Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Payment Fraud. Show all posts
Payment Fraud
Cyber Fraud Ghost Tap NFC Payment Card Payment Fraud

New Ghost Tap Assault Exploits NFC Mobile Payments to Steal Funds

 

The attackers are increasingly relying on a novel approach that employs near-field communication (NFC) to pay out victims' funds at scale. ThreatFabric's Ghost Tap technology enables fraudsters to cash out money from stolen credit cards related to mobile payment services such as Google Pay or Apple Pay while relaying NFC traffic. 

"Criminals can now misuse Google Pay and Apple Pay to transmit your tap-to-pay information globally within seconds," the Dutch security company stated. "This means that even without your physical card or phone, they can make payments from your account anywhere in the world.”

These attacks usually include deceiving victims into downloading malware for mobile banking, which subsequently uses an overlay attack or a keylogger to steal their banking credentials and one-time passwords. As an alternative, it can include a voice phishing feature.

Once the threat actors get the card information, they proceed to link the card to Apple Pay or Google Pay. However, the tap-to-pay information is sent to a mule, who is in charge of making fraudulent transactions at a business, in an effort to prevent the issuer from blocking the cards. A reliable research tool called NFCGate, which has the ability to record, examine, and alter NFC traffic, is used to achieve this. Using a server, NFC traffic can also be transferred between two devices. 

Researchers from TU Darmstadt's Secure Mobile Networking Lab stated that one device functions as a reader reading an NFC tag, while the other device emulates an NFC tag using the Host Card Emulation (HCE).

The most recent development is the first instance of NFCGate being misused to relay data, even though ESET previously noted that bad actors have previously utilised the technology to transfer NFC information from victims' devices to the attacker using NGate malware back in August 2024. 

"Cybercriminals can establish a relay between a device with stolen card and PoS [point-of-sale] terminal at a retailer, staying anonymous and performing cash-outs on a larger scale," ThreatFabric explained. "The cybercriminal with the stolen card can be far away from the location (even different country) where the card will be used as well as use the same card in multiple locations within a short period of time.” 

The approach has further benefits in that it can be employed to purchase gift cards at offline businesses without the fraudsters being physically present. Even worse, it can be utilised to expand the fraudulent operation by recruiting the assistance of multiple mules in different locations over a short period of time. 

Further complicating the detection of Ghost Tap assaults is the fact that the transactions appear as if they are originating from the same device, hence circumventing anti-fraud measures. It can be more difficult to determine their precise location and the fact that the associated card was not used to complete the transaction at the PoS terminal if the device is in flight mode.
Read more »
Scammer
Australia Cyber Attacks fake payment cards fake websites Malicious Link MyGov App Online Payment Fraud Payment Fraud Scammer

Scammers Use Fake Centrelink Promises to Target Australians Online

 

Australians have been cautioned about a recent wave of scam websites falsely advertising significant Centrelink payments. These sites promise financial boosts, sometimes hundreds or thousands of dollars, to low-income residents and seniors, exploiting people facing financial challenges. Fraudsters create convincing websites that mimic government agencies like Centrelink, Service Australia, and myGov, claiming these funds are aimed at helping Australians manage the rising cost of living. To create legitimacy, scammers have designed sites that appear to offer eligibility checks, which are actually tactics to gather personal details. 

These scams largely stem from international sources, including countries like India, and often display website URLs ending in “.in” instead of “.gov.au,” an indicator of their inauthenticity. If Australians are lured into these sites, they might be asked to enter personal information, leading to risks of identity theft, unauthorized access to accounts, or financial loss. Scammers also contact victims through text messages, emails, and even direct calls, adding urgency by claiming that immediate action is required to avoid consequences such as account closures or legal threats. The National Anti-Scam Centre has warned users not to trust unsolicited links or messages, as legitimate government organizations do not send out emails or texts asking for login credentials. 

To safeguard against these scams, Australians should only rely on official government websites such as servicesaustralia.gov.au and my.gov.au, as these sites have secure government domains that are easily recognizable. If users are unsure about a message or website, they should verify through official contact channels or report the suspected scam to authorities. Fake Centrelink promises have targeted people’s vulnerabilities by exploiting the challenging economic conditions many Australians currently face. As such, the National Anti-Scam Centre and Services Australia have been actively educating citizens on how to spot fake offers. Scams typically feature enticing language, such as “life-changing benefits,” or make claims about “one-off payments” to attract attention. 

