Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Fraud. Show all posts
User Security
Cyber Scam Data Privacy Financial Fraud Mobile Security Phone Scam User Security

Here's How to Safeguard Yourself Against Phone Scams

 

Sophisticated phone scams are becoming more common and more relentless. The numbers are mind-boggling. According to the FTC, impostor fraudsters cost US consumers $2.7 billion in 2023, and the figure is rising year after year. 

These are merely the listed losses; many people who have been duped are embarrassed and refuse to acknowledge they fell for such a scam. You may believe that you will not be misled, yet many of those who are duped thought this before the incident. 

Scammers have refined their strategies to sound trustworthy and legitimate, and AI is just making matters worse. When combined with the strain or situation, it only takes a few moments to fall for it. 

The best defence against phone scams is to be prepared to face them, as they are likely to occur at some point. We've compiled a list of some of the most popular phone scams in 2024 and how to prevent them.

AI-powered scams

The most obvious example of fraudsters exploiting new technology to power existing scams is artificial intelligence (AI). For instance, scammers might use AI to: 

  • Generate more convincing and genuine sounding phishing emails and text messages. 
  • Create deepfakes of celebrities to lure victims into thinking they're investing in a good company or project.
  • Impersonate an employer and ask for private information. 

Student loan forgiveness scams 

The back-and-forth adjustments in student loan forgiveness create an ideal scenario for scammers. Fraudsters know that individuals want to believe that their student loans will be forgiven, and they will use this need for personal benefit.

For example, scammers may call you or set up fake application sites to steal your Social Security number or bank account information. They may put pressure on their victims by sending bogus urgent messages encouraging them to seek debt relief "before it's too late." Then they will charge you a high application fee. In reality, this is a scam.

Zelle scams

Scammers are using Zelle, a peer-to-peer payment tool, to steal people's money. The fraudster might email, text, or contact you, claiming to work for your bank or credit union's fraud department. They'll claim that a thief intended to steal your money via Zelle and that they need to walk you through "fixing" the issue. 

Subsequently, fraudsters may advise you to pay the money to yourself, but the funds will actually go to their account. Starting in mid-2023, Zelle began refunding victims of some frauds. However, you may not always be eligible for reimbursement, so be aware of these financial frauds. 

Prevention tips 

Avoid clicking on unknown links: Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the firm using a number that you look up on your own to confirm its legitimacy. 

Be skeptical: Scammers can spoof calls and emails to appear to be from a number of sources, including government institutions, charities, banks, and major companies. Do not provide any personal information, usernames, passwords, or one-time codes that others could use to gain access to your accounts or steal your identity. 

Don't refund or forward overpayments: Beware whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later. Following simple safety precautions and reviewing the most recent scam alerts might help you stay safe. However, mistakes might occur, especially when you are stressed or overwhelmed.
Read more »
User Security
Cash App Data Leak Financial Fraud Mobile Security User Security

Worried About Cash App Breach? These Three Steps Can Keep Your Financial Data Safe

 

You're not alone if the most recent Cash App data hack made you nervous. In 2022, the parent company of Block, the peer-to-peer payment platform, failed to prevent unauthorised access to Cash App customer accounts. 

Cash App agreed to a $15 million class action settlement in exchange. Even though it was an internal change, users' concerns about the app's security were not allayed, despite the fact that it was a positive step. To learn more about how to better defend themselves, users urged the cybersecurity specialists to provide some safety tips.

“One of the biggest problems with money apps like this is their popularity,” stated Neal O’Farrell, a digital security expert and CNET Money expert review board member. “Hackers follow the crowds, and the more people use these apps, the more time criminals will spend trying to exploit them.” 

Cash App actually includes an array of security safety features. The difficulty is that, while they can help you avoid fraudsters, they cannot always keep your data secure. O'Farrell observed that even the finest privacy safeguards can be undermined by an insider with access, as happened in the Cash App case. Whether you wish to avoid financial frauds on Cash App or protect your sensitive information after it has been disclosed, here are three security procedures you should take in addition to claiming any settlement money you are owed.

Secure your sign-on 

By default, Cash App makes signing in much safer by sending a code to your email address or phone number each time you log in. But there's a catch: after logging in, you must manually sign out of your account; otherwise, you can access your account from your phone without a code. I've signed out and signed back in without a code, which could be a concern if someone gains access to your phone and the app.

To be on the safe side, experts recommend logging out once you've finished completing transactions. You can add two-factor authentication as a second layer of account security, but you'll need to download a separate app, such as Google Authenticator. 

Don’t send money to strangers

From romance scams to tax scams, there are numerous ways for perpetrators to trick you into sending money using Cash App or other payment apps. Experts recommended not to send money to strangers and always double-checking their phone number or email address before sending. If you mistakenly send money to the wrong person or discover you were scammed on a Cash App, banks will often refuse to refund your money.

O'Farrell advises being wary of any messages you receive via payment apps. He frequently sees scams in which someone poses as a friend and asks for money or claims you owe them money. Others may attempt to steal access to your app and money by requesting that you verify your security code so that they can resolve a security issue with your account.

A few things can help you figure out who you're giving money to. Cash App's Incoming Requests option, available under the Security & Privacy menu, will only allow you to give money to a specific contact rather than everyone else on the app. You can also prevent people from finding your Cash App account by disabling the "$CashTag Cash.app" option in the same security page. 

