Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online fraud. Show all posts
South Africa
Cyber Fraud Festive Scams Online fraud ransomware attacks South Africa

South Africa Warns of Cybercrime Surge Amid Festive Season

 

South Africa is experiencing a sudden and deeply concerning rise in cybercrime this holiday season, with consumers and businesses being warned to prepare for more aggressive attacks on digital banking, mobile applications and online services. 

Surge in festive-season attacks

The law firm Cox Yeats has witnessed a significant rise in cyberattacks themed around online shopping and digital payments, criminals are leveraging fake online shops, phishing emails, malicious QR codes and AI-powered impersonation scams to trick people into handing over credentials and payment data. They are encouraged to confirm any communications, transact only in official channels, avoid public Wi‑Fi when conducting transactions and use VPNs or mobile data, and report any suspicious activity as soon as possible.

The Information Regulator logged a total of 2 374 data breach cases that were officially reported for the 2024/25 period, averaging at a high of 200 incidents a month and increasing to about 300 monthly notifications in the current financial year—a 40% increase in security breaches. No organization is immune, as recent attacks have compromised government agencies, healthcare providers, financial institutions, retailers and telecommunication providers in ransomware, data theft and extortion. 

Financial and human cost 

The economic impact is devastating, with the median cost of a data breach to a local business now hovering near R49 million, a sum that can lay waste to even the most well-run small or medium-sized business. South African consumers lost more than R1 billion in 2023 alone through digital banking and mobile app scams, while SABRIC reckons annual losses to cyber-attacks could be as high as R3.3 billion, accompanied by 45% rise in digital banking fraud and a 47% increase in such related financial losses. 

Surveys cited by Mpahlwa show that 70% of South African consumers have fallen victim to cybercrime, compared with 50% globally, with 35% admitting to losing money in scams and 32% acknowledging that they clicked on phishing emails. The emotional strain is mounting too, with 58% of people expressing deep concern about becoming victims, a trend worsened by AI tools that make it easier for criminals to convincingly impersonate brands, colleagues and even family members. 

As ransomware continues to be a highly disruptive threat, with South Africa being the second most targeted country in Africa and third globally for cyberattacks, including double extortion attacks in which stolen data is threatened with being released to the public. Organisations are being advised to harden defences and have strong cyber insurance that covers loss of money, liability, business interruption, incidents relating to ransomware, breaches involving data, and the potential for fines from regulators as the threat landscape rapidly shifts.
Read more »
Scam Recovery
Cyber Crime Digital Arrest fraud prevention Karnataka Police Online fraud Scam Recovery

Karnataka’s Cybercrime Losses Soar as Scam Recoveries Plunge

 

Recoveries in Karnataka's cybercrime prosecutions are falling even as authorities ramp up specialized policing capability, reflecting how criminals are changing tactics faster than enforcement can counteract. Data from the State Legislature show that citizens lost ₹5,473.97 crore in 57,733 incidents of cybercrime over the last three years, with recoveries amounting to only approximately 11.5% of the total value, underlining the fraught nature of tracking and refunding monies once they leave a victim's account.

The Home Minister, G. Parameshwara, told the Legislature that Karnataka has risen to meet this challenge by forming focused cybercrime capacity with a total of 43 Cybercrime Economic and Narcotics (CEN) police stations around the state, along with a cyber command centre. Senior leadership has also been appointed at the state level to drive cyber investigations, which will further accelerate response times, ensure better coordination with banking institutions, and enhance technical capabilities. 

Notwithstanding these efforts, the minister acknowledged a critical gap: while the number of cases reported in 2025 (up to November 15) has declined, “there has been no significant difference in the money lost,” which suggests that the incidents are fewer but larger and better organized. Annual figures mirror both the scale of losses and the recovery challenge: in 2023, losses stood at ₹873 crore with ₹177 crore recovered; in 2024, losses jumped to ₹2,562 crore with ₹323 crore recovered; and in 2025, up to November 15, losses have been ₹2,038 crore, of which ₹127 crore has so far been recovered. 

According to investigators, the reason behind the decline in the number of recoveries is due to a shift in the way scammers operate—the rapid transfer of money from a network of accounts across international borders, making it difficult for law enforcement and banks to recover these amounts. At the same time, law enforcement agencies have also pointed out a shift in the type of fraud. For instance, “digital arrest” and stock investment fraud may take several hours or even days to commit. 

