully accessing your account or has stolen your identity. 

Their response is to ask you to transfer all funds to a safe account' while the problem is resolved. The problem is that no one is attempting to access your account, and you are sending money directly to the crooks. The funds are then moved swiftly to other accounts around the world. 

Additionally, bank transfer scams might be the most common telephone, or vishing, scam, but they are far from the only one. Others may attempt to gain remote control of your computer by claiming there is a problem with your internet connection or that you have a virus.

In reality, they use this time to install malware on your computer and steal your personal information. Another strategy is to claim you're eligible for a refund or compensation but have received too much. You will then be asked to return the difference. 

How to detect a scam  

Urgency:  Fraudulent mails can generate a sense of urgency or mislead you into acting quickly. They may warn you about account termination, blocking your ATM card, or missing out on a limited-time promotion. Be wary of messages that urge you to take immediate action. 

Sender information: Legitimate banks usually send messages from certain phone numbers or email addresses. Be wary of messages from unknown phones or addresses that use generic greetings such as "Dear Customer" instead of your name. 

Personal data: Real banks would never request critical information such as your password, CVV code, OTP (One Time Password), or entire account number over SMS or email. If a message prompts you to update or verify such information, do not answer and instead contact your bank immediately. 

Grammatical errors: Legitimate bank messages are usually well-written and formatted. Typos, grammatical errors, and unprofessional language can all be indicators of a fake message. 

Verify: If you are unsure regarding a message, always contact your bank immediately using their official contact information (phone number or website) to enquire about its legality.

Better safe than sorry

The Federal Trade Commission reports that last year, fraud cost consumers over $12.5 billion. You can take measures to make it difficult for a bad actor to leave with anything, even though it could be simple for them to contact you by email, text, or social media. It's wise to use caution when dealing with something as important as your finances.
Read more »
Smishing Scam
Cyber Fraud CyberCrime Cybersecurity CyberThreat Financial Instituion Smishing Scam

Smishing Scams and How to Strengthen Cybersecurity

 


There is a growing threat to individuals from spamming, a form of cyber attack derived from SMS phishing, which uses text messaging to deceive them into disclosing sensitive information or engaging with malicious links via text messaging. Though the name may sound unconventional, this type of cyberattack is quite dangerous. It is important to know how phishing acts similar to smishing, except that it takes place through SMS messaging and other messaging apps that rely on data for their communication. 

In a scamming attack, scammers use the identity of trusted entities to trick recipients into disclosing personal or financial information. The scammers often use SMS messages to trick users into visiting fraudulent websites or downloading malicious software. While SMS messaging is the most common method used to perpetrate such schemes, smishing can also occur on numerous messaging services. In today's society, we are increasingly dependent on mobile communication, making ourselves more susceptible to these types of attacks. This highlights the importance of maintaining heightened cybersecurity awareness and vigilance. 

The Federal Trade Commission (FTC) identified a scam in January that involved impersonating state road toll agencies in emails, thereby falsely informing recipients that they owed outstanding tolls. The deceptive messages often included a specific dollar amount allegedly owed to the user and provided a link that directed the user to a fraudulent website whose sole purpose was to obtain their bank account information or credit card information. This type of scam is not only aimed at extracting financial information from victims but poses an increased risk of identity theft, according to the Federal Trade Commission. 

The victims may unwittingly provide scammers with sensitive personal information, such as their driver's license number, which might be used fraudulently by scammers for their own benefit. As a result of the combination of SMS (short message service) with phishing, smishing refers to a type of social engineering attack that relies on human trust rather than technical vulnerability to perpetrate a crime. There are several similarities between phishing and smishing, the former of which employs fraudulent emails to deceive recipients into clicking on malicious links. However, smishing uses text messages as a medium of deception as opposed to traditional phishing. 

When cybercriminals engage in smishing, their main goal is to obtain personal information that they can use for fraudulent activities, financial theft, or other crimes to evade the law. Often, the victims of these attacks unknowingly provide sensitive information that can compromise their finances as well as, in some instances, their employer's financial security, compromising not only their own financial security but also their employer's. Smishing attacks are typically carried out by one of two main tactics by cybercriminals. 

Using malware as the first method, the recipient is prompted to download malicious software on their mobile device when the fraudulent link in the smishing message is clicked. Often, malware is disguised as legitimate applications, tricking users into entering personal information that is then transmitted to the attacker. The second method of this attack is a malicious website that is targeted at the target user. In addition to directing victims to counterfeit websites resembling trusted institutions, such as financial service providers, fraudsters can use these websites to steal sensitive information from them, and to use that information for unauthorized transactions or stealing identity information. 

The cybercriminals then exploit the information by stealing it from them. Often, scammers impersonate financial institutions and send text messages requesting information, such as account numbers or ATM passwords, to steal your personal information. Providing this kind of information is similar to giving someone direct access to one's bank account, which makes it vital that individuals remain vigilant when dealing with scammers. 

Taking precautions to minimize the risk of smishing can be achieved by exercising caution whenever individuals receive unsolicited messages, verifying links before clicking and refraining from sharing sensitive information via text messaging sites to mitigate the risks associated with it. In particular, smishing attacks are especially deceptive because they often appear to originate with well-known organizations like FedEx, a financial institution, or a government agency, which makes them particularly deceptive. 

Text messages are often abused by scammers to deceive you because of the immediacy of the message and its personal nature. Unlike emails, which may be checked more carefully than texts, text messages are often read and responded to much more quickly, making the victim more likely to be deceived. Professor Murat Kantarcioglu of Virginia Tech, a computer science professor at the university, stresses that the perceived intimacy of text messages contributes to the increase in individuals who fall victim to scams like this. 