Monitor your transaction activity 

Beyond data security, it's critical to monitor your account's behaviour. To receive text messages and emails about your transactions, enable push alerts under Cash App's 'Notifications' option. This allows you to track all of your payment activities and keep an eye out for anything odd.
Read more »
Senior Citizen Scam
₹6 Crore Scam 85-Year-Old Woman Cyber Fraud CyberCrime cybercriminals Digital Arrest Financial Fraud Hyderabad Fraud Senior Citizen Scam

Cybercriminals Place 85-Year-Old Woman Under 'Digital Arrest' in Hyderabad, Cheat Her of ₹5.9 Crore

 

Cybercriminals recently targeted an 85-year-old woman from the city, subjecting her to what can be described as a 'digital arrest' and extorting a staggering ₹5.9 crore from her. This elaborate scam involved convincing the elderly woman that her Aadhaar details were allegedly linked to serious money laundering cases involving Bollywood actress Shilpa Shetty and Jet Airways founder Naresh Goyal. 

The fraudsters, posing as officials from the Mumbai Cybercrime Wing, manipulated the woman into believing that her bank accounts and fixed deposits were under investigation and needed immediate verification by the Reserve Bank of India (RBI). Under this false pretext, they coerced her into transferring significant sums of money into specific accounts that they claimed were set up by the RBI for verification purposes.

When the woman attempted to contact her son for advice, the criminals threatened her, insisting that the matter was of utmost confidentiality. They warned that any attempt to inform her family would lead to severe consequences, including potential legal trouble for her son and the entire family. 

The incident came to light when her son, a software professional based in Bengaluru, visited her after about a week. He noticed her distress and learned of the fraudulent activities. Realizing his mother was in a state of psychological manipulation and fear, he immediately contacted the Telarigarra Cyber Security Bureau (TGCSB) to report the crime.

Fearful for her family's safety, the woman complied with their demands, transferring large sums into various accounts. It was only when her son arrived and intervened that the ongoing fraud was halted. He quickly reassured his mother, explaining that she had been deceived, and together, they reported the incident to the authorities. The police are now investigating the case, and efforts are underway to trace the criminals responsible for this heinous act.
Read more »
Transactions
Cyber Fraud Digital Payment Financial Fraud Fintech RBI Transactions

Fintechs Encouraged to Join National Cyber Fraud Reporting System


The Fintech Association of India (FACE) has urged its members to register on the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS). This platform, part of the broader National Cybercrime Reporting Portal, facilitates the reporting and management of financial cyber frauds. By joining, fintech companies can better handle customer complaints and collaborate with law enforcement to prevent fraud.

This initiative by FACE is noteworthy, especially as it seeks approval to become a self-regulatory organisation (SRO) for fintech lenders. The Reserve Bank of India (RBI) is expected to announce its decision soon, with FACE and the Digital Lenders’ Association of India both in the running to be recognised as an SRO. The establishment of an SRO will likely lead to more stringent industry oversight, promoting higher standards of operation and better consumer protection within the fintech sector.

The push for fintechs to join the CFCFRMS comes at a critical time. As digital transactions grow more common, the opportunities for cyber fraud have increased. The convergence of various financial entities— such as banks, non-banking financial companies, insurance providers, and payment services—has created more potential points of vulnerability. The CFCFRMS is designed to coordinate the efforts of all stakeholders, enabling action to block fraudulent transactions before they can be completed.

RBI’s New Platform to Combat Payment Frauds

In a parallel effort to bolster cybersecurity, the RBI is developing the Digital Payments Intelligence Platform (DPIP). This platform aims to use cutting-edge technology to detect and prevent payment fraud. A committee led by A P Hota, former CEO of the National Payments Corporation of India, is currently formulating recommendations for the DPIP, which is expected to upgrade the ability to share real-time data across the payment ecosystem. This initiative is especially important in addressing frauds where victims are tricked into making payments or divulging sensitive information.

Alarming Increase in Cyber Fraud Losses

The importance of these measures is empathised by recent statistics from the Ministry of Finance. Financial losses due to cyber fraud have more than doubled in the last fiscal year, rising to Rs 177.05 crore in FY24 from Rs 69.68 crore in FY23. This sharp increase underlines the growing threat posed by cybercriminals and the need for more robust security measures.

Public Awareness and Digital Payment Safety

While the rise in cyber fraud is concerning, a survey by the RBI offers some reassurance. According to the survey, 94.5% of digital payment users have not experienced fraud. However, the risk remains, especially in semi-urban areas, where fraud attempts are slightly more common than in metropolitan regions. The most prevalent form of fraud is vishing, or voice phishing, where criminals trick individuals into revealing sensitive information over the phone. Other common tactics include phishing emails, misuse of payment requests, and remote access scams.

As digital payments become increasingly integrated into everyday life, ensuring their safety is crucial. Initiatives like CFCFRMS and DPIP are essential in building a secure and trustworthy digital financial environment. By building up on fraud prevention measures, these platforms can help maintain public confidence and encourage wider adoption of digital payment systems.


Read more »
User Security
Cyber Fraud E-Challan Scams Financial Fraud Indian Government User Security

Here's How Users Can Safeguard Themselves From E-Challan Scams

 

In light of the growing prevalence of e-challan scams, the Indian Computer Emergency Response Team (CERT-In) has released some crucial advice to prevent individuals from becoming victims and suffering financial loss. 

Nearly 4400 devices have been infected with malware, resulting in approximately Rs 16 lakh worth of fraudulent transactions, according to a recent PTI report. Users are tricked into falling for these scams by Vietnamese hackers who employ Android malware. 

As part of the campaign, the victims receive a fraudulent e-challan message on WhatsApp containing a fake payment link. By clicking the link, hackers are able to access the device. 

Modus operandi 

Phishing messages: You receive a text message or email claiming to be from an authentic traffic authority. The notification states that you have an unpaid traffic penalty and imposes a significant charge. 

Fake links: The mail will include a link that will prompt you to click to check the e-challan details or complete the payment. 

Spoofed websites: Clicking the link may direct you to a fraudulent website that appears to be an actual traffic authority website. This website is designed to steal your personal information, such as credit card information, login credentials, or Aadhaar numbers. 

