Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fraudsters. Show all posts
Technology
AAP AI Artificial Intelligence cryptocurrency scams cyber literacy Cybersecurity Experts Fraudsters Law Enforcement online financial scams Pacific Islands Social Media Technology

Analysis: AI-Driven Online Financial Scams Surge

 

Cybersecurity experts are sounding the alarm about a surge in online financial scams, driven by artificial intelligence (AI), which they warn is becoming increasingly difficult to control. This warning coincides with an investigation by AAP FactCheck into cryptocurrency scams targeting the Pacific Islands.

AAP FactCheck's analysis of over 100 Facebook accounts purporting to be crypto traders reveals deceptive tactics such as fake profile images, altered bank notifications, and false affiliations with prestigious financial institutions.

The experts point out that Pacific Island nations, with their low levels of financial and media literacy and under-resourced law enforcement, are particularly vulnerable. However, they emphasize that this issue extends globally.

In 2022, Australians lost over $3 billion to scams, with a significant portion involving fraudulent investments. Ken Gamble, co-founder of IFW Global, notes that AI is amplifying the sophistication of scams, enabling faster dissemination across social media platforms and rendering them challenging to combat effectively.

Gamble highlights that scammers are leveraging AI to adapt to local languages, enabling them to target victims worldwide. While the Pacific Islands are a prime target due to their limited law enforcement capabilities, organized criminal groups from various countries, including Israel, China, and Nigeria, are behind many of these schemes.

Victims recount their experiences, such as a woman in PNG who fell prey to a scam after her relative's Facebook account was hacked, resulting in a loss of over 15,000 kina.

Dan Halpin from Cybertrace underscores the necessity of a coordinated global response involving law enforcement, international organizations like Interpol, public awareness campaigns, regulatory enhancements, and cross-border collaboration.

Halpin stresses the importance of improving cyber literacy levels in the region to mitigate these risks. However, Gamble warns that without prioritizing this issue, fueled by AI advancements, the situation will only deteriorate further.
Read more »
Stolen Credentials
Cyber Fraud data security Fraudsters Safety Scam Stolen Credentials

The Infamous Cybercrime Marketplace Now Offers Pre-order Services for Stolen Credentials

 

In accordance with Secureworks, info stealer malware, which consists of code that infects devices without the user's knowledge and steals data, is still widely available for purchase through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing at alarming rates. 

Between June 2021 and May 2023, the Russian market alone grew by 670%. “Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access,” said Don Smith, VP of threat research, Secureworks CTU. 

“They are readily available for purchase, and within as little as 60 seconds of installation on an infected computer will immediately generate a return on investment in the form of stolen credentials and other sensitive information. However, what has really changed the game, as far as info stealers are concerned, is improvements in the various ways that criminals use to trick users into installing them. That, coupled with the development of dedicated marketplaces to sell and purchase this stolen data, has really upped the ante,” added Smith. 

Researchers at Secureworks examined the most recent trends in the underground info stealer market, including how this sort of malware is growing more complex and harder to detect, offering a challenge to corporate network defenders. Among the key findings are:

The number of info stealer logs for sale on underground forums grows with time. The number of logs for sale on the Russian market alone surged by 150% in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

The overall growth rate for the number of logs for sale on the Russian market was 670% over a roughly two-year period (measured on a single day in June 2021 and a single day in May 2023).

The Russian market continues to be the largest seller of info stealer logs. At the time of writing, Russian Market has five million logs for sale, which is around ten times more than its nearest competitor.t is well-known among Russian cybercriminals and is often utilized by threat actors globally. Recently, Russian Market has included logs from three new thieves, indicating that the site is adapting to the ever-changing e-crime scenario.

Raccoon, Vidar, and Redline remain the top three info stealer logs for sale. On a single day in February, the following logs, or data sets of stolen credentials, were for sale among these popular info stealers on the Russian Market:
  • The number of raccoons is 2,114,549.
  • Vidar: 1,816,800
  • The redline is 1,415,458.
The recent law enforcement effort against Genesis Market and Raid Forums has influenced the behavior of cybercriminals. Telegram has benefited from this, with more log buying and trading going to specialized Telegram channels for prominent stealers like RedLine, Anubis, SpiderMan, and Oski Stealer. Despite the arrests of several users and the removal of 11 domains affiliated with Genesis Market, the Tor site remains operating, with logs still for sale.

However, activity on the marketplace has nearly ceased, as criminals have begun debating the matter on underground forums, raising concerns about the platform's reliability. A rising market has evolved to address the demand for after-action solutions that aid with log parsing, a time-consuming and difficult operation that is often left to more experienced hackers.

