Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fraud. Show all posts
Ransomware
Cyber Crime CyberCrime Data Fraud India NCRB Ransomware

India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report

 

The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is now a high‑risk ransomware and dark‑web ecosystem within the Asia‑Pacific region. 

NCRB data and growth trend 

The report suggests that NCRB’s “Crime in India” figures show an alarming and persistent increase in reported cybercrimes, increasing from just above 52,000 cases in 2021 to beyond 86,000 cases by 2023, owing to increased digitization, online payments and use of mobile internet. This is a 31.2% year-on-year increase between 2022 and 2023 alone and the country’s cybercrime rate has increased from 4.8 to 6.2 cases per lakh population. 

Fraud is the most prevalent motive, making up almost 69% of all cybercrime incidents in 2023, followed by sexual exploitation, and extortion, highlighting that attackers mainly prey on financial and personal vulnerabilities. States such as Karnataka, Telangana and Uttar Pradesh account for a large number of cases, reflecting higher IT penetration, urbanisation and digital adoption.

Ransomware and dark-web activity

Beyond the raw figures of the NCRB, the report places India among an Asia‑Pacific threat map of sorts, drawing upon the Cyble Monthly Threat Landscape Report for July 2025, to show that India is still among the key targets for operators of ransomware. It cited the Warlock ransomware group for targeting an India-based manufacturing firm, exfiltrating HR, financial, and design data, which was then used for extortion and exposure.

The report also notes dark‑web listings advertising unauthorized access to an Indian telecom network for around US$35,000, including credentials and critical operational details, highlighting the commoditization of network breaches. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims in the observed period, with India and the Philippines close behind, and manufacturing, government, and critical infrastructure sectors bearing the brunt of attacks. 

Additionally, South Asia is experiencing ideologically driven attacks, exemplified by the pro‑India Team Pelican Hackers, which claimed breaches of major Pakistani research and academic institutions. These campaigns blur the line between classic cybercrime and geopolitical conflict, indicating that Indian networks face both profit‑motivated and politically motivated breachs.
Read more »
Technology
Financial Breach Fraud OTPs phishing Scam Scammers Technology

Smarter Scams, Sharper Awareness: How to Recognize and Prevent Financial Fraud in the Digital Age




Fraud has evolved into a calculated industry powered by technology, psychology, and precision targeting. Gone are the days when scams could be spotted through broken English or unrealistic offers alone. Today’s fraudsters combine emotional pressure with digital sophistication, creating schemes that appear legitimate and convincing. Understanding how these scams work, and knowing how to respond, is essential for protecting your family’s hard-earned savings.


The Changing Nature of Scams

Modern scams are not just technical traps, they are psychological manipulations. Criminals no longer rely solely on phishing links or counterfeit banking apps. They now use social engineering tactics, appealing to trust, fear, or greed. A scam might start with a call pretending to be from a government agency, an email about a limited investment opportunity, or a message warning that your bank account is at risk. Each of these is designed to create panic or urgency so that victims act before they think.

A typical fraud cycle follows a simple pattern: an urgent message, a seemingly legitimate explanation, and a request for sensitive action, such as sharing a one-time password, installing a new app, or transferring funds “temporarily” to another account. Once the victim complies, the attacker vanishes, leaving financial and emotional loss behind.

Experts note that the most dangerous scams often appear credible because they mimic official communication styles, use verified-looking logos, and even operate fake customer support numbers. The sophistication makes these schemes particularly hard to spot, especially for first-time investors or non-technical individuals.


Key Red Flags You Should Never Ignore

1. Unrealistic returns or guarantees: If a company claims you can make quick, risk-free profits or shows charts with consistent gains, it’s likely a setup. Real investments fluctuate; only scammers promise certainty.

2. Pressure to act immediately: Whether it’s “only minutes left to invest” or “pay now to avoid penalties,” urgency is a manipulative tactic designed to prevent logical evaluation.

3. Requests to switch apps or accounts: Authentic businesses never ask customers to transfer funds into personal or unfamiliar accounts or to download unverified applications.

4. Emotional storylines: Fraudsters know how to exploit emotions. They may pretend to be in love, offer fake job opportunities, or issue fabricated legal threats, all aimed at overriding rational thinking.

5. Asking for security codes or OTPs: No genuine financial institution or digital platform will ever ask for these details. Sharing them gives scammers direct access to your accounts.


Simple Steps to Build Financial Safety

Protection from scams starts with discipline and awareness rather than advanced technology.

• Take a moment before responding. Don’t act out of panic. Pause, think, and verify before clicking or transferring money.

• Verify independently. If a message or call appears urgent, reach out to the organization using contact details from their official website, not from the message itself.

• Activate alerts and monitor accounts. Keep an eye on all transactions. Early detection of suspicious activity can prevent larger losses.

• Use multi-layered security. Enable multi-factor authentication on all major financial accounts, preferably using hardware security keys or authentication apps instead of SMS codes.

• Keep your digital environment clean. Regularly update your devices, operating systems, and browsers, and use trusted antivirus software to block potential malware.

• Install apps only from reliable sources. Avoid downloading apps or investment platforms shared through personal messages or unverified websites.

• Educate your family. Many scam victims are older adults who may hesitate to talk about it. Encourage open communication and make sure they know how to recognize suspicious requests.


Awareness Is the New Security

Technology gives fraudsters global reach, but it also equips users with tools to fight back. Secure authentication systems, anti-phishing filters, and real-time transaction alerts are valuable but they work best when combined with personal vigilance.

Think of security like investment diversification: no single tool provides complete protection. A strong defense requires a mix of cautious behavior, verification habits, and awareness of evolving threats.


Your Takeaway

Scammers are adapting faster than ever, blending emotional manipulation with technical skill. The best way to counter them is to slow down, question everything that seems urgent or “too good to miss,” and confirm information before taking action.

Protecting your family’s financial wellbeing isn’t just about saving or investing wisely, it’s about staying alert, informed, and proactive. Remember: genuine institutions will never rush you, threaten you, or ask for confidential information. The smartest investment today is in your awareness.


Read more »
Software
FBI financial transactions Fraud phantom hacker Privacy schemes Software

FBI Warns Against Screen Sharing Amid Rise in “Phantom Hacker” Scam

 



The Federal Bureau of Investigation (FBI) has issued an urgent alert about a fast-spreading scam in which cybercriminals gain access to victims’ devices through screen-sharing features, allowing them to steal money directly from bank accounts.

Known as the “phantom hacker” scheme, the fraud begins with a phone call or message that appears to come from a legitimate bank or support service. The caller warns that the user’s account has been compromised and offers to “help” by transferring funds to a secure location. In reality, the transfer moves the victim’s money straight to the attacker’s account.

Traditionally, these scams relied on tricking users into installing remote-access software, but the FBI now reports a troubling shift. Scammers are increasingly exploiting tools already built into smartphones, specifically screen-sharing options available in widely used communication apps.

One such example involves WhatsApp, a messaging service used by over three billion people worldwide. The app recently introduced a screen-sharing feature during video calls, designed for legitimate collaboration. However, this function also allows the person on the other end of the call to see everything displayed on a user’s screen, including sensitive details such as login credentials and banking information.