Prevention tips 

Visit official site: The government security agency recommends users to only make e-challan payments using official websites. It's vital to note that each state has its own e-challan website. Legitimate e-challan websites typically end with a ".gov.in" domain extension. So, before making a payment, make sure you're using the right website.

Don't click on suspicious links: As previously said, it's best to avoid clicking on random links. This might have harmful software on it that could harm your device.

Use antivirus software: Antivirus software is able to search for, identify, and prevent this kind of malware from infecting the device. Make sure the antivirus program is updated and has the latest available database. 

If you have been a victim of financial fraud, you can file a report with your local police station as well as the cybercrime portal.
Read more »
Scam
Android Users APK Files bank account cyber attack Financial Fraud KYC Scam

New APK Scam: Protect Your Bank Account from Fraudsters


 


Punjab and Sind Bank (PSB) recently issued a public notice alerting customers to a new scam involving fraudulent messages and malicious APK files. This scam threatens grave  financial losses if customers do not take proper precautions.

How the APK Scam Works

Step 1: Creating Panic with Fake Messages

Scammers initiate the fraud by sending text messages that mimic legitimate bank communications. These messages claim that recipients must update their Know Your Customer (KYC) information to avoid having their bank accounts blocked. The fraudulent messages create a sense of urgency, making recipients more likely to follow the instructions.

Kaushik Ray, Chief Operating Officer of Whizhack Technologies, explains that these messages exploit users' fears and desires, bypassing rational judgement. The goal is to trick recipients into downloading a malicious APK file, a common format for Android apps.

Step 2: Installing Malicious APK Files

Once recipients are convinced by the false narrative, they are instructed to download and install an APK file. These files often contain malware. Upon installation, the malware grants hackers access and control over the victim's mobile device.

Step 3: Executing Cyber Attacks

With control of the device, hackers can perform various malicious activities. These include installing a keylogger to capture sensitive information like banking credentials and passwords, launching ransomware attacks that lock the device until a ransom is paid, and accessing the clipboard to steal copied information such as account numbers.

How to Protect Yourself from APK Scams

To protect against these scams, PSB advises customers to take the following precautions:

1. Avoid Downloading Files from Unknown Sources: Only download apps from trusted sources like the Google Play Store.

2. Do Not Click on Suspicious Links: Be wary of links received in unsolicited messages, even if they appear to be from your bank.

3. Block and Report Suspicious Contacts: If you receive a suspicious message, block the sender and report it to your bank or relevant authorities.

4. Never Share Personal Information Online: Do not disclose personal or financial information to unverified sources.

Why APK Scams Target Android Users

Ray highlights that this scam primarily targets Android users because APK files are specific to Android devices. iOS devices, which use a different file format called IPA, generally have stricter controls against installing third-party apps, making them less vulnerable to this type of attack. However, iOS users should remain vigilant against phishing and other scams.

Real-Life Impacts of the APK Scam

Imagine receiving a message that your bank account will be frozen if you do not update your KYC information immediately. This could lead to panic about how you will pay for everyday expenses like groceries, school fees, or utility bills. Scammers exploit this fear to convince people to download the malicious APK file, giving them access to your device and your money.

Stay alert, verify the authenticity of messages, and protect your personal information to safeguard your financial assets.


Read more »
United States
Cyber Fraud Financial Fraud North Dakota Real Estate Scam United States

Hackers are Employing Real Estate Fraud to Target North Dakota Citizens

 

The majority of Americans are taking preventative measures to safeguard themselves from those who aim to steal their money or private data as concerns over scams rise. Unfortunately, there are plenty of ways for crooks to trick individuals that they might not expect; but, few in North Dakota are as dangerous and unexpected as real estate scams. 

During the research on scam in the United States, SOAX analysts gathered data from the Internet Crime Complaint Centre on the number of persons affected by real estate scam in the previous year, as well as the amount they lost. After analysing the average loss per person in each state and comparing them, it became apparent that North Dakotans had suffered the most from these frauds, at least in terms of scale. 

According to the report, while North Dakota had the fewest people fall victim to real estate fraud in the previous year, each scam resulted in a large financial loss, making it just second to Alabama as the most dangerous in the country. In contrast to these extremely high figures, states such as West Virginia, Wyoming, and Nebraska, which each have more victims than North Dakota, indicate that scams are often narrower in scope, resulting in lower individual numbers per victim. 

"Around $12.5 billion was lost in 2023 due to cybercrimes in America," revealed SOAX CEO and Co-Founder Stepan Solovev, "with 521,652 complaints registered—more than 79 times more than in neighbouring Canada." Individuals are advised to be careful and protect their personal information to avoid fraudsters from gaining significant leverage. Make sure you use strong, unique passwords for each site, and remember to change them on a regular basis to avoid repetition. Using a VPN when connecting to public Wi-Fi in airports, cafes, or anyplace else is also recommended to secure your device and personal data from cyber attacks. 

Email addresses and phone numbers are among the most common indicators of potential cybercrime. If you receive an unusual request from a colleague or a familiar firm, look at the real email address from which it was received and report it as spam if it is unknown. whether you receive a call from a phone number, simply perform a Google search to see whether it has been reported previously. Finally, trust your instincts, and if the interaction feels off or unusual, simply stop and refuse to disclose any private information.”
Read more »
User Privacy
Cyber Security Data Leak Financial Fraud Threat Landscape User Privacy

Five Tips to Avoid Financial Fraud

 

Banks, credit card companies, the government, and a variety of other entities are continually looking for new ways to protect your money and data. But scammers never appear to be far behind.

According to a 2023 Ipsos poll conducted on behalf of Wells Fargo, over one-third (31%) of respondents have been victims of online financial fraud or cybercrime. Furthermore, while nearly 75 percent of Americans believe they have taken the necessary precautions to avoid being scammed, nearly half (48%) believe they will become a victim of financial cybercrime in the future regardless. 

