Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fraud. Show all posts
web domain seizure
bank account takeover Cyber Crime CyberCrime Fraud fraudulent ads US Justice Department web domain seizure

US Justice Department Seizes Web Domain Linked to Large-Scale Bank Account Takeover Fraud

 

The U.S. Justice Department (DoJ) on Monday revealed that it has taken control of a web domain and its associated database that were allegedly used to support a criminal operation aimed at defrauding Americans through bank account takeover fraud.

Authorities identified the seized domain, web3adspanels[.]org, as a backend control panel that enabled cybercriminals to store, manage, and exploit unlawfully obtained online banking credentials. Visitors attempting to access the site now encounter a seizure notice stating that the takedown was part of a coordinated international law enforcement effort involving officials from the United States and Estonia.

"The criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing," the DoJ said. "These fraudulent advertisements imitate the sponsored search engine advertisements used by legitimate banking entities."

According to investigators, the deceptive ads redirected users to counterfeit banking websites controlled by the attackers. These fake portals were embedded with malicious software that captured login details entered by unsuspecting victims. The stolen credentials were then used to access real bank accounts, allowing the criminals to seize control and siphon off funds.

So far, the fraud scheme is believed to have impacted 19 victims across the United States, including two businesses located in the Northern District of Georgia. Officials estimate attempted financial losses of around $28 million, with confirmed losses reaching approximately $14.6 million.

The DoJ further noted that the seized domain contained banking login data belonging to thousands of victims and continued to function as an operational backend for account takeover fraud as recently as last month.

Separately, data from the U.S. Federal Bureau of Investigation (FBI) indicates a sharp rise in such incidents. Since January 2025, the Internet Crime Complaint Center (IC3) has logged more than 5,100 complaints related to bank account takeover fraud, with total reported losses exceeding $262 million.

Law enforcement agencies are urging the public to remain cautious when sharing personal information online or on social media. Users should regularly review bank statements for unusual activity, use strong and unique passwords, carefully verify banking website URLs before logging in, and remain alert to phishing attempts or suspicious calls.

Read more »
Ransomware
Cyber Crime CyberCrime Data Fraud India NCRB Ransomware

India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report

 

The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is now a high‑risk ransomware and dark‑web ecosystem within the Asia‑Pacific region. 

NCRB data and growth trend 

The report suggests that NCRB’s “Crime in India” figures show an alarming and persistent increase in reported cybercrimes, increasing from just above 52,000 cases in 2021 to beyond 86,000 cases by 2023, owing to increased digitization, online payments and use of mobile internet. This is a 31.2% year-on-year increase between 2022 and 2023 alone and the country’s cybercrime rate has increased from 4.8 to 6.2 cases per lakh population. 

Fraud is the most prevalent motive, making up almost 69% of all cybercrime incidents in 2023, followed by sexual exploitation, and extortion, highlighting that attackers mainly prey on financial and personal vulnerabilities. States such as Karnataka, Telangana and Uttar Pradesh account for a large number of cases, reflecting higher IT penetration, urbanisation and digital adoption.

Ransomware and dark-web activity

Beyond the raw figures of the NCRB, the report places India among an Asia‑Pacific threat map of sorts, drawing upon the Cyble Monthly Threat Landscape Report for July 2025, to show that India is still among the key targets for operators of ransomware. It cited the Warlock ransomware group for targeting an India-based manufacturing firm, exfiltrating HR, financial, and design data, which was then used for extortion and exposure.

The report also notes dark‑web listings advertising unauthorized access to an Indian telecom network for around US$35,000, including credentials and critical operational details, highlighting the commoditization of network breaches. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims in the observed period, with India and the Philippines close behind, and manufacturing, government, and critical infrastructure sectors bearing the brunt of attacks. 