As the number of info stealers and available logs grows, these tools are expected to become more popular and assist to decrease the entry barrier. The successful development and deployment of info stealers, like the overall cybercrime ecosystem, depends on individuals with diverse skills, jobs, and responsibilities. The growth of malware-as-a-service has encouraged developers to innovate in order to better their products and appeal to a broader spectrum of clients.

For example, Russian Market now allows customers to preorder stolen credentials for a certain organization, business, or program for a $1,000 deposit into the site's escrow mechanism. The pre-order service offers no guarantees but allows crooks to progress from opportunistic to targeted.

“What we are seeing is an entire underground economy and supporting infrastructure built around infostealers, making it not only possible but also potentially lucrative for relatively low skilled threat actors to get involved. Coordinated global action by law enforcement is having some impact, but cybercriminals are adept at reshaping their routes to market,” continued Smith.

“Ensuring that you implement multi-factor authentication to minimize the damage caused by the theft of credentials, being careful about who can install third-party software and where it is downloaded from, and implementing comprehensive monitoring across host, network and cloud are all key aspects of a successful defense against the threat of infostealers,” concluded Smith.

Phishing, compromised websites, malicious software downloads, and Google advertisements can all be used to install info stealers on a computer or device. Stolen credentials accounted for nearly one-tenth of the incident response engagements Secureworks was involved in 2022, and were the initial access vector (IAV) for more than a third (34%) of ransomware engagements from April 2022 to April 2023.
Read more »
Security
Cyber Fraud Fraud Fraudsters Mobile Numbers Safety Scam Security

Police Blocked 20K+ Mobile Numbers Issued on Fake Papers

 

In accordance with a police officer, Haryana Police's cyber nodal unit has blocked 20,545 mobile phones issued on fraudulent and counterfeit paperwork. According to a Haryana police spokesman, the majority of the blocked SIM cards were issued in Andhra Pradesh, with West Bengal and Delhi following closely behind. 

Similarly, the police have detected and reported on the portal more than 34,000 cellphone numbers involved in cyber fraud operating across the state, including 40 hotspot villages in Nuh district. 

“At the same time, the remaining 14,000 mobile numbers involved in cyber fraud will also be blocked soon through the Department of Telecom, Government of India,” the police officials said.

A police official told reporters today that the state crime division is currently monitoring all mobile numbers implicated in cybercrime and is collecting reports from districts on a daily basis. He stated that 102 teams of 5000 Haryana Police officers recently stormed 14 cybercrime hotspot villages in the Nuh district.

“For this reason, at present, Haryana is at the top position in blocking mobile numbers used in cyber fraud. At present more attention is being given to such areas and villages from where cyber fraud incidents are being carried out. Recently, 102 teams of 5000 policemen of Haryana Police raided 14 cybercrime hotspots villages in Nuh district,” he added.

He further stated that Andhra Pradesh has issued the most cellphone numbers implicated in cybercrime, and that they are being used to commit cybercrime in the state.

“Currently, out of the total identified mobile numbers issued on Fake ID, a maximum of 12,822 mobile numbers have been issued from Andhra Pradesh, 4365 from West Bengal, 4338 from Delhi, 2322 from Assam, 2261 from North East states and 2490 from Haryana state. All the numbers are currently operating from different areas of Haryana and the same has been intimated to the Department of Telecom to block them,” he added.

OP Singh, Chief of the State Crime Branch and Additional Director General of Police, stated that the state crime branch, as the state nodal agency for cybercrime, has a team of 40 highly skilled cyber police personnel who have been deployed at helpline 1930 to quickly register reported incidents and collect relevant data.
Read more »
RedZei
Chinese Students Cyber campaign Cyber Scams Cyber Security Fraudsters RedZei

RedZei Group Targets Chinese Students in U.K.

 


Chinese students studying in the UK have been one of the most common targets of scammers. RedZei (aka RedThief) Group, a Chinese-speaking scammer group that operates online and is becoming more common these days, bypasses all the precautions that users and service providers have taken to prevent scams.  

This is how it works

Chinese students were fooled into paying millions of dollars to avoid deportation as part of a visa scam, according to a report in The Guardian.  According to researchers, this incident is likely to be the result of the RedZei campaign that began in August of last year. 

Redzepi fraudsters carefully selected their victims by researching them, they also sought out a potential victim who was wealthy enough to be a profitable target. Fraudsters would use new pay-as-you-go U.K. phone numbers for each wave of the attack to bypass the phone number-based blocking on each wave. There are several mobile carriers used by the attackers, such as Telia, Three, EE, O2, and Tesco Mobile, with which they move between SIM cards.  


The Use of Voicemail and Other Tricks

As part of the operation, a UK phone number would be used to contact each targeted student once or twice every month. An unusual automated voicemail is left if these calls are not answered. 

