Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Financial Fraud. Show all posts
pharma scam
Alkem Laboratories Cyber Fraud Cyber Security Email scam Financial Fraud Online Scam pharma scam

Alkem Laboratories Falls Victim to Rs 22.31 Crore Cyber Fraud

 

The pharmaceutical industry has been rocked by a major cyber fraud case, with Mumbai-based Alkem Laboratories suffering a financial loss of Rs 22.31 crore due to an elaborate scam. Fraudsters posed as executives from Alkem’s U.S. subsidiary, Ascend Laboratories LLC, to execute the scheme.

According to a Hindustan Times report, the incident began on October 27, 2023, when Alkem’s Mumbai office received an email seemingly from Amit Ghare, the head of international operations at Ascend Laboratories. The email claimed that a recent payment to Alkem would lead to significant tax liabilities. To circumvent these taxes, the company was asked to refund the amount to a different bank account.

On November 17, 2023, another email, allegedly from Mary Smith, Ascend Laboratories' accounting manager, provided details of a U.S.-based bank account for the refund. Acting on these instructions, Alkem’s treasury manager, Manoj Mishra, transferred Rs 51.30 crore to the specified account via a SWIFT transaction.

The fraud came to light on November 15, 2023, when Alkem received another email, supposedly from Ghare, requesting a refund of Rs 90 crore. Growing suspicious, Alkem officials contacted Ghare, who confirmed he had not sent the request. Further investigation revealed that the earlier emails originated from compromised email accounts with subtle alterations in the email addresses.

According to HT, U.S. authorities were able to recover Rs 28.98 crore from the stolen amount, which was returned to Alkem. However, the company still suffered a loss of Rs 22.31 crore.

Alkem Laboratories has reported the incident to the authorities, and an ongoing investigation aims to identify and apprehend the fraudsters while recovering the remaining funds. The company has also implemented enhanced cybersecurity measures to safeguard against similar threats, as reported by The Free Press Journal.
Read more »
Fraud Calls
Bengaluru call scams Cyber Fraud Cyber Scam Financial Fraud Financial Scam Fraud Calls

Bengaluru Woman Loses ₹2 Lakh to Sophisticated IVR-Based Cyber Scam

 

Cyber fraud continues to evolve, with scammers using increasingly sophisticated techniques to deceive victims. In a recent case from Bengaluru, a woman lost ₹2 lakh after receiving a fraudulent automated call that mimicked her bank’s Interactive Voice Response (IVR) system. The incident underscores the growing risk of technology-driven scams that exploit human vulnerability in moments of urgency. 

The fraud occurred on January 20 when the woman received a call from a number that closely resembled that of a nationalized bank. The caller ID displayed “SBI,” making it appear as though the call was from her actual bank. The pre-recorded message on the IVR system informed her that ₹2 lakh was being transferred from her account and asked her to confirm or dispute the transaction by pressing a designated key. Startled by the alert, she followed the instructions and selected the option to deny the transfer, believing it would stop the transaction. 

However, moments after the call ended, she received a notification that ₹2 lakh had been debited from her account. Realizing she had been scammed, she rushed to her bank for assistance. The bank officials advised her to report the fraud immediately to the cybercrime helpline at 1930 and file a police complaint. Authorities registered a case under the Information Technology Act and IPC Section 318 for cheating. 

Cybercrime investigators believe this scam is more sophisticated than traditional IVR fraud. Typically, such scams involve tricking victims into providing sensitive banking details like PINs or OTPs. However, in this case, the woman did not explicitly share any credentials, making it unclear how the fraudsters managed to access her funds. 

A senior police officer suggested two possible explanations. First, the victim may have unknowingly provided critical information that enabled the scammers to complete the transaction. Second, cybercriminals may have developed a new technique capable of bypassing standard banking security measures. Investigators are now exploring whether this scam represents an emerging threat involving advanced IVR manipulation. This case serves as a stark reminder of the need for heightened awareness about cyber fraud. 

