Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Fraudulent Scheme. Show all posts

Scammers Employing Stolen Credit Card Data to Design Fake Websites

 

Cybersecurity researchers at ReasonLabs have unearthed a massive global multi-million dollar fraudulent scheme, operating since 2019. The number of victims including major firms like Amazon Web Services, Mastercard, and Visa is in the range of tens of thousands. 

Scammers methodology 

The fraudsters employed two types of websites, dating sites and customer support portals. When visiting the alleged firm’s websites, the researchers identified that the corporate sites either didn’t exist or had fake email addresses. The sites, although operational, didn’t receive massive traffic and were ranked very low in Google Search results, as their motive wasn’t to lure individuals, but allegedly to serve as a money laundering gateway. 

According to ReasonLabs cofounder and chief technology officer Andrew Newman, the domain structure and content of the websites were identical, indicating that were designed by automated tools. The customer support portals either use a fake identity or are created to impersonate real brands.  

The biggest hurdle of the fraudulent scheme was the registration of these fake sites as payment acquirers with the processors, who would typically classify them as “high risk”. To avoid being blacklisted, these sites introduced a 24/7 support chat system and a working telephone line, outsourced to a genuine support center provider. The sites also included a toll-free number for users if they want to cancel their payments which typically is not available on fraudulent websites. 

The researcher believes the scheme is operated from the middle of Europe or Russia, but the firm hasn't been able to fully verify the fraudsters' location. 

Tens of millions of dollars siphoned 

Once the legitimacy of the sites was approved, the scammers would tap into the pool of millions of stolen payment cards on the dark web (CC dumps), and charge them on the sites. The targeted cardholders were typically from the United States, but cards from French-speaking nations were also identified. 

Small amounts were being charged from the cards through recurring payments, using generic names blending with the victims’ spending habits. In some cases, the scammers charge the users back via the integrated “cancel subscription” system to artificially lower the charge-back rate and make their business seem authentic. 

By siphoning little amounts, this fraudulent scheme has been able to operate since 2019 without being discovered while generating tens of millions of dollars in revenue. The researchers randomly investigated several of the 275 fake websites, and unfortunately, they are all operating at the time of writing the article. Payment processors and law enforcement have reported the operation and are expected to take action soon.

Group-IB Found 140 Resources with Fraudulent Schemes under the Guise of Olympic Games Broadcasts

 

Group-IB experts have identified 140 resources in the network that, under the guise of live broadcasts of the Winter Olympic Games in Beijing, redirect users to fraudulent and phishing sites. Most of the dangerous resources are already blocked. 

"After the opening of the XXIV Winter Olympic Games in Beijing, the specialists of the Information Security Incident Response Center (CERT-GIB) found 140 active resources that were used to host illegal broadcasts, and therefore for scamming and phishing. In total, 289 sites could potentially be involved in the scheme," said experts. 

The largest fraudulent network is Kinohoot, which includes over a hundred resources. During the Summer Olympic Games in Tokyo, CERT-GIB specialists found 120 resources of the same type created for conducting fraudulent live broadcasts. 

Group-IB explained that the user sees on one of the pages of the hacked resource a video player window with an embedded link to the live broadcast and symbols of the Winter Olympic Games. Users must register, enter the phone numbers and indicate a special access code to watch the broadcast. This leads the victim to phishing resources. 

Attackers can offer users to participate in the drawing of free access to broadcasts, and to receive a cash prize, the user must pay a conversion fee, which is usually 300-500 rubles ($4-7), and enter bank card data on a phishing resource, or send an SMS to the specified number. Instead of broadcasting, the victim is connected to various paid services and subscriptions. 

"Such Internet scams have been known for quite a long time, but scammers constantly adjust their schemes to popular or significant events in the world and, of course, use newly registered domains for this. In this scheme, in order to gain the trust of the victim, the redirect is often placed on legitimate hacked sites, for example, universities (Ecuadorian Universidad Esp ritu Santo or Indonesian Universitas Muhammadiyah Yogyakarta), charitable foundations and non-profit organizations (African Studies Association)," said the head of CERT-GIB Alexandra Kalinina. 

Group-IB experts recommend to follow sporting contests of the Olympic Games only on official resources, as well as to be wary of draws and not to enter the data of bank cards and personal data on suspicious sites.

$50 Million Lost to Fraudsters Impersonating as Broker-Dealers

 

A California man admitted his involvement in a large-scale and long-running Internet-based fraud scam that allowed him and other fraudsters to drain about $50 million from hundreds of investors.

Between 2012 and October 2020 Allen Giltman, 56, and his co-conspirators constructed phoney websites to collect money from people via the internet by advertising various investment opportunities (mainly the purchase of certificates of deposit). 

According to court documents, "The Fraudulent Websites advertised higher than average rates of return on the CDs, which enhanced the attractiveness of the investment opportunities to potential victims. At times, the fraudulent websites were designed to closely resemble websites being operated by actual, well-known, and publicly reputable financial institutions; at other times, the fraudulent websites were designed to resemble legitimate-seeming financial institutions that did not exist." 

They advertised the phoney investment sites in Google and Microsoft Bing search results for phrases like "best CD rates" and "highest cd rates." The scammers pretended to be FINRA broker-dealers in interactions with victims seeking investment possibilities, claiming to be employed by the financial companies they imitated on the scam sites. 

They employed virtual private networks (VPNs), prepaid gift cards to register web domains, prepaid phones, and encrypted applications to interact with their targets, and false invoices to explain the huge wire transfers they obtained from their victims to mask their genuine identities during their fraud schemes. 