Although WhatsApp notifies users to only share their screens with trusted contacts, attackers often use social engineering to bypass suspicion. The FBI notes that fraudsters frequently begin with a normal phone call before requesting to continue the conversation over WhatsApp, claiming that it offers greater security. Once the victim joins the call and enables screen sharing, scammers can observe financial transactions in real time without ever needing to install malicious software.

Experts emphasize that encryption, while essential for privacy, also prevents WhatsApp or any external authority from monitoring these fraudulent activities. The FBI therefore urges users to remain cautious and to never share their screen, banking details, or verification codes during unsolicited calls.

Cybersecurity professionals advise that individuals should hang up immediately if asked to join a video call or screen-sharing session by anyone claiming to represent a bank or technology company. Instead, contact the organization directly through verified customer-care numbers or official websites. Reporting suspicious incidents can also help prevent future cases.

The scale of financial fraud has reached alarming levels in the United States. According to new findings from the Aspen Institute, scams now cost American households over $158 billion annually, prompting calls for a national strategy to combat organized online crime. More than 80 leaders from public and private sectors have urged the creation of a National Task Force on Fraud and Scam Prevention to coordinate efforts between government bodies and financial institutions.

This rise in screen-sharing scams highlights the growing sophistication of cybercriminals, who are increasingly using everyday digital tools for exploitation. As technology advances, experts stress that public vigilance, real-time verification, and responsible digital habits remain the strongest defenses against emerging threats.



Read more »
Hacking
arrest Bangladesh Breach Court Cyber Security Data E-Commerce Evaly Fraud Hacking

Evaly Website Allegedly Hacked Amid Legal Turmoil, Hacker Threatens to Leak Customer Data

 

Evaly, the controversial e-commerce platform based in Bangladesh, appeared to fall victim to a cyberattack on 24 May 2025. Visitors to the site were met with a stark warning reportedly left by a hacker, claiming to have obtained the platform’s customer data and urging Evaly staff to make contact.

Displayed in bold capital letters, the message read: “HACKED, I HAVE ALL CUSTOMER DATA. EVALY STAFF PLEASE CONTACT 00watch@proton.me.” The post included a threat, stating, “OR ELSE I WILL RELEASE THIS DATA TO THE PUBLIC,” signaling the potential exposure of private user information if the hacker’s demand is ignored.

It remains unclear what specific data was accessed or whether sensitive financial or personal details were involved. So far, Evaly has not released any official statement addressing the breach or the nature of the compromised information.

This development comes on the heels of a fresh wave of legal action against Evaly and its leadership. On 13 April 2025, state-owned Bangladesh Sangbad Sangstha (BSS) reported that a Dhaka court handed down three-year prison sentences to Evaly’s managing director, Mohammad Rassel, and chairperson, Shamima Nasrin, in a fraud case.

Dhaka Metropolitan Magistrate M Misbah Ur Rahman delivered the judgment, which also included fines of BDT 5,000 each. The court issued arrest warrants for both executives following the ruling.

The case was filed by a customer, Md Rajib, who alleged that he paid BDT 12.37 lakh for five motorcycles that were never delivered. The transaction took place through Evaly’s website, which had gained attention for its deep discount offers and aggressive promotional tactics.
Read more »
Security
AI Banking Biometrics Cyber Crime Fintech Fraud identity Payments Scams Security

Account Takeover Fraud Surges as Cybercriminals Outpace Traditional Bank Defenses

 

As financial institutions bolster their fraud prevention systems, scammers are shifting tactics—favoring account takeover (ATO) fraud over traditional scams. Instead of manipulating victims into making transactions themselves, fraudsters are bypassing them entirely, taking control of their digital identities and draining funds directly.

Account takeover fraud involves unauthorized access to an individual's account to conduct fraudulent transactions. This form of cybercrime has seen a sharp uptick in recent years as attackers use increasingly advanced techniques—such as phishing, credential stuffing, and malware—to compromise online banking platforms. Conventional fraud detection tools, which rely on static behavior analysis, often fall short as bad actors now mimic legitimate user actions with alarming accuracy.

According to NICE Actimize's 2025 Fraud Insights U.S. Retail Payments report, the share of account takeover incidents has increased in terms of the total value of fraud attempts between 2023 and 2024. Nevertheless, scams continue to dominate, making up 57% of all attempted fraud transactions.

Global financial institutions witnessed a significant spike in ATO-related incidents in 2024. Veriff's Identity Fraud Report recorded a 13% year-over-year rise in ATO fraud. FinCEN data further supports this trend, revealing that U.S. banks submitted more than 178,000 suspicious activity reports tied to ATO—a 36% increase from the previous year. AARP and Javelin Strategy & Research estimated that ATO fraud was responsible for $15.6 billion in losses in 2024.

Experts emphasize the need to embrace AI-powered behavioral biometrics, which offer real-time identity verification by continuously assessing how users interact with their devices. This shift from single-point login checks to ongoing authentication enables better threat detection while enhancing user experience. These systems adapt to variables such as device type, location, and time of access, supporting the NIST-recommended zero trust framework.

"The most sophisticated measurement approaches now employ AI analytics to establish dynamic baselines for these metrics, enabling continuous ROI assessment as both threats and solutions evolve over time," said Jeremy London, director of engineering for AI and threat analytics at Keeper Security.

Emerging Fraud Patterns
The growth of ATO fraud is part of a larger evolution in cybercrime tactics. Cross-border payments are increasingly targeted. Although international wire transfers declined by 6% in 2024, the dollar value of fraud attempts surged by 40%. Fraudsters are now focusing on high-value, low-volume transactions.

One particularly vulnerable stage is payee onboarding. Research shows that 67% of fraud incidents were linked to just 7% of transactions—those made to newly added payees. This finding suggests that cybercriminals are exploiting the early stages of payment relationships as a critical vulnerability.

Looking ahead, integrating multi-modal behavioral signals with AI-trained models to detect sophisticated threats will be key. This hybrid approach is vital for identifying both human-driven and synthetic fraud attempts in real-time.
Read more »
SSA
Cybersecurity Datatheft Fraud IdentityTheft malware phishing remotetool Scam screenconnect SSA

Cybercriminals Target Social Security Users with Sophisticated Phishing Scam

 

A new wave of phishing attacks is exploiting public trust in government agencies. Cybercriminals are sending fraudulent emails that appear to come from the Social Security Administration (SSA), aiming to trick recipients into downloading a remote access tool that gives hackers full control over their computers, according to a report by Malwarebytes.

The scam emails, often sent from compromised WordPress websites, claim to offer a downloadable Social Security statement. However, the entire message is typically embedded as an image—a tactic that allows it to bypass most email filters. Clicking on the link initiates the installation of ScreenConnect, a powerful malware tool that enables attackers to infiltrate your device remotely.

The campaign has been attributed to a phishing group known as Molatori, whose goal is to extract personal, banking, and other sensitive information. “Once in, the attackers can steal your data, commit financial fraud, and engage in identity theft,” the report warns.