Additionally, South Asia is experiencing ideologically driven attacks, exemplified by the pro‑India Team Pelican Hackers, which claimed breaches of major Pakistani research and academic institutions. These campaigns blur the line between classic cybercrime and geopolitical conflict, indicating that Indian networks face both profit‑motivated and politically motivated breachs.
Read more »
Technology
Financial Breach Fraud OTPs phishing Scam Scammers Technology

Smarter Scams, Sharper Awareness: How to Recognize and Prevent Financial Fraud in the Digital Age




Fraud has evolved into a calculated industry powered by technology, psychology, and precision targeting. Gone are the days when scams could be spotted through broken English or unrealistic offers alone. Today’s fraudsters combine emotional pressure with digital sophistication, creating schemes that appear legitimate and convincing. Understanding how these scams work, and knowing how to respond, is essential for protecting your family’s hard-earned savings.


The Changing Nature of Scams

Modern scams are not just technical traps, they are psychological manipulations. Criminals no longer rely solely on phishing links or counterfeit banking apps. They now use social engineering tactics, appealing to trust, fear, or greed. A scam might start with a call pretending to be from a government agency, an email about a limited investment opportunity, or a message warning that your bank account is at risk. Each of these is designed to create panic or urgency so that victims act before they think.

A typical fraud cycle follows a simple pattern: an urgent message, a seemingly legitimate explanation, and a request for sensitive action, such as sharing a one-time password, installing a new app, or transferring funds “temporarily” to another account. Once the victim complies, the attacker vanishes, leaving financial and emotional loss behind.

Experts note that the most dangerous scams often appear credible because they mimic official communication styles, use verified-looking logos, and even operate fake customer support numbers. The sophistication makes these schemes particularly hard to spot, especially for first-time investors or non-technical individuals.


Key Red Flags You Should Never Ignore

1. Unrealistic returns or guarantees: If a company claims you can make quick, risk-free profits or shows charts with consistent gains, it’s likely a setup. Real investments fluctuate; only scammers promise certainty.

2. Pressure to act immediately: Whether it’s “only minutes left to invest” or “pay now to avoid penalties,” urgency is a manipulative tactic designed to prevent logical evaluation.

3. Requests to switch apps or accounts: Authentic businesses never ask customers to transfer funds into personal or unfamiliar accounts or to download unverified applications.

4. Emotional storylines: Fraudsters know how to exploit emotions. They may pretend to be in love, offer fake job opportunities, or issue fabricated legal threats, all aimed at overriding rational thinking.

5. Asking for security codes or OTPs: No genuine financial institution or digital platform will ever ask for these details. Sharing them gives scammers direct access to your accounts.


Simple Steps to Build Financial Safety

Protection from scams starts with discipline and awareness rather than advanced technology.

• Take a moment before responding. Don’t act out of panic. Pause, think, and verify before clicking or transferring money.

• Verify independently. If a message or call appears urgent, reach out to the organization using contact details from their official website, not from the message itself.

• Activate alerts and monitor accounts. Keep an eye on all transactions. Early detection of suspicious activity can prevent larger losses.

• Use multi-layered security. Enable multi-factor authentication on all major financial accounts, preferably using hardware security keys or authentication apps instead of SMS codes.

• Keep your digital environment clean. Regularly update your devices, operating systems, and browsers, and use trusted antivirus software to block potential malware.

• Install apps only from reliable sources. Avoid downloading apps or investment platforms shared through personal messages or unverified websites.

• Educate your family. Many scam victims are older adults who may hesitate to talk about it. Encourage open communication and make sure they know how to recognize suspicious requests.


Awareness Is the New Security

Technology gives fraudsters global reach, but it also equips users with tools to fight back. Secure authentication systems, anti-phishing filters, and real-time transaction alerts are valuable but they work best when combined with personal vigilance.

Think of security like investment diversification: no single tool provides complete protection. A strong defense requires a mix of cautious behavior, verification habits, and awareness of evolving threats.


