Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Scam. Show all posts
User Privacy
Cyber Scam Malicious Campaign malware Tria Stealer User Privacy

Fake Wedding Invitation Malware Targets Android Users

 

Malicious actors are propagating a recently discovered Android malware called Tria by sending phoney wedding invitations to consumers in Brunei and Malaysia. 

According to a report published by the Russian cybersecurity firm Kaspersky, the attackers have been using private and group chats on Telegram and WhatsApp since mid-2024 to distribute the malware, inviting users to weddings and prompting them to install a mobile app in order to get the invitation.

Once the malware is installed, it can collect private information from call logs, emails (including Gmail and Outlook), SMS messages, and messaging apps (such as WhatsApp and WhatsApp Business). 

Researchers caution that accounts that depend on email and messaging app authentication could be compromised, passwords can be reset, or online banking can be accessed using the stolen data. 

The attackers' main objective seems to be taking complete control of the victims' Telegram and WhatsApp accounts so they can make phoney money requests to connections or propagate malware. To process stolen data, the hackers employ two Telegram bots: one for managing SMS data and another for gathering text from emails and instant messaging apps. 

According to Kaspersky, posts on social media sites like Facebook and X suggest that the campaign has reached a number of Android users in Malaysia, while the precise number of victims is still unknown.

The researchers have not identified a specific organisation responsible for the attack, but evidence implies that the hackers are Indonesian-speaking. 

In 2023, Kaspersky discovered a similar effort known as UdangaSteal, in which hackers stole text messages from users in Indonesia, Malaysia, and India and transmitted the data to their servers using a Telegram bot. The attackers utilised a variety of deceptive approaches to trick users into installing malicious files, such as bogus wedding invites, package delivery notifications, annual tax payment reminders, and job offers. 

Despite their similarities, experts identify major differences between the two attacks, such as distinct malware code, geographic targets, and attack techniques. While UdangaSteal has always focused on SMS theft, experts say Tria has a larger reach, attacking emails and chat apps as well as SMS conversations.
Read more »
Fraud Calls
Bengaluru call scams Cyber Fraud Cyber Scam Financial Fraud Financial Scam Fraud Calls

Bengaluru Woman Loses ₹2 Lakh to Sophisticated IVR-Based Cyber Scam

 

Cyber fraud continues to evolve, with scammers using increasingly sophisticated techniques to deceive victims. In a recent case from Bengaluru, a woman lost ₹2 lakh after receiving a fraudulent automated call that mimicked her bank’s Interactive Voice Response (IVR) system. The incident underscores the growing risk of technology-driven scams that exploit human vulnerability in moments of urgency. 

The fraud occurred on January 20 when the woman received a call from a number that closely resembled that of a nationalized bank. The caller ID displayed “SBI,” making it appear as though the call was from her actual bank. The pre-recorded message on the IVR system informed her that ₹2 lakh was being transferred from her account and asked her to confirm or dispute the transaction by pressing a designated key. Startled by the alert, she followed the instructions and selected the option to deny the transfer, believing it would stop the transaction. 

However, moments after the call ended, she received a notification that ₹2 lakh had been debited from her account. Realizing she had been scammed, she rushed to her bank for assistance. The bank officials advised her to report the fraud immediately to the cybercrime helpline at 1930 and file a police complaint. Authorities registered a case under the Information Technology Act and IPC Section 318 for cheating. 

Cybercrime investigators believe this scam is more sophisticated than traditional IVR fraud. Typically, such scams involve tricking victims into providing sensitive banking details like PINs or OTPs. However, in this case, the woman did not explicitly share any credentials, making it unclear how the fraudsters managed to access her funds. 

A senior police officer suggested two possible explanations. First, the victim may have unknowingly provided critical information that enabled the scammers to complete the transaction. Second, cybercriminals may have developed a new technique capable of bypassing standard banking security measures. Investigators are now exploring whether this scam represents an emerging threat involving advanced IVR manipulation. This case serves as a stark reminder of the need for heightened awareness about cyber fraud. 

Experts warn the public to be wary of automated calls requesting banking actions, even if they appear legitimate. Banks generally do not ask customers to confirm transactions via phone calls. Customers are advised to verify any suspicious activity directly through their bank’s official app, website, or customer service helpline. 