To avoid falling victim, experts suggest staying alert to red flags. These scam emails often contain poor grammar, missing punctuation, strange formatting, and unusual colour schemes for links. Such errors—evident in screenshots shared by Malwarebytes and the SSA—are clear signs of a scam, even as AI-driven tactics make phishing attempts more convincing than ever.

“If you want to view your Social Security statement, the safest option is to visit ssa.gov,” the SSA advises.

What to Do If  You're Targeted:

  • Cut off all communication with the scammer
  • Report the incident to the SSA Office of the Inspector General (OIG)
  • File a report with your local police
  • If you've lost money, submit a complaint to the FBI’s Internet Crime Complaint Center (IC3)

As phishing threats continue to evolve, cybersecurity awareness remains your best defense.


Read more »
kill chain
Barclays Cyber Security Fraud kill chain

Barclays Introduces New Step-by-Step Model to Tackle Modern Fraud

 


Banks and shops are facing more advanced types of fraud that mix online tricks with real-world scams. To fight back, experts from Barclays and a security company called Threat Fabric have created a detailed model to understand how these frauds work from start to finish. This system is called a fraud kill chain, and it helps organizations break down and respond to fraud at every stage.


What Is a Kill Chain?

The kill chain idea originally came from the military. It was used to describe each step of an attack so it could be stopped in time. In 2011, cybersecurity experts started using it to map out how hackers attack computer systems. This helped security teams block online threats like viruses, phishing emails, and ransomware.

But fraud doesn’t always follow the same patterns as hacking. It often includes human error, emotional tricks, and real-life actions. That’s why banks like Barclays needed a different version of the kill chain made specifically for financial fraud.


Why Fraud Needs a New Framework

Barclays noticed a new type of scam using tap-to-pay systems—also known as NFC, or near-field communication. This technology lets people pay by simply tapping their cards or phones. Criminals found ways to misuse this by copying the signals and using them without permission.

When Barclays and Threat Fabric studied these scams, they realized that the NFC trick was just one part of a larger process. There were many steps before and after it. But there was no clear way for banks and retailers to explain or share all this information. So, they created a new model to organize it all.


How the Fraud Kill Chain Works

The new fraud kill chain has ten steps. It starts with the fraudsters gathering data about victims and moves through stages like emotional manipulation, fake messages, stealing passwords, getting into accounts, and finally taking and hiding the money. Each of these steps includes different tricks and techniques.

For example, a scam might begin with a fake text message asking the victim to click a link. Once the victim enters their details, criminals can add their card to a device and make payments from far away. This kind of attack is sometimes called a ghost tap.


Retailers Use Their Own Version

Retail companies like Target are also building similar models. They’ve found that even simple scams, like messing with gift cards, involve many people and actions. Without a clear way to describe each part, it's hard for teams to stop them in time.

By using a structured approach to fraud, companies can better understand how scams happen, spot weak points, and stop future attacks. This new model helps everyone speak the same language when it comes to stopping fraud—and protects people from losing their money.

Read more »
ticketing
Cybersecurity Data Breach Digital Security Encryption event tickets Fraud Hacking Identity Theft PII Privacy ticketing

Massive Data Leak Exposes 520,000+ Ticket Records from Resale Platform 'Ticket to Cash'

 

A critical security lapse at online ticket resale platform Ticket to Cash has led to a major data breach, exposing over 520,000 records, according to a report by vpnMentor. The leak was first uncovered by cybersecurity researcher Jeremiah Fowler, who found the unsecured and unencrypted database without any password protection.

The database, weighing in at a massive 200 GB, contained a mix of PDFs, images, and JSON files. Among the leaked files were thousands of concert and live event tickets, proof of transfers, and receipt screenshots. Alarmingly, many documents included personally identifiable information (PII) such as full names, email addresses, physical addresses, and partial credit card details.

Using the internal structure and naming conventions within the files, Fowler traced the data back to Ticket to Cash, a company that facilitates ticket resale through over 1,000 partner websites. “Despite contacting TicketToCash.com through a responsible disclosure notice,” Fowler reported, “I initially received no response, and the database remained publicly accessible.” It wasn’t until four days later, following a second notice, that the data was finally secured. By then, an additional 2,000+ files had been exposed.

The responsible party behind maintaining the database—whether Ticket to Cash or a third-party contractor—remains uncertain. It’s also unknown how long the database was left open or whether it had been accessed by malicious actors. “Only a thorough internal forensic investigation could provide further clarity,” Fowler emphasized.

Ticket to Cash enables users to list tickets without upfront fees, taking a cut only when sales occur. However, the company has faced criticism over customer service, particularly regarding payment delays via PayPal and difficulty reaching support. Fowler also noted the lack of prompt communication during the disclosure process.

This breach raises serious concerns over data privacy and cybersecurity practices in the digital ticketing world. Leaked PII and partial financial information are prime targets for identity theft and fraud, posing risks well beyond the original ticketed events. As online ticketing becomes more widespread, this incident serves as a stark reminder of the need for strong security protocols and rapid response mechanisms to safeguard user data.
Read more »
takedown
Cyber Fraud Cyberattack CyberCrime Cybersecurity digitalcrime Europol Fraud Hacking LabHost LabRat lawenforcement phishing phishingkits phishingtools takedown

Global Cybercrime Crackdown Dismantles Major Phishing-as-a-Service Platform ‘LabHost’

 

In a major international crackdown, a law enforcement operation spearheaded by the London Metropolitan Police and coordinated by Europol has successfully taken down LabHost, one of the most notorious phishing-as-a-service (PhaaS) platforms used by cybercriminals worldwide.

Between April 14 and April 17, 2024, authorities carried out synchronized raids across 70 different sites globally, resulting in the arrest of 37 individuals. Among those arrested were four suspects in the UK believed to be the platform’s original creators and administrators. Following the arrests, LabHost’s digital infrastructure was completely dismantled.

LabHost had gained infamy for its ease of use and wide accessibility, making it a go-to cybercrime tool. The service offered more than 170 fake website templates imitating trusted brands from the banking, telecom, and logistics sectors—allowing users to craft convincing phishing campaigns with minimal effort.

According to authorities, LabHost supported over 40,000 phishing domains and catered to approximately 10,000 users across the globe. The coordinated enforcement effort was supported by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), with 19 countries actively participating in the investigation.

LabHost showcased how cybercrime has become industrialized through subscription-based platforms. For a monthly fee of around $249, subscribers could access phishing kits, fraudulent websites, hosting services, and even tools to interact with victims in real-time.

One of its most dangerous features was LabRat, an integrated dashboard that enabled users to monitor ongoing phishing attacks. This tool also allowed cybercriminals to intercept two-factor authentication codes and login credentials, effectively bypassing modern security measures.

Its user-friendly interface eliminated the need for technical skills—opening the door for anyone with malicious intent and a credit card to launch sophisticated phishing schemes. The platform's popularity contributed to a spike in identity theft, financial fraud, and widespread data breaches.

Authorities hailed the takedown as a milestone in the fight against cybercrime. However, they also cautioned that the commoditization of cybercrime remains a serious concern.

"This is a critical blow to phishing infrastructure," cybersecurity experts said, "but the ease of recreating similar platforms continues to pose a major threat."