Experts warn the public to be wary of automated calls requesting banking actions, even if they appear legitimate. Banks generally do not ask customers to confirm transactions via phone calls. Customers are advised to verify any suspicious activity directly through their bank’s official app, website, or customer service helpline. 

If someone encounters a suspected scam, immediate action is crucial. Victims should contact their bank, report the fraud to cybercrime authorities, and avoid responding to similar calls in the future. By staying informed and cautious, individuals can better protect themselves from falling prey to such evolving cyber threats.
Read more »
WordPress
fake websites Financial Fraud phishing PhishWP WordPress

Hackers Use PhishWP to Steal Payment Info on WordPress Sites

 



Cybersecurity researchers have uncovered a malicious WordPress plugin called PhishWP that transforms legitimate websites into tools for phishing scams. This plugin allows attackers to set up fake payment pages mimicking trusted services like Stripe, tricking users into divulging sensitive details, including credit card numbers, expiration dates, billing information, and even one-time passwords (OTPs) used for secure transactions. 


How PhishWP Works

PhishWP works by setting up fake WordPress sites or hacking into legitimate ones. It then generates phishing checkout pages that closely mimic real payment interfaces. Victims receive this interface with false site addresses, where they enter sensitive financial information, including security codes and OTPs.

The stolen data is sent to attackers in real time because the plugin integrates with Telegram. Therefore, attackers can use or sell the information almost immediately. The browser details captured by PhishWP include IP addresses and screen resolutions, which attackers can use for future fraudulent activities.


Key Features 

What has made the phishing plugin more advanced is that it ensures operations are seamless and almost undetectable. 

Realistic Payment Interfaces: The plugin mimics the appearance of trusted services like Stripe.  

3D Secure Code Theft: It fetches the OTP sent to everyone in the verification processes to successfully process fraudulent transactions.

Real-time Data Transfer: Telegram is used to send stolen information to attackers in real time.  

Customizable and Worldwide: Multi-language support and obfuscation features enable phishing attacks across the globe.  

Fake Confirmations: Victims receive fake emails that confirm purchases, which delays the suspicion.  


Step-by-Step Analysis  

1. Setup: Attackers either hack a legitimate WordPress site or create a fake one.

2. Deceptive Checkout: PhishWP personalizes payment pages to resemble actual processors. 

3. Data Theft: Victims unknowingly provide sensitive information, including OTPs. 

4. Exploitation: The stolen data is immediately sent to attackers, who use it for unauthorized transactions or sell it on dark web markets.


How to Protect Yourself

To avoid falling victim to threats like PhishWP:  

1. Verify website authenticity before entering payment details.  

2.  Look for secure connections (HTTPS) and valid security certificates.  

3. Use advanced tools like SlashNext’s Browser Phishing Protection, which blocks malicious URLs and identifies phishing attempts in real time.

Protecting your personal and financial data begins with understanding how cyberattacks work, don’t let hackers take the upper hand.



Read more »
Payment Scams
AI Scams Cyber Fraud deepfake scams Financial Fraud Identity Theft Online Safety Online Security Payment Scams

Protect Yourself from AI Scams and Deepfake Fraud

 

In today’s tech-driven world, scams have become increasingly sophisticated, fueled by advancements in artificial intelligence (AI) and deepfake technology. Falling victim to these scams can result in severe financial, social, and emotional consequences. Over the past year alone, cybercrime victims have reported average losses of $30,700 per incident. 

As the holiday season approaches, millennials and Gen Z shoppers are particularly vulnerable to scams, including deepfake celebrity endorsements. Research shows that one in five Americans has unknowingly purchased a product promoted through deepfake content, with the number rising to one in three among individuals aged 18-34. 

Sharif Abuadbba, a deepfake expert at CSIRO’s Data61 team, explains how scammers leverage AI to create realistic imitations of influencers. “Deepfakes can manipulate voices, expressions, and even gestures, making it incredibly convincing. Social media platforms amplify the impact as viewers share fake content widely,” Abuadbba states. 