In response to the increase in the frequency of smishing attacks in several state transportation departments, including those in New Hampshire and West Virginia, as well as E-Z Pass, several government agencies have issued public warnings advising citizens about these scams. Before sharing any personal or financial information, individuals are advised to remain vigilant and verify that the communication is genuine before sharing any confidential information. 

As cybercriminals exploit trust by impersonating familiar individuals or organizations, SMS phishing attacks are fundamentally based on deception and fraud. This tactic is highly effective in increasing the chances of recipients complying with fraudulent requests. Smishing attacks employ social engineering principles to influence the victims' decision-making processes, utilizing three key factors. The attackers establish trust by portraying themselves as reputable entities, thereby reducing the level of scepticism among victims. 

In addition to the personal nature of text messaging, context plays an even greater role, as attackers craft messages tailored to the recipient's circumstances, making them appear legitimate and personalized. This further lowers the individual's defences. Third, emotion plays an important role, as it is used to create urgency so that the targets will act impulsively instead of critically analyzing the message and reacting accordingly. Cybercriminals use aseveraltechniques to obfuscate their identities and evade detection, such as clicking on malicious links, leading them to fraudulent websites or applications designed to collect sensitive information. 

Target selection is often determined by affiliations, locations, and institutions. In addition, cybercriminals utilize a variety of techniques to disguise themselves and avoid detection, such as spoofing, burner phones, and email-to-text services. There are numerous deceptive tactics cybercriminals are using to exploit victims' vulnerabilities as smishing attacks continue to become more sophisticated and sophisticated, causing victims to divulge sensitive information or engage with malicious content as a result. 

Many different types of smishing are commonly encountered today, including account verification scams, prize scams, tech support scams, bank fraud alerts, tax scams, threats to cancel services, as well as malicious app downloads, among others. There are a variety of account verification scams that involve the emulation of legitimate companies, such as banks and shipping companies, to warn recipients of unauthorized activity or to request account verifications from them. Once the victim clicks on the link provided, they are taken to a fake login page that harvests the credentials of the victim. 

Prizes or lottery scams, for example, falsely notify individuals they have won a prize or lottery prize, and they are asked to enter personal details, pay a fee, or click on malicious links, which ultimately result in financial losses or data theft. Users’ concerns about device security are exploited by scammers who send deceptive messages claiming to have a technical issue with their device. As a result of contacting the provided number, victims may be charged or persuaded to grant cybercriminals remote access to their data. 

Band Fraud Alerts operate similarly to these alerts. Attackers pretend to be financial institutions and offer users the chance to verify transactions by using fraudulent links or phone numbers. Several tax scams become particularly prevalent during the tax season, with fraudulent messages claiming to be the voice of the tax agency. As a result of these messages, recipients are often coerced into disclosing their financial details in exchange for refund promises or threats of penalties for unpaid taxes. Similarly, service cancellation scams alert the victims that they will have to cancel a subscription or service due to payment issues. 

By clicking on a phishing link, they will be able to resolve the matter. There are also deceptive techniques employed by cybercriminals to promote apps that appear to be legitimate by sending text messages promoting the app. Clicking on these links installs malware, which compromises personal data and device security. Understanding these techniques of smishing is a key component of mitigating risks and minimizing risk. When people receive unsolicited or suspicious messages, it is advised that they be cautious, verify claims through official channels, and avoid clicking on unfamiliar links or downloading files from unknown sources, as this can lead to scams. Vigilance and awareness remain the keys to protecting themselves against such scams. 

To combat the growing threat of smishing, individual citizens must adopt proactive cybersecurity measures to remain vigilant. As users, it is important to check the authenticity of the messages they receive, avoid untrustworthy links, and keep their private information safe. Increasing awareness and developing robust cybersecurity practices are essential to ensure protection against these evolving cyber threats in the future.
Read more »
Onine Fraud
Advanced Technology Cyber Fraud CyberCrime Cybersecurity CyberThreat Data Major Breach Onine Fraud

Online Fraud Emerges as a Major Global Challenge

 


A vast and highly organized industry is known as online scams, which are characterized by intricate supply chains that include services, equipment, and labor. In recent years, cybercrime has gone beyond isolated criminal activities, but has developed into a highly sophisticated network with direct links to countries such as Russia, China, and North Korea. Originally considered a low-level fraud, it has now become a global and geopolitical concern with an increase in international activity. 

Even though cybersecurity measures have advanced significantly over the years, individuals remain the primary defense against financial losses resulting from online fraud. As cyber threats' volume and sophistication continue to increase, governments must take stronger actions to safeguard citizens, businesses, and institutions from the increasing risks posed by cybercriminal activities as they continue to grow. A critical national security issue of today is cybercrime, requiring the same level of attention as drug trafficking and terrorism financing. 

While efforts have been made to address these threats, most have been aimed at large-scale ransomware attacks targeting governments as well as essential services such as healthcare. These incidents, though high-profile, are only a fraction of what is happening on a much greater scale and with a much greater level of pervasiveness in the world today. It is difficult to estimate how much money is lost as a result of cybercrime, but the impact on society is unquestionably significant.

There is a need for a more comprehensive and coordinated approach to online fraud as it continues to grow on a global scale. In his speech, Droupadi Murmu pointed out that digital fraud, cybercrime, and deepfake technology pose a huge threat to social, financial, and national security and stressed that securing these threats is imperative. A government official reiterated the commitment of the government to strengthening cybersecurity measures, stating that these challenges were critical to the security framework of the nation. She stated to the joint session of Parliament that India had made significant progress in the digital domain and that it hoped to lead global innovation by 2025. 