Following the seizure of LabHost’s backend systems, law enforcement agencies have begun analyzing the data to identify the perpetrators and their victims. This will mark the beginning of a new wave of investigations and preventative measures.

The operation involved agencies from 19 countries, including the FBI and Secret Service from the United States, as well as cybercrime units in Canada, Germany, the Netherlands, Poland, Spain, Australia, and the UK. This unprecedented level of international cooperation highlights the cross-border nature of cyber threats and the importance of unified global action.

As authorities prepare for a fresh wave of prosecutions, the LabHost takedown stands as a defining moment in cyber law enforcement—both in its impact and its symbolism.
Read more »
Verification
AI Cyber Fraud Cybersecurity Deepfake Fraud identity Recruitment Resume Verification

Fake Candidates, Real Threat: Deepfake Job Applicants Are the New Cybersecurity Challenge

 

When voice authentication firm Pindrop Security advertised an opening for a senior engineering role, one resume caught their attention. The candidate, a Russian developer named Ivan, appeared to be a perfect fit on paper. But during the video interview, something felt off—his facial expressions didn’t quite match his speech. It turned out Ivan wasn’t who he claimed to be.

According to Vijay Balasubramaniyan, CEO and co-founder of Pindrop, Ivan was a fraudster using deepfake software and other generative AI tools in an attempt to secure a job through deception.

“Gen AI has blurred the line between what it is to be human and what it means to be machine,” Balasubramaniyan said. “What we’re seeing is that individuals are using these fake identities and fake faces and fake voices to secure employment, even sometimes going so far as doing a face swap with another individual who shows up for the job.”

While businesses have always had to protect themselves against hackers targeting vulnerabilities, a new kind of threat has emerged: job applicants powered by AI who fake their identities to gain employment. From forged resumes and AI-generated IDs to scripted interview responses, these candidates are part of a fast-growing trend that cybersecurity experts warn is here to stay.

In fact, a Gartner report predicts that by 2028, 1 in 4 job seekers globally will be using some form of AI-generated deception.

The implications for employers are serious. Fraudulent hires can introduce malware, exfiltrate confidential data, or simply draw salaries under false pretenses.

A Growing Cybercrime Strategy

This problem is especially acute in cybersecurity and crypto startups, where remote hiring makes it easier for scammers to operate undetected. Ben Sesser, CEO of BrightHire, noted a massive uptick in these incidents over the past year.

“Humans are generally the weak link in cybersecurity, and the hiring process is an inherently human process with a lot of hand-offs and a lot of different people involved,” Sesser said. “It’s become a weak point that folks are trying to expose.”

This isn’t a problem confined to startups. Earlier this year, the U.S. Department of Justice disclosed that over 300 American companies had unknowingly hired IT workers tied to North Korea. The impersonators used stolen identities, operated via remote networks, and allegedly funneled salaries back to fund the country’s weapons program.

Criminal Networks & AI-Enhanced Resumes

Lili Infante, founder and CEO of Florida-based CAT Labs, says her firm regularly receives applications from suspected North Korean agents.

“Every time we list a job posting, we get 100 North Korean spies applying to it,” Infante said. “When you look at their resumes, they look amazing; they use all the keywords for what we’re looking for.”

To filter out such applicants, CAT Labs relies on ID verification companies like iDenfy, Jumio, and Socure, which specialize in detecting deepfakes and verifying authenticity.

The issue has expanded far beyond North Korea. Experts like Roger Grimes, a longtime computer security consultant, report similar patterns with fake candidates originating from Russia, China, Malaysia, and South Korea.

Ironically, some of these impersonators end up excelling in their roles.

“Sometimes they’ll do the role poorly, and then sometimes they perform it so well that I’ve actually had a few people tell me they were sorry they had to let them go,” Grimes said.

Even KnowBe4, the cybersecurity firm Grimes works with, accidentally hired a deepfake engineer from North Korea who used AI to modify a stock photo and passed through multiple background checks. The deception was uncovered only after suspicious network activity was flagged.

What Lies Ahead

Despite a few high-profile incidents, most hiring teams still aren’t fully aware of the risks posed by deepfake job applicants.

“They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” said BrightHire’s Sesser. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”

As deepfake tools become increasingly realistic, experts believe the problem will grow harder to detect. Fortunately, companies like Pindrop are already developing video authentication systems to fight back. It was one such system that ultimately exposed “Ivan X.”

Although Ivan claimed to be in western Ukraine, his IP address revealed he was operating from a Russian military base near North Korea, according to the company.

Pindrop, backed by Andreessen Horowitz and Citi Ventures, originally focused on detecting voice-based fraud. Today, it may be pivoting toward defending video and digital hiring interactions.

“We are no longer able to trust our eyes and ears,” Balasubramaniyan said. “Without technology, you’re worse off than a monkey with a random coin toss.”
Read more »
WooCommerce
Carding CyberCrime CyberSource Fraud malware PyPI python Security WooCommerce

Malicious PyPi Package ‘disgrasya’ Exploits WooCommerce Stores for Card Fraud, Downloaded Over 34,000 Times

 

A newly uncovered malicious Python package on PyPi, named ‘disgrasya’, has raised serious concerns after it was discovered exploiting WooCommerce-powered e-commerce sites to validate stolen credit card information. Before its removal, the package had been downloaded more than 34,000 times, signaling significant abuse within the developer ecosystem.

The tool specifically targeted WooCommerce sites using the CyberSource payment gateway, enabling threat actors to mass-test stolen credit card data obtained from dark web sources and data breaches. This process, known as carding, helps cybercriminals determine which cards are active and usable.

While PyPi has since removed the package, its high download count reveals the widespread exploitation of open-source platforms for illicit operations.

"Unlike typical supply chain attacks that rely on deception or typosquatting, disgrasya made no attempt to appear legitimate," explains a report by Socket researchers.

"It was openly malicious, abusing PyPI as a distribution channel to reach a wider audience of fraudsters."

What sets ‘disgrasya’ apart is the transparency of its malicious intent. Unlike other deceptive packages that mask their true purpose, this one openly advertised its illicit capabilities in the description:

"A utility for checking credit cards through multiple gateways using multi-threading and proxies."

According to Socket, version 7.36.9 of the package introduced the core malicious features, likely bypassing stricter checks typically applied to initial versions.

The malicious script mimics legitimate shopping behavior by accessing real WooCommerce stores, identifying product IDs, and adding items to the cart. It then proceeds to the checkout page, where it harvests the CSRF token and CyberSource’s capture context—sensitive data used to securely process card payments.

Socket explains that these tokens are typically short-lived and hidden, but the script captures them instantly while populating the form with fake customer details.

Instead of sending the card details directly to CyberSource, the data is routed to a malicious server (railgunmisaka.com) that impersonates the legitimate payment gateway. The server returns a fake token, which the script uses to complete the checkout process on the real store. If the transaction is successful, the card is validated; otherwise, it moves on to the next.

"This entire workflow—from harvesting product IDs and checkout tokens, to sending stolen card data to a malicious third party, and simulating a full checkout flow—is highly targeted and methodical," says Socket.