Although these offers may sound appealing, it’s essential to remember that if a promise sounds too good to be true, it likely is. Identifying and reporting such scams can help prevent others from falling victim to these frauds. Authorities urge everyone to double-check website URLs, avoid clicking on suspicious links, and never disclose personal information to unverified sources. The Australian government has intensified efforts to address these scams, working to identify, block, and take down fraudulent sites where possible. While scammers’ techniques evolve, Australians can protect themselves by staying informed, cautious, and vigilant.
Read more »
Payment Fraud
Cyber Security FBI Financial crime Fraud Detection FTC GDPR Online Payment Fraud Payment Fraud

The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It

 

Payment fraud continues to be a significant and evolving threat to businesses, undermining their profitability and long-term sustainability. The FBI reports that between 2013 and 2022, companies lost around $50 billion to business email compromise, showing how prevalent this issue is. In 2022 alone, 80% of enterprises faced at least one payment fraud attempt, with 30% of affected businesses unable to recover their losses. These attacks can take various forms, from email interception to more advanced methods like deep fakes and impersonation scams. 

Cybercriminals exploit vulnerabilities, manipulating legitimate transactions to steal funds, often without immediate detection. Financial losses from payment fraud can be devastating, impacting a company’s ability to pay suppliers, employees, or even invest in growth opportunities. Investigating such incidents can be time-consuming and costly, further straining resources and leading to operational disruptions. Departments like finance, IT, and legal must shift focus to tackle the issue, slowing down core business activities. For example, time spent addressing fraud issues can cause delays in projects, damage employee morale, and disrupt customer services, affecting overall business performance. 

Beyond financial impact, payment fraud can severely damage a company’s reputation. Customers and partners may lose trust if they feel their financial information isn’t secure, leading to lost sales, canceled contracts, or difficulty attracting new clients. Even a single fraud incident can have long-lasting effects, making it difficult to regain public confidence. Businesses also face legal and regulatory consequences when payment fraud occurs, especially if they have not implemented adequate protective measures. Non-compliance with data protection regulations like the General Data Protection Regulation (GDPR) or penalties from the Federal Trade Commission (FTC) can lead to fines and legal actions, causing additional financial strain. Payment fraud not only disrupts daily operations but also poses a threat to a company’s future. 

End-to-end visibility across payment processes, AI-driven fraud detection systems, and regular security audits are essential to prevent attacks and build resilience. Companies that invest in these technologies and foster a culture of vigilance are more likely to avoid significant losses. Staff training on recognizing potential threats and improving security measures can help businesses stay one step ahead of cybercriminals. Mitigating payment fraud requires a proactive approach, ensuring businesses are prepared to respond effectively if an attack occurs. 

By investing in advanced fraud detection systems, conducting frequent audits, and adopting comprehensive security measures, organizations can minimize risks and safeguard their financial health. This preparation helps prevent financial loss, operational disruption, reputational damage, and legal consequences, thereby ensuring long-term resilience and sustainability in today’s increasingly digital economy.
Read more »
Payment Scams
Cyber Attacks Deepfakes Payment Fraud Payment Scams

Payment Frauds on Rise: Organizations Suffering the Most

Payment Fraud

Payment Fraud: A Growing Threat to Organizations

In today’s digital landscape, organizations face an ever-increasing risk of falling victim to payment fraud. Cybercriminals are becoming more sophisticated, employing a variety of tactics to deceive companies and siphon off funds. Let’s delve into the challenges posed by payment fraud and explore strategies to safeguard against it.

The Alarming Statistics

According to a recent report by Trustpair, 96% of US companies encountered at least one fraud attempt in the past year. This staggering figure highlights the pervasive nature of the threat. But what forms do these attacks take?

Text Message Scams (50%): Fraudsters exploit SMS communication to trick employees into divulging sensitive information or transferring funds.

Fake Websites (48%): Bogus websites mimic legitimate ones, luring unsuspecting victims to share confidential data.