During the discussion in the House, the need for speed in reporting incidents is clearly highlighted. In the discussion, one legislator cited the risk that waiting to register the complaint can equate to the loss of those “crucial moments” necessary to halt the transaction transfers.
Read more »
Windows Security
Credential Theft Lumma Stealer malware malware infection National Cyber Security Centre New Zealand Cyber Security Online fraud Windows Security

Malicious Software Compromises 26000 Devices Across New Zealand


Thousands of devices have been infected with malware through New Zealand's National Cyber Security Center, showing the persistent risk posed by credential-stealing cybercrime, which has been causing New Zealand's National Cyber Security Center to notify individuals after an exposure. 

About 26,000 people have been notified by the agency that it is sending an email advising them to visit the Own Your Online portal for instructions on how to remove malicious software from their accounts and strengthen their account security. 

As NCSC Chief Operating Officer Michael Jagusch informed me, the alerts were related to Lumma Stealer, which is a highly regarded strain of malware targeting Windows-based devices. There is a danger that this malware can be used to facilitate identity theft or fraud by covertly harvesting sensitive data like email addresses and passwords. 

Officials noted that Lumma Stealer and other information-stealing tools are still part of an international cybercrime ecosystem that continues to grow, and so users should be vigilant and take proactive security measures in order to protect themselves. It has been reported that the National Cyber Security Centre of the Government Communications Security Bureau has conducted an assessment and found that it is possible that the malicious activity may have affected approximately 26,000 email addresses countrywide. 

As detailed in its statement published on Wednesday, the U.S. Department of Homeland Security has warned that the malware involved in the incident, dubbed Lumma Stealer, is specifically designed to be able to steal sensitive data, including login credentials and other personally identifiable information, from targeted systems.

As noted by the NCSC, this threat primarily targets Windows-based devices, and cybercriminals use this threat to facilitate the fraud of personal information and financial fraud. Thus, it highlights the continued exposure of everyday users to sophisticated campaigns aimed at stealing personal data. 

The issue was discovered by the National Cyber Security Centre's cyber intelligence partnerships, after the agency first worked with government bodies and financial institutions in order to alert a segment of those affected before expanding the effort to notify the entire public. Introducing the NCSC Chief Operating Officer, Michael Jagusch, he said the center has now moved to a broader direct-contact approach and this is its first time undertaking a public outreach of this sort on such a large scale. 

A step he pointed out was that the notifications are genuine and come from the official email address no-reply@comms.ncsc.govt.nz, which helps recipients distinguish between the legitimate and fraudulent ones. It is noteworthy that a recent BNZ survey indicates similar exposure across small and medium businesses, which is in line with the current campaign, which is targeted at households and individuals. 

The research reveals that 65% of small and medium-sized businesses believe scam activity targeting their businesses has increased over the past year; however, 45% of these businesses do not place a high priority on scam awareness or cyber education, despite the fact that their employees routinely handle emails, payment information and customer information. 

There were approximately half of surveyed SMEs who reported that they had been scammed in the last 12 months and many of them had been scammed by clicking links, opening attachments, or responding to misleading messages. According to BNZ fraud operations head Margaret Miller, criminals are increasingly exploiting human behavior as a means of committing fraud rather than exploiting technical flaws, targeting business owners and employees who are working on a daily basis. 

A substantial number of small business owners reported business financial losses following breaches, with 21% reporting business financial losses, 26% a personal financial loss and 30% experiencing data compromise, all of which had consequences beyond business accounts. According to Miller, the average loss was over $5,000, demonstrating that scammers do not only attempt to steal company funds, but also to steal personal information and sensitive business data in the form of financial fraud. 

It is the country's primary authority for helping individuals and companies reduce their cyber risk, and it is housed within the Government Communications Security Bureau.

The National Cyber Security Centre offers help to individuals and organisations and is a chief authority on cyber security. It has three core functions that form the basis of its work: helping New Zealanders make informed decisions about their digital security, ensuring strong cyber hygiene is embedded within essential services and in the wider cyber ecosystem in collaboration with key stakeholders, and using its statutory mandate to combat the most serious and harmful cyber threats through the deployment of its specialist capability. 

Own Your Online, a central part of this initiative, provides practical tools, guidance and resources designed to make cybersecurity accessible for householders, small businesses, and nonprofit organizations, as well as clear advice on prevention and what to do when an incident occurs. In particular, the NCSC owns the Own Your Online platform, which provides practical tools, guidance, and resources. 

There is no doubt that the incident serves as a timely reminder of the increasing sophistication and reach of modern cybercrime, as well as the shared responsibility that must be taken to limit its effects on society. Many experts continue to emphasize the importance of maintaining a safe system, including the use of strong, unique passwords, and the use of multi-factor authentication whenever possible. They advise maintaining your operating system and software up to date as well as using the proper passwords. 