Students are being steered into revealing their personal information by voicemails. These voicemails impersonate China Mobile, the Bank of China, and the Chinese embassy to social engineer them into doing so. In addition, there are also voicemail messages that are posed as voicemails from Chinese government officials. 

These include the Chinese Ministry of Industry and Information Technology, the Chinese Embassy in the United Kingdom, and the Chinese Communications Administration. Additionally, courier services such as DHL and Royal Mail can be used to distribute such messages. Aside from these themes, RedZei has also adopted other themes, such as abnormally high NHS number usage and DHL international delivery of parcels. 

Keep yourself as safe as possible

It appears that RedZei started this tremendously profitable campaign in August 2019. The scam was an attempt to deceive Chinese international students by duping them into transferring enormous amounts of money. This was so that they could avoid deportation to save their lives.

If any scam of this nature is suspected by students, they are advised to report it to the university as soon as possible. This will enable them to stay vigilant against such frauds. Moreover, universities can also share information regarding scams that target international students and keep them posted on the same.
Read more »
Sextortion
Bank fraud Cyber Crime Cyberattacks CyberCrime Frauds Fraudsters India Malicious actor Sextortion

Mewat: The New Cybercrime Hub in India

 

The Mewat region, situated between the Rajasthan and Haryana states of India is emerging as the new cyber fraud hub in India. 
 
After Jamtara, the infamous hotspot for cyber fraud cases where the young fraudsters involved in the racket would acquire SIM cards, open bank accounts, and dupe victims by posing as bank officials or representatives of telecom service providers, Mewat fraudsters have turned up with more malicious ways to dupe the online victims. 
 
Apparently, the Mewat fraudsters leverage sextortion, a blackmail category of cybercrime, as a weapon in order to deceive victims. 
 
The scammers target online victims while posing as young women, engaging them in conversations, and enticing the targets into sharing sexually explicit images. The scam is then followed by victims being threatened to leak the shared images unless paid.  
 
On being asked about the case's method of operation, Yusuf, one of the suspects held for the charges of sextortion revealed his gang's modus operandi. 
 
“It starts by writing a ‘hi’. He (the target) would usually ask about a video call. I’d do the video call. He’d be lured into going explicit. The woman on the phone does the same,” Yusuf says. 
 
On being asked about the ‘woman', Yusuf tells the investigating officer “It’s (actually the video) on the other phone. That device is placed right under the back camera of my phone, with a video of a woman playing over. It’s like a web call.” 
 
Reportedly, a phone on the other side uses screen recording software in order to capture the events. The victims are then threatened, and if they comply, the money is typically credited into a third party's account. 

In another cyber fraud case, a suspect was held for duping online victims via digital marketplaces.  
 
The scammer, Rahul Khan explains his fraud tactics as: Advertising expensive products for sale at deep discounts on online marketplaces such as OLX, claiming to be certain defence personnel, and fabricating a plausible story about distress. 
 
With the stats going higher in recent years, India recorded a total of 52,974 cases of cybercrime in 2021, up from 50,035 in 2020, 44,735 in 2019, and 27,248 in 2018.  
 
As per a report by the National Crime Records Bureau, nearly 60 percent of similar cybercrime cases were witnessed, pertaining to fraud followed by sexual exploitation (8.6 percent) and extortion (5.4 percent) in 2021.
Read more »
Scammers
Cyber Fraud Fraudsters phishing PyPI Package Scam Scam Emails Scammers

PyPI Alerts of First-ever Phishing Campaign Against its Users

 

The Python Package Index, PyPI, issued a warning this week about an ongoing phishing campaign aimed at stealing developer credentials and injecting malicious updates into the repository's packages.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI.” states the warning.

The phishing messages are intended to trick recipients into clicking a link in order to comply with a new Google mandatory validation process for all packages. Recipients are urged to complete the validation process by September to avoid having their packages removed from PyPI.

When users click the link, they are taken to a Google Sites landing page that looks similar to PyPI's login page. After obtaining the user account credentials, the attackers were able to push malicious updates to legitimate packages.

“The phishing attempt and the malicious packages are linked by the domain linkedopports[.]com, which appears in the malicious package code and also functions as the location to which the phishing site tries to send the stolen credentials.” reads the analysis published by Checkmarx.

This campaign's malicious packages attempt to download and execute a file from the URL hxxps:/python-release[.]com/python-install.scr. The packages had a low detection rate at the time of discovery; the malicious code is digitally signed and unusually large (63MB) in an attempt to evade AV detection).

The researchers also discovered another domain associated with this attacker's infrastructure, "ledgdown[.]com," which was registered under the same IP address. This domain masquerades as the official website of the cryptocurrency assets app "ledger live."
`
“This is another step in the attacks against open source packages and open source contributors.” concludes the post. “We recommend checking your network traffic against the IOCs listed below and as always, encouraging contributors to use 2FA.”