While there is no perfect way to avoid becoming a victim of a financial scam, you may dramatically improve your chances by taking a few sensible actions. 

Question everything 

This is the most critical technique to defend oneself against all types of fraud, not just financial fraud. If something sounds too good to be true, it probably is. When presented with such a bargain, ask plenty of questions, especially why you are offering it to me. What do you (the dealmaker) get out of it? Why is there so much urgency? What happens if I wait a few days to respond? If the person being asked the questions becomes agitated or stops replying, this is a major red flag. 

Review all accounts and passwords 

Keep track of all your financial accounts and credit cards. Check your statements on a regular basis and ensure that you recognise all of the transactions. And, while it may seem obvious, keep your passwords secure and complex. Also, don't repeat passwords for several accounts. 

Never share personal information on social media 

Before the pandemic, we'd definitely have said never share personal information online; in fact, we did a few years ago. However, the pandemic has changed much of our lives online, and we can now open bank accounts, investment accounts, and even apply for homes online. In these circumstances, disclose information only when you are certain who will receive it. Also, never post any banking information, credit card information, or personal identity details on social media. 

Monitor your credit 

It's a common myth that checking your credit score will damage it, but this is not true. Make sure to check your credit reports at least once a year. This will assist you in identifying any unauthorised access to your credit file, halting any applications before they become loans, and taking action if someone successfully accesses credit in your name. 

Use two-factor authentication 

Even if your password is complex, it can be compromised via phishing attacks, data breaches, and other means. So, when it comes to financial accounts or accounts that include financial information, you may want to go beyond a simple login and password. 

Two-factor authentication (2FA) is a security standard that needs two forms of identification before accessing an account. For example, after entering your password, you may be asked to enter a PIN, answer a security question, pass a facial recognition test, or submit a one-time verification code provided via SMS, email, or an authenticator app.
Read more »
Small Businesses
Cyber Security Cybersecurity Precautions Financial Fraud KeyBank Payment Faud small business security Small Businesses

Small Businesses Increasingly Concerned About Payment Fraud

 

Small businesses are becoming more concerned about payment fraud, as revealed by a recent survey from regional bank KeyBank. The survey included nearly 2,000 small-to-medium-sized businesses with annual revenues of less than $10 million. The results show that payment fraud is a significant worry, with various types of fraudulent activities posing serious threats to their financial security. 

The survey revealed several major concerns among small business owners. Forty-four percent of respondents were anxious about unauthorized transactions or electronic fund transfers. Identity theft was a concern for 37%, while 28% were primarily worried about malware and ransomware attacks. Additionally, 27% were troubled by phishing and email scams. 

Mike Walters, President of Business Banking at KeyBank, highlighted the impact of new technology on increasing vulnerabilities to fraud. "With the introduction of new technology over the last several years, small businesses are some of the many that have fallen victim to fraudulent activity," he stated. Walters emphasized the importance of having a robust plan to combat fraud. Beyond fraud, the survey identified other significant economic challenges expected in the coming months. High overhead costs, delayed payments from clients, and fluctuating revenue were among the top issues. 

Despite these challenges, small businesses remain optimistic. Sixty-five percent of small business owners feel confident they could cover their operating expenses for a month using their cash reserves if an unexpected need arose. Walters praised the resilience of small business owners, attributing their confidence to years of managing financial uncertainty. "Their resilience is a testament to years of weathering financial uncertainty, and with their confidence remaining strong, they’re able to power through the last leg of inflation and keep themselves on track for economic growth," he said. 

The survey underscores the critical need for small businesses to adopt comprehensive security measures to protect against fraud and other cyber threats. Implementing robust cybersecurity practices can help mitigate risks and ensure the continued growth and stability of small businesses in an increasingly digital economy. The findings indicate that small businesses must prioritize cybersecurity to safeguard against the growing threats of fraud and cybercrime. By adopting advanced security measures and maintaining vigilance, these businesses can better protect their operations and maintain the trust of their customers.
Read more »
User Privacy
Bank Manager Cyber Crime Financial Fraud Gurugram Police User Privacy

Gurugram: Deputy Manager Arrested For Providing Bank Details To Cyber Thieves

 

A team from the Gurugram Police cyber unit detained a Deputy Manager of a private bank for allegedly providing bank accounts for cyber fraud in order to attain his goals, police said. 

According to Priyanshu Diwan, Assistant Commissioner of Police (Cyber Crime), the arrested accused is Yusuf Mohammad Chand Shaikh, who lives at Bhakti Yoga Society Sangharsh Nagar in Andheri, Mumbai. The suspect was affiliated with Yes Bank. 

A man filed a complaint at the Cyber Crime Police Station East in November 2022, claiming that he was scammed out of Rs 43 lakh while investing in the cryptocurrency market through a fake website, the police stated.

During the investigation, Inspector Savit Kumar, SHO of the police station, apprehended the suspect on Monday for his involvement in the crime. During interrogation, the accused revealed that he was a Yes Bank employee who remained in touch with cyber criminals and provided five bank accounts for them to use in committing cyber fraud. 

Just five bank accounts have been disclosed by the accused, while five have been detained thus far in connection with the case, according to the police.Twelve bank employees who were reportedly involved in cyber fraud were taken into custody by Gurugram Police in less than two months. 

Earlier this year, in February, Haryana Police detained four people, including an assistant manager and two deputy managers from a private bank in Gurugram. These individuals worked with cybercriminals, exchanging personal information about bank accounts. The police recovered two mobile phones from the accused's possession.

Incident Description: At the Cyber Crime Police Station in Manesar, Gurugram, a person filed a written complaint alleging that on November 18, 2023, he received a call from someone claiming to be his friend Devendra.

The caller informed the complainant that his son had been admitted to the hospital and requested a transfer of Rs 10,000 for treatment. 

