Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Financial Scam. Show all posts

Preventing Credit Card Fraud in 2024: Tips to Avoid Declined Transactions and Fraud Alerts

 

Credit card fraud is a growing issue, with over 60% of cardholders experiencing attempted fraud in 2023. The use of AI by cybercriminals has dramatically increased, allowing them to open hundreds of accounts daily. Global losses from card fraud reached $33 billion in 2022, with the U.S. accounting for 40% of these losses. 

Although AI is part of the problem, it is also crucial to the solution. Companies like Visa and Mastercard are using AI to enhance their fraud detection systems, reducing false alerts while improving accuracy. Beyond traditional credit card fraud, criminals are now focusing on stealing other types of personal data, such as social security numbers, to commit more sophisticated financial crimes. This shift highlights the importance of comprehensive fraud prevention systems that account for more than just card theft. 

The decrease in false credit card purchases, down 5.4% from 2023, reflects improvements in fraud detection, with Mastercard noting a 20% increase in fraud detection accuracy thanks to AI technology. To minimize the risk of fraud, consumers should adopt strong security measures such as two-factor authentication, biometric passcodes, and password managers. Shopping on reputable sites and using secure payment methods like tap-to-pay can also help reduce exposure to fraudulent activity. Monitoring services and setting personalized fraud alert thresholds can ensure that consumers are notified only when necessary, cutting down on false alerts. 

One key trigger for fraud alerts is changes in shopping behavior, such as buying high-ticket items or frequent purchases from new vendors. These patterns raise red flags, prompting card companies to issue alerts or block transactions. To avoid these issues, consumers can notify their card companies of upcoming travel or large purchases in advance, helping to reduce false fraud alerts. Despite the inconvenience of fraud alerts, they are essential in preventing unauthorized transactions. Consumers are encouraged not to ignore these alerts, even if they seem excessive. 

Experts like Satish Lalchand emphasize the importance of vigilance, as fraud is expected to remain a significant threat. Properly understanding fraud alerts and securing personal data is crucial in staying one step ahead of cybercriminals. To further protect against fraud, individuals should avoid using public Wi-Fi for online transactions and consider freezing their credit to limit unauthorized access. Regularly monitoring credit reports and financial accounts for unusual activity is also essential. Using secure mobile payment methods like tap-to-pay or mobile wallet apps adds an extra layer of protection. 

Financial institutions are continuing to enhance their fraud detection systems, and consumers must take proactive steps to stay vigilant. This combination of personal responsibility and advanced security measures can significantly reduce the chances of falling victim to fraud.

Moroccan Cybercrime Group Storm-0539 Exploits Gift Card Systems with Advanced Phishing Attacks

 

A Morocco-based cybercrime group, Storm-0539, is making headlines for its sophisticated email and SMS phishing attacks aimed at stealing and reselling gift cards. Microsoft's latest Cyber Signals report reveals that this group is responsible for significant financial theft, with some companies losing up to $100,000 daily. 

First identified by Microsoft in December 2023, Storm-0539, also known as Atlas Lion, has been active since late 2021. The group employs social engineering techniques to harvest victims' credentials through adversary-in-the-middle (AitM) phishing pages. They exploit this access to register their own devices, bypass authentication, and maintain persistent access to create fraudulent gift cards. 

The group's attack strategy includes gaining covert access to cloud environments for extensive reconnaissance, targeting large retailers, luxury brands, and fast-food chains. They aim to redeem and sell gift cards on black markets or use money mules to cash out. This marks an evolution from their previous tactics of stealing payment card data via malware on point-of-sale (PoS) devices. 

Microsoft noted a 30% increase in Storm-0539's activities between March and May 2024, emphasizing their deep understanding of cloud systems to manipulate gift card issuance processes. In addition to stealing login credentials, Storm-0539 targets secure shell (SSH) passwords and keys, which are either sold or used for further attacks. The group uses internal company mailing lists to send phishing emails, enhancing their credibility and sets up new phishing websites by exploiting free trial or student accounts on cloud platforms. 