"It is designed to blend into normal traffic patterns, making detection incredibly difficult for traditional fraud detection systems."

This fully automated workflow makes it easier for attackers to validate thousands of cards at scale—cards which can then be used for financial fraud or sold on underground marketplaces.

Socket also warns that traditional fraud detection systems are ill-equipped to catch these types of attacks due to their highly realistic emulation of customer behavior.

Despite the sophistication of the operation, Socket researchers suggest some measures to reduce vulnerability:
  • Block very low-value transactions (typically under $5), often used in carding tests.
  • Monitor for high failure rates on small orders from the same IP address or geographic region.
  • Implement CAPTCHA verification during checkout flows to disrupt automated tools.
  • Apply rate limiting on checkout and payment endpoints to slow down or block suspicious behavior.
Read more »
Scam
Antivirus Cyber Fraud Cybersecurity Fraud Hackers phishing Scam

Phishing Scams Are Getting Smarter – And More Subtle : Here’s All You Need to Know

 

Cybercriminals are evolving. Those dramatic emails warning about expired subscriptions, tax threats, or computer hacks are slowly being replaced by subtler, less alarming messages. New research suggests scammers are moving away from attention-grabbing tactics because people are finally catching on.

Kendall McKay, strategic lead for cyber threat intelligence at Cisco’s Talos division, said phishing scams are adapting to stay effective. “They probably know that we've caught on to this and the tricky, sensational email isn't going to work anymore,” McKay said. “So they've moved towards these benign words, which are likely to show up in your inbox every day."

Cisco’s 2024 Year in Review report found that common phishing emails now include subject lines like “request,” “forward,” and “report”—a shift from the usual “urgent” or “payment overdue.” Despite the growing use of advanced tools like AI, scammers still favor phishing because it works. Whether they’re targeting large corporations or individuals, their aim remains the same: to trick users into clicking malicious links or giving up sensitive information.

The most impersonated brands in blocked phishing emails last year included:
  • Microsoft Outlook – 25% of total phishing attempts
  • LinkedIn
  • Amazon
  • PayPal
  • Apple
  • Shein
“Phishing is still prominent, phishing is effective, and phishing is only getting better and better, especially with AI,” McKay said.

Common phishing tactics include:
  • Unsolicited messages via email, text, or social media—especially if they come from people or companies you haven’t contacted.
  • Fake job offers that appear legitimate. Always verify recruiter details, and never share personal information unless it’s through a trusted channel.
  • Requests for gift cards or cryptocurrency payments—these are favored by scammers because they’re untraceable. Official entities like the IRS won’t ever ask for payment in these forms or reach out via email, phone, or text.
  • Online romance scams that play on emotional vulnerability. The FTC reported $384 million in losses from romance scams in just the first nine months of 2024.
  • Charity scams tied to current events or disasters. Always donate through official websites or verified sources.
To protect yourself if you think you’ve been phished:
  • Install and update antivirus software regularly—it helps filter spam and block malware-laced attachments.
  • Use strong, unique passwords for every account. A password manager can help manage them if needed.
  • Enable two-factor authentication (2FA) using apps or physical security keys (avoid SMS-based 2FA when possible).
  • Freeze your credit if your Social Security number or personal data may have been compromised. Experts even suggest freezing children’s credit to prevent unnoticed identity theft.
  • Scams are no longer loud or obvious. As phishing becomes more polished and AI-powered, the best defense is staying alert—even to the emails that seem the most routine.
Read more »
tokenization
Banking Biometrics contactless Cyber Security Fintech Fraud mobile wallet Payments Security tokenization

Mastercard to Eliminate 16-Digit Card Numbers by 2030 for Enhanced Security

 

In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance security.

Mastercard has been integrating biometric authentication into its payment ecosystem since 2022, allowing transactions to be completed with a smile or a hand wave. Now, the next phase involves replacing card numbers with tokens, which transform the 16-digit identifier into a unique digital code stored on devices. This ensures that card details are never exposed during online or contactless transactions.

The initial rollout of these numberless cards will be in collaboration with AMP Bank, with additional financial institutions expected to adopt the technology in the coming year.

Receiving a suspicious transaction alert from the bank can be alarming, and for good reason—payment fraud has been on the rise. In Australia, fraudulent card transactions amounted to A$868 million in 2023-24, up from A$677.5 million the previous year.

Data breaches continue to expose sensitive financial information, with major incidents involving Marriott, Starwood Hotels, and Ticketmaster affecting hundreds of millions of customers worldwide. In Australia, card-not-present fraud—where transactions occur without the physical card—accounts for 92% of all card fraud, increasing by 29% in the last financial year.

Although the Card Verification Value (CVV) was introduced to verify physical card possession, its effectiveness has diminished over time.

By removing the card number, Mastercard aims to reduce unauthorized transactions and minimize risks associated with data breaches. Without stored payment details, compromised databases will no longer expose customers’ financial information.

This move aligns with broader industry concerns about data storage and privacy, highlighted by incidents such as the 2022 Optus data breach, which leaked historical customer data. Eliminating stored card details prevents future attacks from leveraging outdated information.

Challenges in Adopting the New System

While digital banking users may find the transition seamless, concerns arise regarding accessibility. Elderly consumers and individuals with disabilities who rely on traditional banking methods might struggle with the shift to mobile authentication.

Additionally, shifting security reliance from physical cards to mobile devices introduces new risks. SIM swapping and impersonation scams already enable criminals to take over victims' phone accounts, and these tactics could escalate as digital payment systems evolve.

Biometric authentication presents another challenge—unlike credit card details, biometric data is immutable. If compromised, it cannot be changed, increasing the stakes of potential identity theft. Previous breaches, such as the BioStar 2 security lapse and Australia’s Outabox facial recognition exposure, highlight the risks of biometric data leaks.

As contactless payments continue to grow, physical cards may soon become unnecessary. In 2023, mobile wallet transactions in Australia surged 58%, reaching $146.9 billion. By October 2024, nearly 44% of transactions were conducted via mobile devices.

Retail innovations like Amazon’s Just Walk Out technology are accelerating this trend. Currently deployed across 70 Amazon-owned stores and 85 third-party locations, the system uses AI-powered cameras and weight sensors to enable checkout-free shopping. Companies like Trigo, Cognizant, and Grabango are also developing similar smart retail solutions, with trials underway in major supermarket chains like Tesco and ALDI.

However, even in frictionless shopping experiences, consumers must initially enter card details into payment apps. To eliminate the need for cards and numbers entirely, biometric payments—such as facial recognition transactions—are gaining traction as the next frontier in secure digital commerce.
Read more »
Phishing scam
AI scam Cyber Cyber Fraud Fraud Gmail Hack Google security Phishing scam

Gmail Confirms AI Hack: 2.5 Billion Users Warned of Phishing Scam

 

  
Gmail has issued a warning to its 2.5 billion users about a sophisticated AI-powered phishing attack. Fraudsters are using caller IDs that seem to originate from Google support, convincing users that their accounts have been compromised. Under the pretense of an account recovery process, they send an email with a recovery code that appears to come from a genuine Gmail address, Forbes reports.