The complainant transferred the money but later discovered he had been duped. Subsequently, the case was filed under the appropriate sections at the Cyber Crime Police Station in Manesar, Gurugram.
Read more »
Threat Landscape
Cyber Crime Financial Fraud India Indian Banks MHA Threat Landscape

Indian Banks Mull New Move for Faster Freezing of Scammers’ Accounts

 

Indian banks have proposed integrating their systems with the National Cybercrime Reporting Portal (NCRP), a division of the ministry of home affairs, which could enable a quicker freeze on fraudulent accounts in the wake of a cyberattack. 

This is intended to prevent those who commit cybercrimes and phishing attacks from swiftly transferring funds from a target's bank account to accounts with various banks before it is withdrawn or spent. This is a tactic employed by voice phishers and cyber shysters to make it more difficult for banks and law enforcement to recover the funds. 

“Banks, in consultation with cybercrime experts, have recommended API integration with the NCRP to reduce the average response time and quick updation of cases. So, the idea is to mark a lien and freeze a bank account automatically without manual intervention,” noted a banker. “An industry sub-group has suggested this to I4C,” said the person. 

I4C, or the Indian Cybercrime Coordination Centre, is an MHA programme that focuses on combating cybercrime and enhancing coordination between law enforcement agencies (LEAs) and institutions such as banks. NCRP is a vertical under I4C.

API, or 'application programming interface', enables two applications or systems to interact with one another without the need for human intervention. If there is an API between a system with specific data and another system that requires reporting, the two can communicate without the need for manual data entry. In the event of a cybercrime, such as a hacked internet banking account, API integration would allow for the quick transmission of fraud information to a central system or other banks. 

“Typically, money from the account where the fraud happens is moved to accounts with several banks. There is a far better chance of retrieving the amount if the information is available with the entire industry instantaneously. The time spent by Bank A awaiting an instruction from a LEA, then sending emails to bank B, C and D, or calling them up, to request a lien on the accounts where funds have gone, can be saved,” noted another banker.

The group has also advised that data on accounts identified as lien and freeze be made available to banks on a regular basis so that they can reconcile their records. 

In this respect, it has been observed that I4C may share a broad standard operating procedure directing banks to place bank accounts on hold, freeze or de-freeze them, and release funds to victims' bank accounts in cases reported to NCRP. Furthermore, it is believed that the nodal organisation should establish guidelines for communicating 'negative account or KYC details' so that accounts are not opened with the same demographics or KYC details as other banks.
Read more »
Personal Data
Courier Scam Cyber Fraud Cybersecurity Financial Fraud Fraud Call Personal Data

Deceptive Calls in Kolkata, Residents Targeted in Elaborate Scam

 

In a concerning trend, an increasing number of Kolkatans are falling victim to sophisticated scams orchestrated by fraudsters posing as law enforcement officials. The scam involves duping individuals into believing that a consignment of illegal articles has been booked in their names, leading them to face interrogation by supposed cops from another state via video calls at hotels. 

Reports from police sources indicate that victims receive calls informing them of the purported consignment and urging them to leave their homes or offices immediately to undergo interrogation. The fraudsters employ persuasive tactics, insisting that compliance is necessary to avoid legal repercussions. One such incident occurred recently when a resident of Chetla received such a call and hastily left his workplace to participate in a supposed police interrogation conducted via Skype. 

Fortunately, the intervention of a vigilant friend prevented him from being swindled. The friend recognized the potential fraud and advised him to disconnect the call, averting any financial loss. During these deceptive interrogations, victims are instructed not to communicate with anyone else, including family members, further isolating them from potential assistance. The fraudsters exploit the victims' fear and vulnerability, making them susceptible to coercion. 

The scam has evolved from previous tactics where fraudsters posed as representatives of courier companies to extort money from victims. Now, they employ a more elaborate ruse, convincing individuals to relocate to hotels for virtual interrogations under the guise of law enforcement procedures. The fraudsters utilize personal information such as PAN and Aadhaar card numbers to lend credibility to their claims, instilling a sense of urgency and fear in their targets. 

Victims, believing their identity documents have been implicated in illegal activities, are manipulated into complying with the fraudsters' demands. The consequences of falling victim to such scams can be severe, not only resulting in financial loss but also potentially damaging the victim's reputation and inviting legal trouble. 

It is essential for individuals to remain vigilant and skeptical of unsolicited calls or demands, especially those involving sensitive personal information or coercive instructions. Law enforcement authorities have cautioned the public against divulging personal information or complying with suspicious requests from unknown callers. They advise individuals to verify the authenticity of such communications by contacting official channels or seeking assistance from trusted sources. 

In light of these incidents, it is crucial for residents to exercise caution and awareness when dealing with unfamiliar or unexpected requests, particularly those involving legal matters. By staying informed and vigilant, individuals can protect themselves from falling prey to elaborate scams and fraudulent schemes. The recent surge in such scams underscores the importance of community awareness and proactive measures to combat cybercrime and protect vulnerable individuals from exploitation.
Read more »
ransomware attacks
ALPHV Cyber Crime cyber threat Cyberattacks CyberCrime Cybersecurity Financial Fraud LoanDepot ransomware attacks

ALPHV Ransomware Strikes: LoanDepot and Prudential Financial Targeted

 


Recently, Prudential Financial and loanDepot, two Fortune 500 companies were attacked by the ALPHV/Blackcat ransomware gang, which claims responsibility for the breaches. Despite the threat actors still having to prove their claims, the two companies were added to ALPHV's dark web leak site today, which is the first time the threat actors have added them to the dark web leak site. As a result of failed negotiations, ALPHV will be selling the stolen data from loanDepot's network and releasing Prudential's data for free as well. 

There was a data leak on the site of the infamous ALPHV ransomware operator - the BlackCat group - that revealed Prudential Financial and loanDepot as being the targets of the attacks on both firms, as an apparent admission by the group that it had been behind the attacks on these firms. Currently, the group has only added the names to its site, while the actual data has not yet been available. Because negotiations with Prudential Financial broke down, the group will be publishing its database for free for all to see. 