The FBI has warned about Storm-0539's smishing attacks on retail gift card departments, using sophisticated phishing kits to bypass multi-factor authentication (MFA). The group's ability to adapt and pivot tactics after detection underscores their persistence and resourcefulness. Microsoft urges companies to monitor gift card portals closely and implement conditional access policies to strengthen security. They highlight the effectiveness of using additional identity-driven signals, such as IP address and device status, alongside MFA. 

Meanwhile, Enea researchers have identified broader criminal campaigns exploiting cloud storage services like Amazon S3 and Google Cloud Storage for SMS-based gift card scams. These scams use legitimate-looking URLs to bypass firewalls and redirect users to malicious websites that steal sensitive information. 

Storm-0539's operations exemplify the increasing sophistication of financially motivated cybercriminals, borrowing techniques from state-sponsored actors to remain undetected. As these threats evolve, robust cybersecurity measures and vigilant monitoring are crucial to protect sensitive information and financial assets.

Sophisticated Vishing Campaigns are Rising Exponentially Worldwide

 

Voice phishing, also known as vishing, is popular right now, with multiple active campaigns throughout the world ensnaring even savvy victims who appear to know better, defrauding them of millions of dollars. 

South Korea is one of the global regions hardest hit by the attack vector; in fact, a fraud in August 2022 resulted in the largest amount ever stolen in a single phishing case in the country. This transpired when a doctor sent 4.1 billion won, or $3 million, in cash, insurance, stocks, and cryptocurrency to criminals, showing how much financial harm one vishing scam can inflict.

According to Sojun Ryu, lead of the Threat Analysis Team at South Korean cybersecurity firm S2W Inc., sophisticated social engineering strategies used in recent frauds involve imitating region law enforcement officers, giving individuals a false sense of authority. Ryu will present a session on the topic, "Voice Phishing Syndicates Unmasked: An In-Depth Investigation and Exposure," at the upcoming Black Hat Asia 2024 conference in Singapore. 

Vishing attempts in South Korea, in particular, take advantage of cultural differences that allow even those who do not appear to be susceptible to such scams to be victimised, he claims. For example, in recent frauds, cybercriminals have posed as the Seoul Central District Prosecutor's Office, which "can significantly intimidate people," Ryu adds. 

By doing so and acquiring people's private data ahead of time, they are successfully intimidating victims into completing money transfers — sometimes in the millions of dollars — by convincing them that if they do not, they will suffer serious legal penalties. 

Vishing engineering: A blend of psychology and technology 

Ryu and his companion speaker at Black Hat Asia, YeongJae Shin, a threat analysis researcher who previously served at S2W, will focus their talk on vishing in their own nation. However, vishing scams identical to those seen in Korea appear to be sweeping the globe recently, leaving unfortunate victims in their wake.

Even savvy Internet users appear to fall for the law-enforcement frauds; one such reporter from the New York Times, who explained in a published story how she lost $50,000 to a vishing scam in February, is one of these people. A few weeks later, when fraudsters working in Portugal pretended to be both national and international law enforcement agencies, the author of this piece almost lost 5,000 euros to a sophisticated vishing operation. 

Ryu explains that the combination of social engineering and technology enables these modern vishing scams to exploit even individuals who are aware of the risks of vishing and how their operators function. 

"These groups utilize a blend of coercion and persuasion over the phone to deceive their victims effectively," he stated. "Moreover, malicious applications are designed to manipulate human psychology. These apps not only facilitate financial theft through remote control after installation but also exploit the call-forwarding feature.” 

This suggests that there are several vishing groups active throughout the world, emphasising the need to be cautious even when dealing with the most convincing schemes, according to Ryu. To prevent compromise, it's also essential to train staff members on the telltale signs of frauds and the strategies attackers typically implement to trick victims.