Zach Latta, founder of Hack Club, noticed irregularities during an interaction with a so-called Google support agent. "She sounded like a real engineer, the connection was super clear, and she had an American accent," Latta told Forbes. Despite the convincing approach, the scam's goal is to deceive users into providing their login credentials, allowing cybercriminals to take control of their accounts.

Spencer Starkey, Vice President at SonicWall, emphasized the evolving nature of cyber threats: "Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats." He advised businesses to adopt a proactive cybersecurity approach, including regular security assessments and incident response planning.

Users Report Similar Fraud Attempts

According to the New York Post, Y Combinator founder Garry Tan shared his experience on X (formerly Twitter) after receiving phishing emails and phone calls.

"They claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account," Tan wrote, calling it an elaborate scheme to manipulate users into approving password recovery.

Microsoft solutions consultant Sam Mitrovic also encountered this scam months ago. Initially, he ignored the recovery notification and follow-up call, but when it happened again, he decided to answer.

"It's an American voice, very polite and professional. The number is Australian," Mitrovic recalled. He even verified the number on an official Google support page, making the deception more convincing. 

The caller alleged there was suspicious activity on his account and asked if he had logged in from Germany. When he denied it, the agent claimed someone had been accessing his account for a week and offered to help secure it. Mitrovic realized something was off when he spotted a suspicious email address in the follow-up message and stopped responding.

Forbes advises Gmail users to remain calm and immediately disconnect any call from so-called Google support, as Google does not contact users via phone. Instead, users should verify account activity themselves:
  • Use Google Search to check official security support pages.
  • Log into Gmail and navigate to the bottom right corner to review recent account activity.
  • Avoid sharing recovery codes with anyone over the phone.
With cyber threats evolving rapidly, vigilance is key to safeguarding online accounts.

Read more »
Indian Cybercrimes
Cyber Fraud Cyber Security awareness cybercriminal arrests Fraud Indian cyber crimes Indian Cybercrimes

Rajasthan Police Arrest 30 in ₹30 Crore Cyber Fraud Under 'Operation Cyber Shield'

 


In a significant crackdown on cybercrime, Rajasthan Police arrested 30 individuals involved in cyber fraud on Saturday, January 11, 2025. The arrests were the result of coordinated raids conducted across 40 locations in five police station areas in Jaipur. The accused, linked to eight separate gangs, are suspected of fraudulent activities amounting to ₹30 crore. Additionally, two minors connected to these cybercrime operations were also detained. 

According to Deputy Commissioner of Police (Jaipur West), Amit Kumar, the arrested individuals were not only actively engaged in cyber fraud but were also training others in sophisticated techniques to deceive victims. The gangs employed various deceptive strategies, including impersonating monks and astrologers to exploit vulnerable individuals by offering rituals to solve personal problems. A notable suspect, a 25-year-old from the Tonk district, had reportedly received specialized cybercrime training in Sri Lanka. This international connection highlights the organized and transnational nature of these criminal operations, reflecting a growing trend in cyber-enabled economic crimes. 
 
‘Operation Cyber Shield’: A Targeted Response to Rising Cybercrime 

 Launched on January 2, 2025, the month-long ‘Operation Cyber Shield’ is a dedicated campaign aimed at combating the surge in cybercrime across Rajasthan. This initiative focuses on dismantling the infrastructure supporting organized cyber-enabled financial fraud, addressing public complaints, and raising cybersecurity awareness among citizens. Key achievements of the operation's initial phase include:
  • Blocked Bank Accounts: 135 bank accounts linked to fraudulent transactions were blocked.
  • Unified Payments Interfaces (UPIs): 64 UPIs were frozen to disrupt the flow of illicit funds.
  • ATM Seizures: 20 ATMs used in the scams were deactivated.
These proactive measures aim to cut off financial channels used by cybercriminals and prevent further victimization. 
 
Seized Items and Ongoing Investigations During the raids, authorities seized a significant amount of equipment used in fraudulent operations. The recovered items include:
  • Laptops and mobile phones for executing and managing scams.
  • ATM cards and WiFi routers to facilitate transactions and maintain anonymity.
  • CCTV cameras and HDMI cables potentially used for surveillance and monitoring.
  • Bank passbooks, cheque books, and passports indicating attempts at identity fraud and money laundering.
Six criminal cases have been registered under the Bhartiya Nyaya Sanhita and the Information Technology Act at Kardhani, Kalwar, Harmada, Karni Vihar, and Bindayaka police stations. These cases are currently under detailed investigation. 
 
The alarming rise in cybercrime across Rajasthan — especially in digital arrest scams, online betting frauds, and financial scams — has led authorities to prioritize immediate action. Many victims of these frauds are elderly individuals and women, who are often targeted due to their perceived vulnerability. To counter this, the Cyber Crime Branch has initiated “hotspot mapping” to identify and monitor regions with a high frequency of cybercriminal activity. This strategic approach aids in disrupting criminal networks and preventing future offenses. 

Beyond enforcement, ‘Operation Cyber Shield’ emphasizes public education on cybersecurity. The campaign aims to:
  • Raise Awareness: Inform citizens about common cyber fraud tactics to prevent victimization.
  • Address Complaints Promptly: Ensure that public grievances related to cybercrime are effectively resolved.
  • Prevent Cybercrime: Equip individuals with knowledge and tools to recognize and report suspicious activities.
By combining stringent law enforcement with widespread awareness efforts, Rajasthan Police seeks to curb the growing menace of cyber fraud and build a more secure digital environment for its citizens. 
  
The success of this operation underscores Rajasthan Police's commitment to dismantling cybercrime networks and protecting citizens from digital threats. ‘Operation Cyber Shield’ not only aims to bring offenders to justice but also empowers the public to stay vigilant against cybercriminal tactics. As the campaign progresses, authorities continue to urge citizens to report suspicious online activities and adopt safe digital practices. Through proactive measures and community involvement, Rajasthan moves closer to safeguarding its people from the ever-evolving challenges of cybercrime.
Read more »
telecommunications
AI Scams AI tools Cyber Security CyberCrime Fake Documents financial scams Fraud Online fraud SE Asia SIM telecommunications

Tamil Nadu Police, DoT Target SIM Card Fraud in SE Asia with AI Tools

 

The Cyber Crime Wing of Tamil Nadu Police, in collaboration with the Department of Telecommunications (DoT), is intensifying efforts to combat online fraud by targeting thousands of pre-activated SIM cards used in South-East Asian countries, particularly Laos, Cambodia, and Thailand. These SIM cards have been linked to numerous cybercrimes involving fraudulent calls and scams targeting individuals in Tamil Nadu. 

According to police sources, investigators employed Artificial Intelligence (AI) tools to identify pre-activated SIM cards registered with fake documents in Tamil Nadu but active in international locations. These cards were commonly used by scammers to commit fraud by making calls to unsuspecting victims in the State. The scams ranged from fake online trading opportunities to fraudulent credit or debit card upgrades. A senior official in the Cyber Crime Wing explained that a significant discrepancy was observed between the number of subscribers who officially activated international roaming services and the actual number of SIM cards being used abroad. 