As part of the India AI Mission, she mentioned that artificial intelligence is aimed at enhancing India's position in emerging technologies by advancing artificial intelligence. In addition, she said that India’s UPI system has been recognized across the world as having revolutionized digital transactions. To reinforce the government’s role in economic growth and national development, she highlighted the efforts of the government to use digital technology to promote social justice, financial inclusion, and transparency. 

She also highlighted initiatives aimed at enhancing financial stability, improving governance, and promoting inclusive growth, among other things. In terms of government schemes, she pointed out the PM-Kisan Samman Nidhi, which has disbursed Rs 41,000 crores to millions of farmers over the past few years, ensuring agricultural stability and rural development. In addition to addressing significant policy reforms, he also discussed ‘One Nation, One Election,’ a program that aims to synchronize elections nationwide, thereby enhancing political stability and reducing administrative costs. 

The Waqf Bill, which she discussed in detail, is intended to increase transparency and governance in the management of Waqf properties, and is being discussed. As artificial intelligence becomes more and more accessible and affordable, it becomes increasingly important for criminals to use these tools. These tools enable large-scale, high-value scams that are becoming harder and harder to detect and prevent. There has been a loss of US$26 million suffered by a Hong Kong-based company in 2024 as a result of the employee being tricked into transferring funds to fraudsters by using an artificial intelligence filter, on a video call, to pose as the chief financial officer of the company. The majority of the responsibility for combating scams has been borne by the banks.

The government has taken considerable measures to compensate victims as well as to implement warning systems and education programs, particularly in countries like the United Kingdom. To track and block fraudulent activities, financial institutions have urged internet and social media companies to cooperate in more ways. However, artificial intelligence and the proliferation of cryptocurrencies have added to the difficulty of detecting and preventing fraud, making them even more complex. 

As a result of the Google Threat Intelligence Group's recommendations, governments have been advised to strengthen education and awareness efforts to provide individuals with better defenses against cyber threats. Additionally, it has been suggested that banks and technology companies have more power to combat criminal networks directly in their way. To effectively address these threats, we must treat cybercrime with the same urgency as drug trafficking and terrorism. As a result, international intelligence must be shared, enforcement mechanisms must be enhanced, and financial transactions through banking networks and cryptocurrency exchanges should be strictly controlled. 

In the past couple of years, governments and security agencies have been slow in responding to the increasing fraud epidemic due mainly to the small scale of individual cases, which makes investigations seem ineffective. However, these smaller incidents collectively produce considerable profits for cybercriminals. According to UK Finance, one of the biggest trade associations in the UK, 82% of fraud cases involve amounts less than $1,000 ($1,260). However, they account for 12% of all financial losses. The total number of incidents involving fraud exceeding £100,000 constitutes less than 3% of all incidents; however, these cases account for nearly 60% of all frauds. 

It is important to note that, regardless of their varying scales, all fraudulent activities contribute to a growing and extremely profitable cybercrime industry, demonstrating the need to strengthen law enforcement, take preventive measures, and coordinate international efforts to reduce the risk of fraud. Currently, cybercrime is in an active state of evolution, with online fraud becoming an increasingly organized and lucrative industry. 

Criminal networks are often connected to geopolitical entities and leverage artificial intelligence and digital tools to carry out sophisticated scams, which makes preventing these scams even more difficult. Droupadi Murmu stressed the importance of cybersecurity advancements in India, highlighting the digital initiatives and financial reforms that have been initiated. Amid the rising threat of cybercrime, financial institutions have been calling for a greater collaborative effort between the technology sector and the financial sector to combat fraud. Because cybercrime poses a serious threat to national security, experts have been advocating for global cooperation, stricter regulatory oversight, and stronger cyber defenses.
Read more »
YouTube phishing scam
AI-generated scam Cyber Fraud Neal Mohan deepfake Phishing Attacks YouTube monetization fraud YouTube phishing scam

YouTube Alerts Creators About AI-Generated Phishing Scam Using CEO’s Video

 

YouTube has issued a warning about a new phishing scam where cybercriminals are using an AI-generated video of CEO Neal Mohan to deceive content creators and steal their credentials. The scammers distribute the video privately through emails, falsely claiming that YouTube is implementing changes to its monetization policy.

"We're aware that phishers have been sharing private videos to send false videos, including an AI-generated video of YouTube’s CEO Neal Mohan announcing changes in monetization," YouTube stated in a pinned post on its official community website. 

"YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam."

Ironically, the phishing emails warn recipients that YouTube will never contact users through private videos, urging them to report suspicious emails.

The fraudulent video’s description contains a malicious link directing users to a fake YouTube Partner Program (YPP) page (studio.youtube-plus[.]com). Here, creators are prompted to sign in to “confirm updated terms” to continue monetizing their content. However, this site is designed to steal login credentials. The scam also induces urgency, falsely stating that accounts will face restrictions—including an inability to upload or edit videos and receive monetization—if compliance is not confirmed within seven days. Once login details are entered, victims receive a message stating their channel is "pending" and are directed to open a document in the video description for more information, even if they input a random email and password.

These phishing emails have been circulating since late January, with YouTube confirming an investigation into the campaign beginning in mid-February. The company advises users to avoid clicking any embedded links, as they may redirect to phishing sites or install malware.

"Many phishers actively target creators by trying to find ways to impersonate YouTube by exploiting in-platform features to link to malicious content," the platform added. "Please always be aware and make sure not to open untrusted links or files!"

Several creators have already fallen victim to the scam, reporting that their channels were hijacked and used to broadcast live cryptocurrency fraud streams.

