Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Payment Gateway. Show all posts

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.

Thane: Massive 16,180 Crore Bank Hacking Fraud Uncovered, National Probe Underway

 

An FIR has been filed by Thane Police against a group of individuals, among them an ex-banker, who is accused of hacking into the account of a supplier of payment gateway services and withdrawing money of Rs 16,180 crore. The heist was carried out over time using several different bank accounts. 

On Sunday, a police spokesperson from Thane stated that the fraud had been continuing for a while. However, it was discovered following the filing of a complaint regarding the hacking of the company's account and the theft of Rs25 crore. According to a Mint report, no arrests have been made as of yet in the Rs 16,180 crore robbery case. 

But when the police started investigating into the complaint, a major theft worth 16,180 crore rupees was discovered. Under Indian Penal Code sections 420 (cheating), 409 (criminal breach of trust), 467, 468 (forgery), 120B (criminal conspiracy), and 34 (common intention), an FIR has been filed against Sanjay Singh, Amol Andale @ Aman, Kedar @ Sameer Dighe, Jitendra Pandey, and another unidentified person. 

The suspected wrongdoers are charged with illegally forming unregistered partnership firms using fake documents in order to deceive the government. As many as 260 bank accounts have been found to be linked to these duplicitously formed partnership firms, enabling transactions totalling the enormous sum indicated.

A few months ago, an unknown person successfully breached the software of Safex Payout and carried out a Rs 25 crore fraud, which served as the initial impetus for this investigation. The legal counsel for the business quickly reported a hacking and cyber fraud incident to the Srinagar police station, which drove Thane police's cyber cell to take over the investigation. 

Investigators were able to further disentangle the complex web of deceit when they discovered a fraudulent transfer of Rs 1.39 crore to an account owned by Riyaal Enterprises, a company having branches in Navi Mumbai's Vashi and Belapur. Law enforcement authorities searched these places and found a treasure trove of paperwork, including multiple bank accounts and company contracts. 

When these documents were thoroughly examined, it became clear that five partnership firms had been created at the same address using forgeries and counterfeits to use several people's names. According to Nagpur Today, inquiries posed to workers of Riyaal Enterprises resulted in information on an astounding 250 bank accounts and notarized partnership company agreements, all of which raised red flags.