The department is now working closely with central agencies to detect and block suspicious SIM cards.  The use of AI has proven instrumental in identifying mobile numbers involved in a disproportionately high volume of calls into Tamil Nadu. Numbers flagged by AI analysis undergo further investigation, and if credible evidence links them to cybercrimes, the SIM cards are promptly deactivated. The crackdown follows a series of high-profile scams that have defrauded individuals of significant amounts of money. 

For example, in Madurai, an advocate lost ₹96.57 lakh in June after responding to a WhatsApp advertisement promoting international share market trading with high returns. In another case, a government doctor was defrauded of ₹76.5 lakh through a similar investment scam. Special investigation teams formed by the Cyber Crime Wing have been successful in arresting several individuals linked to these fraudulent activities. Recently, a team probing ₹38.28 lakh frozen in various bank accounts apprehended six suspects. 

Following their interrogation, two additional suspects, Abdul Rahman from Melur and Sulthan Abdul Kadar from Madurai, were arrested. Authorities are also collaborating with police in North Indian states to apprehend more suspects tied to accounts through which the defrauded money was transacted. Investigations are ongoing in multiple cases, and the police aim to dismantle the network of fraudsters operating both within India and abroad. 

These efforts underscore the importance of using advanced technology like AI to counter increasingly sophisticated cybercrime tactics. By addressing vulnerabilities such as fraudulent SIM cards, Tamil Nadu’s Cyber Crime Wing is taking significant steps to protect citizens and mitigate financial losses.
Read more »
phishing
AI Deepfakes CERT Cyber Security Fraud phishing

How to Protect Your Small Business from Cyber Attacks

 


It so coincided that October was international cybersecurity awareness month, during which most small businesses throughout Australia were getting ready once again to defend themselves against such malicious campaigns. While all cyber crimes are growing both here and all around the world, one area remains to be targeted more often in these cases: the smaller ones. Below is some basic information any small businessman or woman should know before it can indeed fortify your position.

Protect yourself from Phishing and Scamming.

One of the most dangerous threats that small businesses are exposed to today is phishing. Here, attackers pose as trusted sources to dupe people into clicking on malicious links or sharing sensitive information. According to Mark Knowles, General Manager of Security Assurance at Xero, cyber criminals have different forms of phishing, including "vishing," which refers to voice calls, and "smishing," which refers to text messages. The tactics of deception encourage users to respond to these malicious messages, which brings about massive financial losses.

Counter-phishing may be achieved by taking some time to think before answering any unfamiliar message or link. Delaying and judging if the message appears suspicious would have averted the main negative outcome. Knowles further warns that just extra seconds to verify could have spared a business from an expensive error.

Prepare for Emerging AI-driven Threats Like Deepfakes

The emergence of AI has provided new complications to cybersecurity. Deepfakes, the fake audio and video produced using AI, make it increasingly difficult for people to distinguish between what is real and what is manipulated. It can cause critical problems as attackers can masquerade as trusted persons or even executives to get employees to transfer money.

Knowles shares a case, where the technology was implemented in Hong Kong to cheat a finance employee of $25 million. This case highlights the need to verify identities in this high-pressure situation; even dialling a phone can save one from becoming a victim of this highly sophisticated fraud.

Develop a Culture of Cybersecurity

Even a small team is a security-aware culture and an excellent line of defence. Small business owners will often hold regular sessions with teams to analyse examples of attempted phishing and discuss awareness about recognising threats. Such collective confidence and knowledge make everyone more alert and watchful.

Knowles further recommends that you network with other small business owners within your region and share your understanding of cyber threats. Having regular discussions on common attack patterns will help businesses learn from each other's experiences and build collective resilience against cybercrime.

Develop an Incident Response Plan for Cyber

Small businesses typically don't have dedicated IT departments. However, that does not mean they can't prepare for cyber incidents. A simple incident-response plan is crucial. This should include the contact details of support: trusted IT advisors or local authorities such as CERT Australia. If an attack locks down your systems, immediate access to these contacts can speed up recovery.

Besides, a "safe word" that will be used for communication purposes can help employees confirm each other's identities in such crucial moments where even digital impersonation may come into play.

Don't Let Shyness Get in Your Way

The embarrassment of such an ordeal by cyber crooks results in the likelihood that organisations are not revealing an attack as it can lead the cyber criminals again and again. Knowles encourages any organisation affected to report suspicions of the scam immediately to bankers, government, or experienced advisors in time to avoid possible future ramifications to the firm. Communicating the threat is very beneficial for mitigating damages, but if nothing was said, chances are slim to stop that firm further from getting another blow at that point of time in question.

Making use of the local networks is beneficial. Open communication adds differences in acting speedily and staying well-informed to build more resilient proactive approaches toward cybersecurity.


Read more »
Scam
Bengaluru Cyber crimes Fraud porter Scam

Delivery Partners Exploit App Loophole, Defraud Logistics Company in Bengaluru

 




This is a major fraud case whereby delivery partners exploited a weakness in the logistics app Porter, syphoning Rs 90 lakh from Bengaluru. The swindle was detected by a routine business audit conducted in July by Smart Shift Logistics Solutions Pvt Ltd, which runs Porter. After this, an official of the logistics company filed a complaint with the police. Insider involvement was ruled out through automated operations.

The authorities suspected it could be an inside job when the fraud was first detected, considering the scale of the crime. They looked at the backend operations of the company and found nothing internal as most processes were automated. This led to a deep probe with Sarah Fathima, the Deputy Commissioner of Police (Southeast), assigning a team to trace the refunds made by the company since January. This series of operations was headed by ACP Govardhan Gopal, along with inspector Eshwari from the Southeast Cybercrime, Economic Offences, and Narcotics (CEN) police station.


Understanding the Scam

The investigators soon came across several refunds credited to the same accounts, and a rather clear fraud pattern began to emerge. The police were following this chain of suspicious transactions when it led them to a Shreyas TL, a 29-year-old from Hassan's Hirisave. Based on confession questioning of Shreyas, the police managed to seize three others: Kaushik KS, aged 26, from Mandya, Ranganath PR, also 26, and Anand Kumar, 30, both from Mandya.

These were earlier cab drivers and food delivery partners for various online applications who chanced upon loopholes in the Porter app after dabbling in such scams in other delivery services. They eventually managed to pinpoint how to exploit the Porter system through trial and error for their financial gains.


How the scam was run

Porter has a system where the driver can get a part of the total bill through his wallet whenever he accepts the job. And if he rejects the delivery, he will have his money back automatically. The application does not allow abusing this system, and therefore it has a strict cancellation policy where it blacklists the drivers in case they cancel two deliveries consecutively.

The fraudsters bypassed the system. Geo-spoofing is an application of the technology, using which they manipulated the app so as to pose their locations at places where there are few available drivers. This way, they accepted the jobs using their fake delivery accounts. The amount of the bill was credited to their digital wallets. Then the amount was drawn from these wallets into bank accounts. They canceled the delivery, and customers canceled the order and received a refund.

The reason they did not get blacklisted was because of repeated cancellations, so to avoid that, the gang bought fake phone numbers from Telegram groups and created new accounts on the app with them. Additionally, the gang practiced geo-spoofing to change their location into neighbouring states, making it hard for the authorities to trace them.