YouTube offers guidelines on identifying and reporting phishing attempts through its help center. Additionally, since August 2024, the platform has introduced a support assistant to aid users in recovering and securing compromised accounts.
Read more »
Digital Fraud
Cyber Fraud CyberCrime Cyberhacker Cybersecurity CyberThreat Deepfake Scam Digital Fraud

India’s Escalating Crisis of Fake Institutions and Digital Fraud


 

As fraudulent activities in India continue to evolve and exploit systemic vulnerabilities to deceive unsuspecting individuals, there are counterfeit banks, legal entities that are fraudulent, and sophisticated cyber scams exploiting systemic vulnerabilities. There has been a significant increase in cases of financial fraud in the country during the first half of the current fiscal year, according to recent data from RBI, which indicates that the country's legal and financial frameworks are under the influence of an alarming trend.

It is common practice for scammers to create fake banks that operate under the guise of legitimate financial institutions and to offer attractive products and investment opportunities in exchange for their money. In the same way, sham courts and legal entities are also being set up to manipulate legal proceedings, mislead victims, and extort money from the public. Additionally, cybercriminals are employing advanced digital technologies to orchestrate scams that compromise sensitive financial and personal information as well as compromising the privacy of victims. This is highlighting critical weaknesses in regulatory oversight and enforcement mechanisms that are failing to effectively counter these frauds. 

Even though authorities are continuing to implement measures to curb these threats, it is imperative to develop more robust intervention strategies to combat the rapid growth of deceptive practices. It remains imperative that digital security frameworks are enhanced, public awareness is increased, and strict legal sanctions are implemented against offenders to reduce the impact of this growing financial and legal fraud. Although the Reserve Bank of India (RBI) has implemented significant changes in its policies regarding bank branch licensing, the process of establishing a new bank still requires multiple regulatory approvals, even after these changes have been implemented.

By conducting these rigorous checks, it can be ensured that unauthorized operations do not occur and ensure that the banking system remains intact. As a result of the discovery of a fraudulent State Bank of India (SBI) branch in Chhapora village, Chhattisgarh, in recent months, serious question marks have been raised about the efficiency of the existing oversight mechanisms in place to prevent such occurrences. 

In this elaborate scheme, the perpetrators not only deceived residents into depositing their hard-earned money into a nonexistent banking institution but also exploited the circumstances to create fake jobs. They further exacerbated the financial losses suffered by the victims by claiming the jobs were legitimate. In this case, the fact that such an operation remained undetected for such a long period highlights critical deficiencies in the monitoring and enforcement of financial regulation in this country. 

It is important to note that this is not an isolated case but rather a significant part of an increasingly widespread trend of fraudulent activities in the banking sector. It is evident from such cases that people need to be more vigilant, to have stronger regulatory enforcement, and to become more aware of financial scams to avoid becoming victims. As a means of preventing these deceptive practices and maintaining the credibility of the banking sector, financial institutions, law enforcement agencies, and regulatory bodies must work together to strengthen coordination between them. 

The Growing Threat of Cyber Fraud in India 


Cyber fraud has been on the rise for several years; scammers are employing more and more sophisticated tactics. Fraudulent call centers, primarily located in Gujarat, have been exposed for operating international scams, and operations have been dismantled in Gurugram, Noida, Mumbai and Indore. 

It has been reported that these syndicates mainly target victims living in the United States, the UK, and Canada by luring them with fake cryptocurrency investments, medical supplies, and antivirus software, and their operations have been ongoing for some time now. 

Rising Scams Targeting Indian Citizens 


Indian citizens are also falling prey to several fraudulent schemes, including Parcel Scams – A fictitious delivery notification tricks victims into paying for a package, SIM Deactivation Fraud – An impersonator of a telecom operator steals personal data while impersonating a telecom operator Job Scam – False work-from-home offers require upfront costs Electricity Disconnection Hoaxes – Fraudsters threaten power cuts to gain money from victims. 

There are many international fraud networks linked to these operations, including in Syria, Turkey, Saudi Arabia, Malaysia, and Singapore. Since India has been rapidly shifting to digital transactions, fraudsters are exploiting vulnerabilities in credit cards, UPI wallets, and online banking systems. Several seniors are at high risk of being tricked into transferring money through deceptive calls and messages as a result of fraudsters exploiting vulnerabilities in these systems. 

Fraud Expanding Beyond Finance 


As a result, scams are now extending into various sectors such as real estate, healthcare, education, and employment. In Kanpur, fraudsters made people pay up to 35 crores for bogus oxygen therapy intended to delay aging. At the same time, fake CBI documents and arrest warrants are being used to extort money. 

The Need for Stronger Regulations and Awareness 


As cyber fraud becomes more sophisticated, it warrants tighter enforcement, increased cybersecurity, and greater public awareness to curb its spread. Therefore, strengthening the coordination between law enforcement agencies, financial institutions, and regulatory bodies is crucial to combat this growing problem. 

Expanding Threat of Financial and Health-Related Fraud in India 


Fraud is not just confined to financial deception in India; it is posing increasingly serious risks to public health. Although some counterfeit drug manufacturers have been apprehended over the years, many operate undetected and without attracting much notice. An investigation of certain pharmaceutical companies found that they were willing to print any Maximum Retail Price (MRP) on bulk orders as part of a recent sting operation, which underscores the extent to which the pharmaceutical industry has been mistreated.