If someone encounters a suspected scam, immediate action is crucial. Victims should contact their bank, report the fraud to cybercrime authorities, and avoid responding to similar calls in the future. By staying informed and cautious, individuals can better protect themselves from falling prey to such evolving cyber threats.
Read more »
User Security
Cyber Scam Home Ministry Social Media Cyber Crime User Security

WhatsApp Emerges as the Most Exploited Platform in Cyber Frauds

 

WhatsApp, Instagram, and Telegram have once again become the favorite tools for hackers, as per a report released by India's Home Ministry (MHA). 

According to the report, WhatsApp is still the most commonly utilized medium for cybercrime. Several examples of digital fraud were reported this year, with cybercriminals exploiting WhatsApp video calls to dupe people out of millions of rupees. 

In the first quarter of 2024, 43,797 cybercrime complaints were received, with 22,680 attributed to WhatsApp, making it the most widely used platform for fraudulent activity. Telegram ranked second with 19,800 complaints. According to the MHA's Annual Report 2023-24, scammers rely extensively on Google services, particularly Google Ads, to carry out targeted scams, which expands the reach and impact of these frauds. 

Additionally, Investment frauds continue to dominate, targeting individuals across the globe. Other common cybercrimes include money laundering frauds and digital fraud. Online criminals have also used Facebook ads in a systematic method to deliver fake landing apps to users' devices, worsening the situation.

I4C, the cybersecurity division of the Home Ministry, is working diligently to combat the rising tide of cybercrimes. Recently, the authorities blocked thousands of WhatsApp accounts. Cybercriminals exploited these accounts to carry out digital frauds against Indian individuals, and they were linked to international numbers. 

WhatsApp is the world's most popular instant messaging platform, with more than 2.95 billion active users. Its popularity is unparalleled in India, with millions of daily active users. Its large user base makes it an appealing target for cybercriminals.While WhatsApp is a popular method of communication, users must be attentive and implement strong digital security measures to safeguard themselves from potential scams.
Read more »
User Security
Cyber Scam Data Privacy Financial Fraud Mobile Security Phone Scam User Security

Here's How to Safeguard Yourself Against Phone Scams

 

Sophisticated phone scams are becoming more common and more relentless. The numbers are mind-boggling. According to the FTC, impostor fraudsters cost US consumers $2.7 billion in 2023, and the figure is rising year after year. 

These are merely the listed losses; many people who have been duped are embarrassed and refuse to acknowledge they fell for such a scam. You may believe that you will not be misled, yet many of those who are duped thought this before the incident. 

Scammers have refined their strategies to sound trustworthy and legitimate, and AI is just making matters worse. When combined with the strain or situation, it only takes a few moments to fall for it. 

The best defence against phone scams is to be prepared to face them, as they are likely to occur at some point. We've compiled a list of some of the most popular phone scams in 2024 and how to prevent them.

AI-powered scams

The most obvious example of fraudsters exploiting new technology to power existing scams is artificial intelligence (AI). For instance, scammers might use AI to: 

  • Generate more convincing and genuine sounding phishing emails and text messages. 
  • Create deepfakes of celebrities to lure victims into thinking they're investing in a good company or project.
  • Impersonate an employer and ask for private information. 

Student loan forgiveness scams 

The back-and-forth adjustments in student loan forgiveness create an ideal scenario for scammers. Fraudsters know that individuals want to believe that their student loans will be forgiven, and they will use this need for personal benefit.

For example, scammers may call you or set up fake application sites to steal your Social Security number or bank account information. They may put pressure on their victims by sending bogus urgent messages encouraging them to seek debt relief "before it's too late." Then they will charge you a high application fee. In reality, this is a scam.

Zelle scams

Scammers are using Zelle, a peer-to-peer payment tool, to steal people's money. The fraudster might email, text, or contact you, claiming to work for your bank or credit union's fraud department. They'll claim that a thief intended to steal your money via Zelle and that they need to walk you through "fixing" the issue. 

Subsequently, fraudsters may advise you to pay the money to yourself, but the funds will actually go to their account. Starting in mid-2023, Zelle began refunding victims of some frauds. However, you may not always be eligible for reimbursement, so be aware of these financial frauds. 

Prevention tips 

Avoid clicking on unknown links: Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the firm using a number that you look up on your own to confirm its legitimacy. 

Be skeptical: Scammers can spoof calls and emails to appear to be from a number of sources, including government institutions, charities, banks, and major companies. Do not provide any personal information, usernames, passwords, or one-time codes that others could use to gain access to your accounts or steal your identity. 

