Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Scammers. Show all posts

Facebook Account Takeovers: Can Tech Giant Stop Hijacking Scams?

 

A Go Public investigation discovered that Meta has allowed a scam campaign to flourish on Facebook, as fraudsters lock users out of their accounts and mimic them. 

According to the CBC, Lesa Lowery is one of the many victims. For three days, she watched helplessly as Facebook scammers duped her friends out of thousands of dollars for counterfeit things. Her Facebook account was taken in early March. 

Lowery had her account hacked after changing her password in response to a Facebook-like email. The scammer locked her out, costing her friends $2,500. Many of Lowery's friends reported the incident to Facebook, but Meta did not. The scammer removed warnings and blocked friends. Lowery's ex-neighbor, Carol Stevens, lost $250 in the swindle. 

Are Meta’s efforts enough? 

Claudiu Popa, author of "The Canadian Cyberfraud Handbook," lambasted Meta for generating billions but failing to secure users, despite the fact that Meta's sales increased 16% to $185 billion last year. 

Meta wrote Go Public, stating that it has "over 15,000 reviewers across the globe" to fix breaches, but did not explain why the retirement home fraud proceeded.

Popa, a cybercrime specialist, believes that fraudsters employ AI to identify victims and create convincing emails. According to Sapio Research, 85% of cybersecurity professionals believe that AI-powered assaults have increased.

In March, 41 US state attorneys general stated that Meta assisted customers as the number of Facebook account takeovers increased. Meta indicated that it attempted to fix the issue but did not disclose specifics. Credential stuffing assaults and data breaches can result in account takeovers and dump sales.

According to The Register, Meta was taken over by Facebook via phone number recycling in the US. New telecom customers receive abandoned numbers without being disconnected from the previous owner's accounts. An outdated number may get a password reset request or a two-factor authentication token, potentially allowing unauthorised access.

Meta is aware of phone number recycling-related account takeovers; however, the social media giant noted that it "does not have control over telecom providers" reissuing phone numbers, and that users who had phone numbers linked to their Facebook accounts were no longer registered with them. 

Meanwhile, cybersecurity experts propose that the government take measures to address Facebook account takeovers. According to Popa, companies like Meta rely on legislation to protect users and respond fast to fraud.

Have You Been Defrauded? This Scam Survival Toolkit Can Help You Recover

 

Wondering what to do in the aftermath of a fraud can be extremely difficult. The Better Business Bureau's (BBB) new fraud Survival Toolkit helps fraud survivors navigate the recovery process.

Fraudsters target people from many walks of life. BBB frequently shares tips on how to avoid scammers, but you may still be at risk immediately after a scam happens. 

Scams not only cause financial harm, but they also have an emotional impact on victims. Survivors of scams often experience feelings of shame, guilt, or wrath, even if it is not their fault they were victimised.

Scammers capitalise on strong emotions, and emotions are high in the days following a scam, putting survivors at risk. According to the BBB's 2023 Scam Tracker Risk Report, 10% of respondents were victims of three or more frauds. 

The first step following a scam is to protect oneself from further harm. Everyone's situation is unique, but the methods below can help you secure your money, credit, or identity. 

Prevention tips 

Secure your finances: If you have lost money or bank information to a scammer, contact your financial institution. They may be able to initiate a fraud inquiry or cancel the transactions. If your credit card information has been hacked, they can cancel it and provide you a new one.

Protect your credit: If you lose personal or credit card information, it could be exploited to steal your identity; thus, place a fraud warning on your credit reports or freeze your credit. Consider acquiring a free credit report to keep track of any suspicious activities.

Change your password: If a specific account has been compromised, notify the company and change your password. Follow the BBB's password-creation instructions and consider using multifactor authentication to protect your account. Keep an eye out for any unusual behaviour on your other accounts.

Keep an eye out for recovery scams: Some scammers strike after a fraud has occurred, offering phoney credit repair or tech assistance services that steal money or information from susceptible people. 

Report the scam: Once you've taken steps to safeguard yourself, report the scam to BBB Scam Tracker to assist others. Last year, 36.6% of customers who visited BBB fraud Tracker reported that it helped them prevent fraud.

Punjab Police Break Up Two Scam Call Centers, Arrest 155 Suspects

 


Over the past 24 hours, Punjab police have busted two fake call centres based in Mohali operating under the cybercrime division. People settling in foreign countries were targeted by the illegal units operating from Industrial Area Phase-7 and Phase-8B by offering "maintenance services" for computers and electronic items, before tricking them into sending online payments into their bank accounts to get the money. The Cyber Crime Division of the Punjab Police broke up two fake call centres that had been running in Mohali over the past two days in an overnight operation. 

According to the Punjab Police, over 155 employees of these call centres were arrested over the weekend. According to the police, the accused made fraudulent calls to individuals living in the United States (US). Those fake call centres were both located in Sector 74 in Mohali and are being operated by Gujarat-based kingpins who are currently evading arrest. As a result of the police investigation, they are being hunted for. 