Furthermore, users are advised to remain cautious of any unexpected emails or messages they receive, even if they appear to have come from trusted sources. Likewise, users should exclusively communicate through official channels to avoid any confusion. 

The focus continues to remain on raising awareness and improving resilience among individuals and organisations with the aim of improving digital awareness and improving collaboration between the authorities and the business and financial sector. 

A new approach has been adopted by agencies to encourage early detection, clear communication, and practical guidance that are aimed at reducing immediate harm while also fostering long-term confidence among New Zealanders in navigating an increasingly complex online world.
Read more »
User Security
Brushing Scam Cyber Fraud Fake Reviews Online fraud User Security

Security Experts Warn of Brushing Scam Involving Unsolicited Packages

 

Online shopping is something that we all love. It is time-efficient, convenient, and frequently results in the best offers and savings. However, since many people are busy with online shopping, con artists are also trying to find ways to trick consumers for their own benefit. You see, the majority of us base our decisions on whether or not to purchase anything from an online retailer on product reviews and ratings. 

According to reports, scammers are using popularity and review manipulation to create phoney sales in a new scheme known as the "Brushing Scam.” 

Modus operandi 

The brushing scam is a fraudulent online practice when con artists deliver fake products to victims and then write reviews online using their identities. Chinese e-commerce tactics known as "brushing" are where sellers fabricate orders and reviews to boost their product ratings.

In this fraudulent campaign, random e-commerce site consumers receive unsolicited deliveries from vendors. These parcels frequently include low-quality, inexpensive products like seeds, tiny devices, or costume jewellery. After the delivery is delivered, the con artists use the recipient's name to write five-star reviews on the product page, which increases the product's visibility and creates a false sense of popularity on websites like Amazon and AliExpress. 

Targeting unsuspecting users

This scam, according to the McAfee investigation, aims to manipulate sales data and give the impression that there is a demand for and quality of products on e-commerce platforms. 

This method is misleading to genuine customers, who are therefore influenced to buy products based on phoney reviews rather than real customer reviews. How dangerous can it be, though, if users are receiving free goods? Through this scam, con artists are taking advantage of your personal data, and if you don't take any safeguards, they may even steal your money. 

As previously stated, scammers increase the popularity of products by sending unwanted deliveries using the identities and addresses of naïve e-commerce users. And they can get this information through data breaches or illegal purchases of private data. Receiving such a package could mean that your personal information has been stolen, presenting serious concerns such as identity theft and other privacy crimes. 

Beside from identity theft and misleading reviews, ABC Action News reports that many unwanted parcels now include QR codes inviting recipients to scan them. Scammers send tempting deals such as, "Scan this QR code to leave a review and win a $500 gift card." Scanning these QR codes may lead to fraudulent websites that attempt to steal sensitive information or install malware on your device. The stolen personal information can subsequently be exploited for financial theft or phishing attempts.
Read more »
Telecom Firm
Cyber Crime France GSMA Online fraud Telecom Firm

French Telecom Companies Band Together to Combat Rising Fraud

 

The four leading mobile network carriers (MNOs) in France have teamed up to combat identity theft and online fraud. To help online companies fight fraud and digital identity theft, Bouygues Telecom, Free, Orange, and SFR announced on December 3 that they will introduce two network Application Programmable Interfaces (APIs) for the French market in the first half of 2025. This initiative is part of the Open Gateway system of the Global System for Mobile Communications Association (GSMA).

About GSMA

The GSMA, a trade association representing the global interests of mobile operators, was established in 1995. As of 2024, it has more than 750 members. In 2023, the GSMA launched the Open Gateway Initiative, aiming to create digital solutions that work seamlessly across devices, regardless of the nation or operator.

Since its inception, the program has onboarded 67 mobile network operators (MNOs) and 26 channel partners, representing 278 networks and covering three-quarters of global mobile connections. Developers can access these network capabilities via APIs through the CAMARA repository, an open-source initiative by the Linux Foundation.

“This aligned market launch of CAMARA APIs from France’s leading operators will make it easier to keep people safe from the growing threat of fraud. The initiative benefits businesses, mobile operators, and their customers, saving developers time, money, and effort while allowing for the quick launch of innovative new services.”

Henry Calvert, Head of Networks at the GSMA

Role of APIs in Mitigating Fraud

1. KYC Match API

Purpose: Cross-check user-provided information with verified data stored by the mobile network operator during the Know Your Customer (KYC) process.

The KYC Match API validates details such as mobile phone numbers, names, postal codes, and email addresses, without transferring any personally identifiable information (PII).