Don't refund or forward overpayments: Beware whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later. Following simple safety precautions and reviewing the most recent scam alerts might help you stay safe. However, mistakes might occur, especially when you are stressed or overwhelmed.
Read more »
Threat Landscape
Cyber Crime Report Cyber Fraud Cyber Scam South Asia Threat Landscape

Rise of Cybercrime in India: Reasons, Impacts & Safety Measures

 

The reel is frequently influenced by the real. Jamtara, an OTT series, was inspired by cyber fraud activities carried out in a remote part of Jharkhand. However, the script appears to need some tuning in the future. This is because cybercrime hotspots in India, such as Jamtara and Mewat, have spread outside the country's borders. 

According to a recent study conducted by the Indian Cyber Crime Coordination Centre, a part of the Union Home Ministry, approximately 45% of cybercrime cases targeting Indians originate in other South Asian nations, primarily Myanmar, Cambodia, and Laos. This is not to imply that the threat is minimal in India. 

The number of complaints about grey activities such as trading scams, phishing, and fake romance has risen dramatically, from 26,049 in 2019 to 7.4 lakh by April 2024. This year, the national cybercrime reporting system received over six lakh complaints, totaling almost Rs 1,800 crore in fraudulent money. 

Based on a study undertaken by an IIT Kanpur-incubated non-profit, financial fraud accounts for approximately 77% of cybercrimes between 2020 and 2023. There are additional risks: identity and data theft caused by cyber fraud can have long-term consequences such as a permanent debt footprint, as well as legal and security issues. Notably, the cybercrime network based in these South Asian nations has been deceiving Indians by using Indian SIM cards and fraudulent recruitment possibilities via messaging apps.

For example, the Indian embassy in Cambodia sponsored the extradition of 360 Indians. However, 5,000 citizens are accused of being trapped there and forced to commit cybercrime against their fellow Indians. Last year, India was the 80th most targeted country for cybercrime. New Delhi must use diplomatic channels to interact its concerns to these countries.

India has the second largest population of active internet users. However, the vast majority of them are unaware of internet fraud, making them easy targets for scammers. Other rising threats include privacy violations and sextortion. The expanding digital ecosystem needs a thorough understanding and mitigation of cyber threats. 

To prevent such mischief, legal loopholes must be fixed. However, there should be a balance between cybercrime prevention and overregulation so that access to the internet is not hampered while also protecting the privacy of users. Treading this fine line under an authoritarian rule can be difficult.
Read more »
User Privacy
Action Fraud Cyber Fraud Cyber Scam Cyber Scammers UK User Privacy

Scammers Targeting WhatsApp Groups in UK

 

When businessman Mohammed Yousaf received an urgent plea for assistance from one of his oldest friends, he rushed to the rescue.

The 56-year-old received a WhatsApp message from the account of a man he had been friends with for 50 years. It began with the greeting 'Salaam', followed by the message: "Please, I need a little assistance from you..." 

Mohammed was concerned about his friend and inquired how he could help. He was told that his friend was attempting to send £800 to an account, but it did not function, and he was asked if he could make the payment instead, with his friend reimbursing him the next day. What transpired was a fraud that terrified Mr. Yousaf and cost him £800. Unfortunately, he's not alone. 

Last month, men in East Lancashire were warned of blackmail fraud after scammers posing as Eastern European gang members sent threatening requests for payment. Police said men in Accrington and Blackburn were pushed into giving over substantial sums of cash after getting disturbing messages and video calls of someone carrying a pistol. 

Action Fraud, the UK's national reporting centre for fraud and cybercrime, reports that fraudsters are now targeting group chat participants in order to exploit WhatsApp users. The fraud often begins when a member of the group receives a WhatsApp audio call from the fraudster, who pretends or claims to be another member of the group. 

This is done to earn the individual's trust, and the scammer will frequently use a phoney profile image and/or display name, giving the impression that it is a genuine member of the group. 

The fraudster will inform the victim that they are providing them a one-time passcode that will allow them to participate in an upcoming video call for group members. The perpetrator then asks the victim to reveal the passcode so that they can be "registered" for the video conference.

In reality, the attacker is asking for a registration number to migrate the victim's WhatsApp account to a new device, allowing them to take over the account. 

Once the fraudster has gained access to the victim's WhatsApp account, they will activate two-step verification, making it impossible for the victim to regain access to their account. Other members of the group, or friends and family in the victim's contacts, will then be messaged, urging them to wire money immediately because they are in urgent need of assistance. 

