Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Scam. Show all posts
pharma scam
Alkem Laboratories Cyber Fraud Cyber Security Email scam Financial Fraud Online Scam pharma scam

Alkem Laboratories Falls Victim to Rs 22.31 Crore Cyber Fraud

 

The pharmaceutical industry has been rocked by a major cyber fraud case, with Mumbai-based Alkem Laboratories suffering a financial loss of Rs 22.31 crore due to an elaborate scam. Fraudsters posed as executives from Alkem’s U.S. subsidiary, Ascend Laboratories LLC, to execute the scheme.

According to a Hindustan Times report, the incident began on October 27, 2023, when Alkem’s Mumbai office received an email seemingly from Amit Ghare, the head of international operations at Ascend Laboratories. The email claimed that a recent payment to Alkem would lead to significant tax liabilities. To circumvent these taxes, the company was asked to refund the amount to a different bank account.

On November 17, 2023, another email, allegedly from Mary Smith, Ascend Laboratories' accounting manager, provided details of a U.S.-based bank account for the refund. Acting on these instructions, Alkem’s treasury manager, Manoj Mishra, transferred Rs 51.30 crore to the specified account via a SWIFT transaction.

The fraud came to light on November 15, 2023, when Alkem received another email, supposedly from Ghare, requesting a refund of Rs 90 crore. Growing suspicious, Alkem officials contacted Ghare, who confirmed he had not sent the request. Further investigation revealed that the earlier emails originated from compromised email accounts with subtle alterations in the email addresses.

According to HT, U.S. authorities were able to recover Rs 28.98 crore from the stolen amount, which was returned to Alkem. However, the company still suffered a loss of Rs 22.31 crore.

Alkem Laboratories has reported the incident to the authorities, and an ongoing investigation aims to identify and apprehend the fraudsters while recovering the remaining funds. The company has also implemented enhanced cybersecurity measures to safeguard against similar threats, as reported by The Free Press Journal.
Read more »
Virtual Credit Card
Cyber Security Financial Security Online Scam User Privacy Virtual Credit Card

Here's The Ultimate Guide to Virtual Credit Card in Safeguarding Online Privacy

 

Virtual credit cards are digital versions of physical credit cards. They generate a unique credit card number that you can use instead of your physical card number, avoiding the merchant from storing your credit card data and making your financial data more safe. 

With security breaches in the news, using a virtual card adds an extra degree of security. Several major credit card issuers provide virtual cards, although there are several outliers. Virtual credit cards provide more than just security. A virtual credit card allows you to utilise a newly created account before the physical card arrives, allowing you to collect rewards right away or make progress towards a welcome bonus. 

Are virtual cards safer than physical cards? 

Virtual cards provide an additional layer of security over physical cards by safeguarding your real credit card information. This makes them safer than physical cards in various aspects: 

  • Virtual credit cards might have spending caps and be restricted to specific merchants. They can also be configured for single use, deactivating automatically after the very first transaction. These restrictions provide extra fraud protection compared to a standard credit card.
  • Unlike conventional credit cards, virtual cards cannot be stolen or misplaced. If you carry a physical credit card and it is stolen, you may be susceptible to scam. Virtual cards are stored in your digital wallet, keeping you secure from fraud.
  • Virtual credit cards must adhere to the Payment Card Industry Data Security Standard (PCI DSS), which includes standards and guidelines aimed at safeguarding credit and debit transactions and preventing the exploitation of cardholder data. 

Benefits and drawbacks 

Virtual credit cards have many benefits, but there are a few drawbacks. Here are some of the advantages and disadvantages of virtual cards.

Pros: 

Enhanced security: Using virtual cards to make online transactions safeguards your actual credit card information and adds an extra layer of security over physical credit cards. Flexibility: Without changing your actual credit card, you can choose which vendors you want to use the card with, set up expiration dates, and create specific spending limitations.

Convenience: Virtual credit cards are generated instantly and can be utilised immediately for online purchases and contactless payments. Cons: Not always able to utilise them in-store: Not every retailer accepts contactless methods like Apple Pay or Google Pay. When it comes to in-store stores, you can be constrained, even though virtual cards are perfect for internet buying. 

Cons:

Refunds could be difficult: Every retailer has different regulations, and some could only give refunds for the original payment method. If you utilised a virtual credit card number that is no longer active, this can be an issue. Instead, you may get a cheque, a gift card or store credit in this situation.

Unsuitable for reservations: It may be challenging to match your payment method at check-in if you use a virtual card to make a hotel reservation. Since hotels usually need a physical card when you check in, using a virtual card can need further verification, such as getting in touch with your bank.
Read more »
User Privacy
Cyber Fraud India Online Scam TRAI User Privacy

TRAI Calling: Fraudsters Are Now Employing Novel Strategy to Target Mobile Users

 

As the government intensifies efforts to raise awareness about digital arrests and online financial fraud, fraudsters have shifted their strategies to stay ahead. A concerning trend has emerged where these individuals pose as representatives of the Telecom Regulatory Authority of India (TRAI). Exploiting the credibility associated with the regulatory body, they attempt to deceive unsuspecting users.