Your Takeaway

Scammers are adapting faster than ever, blending emotional manipulation with technical skill. The best way to counter them is to slow down, question everything that seems urgent or “too good to miss,” and confirm information before taking action.

Protecting your family’s financial wellbeing isn’t just about saving or investing wisely, it’s about staying alert, informed, and proactive. Remember: genuine institutions will never rush you, threaten you, or ask for confidential information. The smartest investment today is in your awareness.


Read more »
Software
FBI financial transactions Fraud phantom hacker Privacy schemes Software

FBI Warns Against Screen Sharing Amid Rise in “Phantom Hacker” Scam

 



The Federal Bureau of Investigation (FBI) has issued an urgent alert about a fast-spreading scam in which cybercriminals gain access to victims’ devices through screen-sharing features, allowing them to steal money directly from bank accounts.

Known as the “phantom hacker” scheme, the fraud begins with a phone call or message that appears to come from a legitimate bank or support service. The caller warns that the user’s account has been compromised and offers to “help” by transferring funds to a secure location. In reality, the transfer moves the victim’s money straight to the attacker’s account.

Traditionally, these scams relied on tricking users into installing remote-access software, but the FBI now reports a troubling shift. Scammers are increasingly exploiting tools already built into smartphones, specifically screen-sharing options available in widely used communication apps.

One such example involves WhatsApp, a messaging service used by over three billion people worldwide. The app recently introduced a screen-sharing feature during video calls, designed for legitimate collaboration. However, this function also allows the person on the other end of the call to see everything displayed on a user’s screen, including sensitive details such as login credentials and banking information.

Although WhatsApp notifies users to only share their screens with trusted contacts, attackers often use social engineering to bypass suspicion. The FBI notes that fraudsters frequently begin with a normal phone call before requesting to continue the conversation over WhatsApp, claiming that it offers greater security. Once the victim joins the call and enables screen sharing, scammers can observe financial transactions in real time without ever needing to install malicious software.

Experts emphasize that encryption, while essential for privacy, also prevents WhatsApp or any external authority from monitoring these fraudulent activities. The FBI therefore urges users to remain cautious and to never share their screen, banking details, or verification codes during unsolicited calls.

Cybersecurity professionals advise that individuals should hang up immediately if asked to join a video call or screen-sharing session by anyone claiming to represent a bank or technology company. Instead, contact the organization directly through verified customer-care numbers or official websites. Reporting suspicious incidents can also help prevent future cases.

The scale of financial fraud has reached alarming levels in the United States. According to new findings from the Aspen Institute, scams now cost American households over $158 billion annually, prompting calls for a national strategy to combat organized online crime. More than 80 leaders from public and private sectors have urged the creation of a National Task Force on Fraud and Scam Prevention to coordinate efforts between government bodies and financial institutions.

This rise in screen-sharing scams highlights the growing sophistication of cybercriminals, who are increasingly using everyday digital tools for exploitation. As technology advances, experts stress that public vigilance, real-time verification, and responsible digital habits remain the strongest defenses against emerging threats.



Read more »
Hacking
arrest Bangladesh Breach Court Cyber Security Data E-Commerce Evaly Fraud Hacking

Evaly Website Allegedly Hacked Amid Legal Turmoil, Hacker Threatens to Leak Customer Data

 

Evaly, the controversial e-commerce platform based in Bangladesh, appeared to fall victim to a cyberattack on 24 May 2025. Visitors to the site were met with a stark warning reportedly left by a hacker, claiming to have obtained the platform’s customer data and urging Evaly staff to make contact.

Displayed in bold capital letters, the message read: “HACKED, I HAVE ALL CUSTOMER DATA. EVALY STAFF PLEASE CONTACT 00watch@proton.me.” The post included a threat, stating, “OR ELSE I WILL RELEASE THIS DATA TO THE PUBLIC,” signaling the potential exposure of private user information if the hacker’s demand is ignored.