By setting up a therapy center called Revival World, a couple named Rajeev Kumar Dubey and Rashmi Dubey orchestrated a large-scale fraud. It was falsely claimed that by using oxygen therapy, a 60-year-old man could become a 25-year-old man, thus reversing the effects of aging. As a result of the 35 crore scam, it has become evident that people are vulnerable to a variety of health-related scams. Wolves are exploiting digital platforms just as they did before, to orchestrate financial deception both domestically and internationally, as they attempted to defraud customers. The problem with India's literacy is that even highly educated people from the United States, Britain, and Canada have been victims of these scams, despite its literacy challenges.

In the past, Gujarat-based call centers have been implicated in schemes involving fake medical supplies, counterfeit antivirus software and cryptocurrency investments, as well as international fraud operations. Gujarat-based call centers have been notorious for running international fraud operations. In recent years, similar operations have been uncovered in Gurugram, Noida, Mumbai, and Indore, but it is unclear the extent to which such activities are being carried out throughout the country. Financial crime in India has increased significantly in recent years.

A recent report from the Reserve Bank of India (RBI) on the Trends and Progress of Indian Banking indicates that 18,461 cases of bank fraud have been reported in the first half of the current fiscal year, resulting in a total loss of money that is eightfold greater than what is reported previously. To combat the rapidly growing landscape of financial crime, there is an urgent need for increased regulatory oversight, stricter enforcement measures, and a greater degree of public awareness. 

Strengthening Regulatory Measures to Curb Financial Fraud


There is an increasing ease with which fraud is being perpetrated in India today, a national concern that requires immediate attention. Addressing the growing issues that have resulted in the fraud epidemic in India requires understanding its magnitude and the wide-reaching implications of the issue. 

India is at risk of becoming a global hotspot for financial fraud unless comprehensive regulatory reforms and stricter enforcement mechanisms occur. Several steps can help mitigate this threat, including strengthening legal frameworks, improving oversight of financial institutions, and utilizing advanced technology to detect fraudulent activities. 

For the economy to remain safe and the public to have trust in the financial system to be restored, regulatory agencies, financial institutions, and law enforcement agencies must work together as a team.
Read more »
Phishing scam
Cyber Fraud Google Ads Malicious Campaign PayPal Scam Phishing scam

Scammers Exploit Google and PayPal’s Infrastructure to Steal Users Private Data

 

Cybersecurity experts discovered a sophisticated phishing campaign that used Google Ads and PayPal's infrastructure to defraud users and obtain sensitive personal information. 

The attackers abused vulnerabilities in Google's ad standards and PayPal's "no-code checkout" feature to create fake payment links that appeared authentic, duping victims into communicating with fake customer care agents. 

Malicious actors created fraudulent adverts imitating PayPal. These adverts shown in the top search results on Google, displaying the official PayPal domain to boost user trust. A flaw in Google's landing page regulations allowed these advertisements to send consumers to fraudulent sites hosted on PayPal's legitimate domain.

The URLs used the format paypal.com/ncp/payment/[unique ID], which was designed to allow merchants to securely accept payments without requiring technical knowledge. 

Scammers took advantage of this functionality by customising payment pages with misleading information, such as fake customer service phone numbers labelled as "PayPal Assistance." Victims, particularly those using mobile devices with limited screen area, were more likely to fall for the scam due to the challenges in spotting the fake nature of the links. 

Mobile devices: A key target 

Due to the inherent limitations of smaller screens, mobile users were the campaign's main target. Users of smartphones frequently rely on the top search results without scrolling further, which increases their vulnerability to clicking on malicious ads. Additionally, once they were directed to the phoney payment pages, users would see PayPal's official domain in their browser address bar, which further confirmed the scam's legitimacy. 

Victims who called the fake help numbers were most likely tricked into disclosing sensitive information or making unauthorised payments. According to MalwareBytes Report, this attack highlights how cybercriminals may use trusted platforms such as Google and PayPal to conduct sophisticated scams. Scammers successfully bypassed typical security measures by combining technical flaws with social engineering techniques, preying on people' trust in well-known brands.

The campaign has been reported to Google and PayPal, yet new malicious adverts utilising similar techniques continue to appear. Experts advise people to use caution when interacting with online adverts and to prioritise organic search results above sponsored links when looking for legitimate customer service information. Security technologies such as ad blockers and anti-phishing software can also help to reduce risks by blocking malicious links.
Read more »
Trading Bots
AI Trading Blockchain Security Crypto Scam Cyber Fraud Trading Bots

Crypto Scammers Are Targeting AI Trade Bots

 

The blockchain security company CertiK disclosed how a new generation of scammers is changing their tactics to target automated trading bots in the wake of the LIBRA meme currency fiasco, in which insiders were given advanced information of the launch procedures.

Kang Li, the chief security officer at CertiK, told Decrypt last week at Consensus in Hong Kong that some smart contracts are intentionally made to target the snipers.

The observations follow Hayden Davis's description of such ventures as a "zero-sum game" in which only a few have power. Davis is the self-described "launch strategist" for LIBRA and other celebrity meme coins.

Even at the top, all of it is extractive to some degree—none of it has value, Davis stated in an interview with Coffeezilla's Stephen Findeisen last Sunday. He explained how "professional snipers" are involved in meme coin launches, front-running a token and loading up to buy in before a launch is made public.

Smart contract sniping is a technique in which bots watch on-chain activity for newly issued tokens and execute deals before human traders can react. These bots use on-chain technology and are trained to execute trades as soon as liquidity becomes available. According to Li, a new breed of shrewd fraudsters is creating fake tokens with hidden "backdoors" that appear secure to AI-powered trading bots trained to identify security issues. 

Although these artificial intelligence trading bots "are not dumb" and examine tokens "to see if you have any clear rug-proofing function there," Li noted that scammers have exploited this as a bait-and-switch tactic. 