These fraudsters often initiate contact by mimicking official government alert messages that warn the public about scams. The tone and language of their communication are crafted to appear authoritative and urgent, persuading recipients to trust the information. In many cases, the messages aim to extract sensitive data, such as personal identification numbers, bank account details, or login credentials, under the guise of preventing fraud.

Such scams highlight the need for individuals to remain vigilant and verify the authenticity of any unsolicited messages or calls claiming to be from regulatory authorities. It is essential to cross-check the source of the communication, avoid sharing sensitive information over the phone or through unverified links, and report suspicious activities to the appropriate authorities.

By staying informed and adopting proactive measures, users can protect themselves from becoming victims of these evolving schemes, contributing to a safer digital environment for all.


Read more »
Social Media Scam
cyberattack news FireScam malware News Online Scam Social Media Scam

FireScam Malware Disguised as Telegram Premium Spreads via Phishing Sites

A new Android malware called FireScam is being distributed through phishing websites hosted on GitHub, masquerading as a premium version of the Telegram app. These fraudulent sites mimic RuStore, Russia’s official mobile app marketplace, tricking users into downloading the malware. This incident highlights how cybercriminals exploit trusted platforms to deploy sophisticated threats.

RuStore was launched in May 2022 by Russian tech company VK (VKontakte) with support from the Ministry of Digital Development as an alternative to Google Play and Apple’s App Store. It was designed to provide Russian users access to mobile applications despite Western sanctions. Cybercriminals have taken advantage of RuStore’s credibility by creating phishing pages that distribute malware under the guise of legitimate applications. According to security researchers at CYFIRMA, attackers have set up a GitHub-hosted phishing page impersonating RuStore, delivering an initial malware payload named GetAppsRu.apk.

Once installed, the dropper module requests multiple permissions, allowing it to identify installed applications, access device storage, and install additional software. It then downloads and installs the primary malware payload, disguised as Telegram Premium.apk. This second-stage malware requests extensive permissions, enabling it to monitor notifications, read clipboard data, access SMS and call information, and track user activity.

FireScam displays a fake Telegram login page via WebView to steal user credentials. The malware then communicates with Firebase Realtime Database, where stolen data is uploaded in real time. Each infected device is assigned a unique identifier, allowing attackers to track it. According to CYFIRMA, the stolen data is temporarily stored in Firebase before being filtered and transferred to another location. FireScam maintains a persistent WebSocket connection with a Firebase-based command-and-control (C2) endpoint, allowing attackers to execute real-time commands, download and install additional payloads, modify surveillance settings, and trigger immediate data uploads.

FireScam continuously tracks various device activities, including screen on/off events, active app usage, and user interactions lasting over 1,000 milliseconds. One of its most concerning features is its focus on e-commerce transactions. The malware attempts to intercept sensitive financial data by logging keystrokes, tracking clipboard content, and extracting auto-filled credentials from password managers.

While the identity of FireScam’s operators remains unknown, CYFIRMA researchers describe it as a sophisticated and multifaceted threat that employs advanced evasion techniques. To minimize the risk of infection, users should avoid downloading apps from unverified sources, be cautious when clicking on unfamiliar links, download applications only from official platforms like Google Play or verified stores, and regularly review and restrict app permissions to prevent unauthorized data access. The rise of malware like FireScam underscores the growing need for cybersecurity awareness. Staying vigilant and adopting secure online practices is essential to protecting personal and financial data from evolving cyber threats.

Read more »
Online Scam
Bengaluru cyber crime Cyber Fraud Cyber Fraudsters Digital Arrest digital arrest fraud Financial Scam Online Scam

Bengaluru Techie Loses ₹11.8 Crore in “Digital Arrest” Scam Over 18 Days

 

A Bengaluru software engineer recently fell victim to a complex cyber scam, losing ₹11.8 crore in just 18 days. The incident highlights the growing sophistication of cybercrimes in India, particularly in tech hubs like Bengaluru. The victim, whose identity remains private, has filed a complaint with the North-East Cyber, Economic, and Narcotics (CEN) police station, prompting an investigation into the case. 

The scam began when the victim received a call from someone posing as an official from the Telecom Regulatory Authority of India (TRAI). The caller falsely claimed that a SIM card linked to the victim’s Aadhaar number was being used for illegal activities, including harassment and fraudulent advertisements. Soon after, another individual alleged that the victim’s Aadhaar had been misused to open a bank account involved in money laundering. 