It remains unclear what specific data was accessed or whether sensitive financial or personal details were involved. So far, Evaly has not released any official statement addressing the breach or the nature of the compromised information.

This development comes on the heels of a fresh wave of legal action against Evaly and its leadership. On 13 April 2025, state-owned Bangladesh Sangbad Sangstha (BSS) reported that a Dhaka court handed down three-year prison sentences to Evaly’s managing director, Mohammad Rassel, and chairperson, Shamima Nasrin, in a fraud case.

Dhaka Metropolitan Magistrate M Misbah Ur Rahman delivered the judgment, which also included fines of BDT 5,000 each. The court issued arrest warrants for both executives following the ruling.

The case was filed by a customer, Md Rajib, who alleged that he paid BDT 12.37 lakh for five motorcycles that were never delivered. The transaction took place through Evaly’s website, which had gained attention for its deep discount offers and aggressive promotional tactics.
Read more »
Security
AI Banking Biometrics Cyber Crime Fintech Fraud identity Payments Scams Security

Account Takeover Fraud Surges as Cybercriminals Outpace Traditional Bank Defenses

 

As financial institutions bolster their fraud prevention systems, scammers are shifting tactics—favoring account takeover (ATO) fraud over traditional scams. Instead of manipulating victims into making transactions themselves, fraudsters are bypassing them entirely, taking control of their digital identities and draining funds directly.

Account takeover fraud involves unauthorized access to an individual's account to conduct fraudulent transactions. This form of cybercrime has seen a sharp uptick in recent years as attackers use increasingly advanced techniques—such as phishing, credential stuffing, and malware—to compromise online banking platforms. Conventional fraud detection tools, which rely on static behavior analysis, often fall short as bad actors now mimic legitimate user actions with alarming accuracy.

According to NICE Actimize's 2025 Fraud Insights U.S. Retail Payments report, the share of account takeover incidents has increased in terms of the total value of fraud attempts between 2023 and 2024. Nevertheless, scams continue to dominate, making up 57% of all attempted fraud transactions.

Global financial institutions witnessed a significant spike in ATO-related incidents in 2024. Veriff's Identity Fraud Report recorded a 13% year-over-year rise in ATO fraud. FinCEN data further supports this trend, revealing that U.S. banks submitted more than 178,000 suspicious activity reports tied to ATO—a 36% increase from the previous year. AARP and Javelin Strategy & Research estimated that ATO fraud was responsible for $15.6 billion in losses in 2024.

Experts emphasize the need to embrace AI-powered behavioral biometrics, which offer real-time identity verification by continuously assessing how users interact with their devices. This shift from single-point login checks to ongoing authentication enables better threat detection while enhancing user experience. These systems adapt to variables such as device type, location, and time of access, supporting the NIST-recommended zero trust framework.

"The most sophisticated measurement approaches now employ AI analytics to establish dynamic baselines for these metrics, enabling continuous ROI assessment as both threats and solutions evolve over time," said Jeremy London, director of engineering for AI and threat analytics at Keeper Security.

Emerging Fraud Patterns
The growth of ATO fraud is part of a larger evolution in cybercrime tactics. Cross-border payments are increasingly targeted. Although international wire transfers declined by 6% in 2024, the dollar value of fraud attempts surged by 40%. Fraudsters are now focusing on high-value, low-volume transactions.

One particularly vulnerable stage is payee onboarding. Research shows that 67% of fraud incidents were linked to just 7% of transactions—those made to newly added payees. This finding suggests that cybercriminals are exploiting the early stages of payment relationships as a critical vulnerability.

Looking ahead, integrating multi-modal behavioral signals with AI-trained models to detect sophisticated threats will be key. This hybrid approach is vital for identifying both human-driven and synthetic fraud attempts in real-time.
Read more »
SSA
Cybersecurity Datatheft Fraud IdentityTheft malware phishing remotetool Scam screenconnect SSA

Cybercriminals Target Social Security Users with Sophisticated Phishing Scam

 

A new wave of phishing attacks is exploiting public trust in government agencies. Cybercriminals are sending fraudulent emails that appear to come from the Social Security Administration (SSA), aiming to trick recipients into downloading a remote access tool that gives hackers full control over their computers, according to a report by Malwarebytes.