Cybercriminals often target individuals as entry points to larger networks, exploiting relationships with family, friends, or employers. Identity theft can also harm professional reputations and financial credibility. To counter these threats, experts suggest practical steps to protect yourself and your loved ones. Scammers are increasingly impersonating loved ones through texts, calls, or video to request money. 

With AI voice cloning making such impersonations more believable, a pre-agreed safe word can serve as a verification tool. Jamie Rossato, CSIRO’s Chief Information Security Officer, advises, “Never transfer funds unless the person uses your special safe word.” If you receive suspicious calls, particularly from someone claiming to be a bank or official institution, verify their identity. 

Lauren Ferro, a cybersecurity expert, recommends calling the organization directly using its official number. “It’s better to be cautious upfront than to deal with stolen money or reputational damage later,” Ferro adds. Identity theft is the most reported cybercrime, making MFA essential. This adds an extra layer of protection by requiring both a password and a one-time verification code. Experts suggest using app-based authenticators like Microsoft Authenticator for enhanced security. 

Real-time alerts from your banking app can help detect unauthorized transactions. While banks monitor unusual activities, personal notifications allow you to respond immediately to potential scams. The personal information and media you share online can be exploited to create deepfakes. Liming Zhu, a research director at CSIRO, emphasizes the need for caution, particularly with content involving children. 

Awareness remains the most effective defense against scams. Staying informed about emerging threats and adopting proactive security measures can significantly reduce your risk of falling victim to cybercrime. As technology continues to evolve, safeguarding your digital presence is more important than ever. By adopting these expert tips, you can navigate the online world with greater confidence and security.
Read more »
Operation Serengeti
Afripol Cyber Crime digital scam Financial Fraud Interpol Operation Serengeti

Interpol and Afripol Arrest Kenyans Involved in Digital Scams

Interpol and Afripol Arrest Kenyans Involved in Digital Scams


Interpol and Afripol recently carried out “Operation Serengeti” a major international operation, cracking down on cybercrime throughout 19 African countries, arresting 1,006 and disrupting 134,089 malicious networks and infrastructures. The two agencies recovered USD 43,954,537, and more than 20 Kenyans were arrested in the two-month sting operation. The arrested Kenyans were involved in online credit card fraud. 

“Operation Serengeti shows what we can achieve by working together, and these arrests alone will save countless potential future victims from personal and financial pain,” said Valdecy Urquiza, Secretary General of INTERPOL. 

About Operation Serengeti 


The operation ran from September to October 2024, cracking down on various cybercrimes like business email compromise (BEC), ransomware, online scams, and digital extortion. The law agencies found 35,000 victims and cases linked to worldwide financial losses worth USD 193 million.  

The joint effort led to the disruption of cybercriminal activities and improved the efforts of law enforcement agencies in African Union member nations. 

Key events in Sting Operation 


The arrested Kenyans were involved in online credit card fraud and responsible for global banking systems losing US$8.6 million. 

The stolen money was sent via SWIFT to digital asset firms to countries Nigeria, China, and the UAE. The joint operation also resulted in the arrest of digital scammers in other countries Cameroon, Angola, Senegal, and Nigeria. 

“Through Serengeti, AFRIPOL has significantly enhanced support for law enforcement in African Union Member States. We have facilitated key arrests and deepened insights into cybercrime trends. Our focus now includes emerging threats like AI-driven malware and advanced attack techniques,” Jalela Chelba, AFRIPOL’s Executive Director said. 

Rise of financial fraud in Kenya 


TransUnion report analysis reveals Kenya is 10th in Digital Fraud suspects out of 19 countries in the first half of 2024. In the case of digital transactions carried out in Kenya, around 4.6% were traced as suspected Digital Fraud. 