A Perfected Scam

The operation of the gang was so sophisticated that they managed to make off with a total of Rs 90 lakh from the company. Taking advantage of loopholes in the automation of the app, they had syphoned off the amount without raising any suspicion in the beginning. But finally, after going through a detailed investigation, it was traced by the police, and the fraudsters were caught.

This case shines a light on the importance of secure and foolproof systems in online platforms, especially those handling financial transactions. It also highlights the need to frequently audit and monitor company automated processes to detect fraud before it gets out of hand.




Read more »
Trading
Apple cryptocurrency Cyber Fraud Cybersecurity Fake Apps Fraud Google investment phishing Scam Trading

Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

 

A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment scam known as "pig butchering," where fraudsters lure victims into investments by posing as romantic partners or financial advisors.

Victims are manipulated into losing funds, with scammers often requesting additional fees before disappearing with the money.

Group-IB, based in Singapore, noted that the campaign targets victims globally, with reports from regions like Asia-Pacific, Europe, the Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, are labeled under "UniShadowTrade" and have been active since mid-2023, offering promises of quick financial gains.

One app, SBI-INT, even bypassed Apple’s App Store review process, giving it an illusion of legitimacy. The app disguised itself as a tool for algebraic formulas and 3D graphics calculations but was eventually removed from the marketplace.

The app used a technique that checked if the date was before July 22, 2024, and, if so, displayed a fake screen with mathematical formulas. After being taken down, scammers began distributing it via phishing websites for Android and iOS users.

For iOS, downloading the app involved installing a .plist file, requiring users to trust an Enterprise developer profile manually. Once done, the fraudulent app became operational, asking users for their phone number, password, and an invitation code.

After registration, victims went through a six-step process involving identity verification, providing personal details, and agreeing to terms for investments. Scammers then instructed them on which financial instruments to invest in, falsely promising high returns.

When victims tried to withdraw their funds, they were asked to pay additional fees to retrieve their investments, but the funds were instead stolen.

The malware also included a configuration with details about the URL hosting the login page, hidden within the app to avoid detection. One of these URLs was hosted by a legitimate service, TermsFeed, used for generating privacy policies and cookie consent banners.

Group-IB discovered another fake app on the Google Play Store called FINANS INSIGHTS, which had fewer than 5,000 downloads. A second app, FINANS TRADER6, was also linked to the same developer. Both apps targeted countries like Japan, South Korea, Cambodia, Thailand, and Cyprus.

Users are advised to be cautious with links, avoid messages from unknown sources, verify investment platforms, and review apps and their ratings before downloading.
Read more »
security threat
Cyber Attacks Cyber Scams CyberCrime CyberThreat Digital Detention Fraud security threat

Cybercriminals Impersonate Law Enforcement in New 'Digital Detention' Scam

 


As part of a collaboration between the Indian Cyber Coordination Centre (I4C) and Microsoft, an anti-cyber fraud agency has banned more than 1,000 Skype accounts that are believed to have been used to intimidate, blackmail, extort and digitally arrest citizens by cybercriminals posing as police officers, the Central Bureau of Investigation (CBI), the Narcotics Department, the RBI, or Enforcement Directorate. During the past few years, the Indian digital industry has grown at a rapid pace. 

It is increasingly necessary to rely on the Internet for everything from shopping and banking to travel and UPI. It is also important to note that because of this dependence on the digital space, threats such as scams are also present. The number of online scams has increased since a few months ago. Cybercriminals continue to find new ways to exploit technology to steal money from unsuspecting victims. It has been reported that a scam dubbed the 'Digital Arrest Scam' has been spreading rapidly over the past few days. 

Fraudsters are doing an increasingly good job of masquerading as law enforcement officers to trick unsuspecting victims with chillingly simple but extremely effective techniques. They pose as police officers or officers from the CBI or ED and launch online interrogations over platforms such as WhatsApp or Skype, where victims can be monitored over the camera while the fraudsters pose as officers from these agencies. 

As a result, the victims of these crimes are isolated, and forbidden from contacting anyone of importance, and the perpetrators threaten them in an attempt to extract money from them. As a result of "interrogation" a victim could be held in custody for anything from a few hours to a few days, and they would be told that they are locked up in a virtual prison. There was this new report about a 40-year-old doctor who was victimized by a scam called Digital Arrest Scam. 

The victim, a doctor in Noida, lost Rs 59.54 lakh as a result of cybercriminals. Fraudsters who posed as telecom officials called the victim on the phone and informed her that her name was associated with a case of money laundering and they wanted to expose her. After that, the phone was transferred to a supposed police officer from Mumbai's Tilak Nagar Police Station, who was later arrested. 

According to the "officer" the police informed the victim that an investigation had been opened into her sharing of pornographic videos, and an arrest warrant had been issued for her. Furthermore, the criminals claim that she had been implicated in a money laundering case involving Jet Airways founder Naresh Goyal and that the National Security Act of 1947 had been invoked against her to obtain her arrest. 

It was during this period that the victim was placed under digital arrest while the scammers asked for her details to steal money from her bank account between the 15th and 16th of July. As a first step in their scam strategy, scammers usually cast a wide net, calling individuals and claiming that drugs have been found inside their courier packages or that their personal information is being used to hide money. They are then subjected to a high-pressure interview process while being threatened with legal action or even arrest to obtain the details of the crime. 

An incident in which fraudsters informed the victim that his mobile number was discovered during an investigation of the criminal case against a former minister in the NCP, led to him believing that he had been targeted. Cybercriminals have developed elaborate setups that resemble police stations to enhance their credibility. These setups usually include men wearing uniforms and logos that appear to be officially licensed. 

In a disturbing case of cybercrime, scammers used a fake profile picture of a policeman on WhatsApp to deceive a businessman. The criminals accused the businessman of being involved in human trafficking, leveraging his fear and trust in authority to manipulate him. They sent him a fabricated arrest warrant and a seizure order via an online link, further escalating the pressure on the victim. In a brazen move, one of the scammers even impersonated a Supreme Court judge during a phone call with the businessman.

Through these deceptive tactics, the fraudsters convinced the businessman that he needed to undergo a "fund legalization process" and deposit his money into an account purportedly held by the Reserve Bank of India (RBI). The scam, which unfolded over a gruelling period of seven to eight hours, resulted in a significant financial loss of Rs 1.3 crore for the victim.

Despite the severity of such incidents, victims often find themselves without adequate support. While the government has publicized a cybercrime helpline number, 1930, it merely directs complainants to file their cases on the website www.cybercrime.gov.in. Even after a complaint is lodged, the responsibility to follow up and ensure action is taken largely falls on the victim.

This case highlights the broader issue of law enforcement agencies not playing a proactive role in assisting citizens who fall prey to online fraudsters. The lack of timely intervention and investigation into cybercrimes exacerbates the distress faced by victims. As cybercrime rates continue to rise, there is a pressing need for law enforcement to enhance their responsiveness and take on a more active role in protecting citizens from such sophisticated digital threats.

Read more »
Subscribe to: Comments (Atom)