Social Media Deception (37%): Cybercriminals use social platforms to impersonate employees or manipulate them into making unauthorized transactions.

Hacking (31%): Breaches compromise systems, granting fraudsters access to financial data.

Business Email Compromise Scams (31%): Sophisticated email fraud targets finance departments, often involving CEO or CFO impersonations.

Deepfakes (11%): Artificially generated audio or video clips can deceive employees into taking fraudulent actions.

The Financial Toll

The consequences of successful fraud attacks are severe:

  • 36% of companies reported losses exceeding $1 million.
  • 25% experienced losses surpassing $5 million.

These financial hits not only impact the bottom line but also erode trust and credibility. C-level finance and treasury leaders recognize this, with 75% stating that they would sever ties with an organization that suffered payment fraud and lost their funds.

The Role of Automation

As organizations grapple with this menace, automation emerges as a critical tool. Here’s how it can help:

  • Vendor Database Maintenance: Regularly cleaning and monitoring vendor databases is essential. Only 16% of companies currently do this consistently.
  • Information Verification: 28% of companies verify details about the companies they work with. Ensuring accurate information is crucial.
  • Automated Account Validation: 34% of companies now use tools to validate vendors, a significant increase from the previous year’s 17%.

Mitigating the Risk

To protect against payment fraud, organizations should consider the following steps:

Education and Awareness: Train employees to recognize common fraud tactics and encourage vigilance.

Multi-Factor Authentication (MFA): Implement MFA for financial transactions to add an extra layer of security.

Regular Audits: Conduct periodic audits of financial processes and systems.

Collaboration: Foster collaboration between finance, IT, and security teams to stay ahead of emerging threats.

Real-Time Monitoring: Use advanced tools to monitor transactions and detect anomalies promptly.

Payment fraud is no longer a distant concern—it’s hitting organizations harder than ever before. By investing in robust safeguards, staying informed, and leveraging automation, companies can stay safe.

Read more »
User Security
Banking scam Cyber Fraud Payment Fraud UK Consumers User Privacy User Security

Beware of These Five Banking and Payment Frauds in 2023

 

UK consumers are being cautioned by Which? money watchdog experts as con artists continue to take advantage of the rising cost of living. The top five banking and payment scams to avoid in the new year have been disclosed. 

With household finances being squeezed owing to inflation, skyrocketing energy bills, and rising food prices, the last thing anyone needs is to be duped. Sadly, though, it's a golden opportunity for heartless con artists, who profit from folks looking for a deal. 

"Scammers are relentless when it comes to wanting our personal information and ultimately our money. And while their tactics will no doubt continue to evolve, we think these scams are the main ones to watch out for,” said Jenny Ross, Which? Money Editor. 

“Banks will never ask you for personal information, nor will they try to hurry you into making a decision. If this happens to you - whether by text, email, or over the phone, step back and think about what they’re asking. If it looks too good to be true, it usually is." 

Here are the five banking and payment scams that Brit consumers should look out for: 

1. Requests for money mules 

Intentionally or unintentionally allowing a criminal to use their bank account to transfer stolen funds is known as a "money mule request." These will frequently show up in targeted emails or social media posts. In its most recent fraud report, the banking industry association UK Finance noted a considerable rise in online user-generated posts inviting people to sign up to become money mules. 

Money mule tactics include getting people to apply for credit or bank cards on someone else's behalf, sending money "in error" that they are then requested to return to a separate bank account, and persuading people to move money given to their account in exchange for a fee. 

2. "Shoulder surfing" and credit card fraud 

Although a sizable part of the fraud is committed online, customers must continue to be on the lookout for "offline" crimes like card theft and retail fraud. 

According to data from UK Finance, losses from contactless and face-to-face card theft at retail stores totaled £33.6 million in the first half of this year, an increase of 72% over the same period last year. Fraudsters will "shoulder surf," which is when they watch victims as they input their PIN number or entrapment tools like PIN pad cameras at ATMs. 

During the same time frame, incidents of credit and debit card ID theft more than doubled, with associated losses rising by 86% to a total of £21.4 million. In order to apply for a card in the victim's name or take over their existing account, scammers who steal cards will use the information to fake paperwork. 