To add credibility to their claims, the fraudsters insisted the victim participate in a “virtual investigation” via Skype. Over several calls, they impersonated senior police officers and pressured him to transfer funds for so-called “verification purposes.” They further threatened legal action and arrest of the victim’s family if he failed to comply. Under these threats, the victim made multiple payments, starting with ₹75 lakh and eventually transferring a total of ₹11.8 crore to different accounts. 

It was only after weeks of continuous coercion that he realized he had been deceived. Police have registered the case under relevant sections of the Information Technology Act and Bharatiya Nyaya Sanhita, including provisions related to cheating and impersonation. Investigators are now working to trace the accounts used by the fraudsters and identify those behind the scam. This case stands out not only because of the amount involved but also for its elaborate execution. 

Cybercrime in Karnataka has been on the rise, with losses amounting to ₹2,047 crore as of November 2024, according to government data. Bengaluru alone accounted for ₹1,806 crore of these losses, reflecting the city’s vulnerability as an IT hub. Experts warn that cybercriminals are employing increasingly sophisticated methods to exploit unsuspecting victims. They often leverage fear, urgency, and advanced digital tools to create a false sense of legitimacy. 

Public awareness campaigns and stronger cybersecurity measures are critical to addressing this growing menace. Authorities have urged citizens to remain cautious, especially when receiving unsolicited calls or emails. Sharing sensitive information such as Aadhaar details or transferring funds without verification can lead to devastating consequences. This incident serves as a stark reminder of the need for vigilance in an increasingly digital world.
Read more »
unauthorised access
Cyber Fraud Financial crime Financial Loss Information Technology Online fraud Online Scam OTP unauthorised access

E-Challan Fraud, Man Loses Rs 50,000 Despite Not Sharing Bank OTP

 

In a cautionary tale from Thane, a 41-year-old man, M.R. Bhosale, found himself embroiled in a sophisticated online scam after his father fell victim to a deceptive text message. The incident sheds light on the dangers of trusting unknown sources and underscores the importance of vigilance in the digital age. 

Bhosale's father, a diligent auto-rickshaw driver in Ghatkopar, received a seemingly official text message from the Panvel Traffic Police, notifying him of a traffic violation challan against his vehicle. The message directed him to settle the fine through a designated app called Vahan Parivahan, with a provided download link. Unbeknownst to him, the message was a clever ruse orchestrated by scammers to dupe unsuspecting victims. 

When Bhosale's father encountered difficulties downloading the app, he sought his son's help. Little did they know, their attempt to rectify the situation would lead to financial loss and distress. Upon downloading the app on his device, Bhosale encountered a barrage of One-Time Passwords (OTPs), signalling a red flag. Sensing trouble, he promptly uninstalled the app. 

However, the damage had been done. A subsequent check of his bank statement revealed unauthorized transactions totalling Rs 50,000. With resolve, Bhosale wasted no time in reporting the incident to the authorities. A formal complaint was filed, detailing the deceptive mobile number, fraudulent link, and unauthorized transactions. 

In response, the police initiated an investigation, invoking sections 66C and 66D of the Information Technology Act to pursue the perpetrators and recover the stolen funds. This unfortunate ordeal serves as a stark reminder of the prevalence of online scams and the importance of exercising caution in the digital realm. To avoid falling victim to similar schemes, users must remain vigilant and skeptical of unsolicited messages or unfamiliar apps. 

Blind trust in unknown sources can lead to devastating consequences, as Bhosale's family discovered firsthand. Furthermore, it is essential to verify the authenticity of communications from purported official sources and refrain from sharing personal or financial information without thorough verification. 

In an era where online scams abound, skepticism and diligence are paramount. As the investigation unfolds, Bhosale's story serves as a cautionary tale for all internet users. By staying informed, exercising caution, and seeking assistance when in doubt, individuals can protect themselves from falling prey to online scams.
Read more »
secure public Wi-Fi
Cyber Crime Data Theft Financial crime Online Scam secure public Wi-Fi

Public WiFi Convenience Leads to Cyber Threats, Read to Know Everything

 

Cybersecurity experts are issuing a stern warning to Scots regarding the potential dangers lurking within public WiFi networks. While the convenience of accessing the internet on the go, such as during train commutes, may seem appealing, experts emphasize the significant cybersecurity risks that accompany such practices. 

One of the primary concerns raised by cybersecurity professionals is the phenomenon known as "session hijacking." In this scenario, cybercriminals exploit vulnerabilities present in public WiFi networks to gain unauthorized access to users' devices while they are browsing online. 

Let’s Understand ‘Session Hijacking’ in Simple Words 

Session hijacking, a prevalent cybersecurity attack, occurs when an attacker gains control of an individual's internet session while they are engaged in activities such as checking their credit card balance, paying bills, or shopping online. 