According to Detective Superintendent Gary Miles, head of the City of London Police's National Fraud Intelligence Bureau, WhatsApp remains a key channel of communication for several people in the UK, but fraudsters continue to figure out ways to gain access to these platforms.
Read more »
scam tactics
Cyber Criminals Cyber Fraud Cyber Scam Cyber Threats CyberCrime Delhi cybercrime rise Delhi Police digital house arrest forged letterheads Fraud Online fraud police alert scam tactics

Delhi Police Alerts Citizens to New Cyber Scam

 

Authorities in Delhi are cautioning residents to remain vigilant against a recent surge in cyber fraud cases known as ‘digital house arrest,’ with over 200 incidents reported monthly in the capital.

Described as a serious threat by senior officials, this tactic employed by cybercriminals aims to coerce victims into parting with their money once ensnared in their schemes.

In this scheme, scammers posing as law enforcement officers deceive victims into believing their bank accounts, SIM cards, Aadhaar cards, or other linked documents have been compromised. The victims are then virtually confined to their homes and pressured into paying the scammers.

According to a senior officer from the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police, cases involving amounts exceeding Rs 50 lakh are investigated by their specialized team.

In a recent case, a man preparing for work received a call from someone claiming to be from the Mumbai Crime Branch. The caller accused the victim of involvement in drug trafficking using his Aadhaar card and instructed him not to leave his house during a prolonged interrogation session. The victim, fearing repercussions, complied. Eventually, the scammers gained remote access to his computer, drained his bank account, and vanished.

These fraudsters often employ forged police letterheads and use translation tools to enhance their communication. They specifically target vulnerable individuals, such as the elderly. Victims are urged to immediately report such incidents to the police helpline for assistance.

According to the National Crime Records Bureau (NCRB), cybercrime cases in Delhi nearly doubled in 2022, with reported incidents increasing from 345 to 685. This marks a significant rise from the 166 cases reported in 2020.
Read more »
User Security
Cyber Fraud Cyber Scam Data Privacy Hollywood Movie Movie Scam User Security

Movie Scam: Fraudsters Take Advantage of the Popularity of Barbie and Oppenheimer

 

The films Barbie and Oppenheimer quickly rose to the top of the list of the year's most anticipated films. Unfortunately, scammers seized the opportunity to use Barbie and Oppenheimer's enormous popularity for their own nefarious purposes right away, as is sometimes the case with such well-liked subjects.

Kaspersky has now discovered that con artists are misleading unwary users by disseminating phishing scams that take advantage of the excitement around movie debuts, all with the purpose of stealing their hard-earned money and sensitive personal information. 

Modus operandi 

Users are lured to one of the fake pages with special Barbie doll offers timed to the release of the movie. A limited-edition doll of the lead actress Margot Robbie, which costs about £12 (GBP), is among the movie-related dolls that are being offered to customers in addition to the standard dolls. For an additional £56 (after an "exclusive" discount), they can add a helicopter, bringing the total cost of the purchase to £60. 

Users are then brought to a purchase form after choosing an item to buy, where they must enter personal identification information like their name, address, phone number, and banking credentials. Oblivious users unknowingly submit money and confidential information to fraudsters. The possibility of the stolen data being sold on the dark web market, in addition to the financial threats, makes this fraud a severe privacy issue. 

Another well-liked release, Oppenheimer, which is due out on the same day, was not missed by the fraudsters. By promising a free movie stream, they deceived consumers into giving them financial information and money. Scammers frequently use the strategy of requesting a little registration fee, such as one dollar or one euro, in such circumstances. This seemingly insignificant payment obligation, however, might raise questions. They demand that a bank card be attached in order to move forward with the registration, allowing for illegal and difficult-to-cancel debits from consumers' accounts. 

Mitigation tips

Beware of phishing scams: Be wary of questionable emails, messages, or websites that offer special offers or freebies. Check the source's legitimacy before disclosing personal information or conducting online transactions. 

Verify website security: When purchasing items or viewing related content online, be sure the website has a secure connection. To identify a secure website, look for "https://" in the URL and a padlock icon in the address bar. 

Be cautious when disclosing personal information online, especially sensitive information such as your address, phone number, or financial information. Such information should only be shared on verified and secure platforms. 

Count on trusted sources: For purchasing items, viewing movie content, or acquiring information about the premiere, use official websites, approved stores, and trusted sources.
Read more »
Subscribe to: Posts (Atom)