Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Money Transfer. Show all posts

Fallen Victim to Zelle Scams During the Holiday Season

Identity theft is a serious concern at a time of rapid technology development and digital commerce. It becomes essential to strengthen our defenses against potential cyber threats as we negotiate the complexities of internet platforms and financial services. Identity protection must be prioritized immediately, as shown by several recent instances. 

A thorough analysis by CNET states that as more people become aware of the significance of protecting their personal information online, there is a growing demand for identity theft protection services. The paper emphasizes that because hackers have become more skilled, protecting sensitive data needs to be done proactively.

The holiday season, a time of increased financial activity, poses additional challenges. Fraudsters exploit popular money transfer services like Zelle, Venmo, and Cash App during this period. As we enter 2023, it is crucial to be aware of potential threats and adopt preventive measures. Emily Mason's analysis serves as a wake-up call, urging users to exercise caution and be vigilant in protecting their accounts.

One of the prevalent scams involves Zelle, as reported by sources. Victims of Zelle scams find themselves ensnared in a web of financial deceit, with the aftermath often leaving them grappling for solutions. Refund scams, in particular, have become a cause for concern, prompting financial experts to emphasize the need for enhanced security measures and user education.

To fortify your defenses against identity theft and financial fraud, consider implementing the following recommendations:
  • Employ Robust Identity Theft Protection Services: Invest in reputable identity theft protection services that monitor your personal information across various online platforms.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This additional step can thwart unauthorized access attempts.
  • Stay Informed and Vigilant: Keep abreast of the latest scams and fraud techniques. Awareness is your first line of defense.
  • Regularly Monitor Financial Statements: Review your bank and credit card statements regularly for any suspicious activity. Promptly report any discrepancies to your financial institution.
  • Educate Yourself on Common Scams: Familiarize yourself with the modus operandi of common scams, such as refund fraud and phishing attempts, to recognize and avoid potential threats.
Safeguarding your identity in the constantly changing world of digital transactions is a shared duty between users and the platforms they use. People can greatly lower their chance of being victims of identity theft and financial fraud by being informed and taking preventative action. As technology develops, maintaining the integrity of our personal data increasingly depends on taking a proactive approach to security.

PayPal Bug Enables Attackers to Exfiltrate Cash from Users’ Account

 

Malicious actors could exploit a new unpatched security vulnerability in PayPal's money transfer, a security researcher, named h4x0r_dz, claimed. The security flaw enables attackers to trick victims into unintentionally completing transactions directed by the attacker with a single click, also known as Clickjacking. 

Clickjacking, also called UI redressing, refers to a methodology wherein an unsuspecting user is deceived into clicking seemingly harmless webpage elements like buttons with the motive of installing malware, redirecting to malicious websites, or revealing private information. 

This kind of assault leverages an invisible overlay page or HTML element displayed on top of the visible page. Upon clicking on the legitimate page, victims are clicking the element controlled by the attackers that overlay the legitimate content. 

"Thus, the attacker is 'hijacking' clicks meant for [the legitimate] page and routing them to another page, most likely owned by another application, domain, or both," a security researcher explained in a blog post documenting the findings. 

h4x0r_dz reported the bug to the PayPal bug bounty program seven months ago in October 2021, demonstrating that malicious actors can steal users’ money by exploiting Clickjacking. The researcher identified the security flaw on the “www.paypal[.]com/agreements/approve” endpoint, which was designed for the Billing Agreements. 

The endpoint should only receive billingAgreementToken, according to the expert, however, this is not the case. 

"This endpoint is designed for Billing Agreements and it should accept only billingAgreementToken," the researcher stated. "But during my deep testing, I found that we can pass another token type, which leads to stealing money from [a] victim's PayPal account." 

This indicates that an attacker could embed the aforementioned endpoint inside an iframe, causing a victim already logged in to a web browser to switch funds to an attacker-controlled PayPal account merely at the press of a button. Even more alarming is the possibility that the assault may have resulted in disastrous consequences in online portals that link with PayPal for checkouts, enabling the threat actor to steal arbitrary amounts from customers' PayPal accounts.

"There are online services that let you add balance using PayPal to your account," the researcher added. "I can use the same exploit and force the user to add money to my account, or I can exploit this bug and let the victim create/pay Netflix account for me!"