Following the launch of a token, the scammers "immediately promote [this] in all the AI trading community," and "once they have a few buys, they rug pull it," Li added. 

Li refutes the notion that blockchain security is unnecessary for meme coins and pump-and-dump operations, claiming that the actual risks are in who controls the token, price manipulation, and the history of those behind it. These scams are taking place on a "massive scale," potentially resulting in losses of "tens of millions of dollars," according to Li. With no fear of legal repercussions, scammers 'simply keep destroying' trading bots, taking advantage of a victim.
Read more »
User Privacy
Cyber Fraud Data Leak Financial Scam Indian Banking MHA User Privacy

Open Access to Critical Data With Bank Staff Leading to Financial Scam

 

A concerning trend has sent shockwaves across cybersecurity authorities, with central cyber and intelligence organisations tracking and documenting large-scale data leaks perpetrated by bank staff and third party contractors. 

According to a senior Indian government official, the issue has been raised to the highest levels of government, prompting an emergency meeting at the Ministry of Home Affairs (MHA) a few weeks ago to develop a resolution. The government agencies have determined that unlimited access to critical banking data, granted to staff and third-party vendors, is directly supporting rampant cyber fraud and significant financial losses among citizens. 

“The exposure of highly sensitive banking data to employees, particularly outsourced staff and third-party vendors, is leading to severe information leaks. Cybercriminals are exploiting this breach to systematically target and defraud citizens," a top government official stated. 

What is more concerning is the potential involvement of high management-level bank executives. Intelligence agencies officials at the meeting stated that despite repeated accusations, both public and private sector institutions had failed to take action against fraudulent activity. “Shockingly, banks are neglecting action on nearly 60-70 percent of fraudulent accounts reported on the National Cybercrime Reporting Portal (NCRP)," a senior official who attended the MHA meeting noted. 

Financial intelligence agencies have also detected severe flaws in banking security. The MHA meeting featured a detailed analysis of cyber fraud trends, mule accounts, and bank reaction times. The statistics show a stunning increase in cybercrime events, demonstrating that current security measures are ineffective. Banks seem reluctant to take corrective action, creating serious concerns about their accountability. 

In line with the most recent Reserve Bank of India (RBI) recommendation, authorities have highlighted the need for swift and strict action due to the rapid evolution of cybercrime. According to officials, unregulated data leaks from banks' own infrastructure will continue to fuel cybercriminal networks, putting millions of clients at risk, unless banks strengthen their internal controls and take decisive action.
Read more »
Financial security breaches
Banking data leaks Cyber Fraud Cybercrime in banking Financial security breaches

Massive Banking Data Leaks Under Scrutiny as Cyber Fraud Cases Surge

 

A concerning rise in large-scale data breaches has put cybersecurity agencies on high alert, with central cyber and intelligence bodies actively tracking incidents linked to bank employees and third-party vendors.

According to a senior government official, the matter has escalated to the highest levels, prompting an urgent meeting at the Ministry of Home Affairs (MHA) a few weeks ago to strategize countermeasures. Investigations reveal that unrestricted access to sensitive banking data—provided to employees and third-party vendors—is a major factor fueling cyber fraud and substantial financial losses for citizens.

“The exposure of highly sensitive banking data to employees, particularly outsourced staff and third-party vendors, is leading to severe information leaks. Cybercriminals are exploiting this breach to systematically target and defraud citizens," a top government official told News18, referencing a government report.

What intensifies concerns further is the suspected involvement of senior banking officials. Intelligence agency representatives at the MHA meeting highlighted that both public and private sector banks are failing to take action against fraudulent activities despite repeated complaints. “Shockingly, banks are neglecting action on nearly 60-70 percent of fraudulent accounts reported on the National Cybercrime Reporting Portal (NCRP)," a senior official who attended the meeting stated.

Financial intelligence agencies have also flagged critical lapses in banking security. “A comprehensive analysis of cyber fraud trends, mule accounts, and banks’ response times was presented at the meeting. The findings indicate a staggering increase in cybercrime incidents, proving that existing security measures are failing. Banks appear reluctant to take corrective action, raising serious concerns about their accountability," sources told News18.

With cybercrime evolving at an alarming pace, authorities stress the need for immediate and stringent action in line with the latest Reserve Bank of India (RBI) advisory. Officials caution that unless banks strengthen internal controls and implement decisive measures, unchecked data leaks from within their infrastructure will continue to fuel cybercriminal networks, placing millions of customers at risk.
Read more »
Phishing Campaign
Amazon Prime Cyber Fraud Email scam Financial Scam Phishing Campaign

Amazon Prime Phishing Campaign Siphons Login And Payment Info

 

The Cofense Phishing Defence Centre (PDC) has uncovered a new phishing campaign aimed particularly at Amazon Prime members, trying to steal login passwords, security answers, and payment details. The attacker sends out a well-crafted email mimicking Amazon, encouraging users to update their payment details owing to an "expired" or "invalid" payment method.

The Cofense PDC claims that the threat was sent by email that looked like a genuine Amazon Prime warning the victim that their payment method had expired or was no longer acceptable. Phishing attempts are evident when an email with the spoof sender name "Prime Notification" comes from an unrelated domain. 

The email tries to generate a false sense of urgency, which leads people to click on a fake link. When victims click, they are taken to a bogus Amazon security verification screen. "One of the first red flags recipients should look for is the URL, as it reveals that they have been redirected to Google Docs instead of Amazon's legitimate website," the report reads. 