3. Malicious apps 

Consumers are advised by experts to be on the lookout for any strange activity in their financial accounts and personal credit reports and to alert their banks right away. The majority of banks provide free text or email alerts for balance and payments. Use ATMs inside bank branches whenever possible as they are less likely to have been tampered with. 

This additional layer of security is well-known to fraudsters. At the start of this year, Pradeo researchers at a mobile security company found a bogus app called "2FA Authenticator" on Google Play that had been downloaded more than 10,000 times before it was taken down. The virus known as "2FA Authenticator" stealthily installed on victims' devices disabled system security checks and collected their banking login information. 

The safest sites to download apps continue to be official stores like Apple's App Store and Google Play Store, but caution is still advised. Read reviews of the app and the person who created it because they may provide information regarding its reliability. Never click an unsolicited link in an advertisement, email, or text message, and always look at the "app permissions" before downloading an item. 

4. Fake impersonation 

A classic fraud strategy involves imitating real businesses, notably banks, or "spoofing" them. A recent Which? investigation discovered that six major banks' phone numbers were susceptible to spoofing. 

In order to speak with them about a problem, such as a suspicious payment, scammers conducted automated "robocalls" with pre-recorded phrases urging victims to hit digits on the keypad. 

Criminal groups frequently have personal information about victims, which makes the fraud seem more legitimate. Another technique used by con artists to get victims to click on websites that initially seem real is the use of fake texts. They seek access to the victim's personal information or money sent to a "secure account" under their control. 

According to security experts, never rely on the Caller ID that appears when you receive a call. Also, keep in mind that banks will never request your personal information over the phone. 

5. Online shopping fraud 

Scammers primarily spend money on false or deceptive advertisements on search engines and social media, frequently promising reduced costs for pricey things like mobile phones or laptops. 

According to UK Finance statistics, Authorized Push Payment fraud involving purchases was the most prevalent in the first half of 2022. These can be challenging to identify because some scammers do an excellent job imitating well-known retailers' websites. 

However, there are frequently some telltale indicators of fraudulent websites, such as grammatical problems in the "About Us" part or a missing or insufficient "Contact" page. While it may be tempting to grab a deal, it is best to stick with reputable merchants. Bank transfer payments are less secure than credit card payments.
Read more »
Payment Fraud
Digital payment system Fake Apps Google Play Store Malware in Google Play Mobile Security Mobile Security News Payment Fraud

Japanese Payment System Attacked By Fake Security App

A new malware has been observed by the Research team at McAfee Corp. This malware is found to be attacking NTT DOCOMO customers in Japan. 

The malware that is distributed via the Google Play Store pretends to be a legitimate mobile security app, but in reality, it is a fraud malware designed to steal passwords and abuse reverse proxy focusing on NTT DOCOMO mobile service customers. 

The McAfee Cell Analysis team informed Google regarding the notoriety of the malware. In response, Google has made the application unavailable in Google Play Store and removed known Google Drive files that are associated with the malware. In addition to this, Google Play Shield has now alerted the customers by disabling the apps and displaying a warning. 

The malware publishes malicious fake apps on Google Play Store with various developer accounts that appear like some legitimate apps. According to a tweet by Yusuke Osumi, a Security Researcher at Yahoo, the attacker lures the victims into installing the malware in their systems by sending them an SMS message with a Google Play Store link, reportedly sent from overseas. Additionally, they entice the users by displaying a requirement to update their security software. 

This way, the victim ignorantly installs the fraudulent app from Google Play Store and ends up installing the malware. The malware asks the user for a community password but cleverly enough, it claims the password is incorrect, so the user has to enter a more precise password. It does not matter if the password is incorrect or not, as this community password can later be used by the attacker for the NTT DOCOMO fee services and gives way to online funds. 

Thereafter, the malware displays a fake ‘Mobile Security’ structure on the user’s screen; the structure of this Mobile Security structure interestingly resembles that of an outdated display of McAfee cell security. 