PyPI announced that it is revising its eligibility requirements for the hardware security key programme in the aftermath of the phishing attack. Any maintainer of a critical project, regardless of whether they already have TOTP-based 2FA enabled, it said.
Read more »
URL Shortener
Cyber Fraud Fraudsters phishing Reverse Tunneling Safety Scammers Scams URL Shortener

Reverse Tunnelling & URL Shortening Services Used in Evasive Phishing

 

Researchers are detecting an increase in the usage of reverse tunnel services, as well as URL shorteners, for large-scale phishing operations, leaving malicious activity more difficult to detect. This strategy differs from the more typical practise of registering domains with hosting providers, who are more inclined to answer complaints and remove phishing sites. 

Threat actors can use reverse tunnels to host phishing websites locally on their own computers and route connections through an external service. They can evade detection by using a URL shortening service to produce new links as frequently as they desire. Many phishing URLs are renewed in less than 24 hours, making tracing and eliminating the domains more complex. 

CloudSEK, a digital risk prevention company, has seen a rise in the number of phishing efforts that combine reverse tunnelling and URL shortening services. According to a report shared with BleepingComputer by the business, researchers discovered more than 500 sites hosted and disseminated in this manner. CloudSEK discovered that the most extensively misused reverse tunnel services are Ngrok, LocalhostRun, and Cloudflare's Argo. They also saw an increase in the use of URL shortening services such as Bit.ly, is.gd, and cutt.ly. 

Reverse tunnel services protect the phishing site by managing all connections to the local server where it is housed. The tunnel service resolves any incoming connections and forwards them to the local computer. Victims who interact with these phishing sites have their personal data saved directly on the attacker's computer. Thus according to CloudSEK, the threat actor conceals the name of the URL, which is often a string of random characters, by utilising URL shorteners. 

As a result, a suspicious domain name is masked under a short URL. Opponents, according to CloudSEK, are disseminating these links using popular communication channels such as WhatsApp, Telegram, emails, SMS, or bogus social media pages. It is important to note that the abuse of these services is not new. 

In February 2021, for example, Cyble produced proof of Ngrok misuse. However, according to CloudSEK's results, the situation is worsening. CloudSEK discovered one phishing campaign that impersonated YONO, a digital banking platform provided by the State Bank of India. The attacker's URL was masked under "cutt[.]ly/UdbpGhs" and directed to the site "ultimate-boy-bacterial-generates[.]trycloudflare[.]com/sbi," which made advantage of Cloudflare's Argo tunnelling service. 

This phishing page asked for bank account information, PAN card numbers, Aadhaar unique identification numbers, and mobile phone numbers. CloudSEK did not disclose the effectiveness of this operation, but it did point out that threat actors seldom use the same domain name for more than 24 hours, however, they do recycle the phishing page designs.

"Even if a URL is reported or blocked, threat actors can easily host another page, using the same template" - CloudSEK 

This sensitive information may be sold on the dark web or utilised by attackers to deplete bank accounts. If the information comes from a business, the threat actor might use it to execute ransomware attacks or business email compromise (BEC) fraud. 

Users should avoid clicking on links obtained from unknown or dubious sources to protect themselves from this sort of danger. Manually typing a bank's domain name into the browser is an excellent way to avoid being exposed to a bogus website.
Read more »
Scammers
attackers Cyber Fraud Fraudsters Safety Scam Scam Alert Scammers

HR Manager of Private Company Duped of ₹28 Lakh

 

The cybercrime police are looking for a person who pretended to be the managing director of a private company and duped the firm's HR manager into transferring 28.8 lakh online before fleeing. 

On Sunday, the police lodged a case against the unknown individual, accusing him of different sections of the IT Act as well as cheating and impersonation under the IPC, based on a complaint filed by Nirmal Jain, the owner of the private enterprise. 

According to Mr. Jain's allegation, the accused sent a WhatsApp message to HR manager Thirupathi Rao pretending to be Paras Jain, the company's MD. The MD's image was on the WhatsApp profile, and the message stated that it was his personal number and that he was at a meeting and should not be disturbed. 

The individual then requested that Mr. Rao move the funds to three bank accounts online on an emergency basis. Mr. Rao followed the instructions and transferred a total of 28.89,807 to the private bank account numbers specified in the communication. When he told higher officials about the transactions, the scam was discovered. 

Based on the transaction information, the authorities are now attempting to locate the accused. This is a new trend among internet fraudsters who download the profile images of senior executives of organisations in order to scam their office staff, according to experts.
Read more »
Subscribe to: Posts (Atom)