Typically, session hijackers target browser or web application sessions to perpetrate their attacks. Once a session hijacking attack is successful, the attacker gains the ability to perform any action that the victim could undertake on the targeted website. Essentially, the hijacker deceives the website into believing that they are legitimate users, thereby granting them unauthorized access and control over the victim's session.  And it can lead to various cyber-crimes and financial scams. 

Do You Know What Risks Lurking in Public WiFi Networks? 

Vincent van Dijk MSc a cybersecurity expert, warns individuals about the lurking dangers within public WiFi networks, highlighting three prevalent cyber threats: 

1. Man-in-the-Middle attacks 
2.  Evil Twin attacks 
3. Malware Present in Networks 

In a Man-in-the-Middle attack, hackers infiltrate the public network, intercepting data as it travels from a connected device to the WiFi router. Vincent explains the severity of this threat, stating, "If you are engaged in online banking during such an attack, hackers can easily access your passwords and account information. Your credit card numbers, email addresses, and other personal details become vulnerable to theft." 

Evil Twin attacks present another insidious threat. When users search for a public WiFi hotspot, they may encounter a fraudulent network pretending as a legitimate one. These malicious networks often bear names strikingly similar to authentic ones, such as 'Free University Wi-Fi2' or 'Station Wi-Fi04.' Therefore, connecting to these clones exposes users to scammers, compromising their private data and leaving them susceptible to exploitation. 

Further, Vincent explains that when hackers successfully infect a network with malware, they gain the ability to distribute harmful software bugs to any device connected to it. As a cautionary measure, he advises users to exercise caution if they encounter unexpected pop-up notifications while connected to such networks. Clicking on these pop-ups could inadvertently lead to exposure to infected links, putting users' devices and sensitive information at risk. 

Following the concerns related to public WiFi, experts suggested public to use Virtual Private Networks (VPNs) and verify network authenticity while using Public Wifi. By doing so users can mitigate the risks associated with public WiFi usage, safeguarding their sensitive information from cybercriminals.
Read more »
Social Media
Crypto Fraud Cyber Fraud FTM Fraud Illicit Activity Online Scam Social Media

Twitter Becomes the Epicentre of FTM Fraud

 

Online settings, such as Twitter, are becoming increasingly perilous, rife with fraudulent schemes aimed at naïve victims. Social media giant has recently been the epicentre of deception, with fraudsters deploying innovative ways to abuse its massive user base.

One such worrisome tendency is the widespread use of a scam involving the illicit distribution of Fantom (FTM) tokens, a situation that casts a sharp light on the rising issue of illegal activities inside the cryptocurrency arena. 

Modus operandi

Following a devastating hack of Multichain, a decentralised banking protocol, cybercriminals recently switched their attention to the Fantom network. These perpetrators created a deceptive story that gathered traction on Twitter by taking advantage of the confusion that resulted. 

They made false claims that the Fantom Foundation, a nonprofit organisation responsible for managing the Fantom network, was issuing FTM tokens to all users in reaction to the Multichain attack. This deceptive post was then rapidly circulated, its promise of free tokens luring a sizable number of Twitter users. 

A phishing link that was included in the tweet and was meant to trick recipients into thinking it was coming from the Fantom Foundation added credibility to the scam. This manipulative method, intended to take advantage of the reliability linked to well-known companies, is a typical tactic in the cybercriminal playbook. 

The chaotic events started on July 6 when anomalous behaviour on the Multichain platform was discovered. In response, Multichain shut down all activities and started an inquiry into the mysterious disappearance of assets valued at over $125 million. 

The Fantom bridge, which lost an estimated $122 million in multiple cryptocurrencies, including Wrapped Bitcoin (WBTC), USD Coin, Tether, and a number of altcoins, was the main victim of this crime. 

The initial response from Multichain was to warn users to stop using the protocol and to withdraw any contract approvals related to their platform. It was advised to take this cautious approach up till a more comprehensive picture of the circumstances was achieved. 

Worrying trend 

This exploit is part of an alarming pattern in the bitcoin business where Twitter is being utilised as a haven for scams, and it is not a unique event. 

During the Multichain hack saga, prominent industry figure Changpeng "CZ" Zhao, CEO of Binance, entered the battle and assured his Twitter followers that the Binance platform had not been impacted and that all money was safe.

But in a world full of lies, not all voices of comfort can be relied upon. The Fantom scam serves as yet another sombre reminder of the necessity for caution when interacting with the cryptocurrency market online, especially on public social media sites like Twitter. 

It's imperative to exercise caution when clicking on unknown links and offers that seem unreal. As we move forward, cybersecurity is not just about protection but also about judgement and attentiveness, realising that not everything on Twitter is digital gold.
Read more »
Subscribe to: Posts (Atom)