Punjab Director General of Police (DGP) Gaurav Yadav confirmed that he had initiated preliminary investigations that showed fake call centres operating during the nighttime and using the callers to dupe foreign nationals into purchasing gift cards from companies such as Target, Apple, Amazon, etc. A team manager used to collect the gift cards and share them with the kingpins. He added that the kingpins then used the gift cards to redeem them. 

Following the arrest of 155 employees working as dialers, closes, bankers and floor managers at these centres on the intervening night of Tuesday and Wednesday, the DGP said he had zeroed in on the locations, and teams raided and searched both centres on Tuesday and Wednesday night. A press conference was held in which V Neeraja, the ADGP Cyber Crime, stated that “Integration inputs about fake call centres were developed by Inspector Gaganpreet Singh and Inspector Daljit Singh as well as their team in conjunction with assistance from the Digital Investigation Training and Analysis Center (DITAC) lab of cybercrime, with technical assistance from the DIAC lab. 

A police team headed by DSP Prabhjot Kaur raided the fake call centres under the supervision of SP Cybercrime Jashandeep Singh and the supervision of SP Cybercrime Jashandeep Singh after identifying the locations. According to police officials, the scammers employed various methods of operating, including claiming low-interest loans that were fake, even if their credit scores were poor, and charging money for them. It is believed that the kingpins manipulated customers by asking them to buy gift cards to be able to get a loan, which was then redeemed immediately. 

The three primary methods that the callers used to dupe gullible Americans living in the United States could be described as follows: It was mostly carried out using phone calls to Americans with low credit scores by offering them loans with low interest rates. To facilitate the loan process, the callers would require the victims to buy gift cards to get the loans approved. The kingpin would redeem a victim's gift card at the moment when he noticed that the victim had bought a gift card from him. 

The purpose of payday is to allow people to transfer money overseas through a payment platform. To carry out this project, the perpetrators will pose as representatives of Amazon on the phone to scare their victims. As a result, the callers would claim that the parcel they ordered contained illegal items, and the federal police would be informed as soon as the parcel was delivered. For the scammers to cancel the order, they would then ask for money through some cash app or the purchase of an Amazon gift card through one of their scam apps. 

Using a separate phone call for confirmation, the person would pretend to be a banker and would indicate how much money is to be paid and what account number has to be used for the payment. Gift cards are often also asked to be purchased by victims so that they can receive compensation. The Punjab Police have successfully dismantled two major fraudulent call centres, resulting in the arrest of 155 employees. These individuals were involved in a complex scam operation wherein they shared the numbers on gift cards with their partners in the United States, who would immediately redeem them. 

The illicitly obtained money was subsequently transferred to the kingpins in India through the Hawala system. According to police reports, brokers played a pivotal role in providing customer information and data to these fake call centres. The centres then used specialized software to data mine and identify target groups for their fraudulent calls. The arrested individuals occupied various roles within the operation, including dialers, closers, bankers, and floor managers. 

The Additional Director General of Police (ADGP) reported that law enforcement teams confiscated 79 desktop computers, 204 laptops, mobile phones, and other accessories, as well as scripts used for training employees on how to communicate with potential victims. Neeraja, an official involved in the operation, disclosed that out of the 155 individuals arrested, 18 have been placed on police remand while the remaining suspects have been sent to judicial remand. She also noted that the investigation is ongoing to determine the full extent of the fraud committed, with additional arrests anticipated shortly. 

 An FIR has been registered under multiple sections of the Indian Penal Code (IPC) and the Information Technology (IT) Act. The charges include Section 419 (cheating by impersonation), Section 420 (cheating), Section 467 (forgery of valuable security), Section 468 (forgery for cheating), Section 471 (using as genuine a forged document), and Section 120-B (criminal conspiracy) of the IPC, along with Sections 66C and 66D of the IT Act. This FIR has been lodged at the State Cyber Crime Cell Police Station, underscoring the severity and scale of the operation.

Scammers Targeting WhatsApp Groups in UK

 

When businessman Mohammed Yousaf received an urgent plea for assistance from one of his oldest friends, he rushed to the rescue.

The 56-year-old received a WhatsApp message from the account of a man he had been friends with for 50 years. It began with the greeting 'Salaam', followed by the message: "Please, I need a little assistance from you..." 

Mohammed was concerned about his friend and inquired how he could help. He was told that his friend was attempting to send £800 to an account, but it did not function, and he was asked if he could make the payment instead, with his friend reimbursing him the next day. What transpired was a fraud that terrified Mr. Yousaf and cost him £800. Unfortunately, he's not alone. 

Last month, men in East Lancashire were warned of blackmail fraud after scammers posing as Eastern European gang members sent threatening requests for payment. Police said men in Accrington and Blackburn were pushed into giving over substantial sums of cash after getting disturbing messages and video calls of someone carrying a pistol. 