Credit card fraud is the leading problem in the financial sector, scammers steal the card info of victims and access their accounts. They do this via application fraud and account takeovers.
Read more »
User Security
Cyber Scam Data Privacy Financial Fraud Mobile Security Phone Scam User Security

Here's How to Safeguard Yourself Against Phone Scams

 

Sophisticated phone scams are becoming more common and more relentless. The numbers are mind-boggling. According to the FTC, impostor fraudsters cost US consumers $2.7 billion in 2023, and the figure is rising year after year. 

These are merely the listed losses; many people who have been duped are embarrassed and refuse to acknowledge they fell for such a scam. You may believe that you will not be misled, yet many of those who are duped thought this before the incident. 

Scammers have refined their strategies to sound trustworthy and legitimate, and AI is just making matters worse. When combined with the strain or situation, it only takes a few moments to fall for it. 

The best defence against phone scams is to be prepared to face them, as they are likely to occur at some point. We've compiled a list of some of the most popular phone scams in 2024 and how to prevent them.

AI-powered scams

The most obvious example of fraudsters exploiting new technology to power existing scams is artificial intelligence (AI). For instance, scammers might use AI to: 

  • Generate more convincing and genuine sounding phishing emails and text messages. 
  • Create deepfakes of celebrities to lure victims into thinking they're investing in a good company or project.
  • Impersonate an employer and ask for private information. 

Student loan forgiveness scams 

The back-and-forth adjustments in student loan forgiveness create an ideal scenario for scammers. Fraudsters know that individuals want to believe that their student loans will be forgiven, and they will use this need for personal benefit.

For example, scammers may call you or set up fake application sites to steal your Social Security number or bank account information. They may put pressure on their victims by sending bogus urgent messages encouraging them to seek debt relief "before it's too late." Then they will charge you a high application fee. In reality, this is a scam.

Zelle scams

Scammers are using Zelle, a peer-to-peer payment tool, to steal people's money. The fraudster might email, text, or contact you, claiming to work for your bank or credit union's fraud department. They'll claim that a thief intended to steal your money via Zelle and that they need to walk you through "fixing" the issue. 

Subsequently, fraudsters may advise you to pay the money to yourself, but the funds will actually go to their account. Starting in mid-2023, Zelle began refunding victims of some frauds. However, you may not always be eligible for reimbursement, so be aware of these financial frauds. 

Prevention tips 

Avoid clicking on unknown links: Whether the link arrives in your email, a text or a direct message, never click on it unless you're certain the sender has good intentions. If the message says it's from a company or government agency, call the firm using a number that you look up on your own to confirm its legitimacy. 

Be skeptical: Scammers can spoof calls and emails to appear to be from a number of sources, including government institutions, charities, banks, and major companies. Do not provide any personal information, usernames, passwords, or one-time codes that others could use to gain access to your accounts or steal your identity. 

Don't refund or forward overpayments: Beware whenever a company or person asks you to refund or forward part of a payment. Often, the original payment will be fraudulent and taken back later. Following simple safety precautions and reviewing the most recent scam alerts might help you stay safe. However, mistakes might occur, especially when you are stressed or overwhelmed.
Read more »
User Security
Cash App Data Leak Financial Fraud Mobile Security User Security

Worried About Cash App Breach? These Three Steps Can Keep Your Financial Data Safe

 

You're not alone if the most recent Cash App data hack made you nervous. In 2022, the parent company of Block, the peer-to-peer payment platform, failed to prevent unauthorised access to Cash App customer accounts. 

Cash App agreed to a $15 million class action settlement in exchange. Even though it was an internal change, users' concerns about the app's security were not allayed, despite the fact that it was a positive step. To learn more about how to better defend themselves, users urged the cybersecurity specialists to provide some safety tips.

“One of the biggest problems with money apps like this is their popularity,” stated Neal O’Farrell, a digital security expert and CNET Money expert review board member. “Hackers follow the crowds, and the more people use these apps, the more time criminals will spend trying to exploit them.” 