A company representative stated that the company would provide free credit monitoring and identity protection to those affected by the data breach. With roughly 6,000 employees and more than $140 billion in loan servicing in the United States, loanDepot is among the largest nonbank retail mortgage lenders in the U.S. A suspected cybercrime group breached Prudential Financial's network on February 4 and stole employee and contractor data. 

Prudential Financial also revealed on Tuesday that this breach occurred on February 4. Despite Prudential's ongoing investigation of the incident, it has not been determined if the attackers also exfiltrated customer or client data, even though the incident is being assessed in its full scope and impact. With revenue expected to exceed $50 billion in 2023, this Fortune 500 company will rank second in the world for life insurance companies in the U.S. 

They employ more than 40,000 people around the world. As part of the State Department's announcement, rewards of up to $10 million are being offered for tips that could lead to the identification or location of ALPHV gang leaders. 

During the first four months of this gang's activity between November 2021 and March 2022, it was linked to more than 60 breaches around the world, and an additional $5 million reward was offered for information on individuals who were either involved or attempted to be involved in ALPHV ransomware attacks. 

Law enforcement agencies estimate that ALPHV will have received at least $300 million through ransom payments from over 1,000 victims by the end of September 2023, as per the law enforcement agency. The Prudential Financial Corporation (Prudential Financial) filed an 8-K form with the Financial Industry Regulatory Authority (FINRA) last week detailing the incident that occurred. 

Although the company is still investigating the incident, its latest findings were that no sensitive information concerning its customers or clients was compromised. More than 40,000 people work for Prudential every year, and as a result, the company has more than $50 billion in revenues each year, making it one of the world's largest financial services companies. 

As a result of the new information, which comes shortly after the U.S. Upon receiving information that could help identify or locate ALPHV leaders, the State Department offered up to $10 million, with an additional $5 million for information on those who participated (or attempted to participate) in the ALPHV ransomware attack, for information that could lead to that identification. 

One of the most popular and active ransomware groups, next to LockBit, or Cl0p, is ALPHV. It has made headlines across the globe for its activism and popularity. In the latter half of 2021, it became apparent that DarkSide and BlackMatter had merged, possibly after these two companies merged. ALPHV and its affiliates are believed to have extorted hundreds of millions of dollars from its victims during its lifetime.
Read more »
Mexican banks
AllaKore RAT BlackBerry Research and Intelligence Team C2 Server Crypto Platform cryptocurrency Financial Fraud IMSS malware Mexican banks

AllaKore RAT: Malware Target Mexican Banks and Crypto Platforms


Mexican financial institutions are suffering attacks by a new spear-phishing campaign, spreading a modified version of an open-source remote access trojan named ‘AllaKore RAT’.

The activity was attributed by the BlackBerry Research and Intelligence Team to an unidentified financially motivated threat actor operating in Latin America. The campaign has been active since 2021, at least.

"Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company said in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud."

The attacks are specifically intended to target big businesses with annual sales of more than $100 million. Retail, agriculture, the public sector, manufacturing, transportation, commercial services, capital goods, and banking are among the industries targeted.

The attack begins with a ZIP file that is either distributed through phishing emails or a drive-by compromise. This file contains an MSI installer file that launches a.NET downloader, which verifies the victim's geolocation in Mexico and retrieves the modified AllaKore RAT, a Delphi-based RAT that was first discovered in 2015.

"AllaKore RAT, although somewhat basic, has the potent capability to keylog, screen capture, upload/download files, and even take remote control of the victim's machine," BlackBerry said.

An additional feature added to the malware comprises support for commands from the threat actors regarding banking frauds, targeting banks and crypto trading platforms, launching a reverse shell, extracting clipboard content, and fetching and executing additional payloads.

The campaign's use of Mexico Starlink IPs and the insertion of Spanish-language instructions to the modified RAT payload provide the threat actor with ties to Latin America. Moreover, the lures used are only effective for businesses big enough to submit reports directly to the Department of the Mexican Social Security Institute (IMSS).

"This threat actor has been persistently targeting Mexican entities for the purposes of financial gain[…]This activity has continued for over two years, and shows no signs of stopping," the company stated.

This research comes with a report by IOActive, revealing it has discovered three vulnerabilities (CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177) in the Lamassu Douro bitcoin ATMs that might provide physical access to an attacker the ability to take complete control of the machines and steal user data.  

Read more »
Internet scammers
Banking fraud Cyber Fraud Financial Fraud Gujarat Police Internet scammers

Two Cyber Scammers Arrested; Police Uncover Transactions of ₹60 crore in Bank Accounts

 

Two cyber fraudsters were detained last week on Friday in Gujarat for allegedly being involved in a scheme that defrauded college students of lakhs of dollars by persuading them to like YouTube videos. Authorities investigated their bank records and discovered transactions of 60 crore in the previous three months. 

Rupesh Thakkar, 33, and Pankaj Od, 34, both natives of Gujarat's Gandhinagar district, were detained. They were traced as part of the investigation into a case filed by a 19-year-old student who was conned of $2.5 lakh in October of this year after taking up a part-time job that required liking YouTube videos.

The then-unknown offenders were charged under Indian Penal Code sections 419 (cheating by personation), 420 (cheating and dishonesty), 467 (forgery), 468 (forgery for the purpose of cheating), and 471 (using forged papers as genuine). 

"We determined where the accused were stationed through a technical investigation that involved tracing the accounts to which the complainant had made the payments. We arrested them early this week with the help of Gujarat police," said a Matunga police officer. 

The police have also seized several bank documents, including credit cards, debit cards, and cheque books, as well as devices, including six mobile phones and 28 SIM cards, from the two guys. They also discovered rubber stamps used to certify falsified documents shared with the accused's victims. 