How does the malware function

A native library called ‘libmyapp.so’ written in Golang, is loaded through the app execution. When the library is loaded, it attempts to connect with C&C servers utilizing an Internet Socket. WAMP (Internet Software Messaging Protocol) is then employed to speak and initiate Distant Process Calls (DPC). When the link is formulated, the malware transmits the community data and the victim’s phone number, registering the client’s procedural commands. The connection is then processed when the command is received from the server like an Agent. Wherein, the socket is used to transmit the victim’s Community password to the attacker, when the victim enters his network password in the process.

The attacker makes fraudulent purchases using this leaked information. For this, the RPC command ‘toggle_wifi’ switch the victim’s Wi-Fi connection status, and a reverse proxy is provided to the attacker through ‘connect_to’. This would allow connecting the host behind a Community Handle Translation (NAT) or firewall. With the help of a proxy, now the attacker can ship by request through the victim’s community network. 

Along with any other methods that the attackers may use, the malware can also use reverse proxy to acquire a user’s mobile and network information and implement an Agent service with WAMP for fraudulent motives. Thus, it is always advised by Mobile Security Organizations to be careful while entering a password or confidential information into a lesser-known or suspicious application.

Read more »
Unauthorized Websites
cybercriminals Payment Fraud Privacy Social Media Spam SMS Unauthorized Websites

Spam with an SMS Group Offering Freebies in Return for Direct Debit

 
Unsolicited and unwanted messages which are referred to as spam, are rarely sent from another phone. They often originate on a computer and are delivered to your phone via email or instant messaging. Scammers can transmit them cheaply and easily since they are sent over the internet. Robotexts are a sort of spam text; however, because they are simpler to ignore than robocalls, they are less intrusive. 

Spam texts and robotexts are frequently the beginning of a scam in which the sender hopes to collect personal information about the user to utilize it for fraudulent purposes. These texts put you in danger of identity theft and raise the chances of you installing malware onto your phone unintentionally. 

Spam text messages are often not scams, although they are sometimes. Scammers will deploy a variety of content to deceive you which includes luring keywords like "You've won a prize, a gift card, or a voucher", which you must use, or "You've been offered a credit card with a low or no interest rate". You must take action because there is an issue with your payment information. There's a delivery package notification  potentially requesting you to reschedule a delivery slot or pay a delivery fee to obtain it. If you weren't the one who made the purchase or transaction, you'll be alerted and asked to respond.
  • Remember any reputable organizations will not approach you out of the blue by text message and ask you to reveal personal or financial information. 
  • There are grammatical and spelling mistakes. In client correspondence, legitimate businesses rarely make obvious spelling or grammatical problems. 
  • Is the message of any interest to you? Did you order or expect anything, for example, if it alerts you about a parcel delivery? Did you enter a competition if it informs you about a prize? Is it a gift card from a store where one previously purchased something? 
Why do People continue receiving spam texts, they may utilize technologies to generate numbers automatically, so you may obtain both robocalls and robotexts even if you have a different phone number. Users' data is sold on social networking sites as prominent and well-known social networking sites watch your online behavior and sell such data for advertising. What can one do if they receive a spam text message, don't respond, avoid clicking on any links, and don't give out any personal details. Furthermore, directly go to the company's website and report the scammer. 

One important question that needs to be addressed is: What steps can be taken to protect yourself against spam texts? In order to avoid being scammed via spam texts, users are advised to only give out their personal cell phone number if it is really necessary. Online forms frequently ask for phone numbers, however, users must bear in mind that the information they provide could end up on marketing lists or databases. To help decrease the number of unwanted messages and calls, do not give out your phone number unless it is absolutely necessary, besides, do not make your cell phone number available to the public. For example, avoid putting your mobile phone number on your Facebook, Twitter, or other social media pages. Additionally, keep a close check on your phone bill which includes examining your phone bill regularly. 

Users must note that if they are unsure, they should check the provider's website to see if they are offering freebies in exchange for payment. Although it is more than likely they aren't, it is still preferable to click any of them to find out.
Read more »
Security research
CNIL Data Breach Fine France GDPR Payment Fraud Security research

The CNIL Penalized SLIMPAY €180,000 for Data Violation.