France is the first country to have all its national MNOs adopt KYC Match. Several financial institutions, including Crédit Agricole's online subsidiary BforBank and Credit Mutuel Arkéa's Fortuneo, are already utilizing this API in collaboration with DQE Software to screen new customers.

2. SIM Swap API

Purpose: Detect recent SIM card changes to prevent account takeover fraud.

This API checks if a phone number has recently had its SIM card swapped, helping financial institutions verify the relationship between a customer’s phone number and their SIM card during transactions.

Use Case: This helps prevent fraudsters from using stolen personal data and social engineering tactics to take over accounts.

“For example, at the time of a financial transaction, a financial institution can check whether the relationship between the customer’s phone number and SIM Card has been recently changed, helping them decide whether to approve the transaction or not.”

What’s Next?

Following the launch of KYC Match and SIM Swap APIs, French MNOs plan to release a third API, Number Verification, which will provide robust authentication for mobile numbers, potentially replacing SMS-based multi-factor authentication (MFA) solutions.

Key Benefits of These APIs

  • Enhanced Security: Protects users from identity theft and account takeover.
  • Operational Efficiency: Saves businesses and developers time and resources.
  • Improved Fraud Detection: Strengthens verification processes without compromising user privacy.

By adopting these APIs, French mobile carriers are setting a global benchmark for digital security and fraud prevention, making online interactions safer and more secure for businesses and consumers alike.

Read more »
telecommunications
AI Scams AI tools Cyber Security CyberCrime Fake Documents financial scams Fraud Online fraud SE Asia SIM telecommunications

Tamil Nadu Police, DoT Target SIM Card Fraud in SE Asia with AI Tools

 

The Cyber Crime Wing of Tamil Nadu Police, in collaboration with the Department of Telecommunications (DoT), is intensifying efforts to combat online fraud by targeting thousands of pre-activated SIM cards used in South-East Asian countries, particularly Laos, Cambodia, and Thailand. These SIM cards have been linked to numerous cybercrimes involving fraudulent calls and scams targeting individuals in Tamil Nadu. 

According to police sources, investigators employed Artificial Intelligence (AI) tools to identify pre-activated SIM cards registered with fake documents in Tamil Nadu but active in international locations. These cards were commonly used by scammers to commit fraud by making calls to unsuspecting victims in the State. The scams ranged from fake online trading opportunities to fraudulent credit or debit card upgrades. A senior official in the Cyber Crime Wing explained that a significant discrepancy was observed between the number of subscribers who officially activated international roaming services and the actual number of SIM cards being used abroad. 

The department is now working closely with central agencies to detect and block suspicious SIM cards.  The use of AI has proven instrumental in identifying mobile numbers involved in a disproportionately high volume of calls into Tamil Nadu. Numbers flagged by AI analysis undergo further investigation, and if credible evidence links them to cybercrimes, the SIM cards are promptly deactivated. The crackdown follows a series of high-profile scams that have defrauded individuals of significant amounts of money. 

For example, in Madurai, an advocate lost ₹96.57 lakh in June after responding to a WhatsApp advertisement promoting international share market trading with high returns. In another case, a government doctor was defrauded of ₹76.5 lakh through a similar investment scam. Special investigation teams formed by the Cyber Crime Wing have been successful in arresting several individuals linked to these fraudulent activities. Recently, a team probing ₹38.28 lakh frozen in various bank accounts apprehended six suspects. 

Following their interrogation, two additional suspects, Abdul Rahman from Melur and Sulthan Abdul Kadar from Madurai, were arrested. Authorities are also collaborating with police in North Indian states to apprehend more suspects tied to accounts through which the defrauded money was transacted. Investigations are ongoing in multiple cases, and the police aim to dismantle the network of fraudsters operating both within India and abroad. 

These efforts underscore the importance of using advanced technology like AI to counter increasingly sophisticated cybercrime tactics. By addressing vulnerabilities such as fraudulent SIM cards, Tamil Nadu’s Cyber Crime Wing is taking significant steps to protect citizens and mitigate financial losses.
Read more »
Social media identity theft
Costa Rica cybercrime Cyber Fraud Cybercrime Prevention Digital Security identity theft protection Online fraud Social media identity theft

Costa Rican Authorities Issue Warning as Social Media Identity Theft Cases Double

 

With the rapid evolution of technology, there has been a concerning rise in cybercrime, particularly in the realm of identity theft on social media platforms. The Cybercrime Unit of the Public Prosecutor's Office has observed a significant surge in such cases, prompting heightened attention to this growing threat.