"Analysis of their transaction history revealed that the two men have made 60 crore transactions in the last few months. However, the accounts we could link to only had 1.1 crore, which we froze," the officer explained. He went on to say that the remainder of the funds had already been transferred to other accounts that were also under investigation. 

Police believe that by thoroughly examining the accounts of the two accused, they will be able to solve several more incidents of cyber fraud. Both of the arrested suspects are currently in police custody.
Read more »
Scam
2FA Cash App Cyber Security Data protection Financial Fraud Holiday Scam Identity Theft Money Transfer Scam

Fallen Victim to Zelle Scams During the Holiday Season

Identity theft is a serious concern at a time of rapid technology development and digital commerce. It becomes essential to strengthen our defenses against potential cyber threats as we negotiate the complexities of internet platforms and financial services. Identity protection must be prioritized immediately, as shown by several recent instances. 

A thorough analysis by CNET states that as more people become aware of the significance of protecting their personal information online, there is a growing demand for identity theft protection services. The paper emphasizes that because hackers have become more skilled, protecting sensitive data needs to be done proactively.

The holiday season, a time of increased financial activity, poses additional challenges. Fraudsters exploit popular money transfer services like Zelle, Venmo, and Cash App during this period. As we enter 2023, it is crucial to be aware of potential threats and adopt preventive measures. Emily Mason's analysis serves as a wake-up call, urging users to exercise caution and be vigilant in protecting their accounts.

One of the prevalent scams involves Zelle, as reported by sources. Victims of Zelle scams find themselves ensnared in a web of financial deceit, with the aftermath often leaving them grappling for solutions. Refund scams, in particular, have become a cause for concern, prompting financial experts to emphasize the need for enhanced security measures and user education.

To fortify your defenses against identity theft and financial fraud, consider implementing the following recommendations:
  • Employ Robust Identity Theft Protection Services: Invest in reputable identity theft protection services that monitor your personal information across various online platforms.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This additional step can thwart unauthorized access attempts.
  • Stay Informed and Vigilant: Keep abreast of the latest scams and fraud techniques. Awareness is your first line of defense.
  • Regularly Monitor Financial Statements: Review your bank and credit card statements regularly for any suspicious activity. Promptly report any discrepancies to your financial institution.
  • Educate Yourself on Common Scams: Familiarize yourself with the modus operandi of common scams, such as refund fraud and phishing attempts, to recognize and avoid potential threats.
Safeguarding your identity in the constantly changing world of digital transactions is a shared duty between users and the platforms they use. People can greatly lower their chance of being victims of identity theft and financial fraud by being informed and taking preventative action. As technology develops, maintaining the integrity of our personal data increasingly depends on taking a proactive approach to security.

Read more »
Threat actors
Consumer Data Data Breach Digital Identity Financial Fraud Personal Information Sensitive Data Leak Server Threat actors

Mr. Cooper Data Breach: 14 Million Customers Exposed

A major data breach at mortgage giant Mr. Cooper compromised the personal data of an astounding 14 million consumers, according to a surprising disclosure. Sensitive data susceptibility in the digital age is a worry raised by the occurrence, which has shocked the cybersecurity world.

Strong cybersecurity procedures in financial institutions are vital, as demonstrated by the breach, confirmed on December 18, 2023, and have significant consequences for the impacted persons. The hackers gained access to Mr. Cooper's networks and took off with a wealth of private information, including social security numbers, names, addresses, and other private information.

TechCrunch reported on the incident, emphasizing the scale of the breach and the potential consequences for those impacted. The breach underscores the persistent and evolving threats faced by organizations that handle vast amounts of personal information. As consumers, it serves as a stark reminder of the importance of vigilance in protecting our digital identities.

Mr. Cooper has taken swift action in response to the breach, acknowledging the severity of the situation. The company is actively working to contain the fallout and assist affected customers in securing their information. In a statement to Help Net Security, Mr. Cooper reassured customers that it is implementing additional security measures to prevent future breaches.

The potential motives behind the attack, emphasize the lucrative nature of stolen personal data on the dark web. The breached information can be exploited for identity theft, financial fraud, and other malicious activities. This incident underscores the need for organizations to prioritize cybersecurity and invest in advanced threat detection and prevention mechanisms.

"The Mr. Cooper data breach is a sobering reminder of the evolving threat landscape," cybersecurity experts have stated. To safeguard their consumers' confidence and privacy, businesses need to invest heavily in cybersecurity solutions and maintain a watchful eye."

In light of the growing digital landscape, the Mr. Cooper data breach should be seen as a wake-up call for companies and individuals to prioritize cybersecurity and collaborate to create a more secure online environment.
Read more »
real-time crime prevention
Cyber Cyber Security Financial Fraud India-Interpol international crime strategy Interpol cooperation online radicalization real-time crime prevention

India Seeks Strengthened Interpol Collaboration for Real-Time Crime Prevention

 

India has called for coordinated efforts through Interpol channels to address transnational crimes, including terrorism, online radicalization, and cyber-enabled financial fraud, on a real-time basis, officials revealed on Friday. At the 91st General Assembly of Interpol in Vienna, the Indian delegation, headed by CBI Director Praveen Sood, emphasized the necessity of eliminating safe havens for criminals and the proceeds of crime. The delegation also advocated for cohesive strategies to restrict the activities of transnational criminal organizations.

The team, which included NIA Director General Dinkar Gupta, participated in the four-day assembly that commenced on November 28, coinciding with the centenary year of Interpol, established in 1923. The increased utilization of Interpol channels and global law enforcement relationships resulted in the repatriation of 24 criminals and fugitives wanted by India this year, marking a record high, as per the Central Bureau of Investigation (CBI) spokesperson.