Once the user has passed the false security screen, they are directed to a fraudulent Amazon login page designed to harvest passwords. "Users should always double-check when logging into websites and ensure that additional security measures, such as multi-factor authentication, are enabled," the researchers added.

After submitting their credentials, victims are prompted to provide additional verification information, such as their mother's maiden name, date of birth, and phone number. The phishing attack is not limited to login credentials. Users are also prompted to input their billing address and payment details, which includes credit card information.

"By obtaining the recipient's residential details, threat actors can submit a request to change the victim's address with postal services, redirecting mail and packages to another location," the report further reads.

In a similar vein, hackers can carry out illegal activities using credit card information that has been stolen. Cofense cautions that "threat actors could use the information to initiate and authorise multiple transactions if these details are compromised." If victims believe the card details has been taken, they are advised to get in touch with their banks right away.
Read more »
United States
Cyber Fraud Data Breach DOJ Phobos Ransomware United States

Two Russian Hackers Arrested for Large-Scale Ransomware Attacks

 



Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand attacks worldwide.  

Cybercriminals Behind the Phobos Ransomware Attacks 

According to the U.S. Department of Justice (DoJ), both men were actively involved in cybercrime from 2019 to 2024. They were linked to two hacking groups known as "8Base" and "Affiliate 2803," which were responsible for spreading Phobos ransomware.  

Their method of attack involved infiltrating computer networks, stealing important files, and encrypting them using ransomware. Victims were then left with no access to their own data unless they paid a ransom. If payments were not made, the attackers allegedly threatened to leak sensitive information to the public or to the organizations’ clients and partners.  

Legal Charges and Possible Consequences

The two men now face multiple serious charges, including:  

1. Fraud involving online transactions  

2. Hacking into protected systems  

3. Intentional damage to computer networks  

4. Extortion through cyber threats  

If found guilty, the penalties could be severe. Wire fraud charges alone could lead to a 20-year prison sentence, while hacking-related crimes carry additional penalties of up to 10 years.  

International Crackdown on Ransomware Operations

In a coordinated effort, Europol and other international agencies have shut down 27 servers used by the 8Base ransomware group. This action has significantly disrupted the cybercriminal network.  

Authorities also revealed that a previous arrest in Italy in 2023 helped law enforcement gather intelligence on Phobos ransomware operations. This intelligence allowed them to prevent over 400 potential cyberattacks and take down key infrastructure used by the hackers.  

What This Means for Cybersecurity

Phobos ransomware has been a major cyber threat since 2018, targeting businesses and organizations worldwide. While these arrests and crackdowns have weakened the group, it is uncertain whether this will fully eliminate their operations.  

This case highlights the growing efforts by global law enforcement agencies to combat cybercrime. Businesses and individuals are urged to remain cautious, implement strong security measures, and stay informed about evolving cyber threats.  


Read more »
pharma scam
Alkem Laboratories Cyber Fraud Cyber Security Email scam Financial Fraud Online Scam pharma scam

Alkem Laboratories Falls Victim to Rs 22.31 Crore Cyber Fraud

 

The pharmaceutical industry has been rocked by a major cyber fraud case, with Mumbai-based Alkem Laboratories suffering a financial loss of Rs 22.31 crore due to an elaborate scam. Fraudsters posed as executives from Alkem’s U.S. subsidiary, Ascend Laboratories LLC, to execute the scheme.

According to a Hindustan Times report, the incident began on October 27, 2023, when Alkem’s Mumbai office received an email seemingly from Amit Ghare, the head of international operations at Ascend Laboratories. The email claimed that a recent payment to Alkem would lead to significant tax liabilities. To circumvent these taxes, the company was asked to refund the amount to a different bank account.

On November 17, 2023, another email, allegedly from Mary Smith, Ascend Laboratories' accounting manager, provided details of a U.S.-based bank account for the refund. Acting on these instructions, Alkem’s treasury manager, Manoj Mishra, transferred Rs 51.30 crore to the specified account via a SWIFT transaction.

The fraud came to light on November 15, 2023, when Alkem received another email, supposedly from Ghare, requesting a refund of Rs 90 crore. Growing suspicious, Alkem officials contacted Ghare, who confirmed he had not sent the request. Further investigation revealed that the earlier emails originated from compromised email accounts with subtle alterations in the email addresses.

According to HT, U.S. authorities were able to recover Rs 28.98 crore from the stolen amount, which was returned to Alkem. However, the company still suffered a loss of Rs 22.31 crore.

Alkem Laboratories has reported the incident to the authorities, and an ongoing investigation aims to identify and apprehend the fraudsters while recovering the remaining funds. The company has also implemented enhanced cybersecurity measures to safeguard against similar threats, as reported by The Free Press Journal.
Read more »
phishing
Artificial Intelligence Cyber Fraud FBI Gmail Hack phishing

FBI Alerts Users of Surge in Gmail AI Phishing Attacks

 

Phishing scams have been around for many years, but they are now more sophisticated than ever due to the introduction of artificial intelligence (AI). 

As reported in the Hoxhunt Phishing Trends Report, AI-based phishing attacks have increased dramatically since the beginning of 2022, with a whopping 49% increase in total phishing attempts. These attacks are not only more common, but also more sophisticated, making it challenging for common email filters to detect them. 

Attackers are increasingly using AI to create incredibly convincing phoney websites and email messages that deceive users into disclosing sensitive data. What makes Gmail such an ideal target is its interaction with Google services, which keep massive quantities of personal information. 

Once a Gmail account has been compromised, attackers have access to a wealth of information, making it a tempting target. While users of other email platforms are also vulnerable, Gmail remains the primary target because of its enormous popularity. 