Action Fraud, the UK's national reporting centre for fraud and cybercrime, reports that fraudsters are now targeting group chat participants in order to exploit WhatsApp users. The fraud often begins when a member of the group receives a WhatsApp audio call from the fraudster, who pretends or claims to be another member of the group. 

This is done to earn the individual's trust, and the scammer will frequently use a phoney profile image and/or display name, giving the impression that it is a genuine member of the group. 

The fraudster will inform the victim that they are providing them a one-time passcode that will allow them to participate in an upcoming video call for group members. The perpetrator then asks the victim to reveal the passcode so that they can be "registered" for the video conference.

In reality, the attacker is asking for a registration number to migrate the victim's WhatsApp account to a new device, allowing them to take over the account. 

Once the fraudster has gained access to the victim's WhatsApp account, they will activate two-step verification, making it impossible for the victim to regain access to their account. Other members of the group, or friends and family in the victim's contacts, will then be messaged, urging them to wire money immediately because they are in urgent need of assistance. 

According to Detective Superintendent Gary Miles, head of the City of London Police's National Fraud Intelligence Bureau, WhatsApp remains a key channel of communication for several people in the UK, but fraudsters continue to figure out ways to gain access to these platforms.

Inside Job Exposed: T-Mobile US, Verizon Staff Solicited for SIM Swap Scam

 


T-Mobile and Verizon employees are being texted by criminals who are attempting to entice them into swapping SIM cards with cash. In their screenshots, the targeted employees are offering $300 as an incentive for those willing to assist the senders in their criminal endeavours, and they have shared them with us. 

The report indicates that this was part of a campaign that targets current and former mobile carrier workers who could be able to access the systems that would be necessary for the swapping of SIM cards. The message was also received by Reddit users claiming to be Verizon employees, which indicates that the scam isn't limited to T-Mobile US alone. 

It is known that SIM swapping is essentially a social engineering scam in which the perpetrator convinces the carrier that their number will be transferred to a SIM card that they own, which is then used to transfer the number to a new SIM card owned by the perpetrator. 

The scammer can use this information to gain access to a victim's cell phone number, allowing them to receive multi-factor authentication text messages to break into other accounts. If the scammer has complete access to the private information of the victim, then it is extremely lucrative. 

SIM swapping is a method cybercriminals utilize to breach multi-factor authentication (MFA) protected accounts. It is also known as simjacking. Wireless carriers will be able to send messages intended for a victim if they port the victim’s SIM card information from their legitimate SIM card to one controlled by a threat actor, which allows the threat actor to take control of their account if a message is sent to the victim. 

Cyber gangs are often able to trick carrier support staff into performing swaps by presenting fake information to them, but it can be far more efficient if they hire an insider to take care of it. In the past, both T-Mobile and Verizon have been impacted by breaches of employee information, including T-Mobile in 2020 and Verizon last year, despite it being unclear how the hackers obtained the mobile numbers of the workers who received the texts. 

The company stated at the time that there was no evidence that some of the information had been misused or shared outside the organization as a result of unauthorized access to the file, as well as in 2010 a Verizon employee had accessed a file containing details for about half of Verizon s 117,00-strong workforce without the employee's authorization.

It appears that the hackers behind the SIM swap campaign were working with outdated information, as opposed to recent data stolen from T-Mobile, according to the number of former T-Mobile employees who commented on Reddit that they received the SIM swap message. As the company confirmed the fact that there had not been any system breaches at T-Mobile in a statement, this was reinforced by the company. 

Using SIM swap attacks, criminals attempt to reroute a victim's wireless service to a device controlled by the fraudster by tricking their wireless carrier into rerouting their service to it. A successful attack can result in unauthorized access to personal information, identity theft, financial losses, emotional distress for the victim, and financial loss. Criminals started hijacking victims' phone numbers in February 2022 to steal millions of dollars by performing SIM swap attacks. 

The FBI warned about this in February 2022. Additionally, the IC3 reported that Americans reported 1,075 SIM-swapping complaints during the year 2023, with an adjusted loss of $48,798,103 for each SIM-swapping complaint. In addition to 2,026 complaints about SIM-swapping attacks in the past year, the FBI also received $72,652,571 worth of complaints about SIM-swapping attacks from January 2018 to December 2020. 

Between January 2018 and December 2020, however, only 320 complaints were filed regarding SIM-swapping incidents resulting in losses of around $12 million. Following this huge wave of consumer complaints, the Federal Communications Commission (FCC) announced new regulations that will protect Americans from SIM-swapping attacks to protect Americans from this sort of attack in the future.

It is required by the new regulations that carriers have a secure authentication procedure in place before they transfer the customer's phone numbers to a different device or service provider. Additionally, they need to warn them if their accounts are changed or they receive a SIM port out request.