In discussions with law enforcement agencies from various countries, India called for enhanced coordination through Interpol to combat organized crime, terrorism, drug trafficking, money laundering, online radicalization, and cyber-enabled financial crimes in real-time. Emphasizing the denial of safe havens for criminals, the delegation highlighted the importance of coordinated strategies against criminal organizations with international reach.

Detailed talks on police cooperation took place with delegations from Austria, the UAE, the US, the UK, Nepal, Brazil, Australia, Mauritius, New Zealand, Japan, Switzerland, Bangladesh, Singapore, and Zambia. The discussions aimed at improving the sharing of criminal information via Interpol channels to expedite mutual legal assistance and extradition requests.

India expressed support for Interpol's 'Vision 2030' and the establishment of the Interpol Future Council, a group of experts to ensure the development and implementation of Vision 2030 aligns with the evolving needs of law enforcement in member countries. The team engaged in discussions with senior officials from Interpol, Europol, Pacific Islands Chiefs of Police Organization, and the US Air Force Office of Special Investigations to enhance cooperation arrangements.

India, a member of Interpol since 1949, has actively participated in the organization, hosting two General Assemblies. During last year's 90th General Assembly, a resolution was adopted to strengthen collaborative responses against financial crime and corruption, combat online child sexual exploitation, and promote diversity within Interpol. Additionally, the Interpol's presence in the Metaverse was launched during the 90th General Assembly.
Read more »
Tech Industry
Android Backdoor Financial Fraud Personal Data Privacy Smart TV Supply Chain Attack Tech Industry

Discovering the Threat from Android TV Backdoors

Android TV streaming boxes are already commonplace in homes all over the world because they provide an easy method to access a wealth of content. A pernicious backdoor that poses a serious risk to user security and privacy, however, is concealed within some of these devices.

Recent investigations have revealed the worrying ubiquity of this backdoor, which permits unauthorized access to critical data. Reputable reports emphasize the severity of this problem, shocking the tech industry.

The backdoor, dubbed 'BADBOX,' has been found in thousands of Android TV boxes, turning them into potential ticking time bombs. It allows cybercriminals to gain unrestricted access to personal data, opening the door to identity theft, financial fraud, and other malicious activities. What's even more alarming is that this backdoor is notoriously difficult to detect and eliminate, as it's deeply embedded in the device's firmware.

Experts warn that these compromised devices are not limited to a specific brand or model. In fact, they are spread across various manufacturers, making it a widespread issue that affects a broad spectrum of users. This has raised concerns about the supply chain integrity of these devices, prompting calls for stricter quality control measures.

The implications of this security breach are far-reaching. Families, individuals, and businesses alike are at risk of falling victim to cyberattacks, putting their sensitive information in the wrong hands. As we increasingly rely on smart technology for convenience and entertainment, the need for robust cybersecurity measures has never been more pressing.

To combat this threat, manufacturers, government agencies, and cybersecurity specialists are working nonstop. Users are being urged to exercise caution and maintain their devices patched with the most recent security updates. Customers are also encouraged to buy equipment from reliable vendors and to exercise caution when contemplating unofficial or off-brand retailers.

The discovery of the Android TV backdoor is a sobering reminder of how rapidly cybersecurity dangers are changing. Our attempts to protect our digital lives must grow at the same rate as technology. We can all work together to create a better and more secure digital future by remaining informed, implementing best practices, and supporting industry-wide initiatives.
Read more »
Sensitive Data Leak
Bitcoin Blockchain Crypto Crypto Hack Crypto heist Cryptocurrencies Data Breach Financial Fraud FTX Genesis Market Kroll Phishing Attacks Sensitive Data Leak

Cryptocurrency Giants FTX, BlockFi, and Genesis Hit by Kroll Hack

Customers of prominent cryptocurrency companies FTX, BlockFi, and Genesis had their financial and personal information exposed in a recent cybersecurity breach. Concerns have been expressed about the security of private information in the cryptocurrency sector as a result of the hack.

The breach, according to claims from sources, was carried out by taking advantage of flaws in the systems of Kroll, a reputable data management business. The personal information of innumerable users is now in danger due to Kroll's involvement in processing the client data of these cryptocurrency companies.

FTX, BlockFi, and Genesis being prominent names in the cryptocurrency sector, have a significant user base that relies on their platforms for trading, lending, and other financial services. The compromised data includes user names, email addresses, phone numbers, transaction histories, and potentially even account passwords. This sensitive information falling into the wrong hands could lead to identity theft, phishing attacks, and financial fraud.

The incident raises questions about the industry's overall data security practices. While the cryptocurrency market has been praised for its decentralized nature and robust encryption, this breach underscores the persistent vulnerabilities that exist in digital systems. Companies dealing with such high-value assets and sensitive data must prioritize cybersecurity measures to prevent such incidents.

The breach has consequences beyond only the immediate loss of client data. Users may stop using these platforms, which could result in lost revenue for the impacted businesses. Regulatory organizations might examine these occurrences more closely, which would result in tougher compliance standards for cryptocurrency businesses.

FTX, BlockFi, and Genesis have assured their consumers that they are acting right now in reaction to the intrusion. They are trying to improve their security procedures, assisting law enforcement, and carrying out in-depth investigations to ascertain the scope of the intrusion. Users who are affected are advised to modify their passwords, use two-factor authentication, and be on the lookout for phishing attacks.

The Bitcoin industry as a whole needs to pay attention after this tragedy. The digital world has unmatched prospects, but it also has its own challenges, notably in terms of cybersecurity. To properly protect the information of their users, businesses must implement proactive security measures, carry out routine audits, and spend money on powerful encryption.

Customers of these affected sites must implement suggested security procedures and stay up to date on developments as the investigation progresses. Additionally, the event highlights how crucial industry cooperation is to jointly fix vulnerabilities and improve the overall security posture of the Bitcoin ecosystem.


Read more »
Subscribe to: Posts (Atom)