Cash App actually includes an array of security safety features. The difficulty is that, while they can help you avoid fraudsters, they cannot always keep your data secure. O'Farrell observed that even the finest privacy safeguards can be undermined by an insider with access, as happened in the Cash App case. Whether you wish to avoid financial frauds on Cash App or protect your sensitive information after it has been disclosed, here are three security procedures you should take in addition to claiming any settlement money you are owed.

Secure your sign-on 

By default, Cash App makes signing in much safer by sending a code to your email address or phone number each time you log in. But there's a catch: after logging in, you must manually sign out of your account; otherwise, you can access your account from your phone without a code. I've signed out and signed back in without a code, which could be a concern if someone gains access to your phone and the app.

To be on the safe side, experts recommend logging out once you've finished completing transactions. You can add two-factor authentication as a second layer of account security, but you'll need to download a separate app, such as Google Authenticator. 

Don’t send money to strangers

From romance scams to tax scams, there are numerous ways for perpetrators to trick you into sending money using Cash App or other payment apps. Experts recommended not to send money to strangers and always double-checking their phone number or email address before sending. If you mistakenly send money to the wrong person or discover you were scammed on a Cash App, banks will often refuse to refund your money.

O'Farrell advises being wary of any messages you receive via payment apps. He frequently sees scams in which someone poses as a friend and asks for money or claims you owe them money. Others may attempt to steal access to your app and money by requesting that you verify your security code so that they can resolve a security issue with your account.

A few things can help you figure out who you're giving money to. Cash App's Incoming Requests option, available under the Security & Privacy menu, will only allow you to give money to a specific contact rather than everyone else on the app. You can also prevent people from finding your Cash App account by disabling the "$CashTag Cash.app" option in the same security page. 

Monitor your transaction activity 

Beyond data security, it's critical to monitor your account's behaviour. To receive text messages and emails about your transactions, enable push alerts under Cash App's 'Notifications' option. This allows you to track all of your payment activities and keep an eye out for anything odd.
Read more »
Senior Citizen Scam
₹6 Crore Scam 85-Year-Old Woman Cyber Fraud CyberCrime cybercriminals Digital Arrest Financial Fraud Hyderabad Fraud Senior Citizen Scam

Cybercriminals Place 85-Year-Old Woman Under 'Digital Arrest' in Hyderabad, Cheat Her of ₹5.9 Crore

 

Cybercriminals recently targeted an 85-year-old woman from the city, subjecting her to what can be described as a 'digital arrest' and extorting a staggering ₹5.9 crore from her. This elaborate scam involved convincing the elderly woman that her Aadhaar details were allegedly linked to serious money laundering cases involving Bollywood actress Shilpa Shetty and Jet Airways founder Naresh Goyal. 

The fraudsters, posing as officials from the Mumbai Cybercrime Wing, manipulated the woman into believing that her bank accounts and fixed deposits were under investigation and needed immediate verification by the Reserve Bank of India (RBI). Under this false pretext, they coerced her into transferring significant sums of money into specific accounts that they claimed were set up by the RBI for verification purposes.

When the woman attempted to contact her son for advice, the criminals threatened her, insisting that the matter was of utmost confidentiality. They warned that any attempt to inform her family would lead to severe consequences, including potential legal trouble for her son and the entire family. 

The incident came to light when her son, a software professional based in Bengaluru, visited her after about a week. He noticed her distress and learned of the fraudulent activities. Realizing his mother was in a state of psychological manipulation and fear, he immediately contacted the Telarigarra Cyber Security Bureau (TGCSB) to report the crime.

Fearful for her family's safety, the woman complied with their demands, transferring large sums into various accounts. It was only when her son arrived and intervened that the ongoing fraud was halted. He quickly reassured his mother, explaining that she had been deceived, and together, they reported the incident to the authorities. The police are now investigating the case, and efforts are underway to trace the criminals responsible for this heinous act.
Read more »
Subscribe to: Posts (Atom)