 

SLIMPAY is a licensed payment institution that provides customers with recurring payment options. Based in Paris, this subscription payment services firm was fined €180,000 by the French CNIL regulatory authority after it was discovered that sensitive client data had been stored on a publicly accessible server for five years by the firm. 

The company bills itself as a leader in subscription recurring payments, and it offers an API and processing service to handle such payments on behalf of clients such as Unicef, BP, and OVO Energy, to mention a few. It appears to have conducted an internal research project on an anti-fraud mechanism in 2015, during which it collected personal data from its client databases for testing purposes. Real data is a useful way to confirm that development code is operating as intended before going live, but when dealing with sensitive data like bank account numbers, extreme caution must be exercised to avoid violating data protection requirements.

In 2020, the CNIL conducted an inquiry on the company SLIMPAY and discovered a number of security flaws in their handling of customers' personal data. The restricted committee - the CNIL body in charge of applying fines - effectively concluded that the corporation had failed to comply with several GDPR standards based on these elements. Because the data subjects affected by the incident were spread across many European Union nations, the CNIL collaborated with four supervisory agencies (Germany, Spain, Italy, and the Netherlands). 

THE BREAKDOWNS 

1.  Failure to comply with the requirement to provide a formal legal foundation for a processor's processing operations (Article 28 of the GDPR)

SLIMPAY's agreements with its service providers do not include all of the terms necessary to ensure that these processors agree to process personal data in accordance with the GDPR. 

2. Failure to protect personal data from unauthorized access (Article 32 of the GDPR) 

Access to the server was not subject to any security controls, according to the restricted committee, and it could be accessed from the Internet between November 2015 and February 2020. More than 12 million people's civil status information, postal and e-mail addresses, phone numbers, and bank account numbers (BIC/IBAN) were all hacked. 

3. Failure to protect personal data from unauthorized access (Article 32 of the GDPR) 

The CNIL determined that the risk associated with the breach should be considered high due to the nature of the personal data, the number of people affected, the possibility of identifying the people affected by the breach from the accessible data, and the potential consequences for the people concerned.
Read more »
Sift
Content Abuse Cyber Fraud. Payment Fraud Sift

How Content Abuse is giving rise to online Frauds, explains SIFT


A report from Sift on 'Content Abuse and the Fraud Economy' explores the rising arena of online frauds and content abuse in 2020, detailing how content abuse tricks users for falling for the fraud and giving it an air of legitimacy.


The report also exposes a fraud ring in Russia that tested credit cards and wallets on e-commerce websites and posted false content.

Content Abuse 

The data used in the report came from 34,000 sites and with a survey of over 1000 users by Sift on Content Abuse.

Understanding the "Fraud Supply Chain: A Network of Content Abuse, Account Takeover (ATO) and Payment Fraud" -

As a market works on a proper chain of demand and supply similarly these fraud rings have a proper network where content abuse works as a bridge between Payment fraud and account takeover.

Account Takeover exposes financial credentials and includes stolen cards and debits or wallets that can be used for performing payment fraud whereas content abuse works as a cushion and bridges account takeover and payment fraud. It convinces users to share details or send money through fake messages, reviews, phishing, or romance scams. Payment fraud then is the goal of the above two where buying and selling could occur via the cards and info collected by Account Takeover and Content Abuse.

 According to the report fake content can be found in plenty on the Internet and the numbers are shocking. Consumers find 70% of content on social media fake, 40% on classified, 21% on travel sites, and 15% on Job Boards.

 The Bargaining Bear

Sift's data science team in June also discovered a fraud ring on an e-commerce market place that exploited account takeover and content abuse to check the credentials of stolen debit cards and wallets to see if they worked and how much were they worth.

 "To test dozens of stolen cards, they “sold” the items to each other, after “haggling” those prices down to $1.00 USD— a typical price used to test hijacked payment details. Each listing was uncharacteristic for this marketplace, purchased on the same day, and included several fake reviews to strengthen the appearance of authenticity.", stated the report. 

 The team working from Russia, made various sellers profiles (with the same IP address) and sold stuff at cheap prices and bought the materials themselves leaving fake content listings that gave a legitimate reputation to the seller for easy card testing.
Read more »
Subscribe to: Posts (Atom)