"To date, law enforcement has identified at least 150 fraudulent websites created as part of the scheme," the Justice Department stated. 

"At least 70 victims of the fraud scheme nationwide, including in New Jersey, collectively transmitted approximately $50 million that they believed to be investments." 

The charge of wire fraud conspiracy, which Giltman consented, carries a possible sentence of 20 years in jail, while the charge of securities fraud carries a maximum sentence of five years in prison. Both are punishable by fines of $250,000 or double the gross gain or loss from the offence, whichever is greater. Giltman is scheduled to be sentenced on May 10, 2022. 

Stay Vigilant

The FBI's Criminal Investigative Division and the Securities and Exchange Commission cautioned investors in July 2021 that scammers posing as registered financial professionals such as brokers and investment advisers were posing as them. 

The July alert came after FINRA issued a similar fraud alert the same week regarding broker imposter frauds involving phishing sites that impersonate brokers and faked SEC or FINRA registration documents. 

"Fraudsters may falsely claim to be registered with the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) or a state securities regulator in order to lure investors into scams, or even impersonate real investment professionals who actually are registered with these organizations," the FBI and SEC stated. 

Investors should first use the Investor.gov search engine to see if people marketing investment possibilities are licensed or registered, and then ensure they're not scammers by contacting the seller using independently confirmed contact information from the firm's Client Relationship Summary (Form CRS).

Consumers Warned of Rising Delivery Text Scams

 

Consumers are being advised to be wary of delivery scam texts while purchasing online for Christmas and Boxing Day sales. 

New research from cybersecurity firm Proofpoint shows that delivery 'smishing' scams are on the rise during the busiest shopping season of the year, according to UK Finance. So far in Q4, more than half (55.94%) of all reported smishing text messages impersonated parcel and package delivery firms. In Q4 2020, only 16.37 percent of smishing efforts were made. 

In comparison to Q4 2020, Proofpoint saw a considerable decrease in different types of smishing frauds in Q4 2021. Text scams mimicking financial institutions and banks, for example, accounted for 11.73 percent of all smishing attacks in 2021, compared to 44.57 percent in 2020. 

The information comes from Proofpoint's operation of the NCSC's 7726 text message system. Customers can use this method to report suspicious texts. 

Delivery smishing scams typically begin with a fraudster sending a bogus text message to the recipient alerting them that the courier was unable to make a delivery and demanding a charge or other information to rearrange. The consumer will be directed to a fake package delivery company's website, where they will be asked to provide personal and financial information. 

Following the significant development in online shopping during COVID-19, this form of scam has become increasingly common. Over two-thirds (67.4%) of all UK texts were reported as spam to the NCSC's 7726 text messaging system in the 30 days to mid-July 2021, according to Proofpoint. 

Which? revealed a very clever smishing fraud involving an extremely convincing DPD fake website in a recent investigation. 

Katy Worobec, managing director of economic crime at UK Finance, commented: “Scrooge-like criminals are using the festive season to try to trick people out of their cash. Whether you’re shopping online or waiting for deliveries over the festive period, it’s important to be on the lookout for scams. Don’t let fraudsters steal your Christmas – always follow the advice of the Take Five to Stop Fraud campaign and stop and think before parting with your information or money.” 

Steve Bradford, senior vice president EMEA at SailPoint, stated: “The sharp rise in text message scams – or smishing, which has increased tenfold compared to last year, should be a stark warning to the public. With parcel delivery scam texts expected to spike this Christmas, it’s clear cyber-criminals are using every opportunity available to target victims using new methods. This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterizes many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support."

“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities, and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.”

US District Court Shuts Down an International Psychic Mail Fraud Scheme

 

The US District Court for the Southern District of Florida shuts down an international psychic mail fraud scheme operated by three individuals and two companies. The scammers forked millions of dollars by selling the promise of good fortune to tens of thousands of US residents.

Last week, the United States District Court permanently barred three France residents and two corporate defendants from participating in mass mailing campaigns. The complaint alleges that Robert Lhez, Mireille Dayer, and Julie Poulleau, using Arcana Center, a company in Delaware, and a Swiss corporation named Partners VAD International Sàrl, sent hundreds of thousands of mailers across the United States. 

According to the Department of Justice Office of Public Affairs, the letters were purportedly sent on behalf of companies or individuals offering unwary consumers psychic, clairvoyant, or astrological services. Individuals covered by the scheme were told that they would make some money as soon as they paid the prepaid fee.

Furthermore, the Justice Department alleged that the scammers forked millions of dollars from tens of thousands of victims, primarily the elderly. Victims sent the scammers more than 34,000 payments totaling over $1.4 million from March 2017 to June 2018 alone. However, none of the victims who handed over their cash received any of the promised good fortune.

“These solicitations were riddled with false and misleading statements that gave the false impression that in exchange for payment of a small fee, typically of $45 or $50, the individual recipient would come into good fortune resulting in an imminent financial windfall through the lottery, inheritance or other game of chance,” said the Department of Justice Office of Public Affairs in a statement. 

The defendants “have been known to Postal Inspectors for years, constantly changing their fraudulent schemes in the attempt to stay one step ahead of the law,” stated Eric Shen, inspector in charge of the US Postal Inspection Service’s Criminal Investigations Group. 

Juan Antonio Gonzalez, acting US Attorney for the Southern District of Florida urged the US residents to remain vigilant and question promotions that seem too good to be true and report suspected fraud to law enforcement. 

“Beyond financial losses, predatory fraud schemes like this one lead to immense emotional suffering for victims. We urge the public to question promotions that seem too good to be true and immediately report suspected fraud to law enforcement,” Gonzalez advised.