Phishing has never been easier 

The ease with which fraudsters can now carry out phishing attacks was highlighted by Adrianus Warmenhoven, a cybersecurity specialist at Nord Security. According to Warmenhoven, "Phishing is easier than assembling flat-pack furniture," and numerous customers fall for phishing attempts in less than 60 seconds. 

Hackers no longer require coding knowledge to generate convincing replicas of genuine websites due to the widespread availability of AI tools. With only a few clicks, these tools can replicate a website, increasing the frequency and potency of phishing attacks. 

The fact that these attacks are AI-powered has made it easier for cybercriminals to get started, according to Forbes. Convincing emails and websites that steal private information from unwary victims can be simply created by someone with little technological expertise. 

Here's how to stay safe 

  • Employ a password manager: By automatically entering your login information on trustworthy websites, a password manager keeps you from entering it on phishing websites. Before auto-filling private data, verify that your password manager requires URL matching. 
  • Monitor your accounts regularly: Keep an eye out for signs of unauthorised activity on your accounts. Take quick action to safeguard your data if you see anything fishy. 
  • Turn on two-factor authentication: Make sure your Google account is always turned on for two-factor authentication (2FA). Even if hackers are able to get your password, this additional security makes it far more challenging for them to access your account. 
  • Verify requests for private details: Whether via phone calls, texts, or emails, Gmail users should never reply to unsolicited demands for personal information. Always check the request by going directly to your Google account page if you are unsure.
Read more »
User Security
Cyber Fraud phishing QR code Quishing User Security

Quishing On The Rise: Strategies to Avert QR Code Phishing

 

QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing. 

What is Quishing? 

Quishing (QR code phishing) is the process of placing a malicious URL into a QR code. Rather than linking to a legitimate website, the code will load a page that attempts to steal information, infect your device with malware, or execute another malicious act.

It's a goofy name, but it poses a serious threat. While we're all aware that you shouldn't browse suspicious websites or download unfamiliar files, the nature of QR codes makes it impossible to tell what's on the other side. With a scan and a tap, you're whisked away to a website that may contain material you don't want to see, or routed to a malware download. 

It's also possible to be duped into scanning a QR code: many businesses build their QR codes using third-party services and URL shorteners, which means that the embedded links may not always redirect to their actual websites. This makes it challenging to determine whether a QR code has been tampered by someone carrying out a quishing assault.

Is quishing a real threat? 

Yes. It is already happening and has proven to be beneficial. QR codes for parking meters, restaurant payments and tip systems, and phoney advertisements are being tampered with all across the world to perpetrate quishing frauds, typically by simply sticking a sticker with a bogus QR over an already existing official code.

These trick codes then lead to false login pages and payment sites, where you can either pay the scammer directly or give them your information (which can be used to steal your money later or push further scams). 

Safety tips 

There are a few efficient strategies to safeguard yourself from quishing: 

  • Make use of your device's built-in QR code scanner. App shops' QR scanners have a bad reputation for security and privacy.
  • Avoid clicking on links that employ URL shorteners and make sure the destination a QR code is attempting to direct you to is genuine before clicking on the link. 
  • Avoid paying with QR codes whenever you can, especially if the payment link takes you to an unidentified address. 
  • Additionally, be aware that phoney websites often use names that sound similar to legitimate ones, so double-check your spelling.
Read more »
Phishing scam
AI scam Cyber Cyber Fraud Fraud Gmail Hack Google security Phishing scam

Gmail Confirms AI Hack: 2.5 Billion Users Warned of Phishing Scam

 

  
Gmail has issued a warning to its 2.5 billion users about a sophisticated AI-powered phishing attack. Fraudsters are using caller IDs that seem to originate from Google support, convincing users that their accounts have been compromised. Under the pretense of an account recovery process, they send an email with a recovery code that appears to come from a genuine Gmail address, Forbes reports.

Zach Latta, founder of Hack Club, noticed irregularities during an interaction with a so-called Google support agent. "She sounded like a real engineer, the connection was super clear, and she had an American accent," Latta told Forbes. Despite the convincing approach, the scam's goal is to deceive users into providing their login credentials, allowing cybercriminals to take control of their accounts.

Spencer Starkey, Vice President at SonicWall, emphasized the evolving nature of cyber threats: "Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats." He advised businesses to adopt a proactive cybersecurity approach, including regular security assessments and incident response planning.

Users Report Similar Fraud Attempts

According to the New York Post, Y Combinator founder Garry Tan shared his experience on X (formerly Twitter) after receiving phishing emails and phone calls.

"They claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account," Tan wrote, calling it an elaborate scheme to manipulate users into approving password recovery.

Microsoft solutions consultant Sam Mitrovic also encountered this scam months ago. Initially, he ignored the recovery notification and follow-up call, but when it happened again, he decided to answer.

"It's an American voice, very polite and professional. The number is Australian," Mitrovic recalled. He even verified the number on an official Google support page, making the deception more convincing. 

The caller alleged there was suspicious activity on his account and asked if he had logged in from Germany. When he denied it, the agent claimed someone had been accessing his account for a week and offered to help secure it. Mitrovic realized something was off when he spotted a suspicious email address in the follow-up message and stopped responding.

Forbes advises Gmail users to remain calm and immediately disconnect any call from so-called Google support, as Google does not contact users via phone. Instead, users should verify account activity themselves:
  • Use Google Search to check official security support pages.
  • Log into Gmail and navigate to the bottom right corner to review recent account activity.
  • Avoid sharing recovery codes with anyone over the phone.
With cyber threats evolving rapidly, vigilance is key to safeguarding online accounts.

Read more »
Subscribe to: Posts (Atom)