The scam emails, often sent from compromised WordPress websites, claim to offer a downloadable Social Security statement. However, the entire message is typically embedded as an image—a tactic that allows it to bypass most email filters. Clicking on the link initiates the installation of ScreenConnect, a powerful malware tool that enables attackers to infiltrate your device remotely.

The campaign has been attributed to a phishing group known as Molatori, whose goal is to extract personal, banking, and other sensitive information. “Once in, the attackers can steal your data, commit financial fraud, and engage in identity theft,” the report warns.

To avoid falling victim, experts suggest staying alert to red flags. These scam emails often contain poor grammar, missing punctuation, strange formatting, and unusual colour schemes for links. Such errors—evident in screenshots shared by Malwarebytes and the SSA—are clear signs of a scam, even as AI-driven tactics make phishing attempts more convincing than ever.

“If you want to view your Social Security statement, the safest option is to visit ssa.gov,” the SSA advises.

What to Do If  You're Targeted:

  • Cut off all communication with the scammer
  • Report the incident to the SSA Office of the Inspector General (OIG)
  • File a report with your local police
  • If you've lost money, submit a complaint to the FBI’s Internet Crime Complaint Center (IC3)

As phishing threats continue to evolve, cybersecurity awareness remains your best defense.


Read more »
kill chain
Barclays Cyber Security Fraud kill chain

Barclays Introduces New Step-by-Step Model to Tackle Modern Fraud

 


Banks and shops are facing more advanced types of fraud that mix online tricks with real-world scams. To fight back, experts from Barclays and a security company called Threat Fabric have created a detailed model to understand how these frauds work from start to finish. This system is called a fraud kill chain, and it helps organizations break down and respond to fraud at every stage.


What Is a Kill Chain?

The kill chain idea originally came from the military. It was used to describe each step of an attack so it could be stopped in time. In 2011, cybersecurity experts started using it to map out how hackers attack computer systems. This helped security teams block online threats like viruses, phishing emails, and ransomware.

But fraud doesn’t always follow the same patterns as hacking. It often includes human error, emotional tricks, and real-life actions. That’s why banks like Barclays needed a different version of the kill chain made specifically for financial fraud.


Why Fraud Needs a New Framework

Barclays noticed a new type of scam using tap-to-pay systems—also known as NFC, or near-field communication. This technology lets people pay by simply tapping their cards or phones. Criminals found ways to misuse this by copying the signals and using them without permission.

When Barclays and Threat Fabric studied these scams, they realized that the NFC trick was just one part of a larger process. There were many steps before and after it. But there was no clear way for banks and retailers to explain or share all this information. So, they created a new model to organize it all.


How the Fraud Kill Chain Works

The new fraud kill chain has ten steps. It starts with the fraudsters gathering data about victims and moves through stages like emotional manipulation, fake messages, stealing passwords, getting into accounts, and finally taking and hiding the money. Each of these steps includes different tricks and techniques.

For example, a scam might begin with a fake text message asking the victim to click a link. Once the victim enters their details, criminals can add their card to a device and make payments from far away. This kind of attack is sometimes called a ghost tap.


Retailers Use Their Own Version

Retail companies like Target are also building similar models. They’ve found that even simple scams, like messing with gift cards, involve many people and actions. Without a clear way to describe each part, it's hard for teams to stop them in time.

By using a structured approach to fraud, companies can better understand how scams happen, spot weak points, and stop future attacks. This new model helps everyone speak the same language when it comes to stopping fraud—and protects people from losing their money.

Read more »
Subscribe to: Comments (Atom)