Esteban Aguilar, the lead prosecutor of the Cybercrime Unit, shed light on the methods employed by cybercriminals to carry out identity theft. He explained that these crimes often target individuals, corporations, and even trademarks, using social networks, websites, or other digital platforms as their primary vehicles. Aguilar highlighted the severity of this issue, noting that identity theft has become the second most rapidly increasing form of cybercrime in the country, trailing only behind cyber fraud in its expansion.

The prosecutor emphasized the gravity of the situation by discussing the legal repercussions associated with identity theft. According to Aguilar, the Cybercrime Unit frequently receives reports of false profiles on social networks, which can lead to serious legal consequences, including imprisonment for up to three years. He stressed the importance of educating young people, who are the most active users of social media, on the legal and ethical responsibilities they must uphold online. Aguilar warned that any involvement in such illicit activities could result in severe penalties.

Statistical data from the Public Prosecutor's Office further underscore the growing concern. Since 2019, the number of identity theft cases has nearly doubled, rising from 449 reported incidents that year to 950 cases in 2023. This sharp increase reflects the escalating nature of cyber threats and the need for stronger measures to combat them.

The Costa Rican Penal Code specifically addresses the crime of identity theft, prescribing imprisonment ranging from one to three years for offenders. The law is clear: anyone who impersonates the identity of a natural person, legal entity, or trademark on any social network, website, or digital platform will face serious legal consequences.

The impact of identity theft has not been limited to individuals. Businesses, too, have been affected, with several high-profile companies falling victim to this crime. For instance, Pozuelo, a well-known cookie brand, has issued warnings to the public about fraudulent schemes where criminals have misappropriated the company's identity. Similarly, financial institutions, including banks, have alerted their customers to various scams designed to exploit their trust.

In a particularly alarming development, the country recently reported its first case of identity theft involving social networks. The case involves a man accused of accessing his ex-girlfriend's social media accounts and business profiles without her permission. According to the Prosecutor's Office, the accused had knowledge of her passwords and used them to infiltrate her personal and business accounts, raising serious concerns about privacy and the misuse of personal information.

This case serves as a stark reminder of the far-reaching consequences of cybercrime, particularly identity theft, and the urgent need for vigilance, both online and offline. As technology continues to advance, so too must the efforts to protect individuals and businesses from the growing threat of cybercriminals.

Read more »
Online fraud
Bengaluru Cyber bullying Cyber Crime Extortion Goa Online fraud

Bengaluru Man Arrested for Exploiting Woman in Online Interview

 



Panaji: In a disturbing cybercrime case, the Goa Cyber Crime Police arrested a Bengaluru resident, Mohan Raj V, for allegedly cyberbullying and extorting a woman from Goa. The arrest was made on Saturday after a strategic operation by the police team.

The case began when the victim, a woman from Goa, filed a complaint with the cyber crime police. She reported that the accused had posted a fake job advertisement for a position at a foreign bank. Responding to the advertisement, the woman was contacted via a chatting app by the accused, who arranged an online interview. During the video call, individuals posing as company representatives coerced the woman into undressing. They recorded the video and took screenshots, which were later used to blackmail her.

According to the complaint, the accused demanded sexual favours in exchange for deleting the compromising material. Over the past two months, he persistently harassed the woman, threatening to make the videos and pictures public if she did not comply. He also demanded that she meet him in Bengaluru.

Following the complaint, the police, led by Superintendent of Police Rahul Gupta, devised a plan to apprehend the accused. A team, including the victim, travelled to Bengaluru and laid a trap. After extensive efforts and a lengthy chase, the accused was caught when he arrived to meet the victim. The police recovered the chats and videos from the accused's phone, which will be sent for a cyber forensic examination.

The investigation revealed that Mohan Raj V used VPN phone numbers to create fake Telegram accounts and post fraudulent job offers. He targeted women by promising high salary packages and conducting fake online interviews.

The accused has confessed to his crimes and has been booked under several sections of the Indian Penal Code, including section 354A (sexual harassment), section 384 (extortion), and relevant provisions of the Information Technology Act. The case is being further investigated by Police Inspector Deepak Pednekar.

SP Rahul Gupta urged the public to verify the authenticity of online job offers through local or cyber police stations before engaging with them. He also cautioned against complying with unethical online demands, no matter the promised benefits.

This case highlights the growing menace of cybercrime and the importance of vigilance in online interactions. The Goa Cyber Crime Police's successful operation furthers the cause for robust cyber security measures and public awareness to prevent such incidents.



Read more »
Subscribe to: Comments (Atom)