Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scam. Show all posts
UPI
Banking Digital Arrest Jumped Deposit Scam SBI Scam Technology UPI

Banking Fraud: Jumped Deposit Scam Targets UPI Users


Users of the unified payments interface (UPI) are the victims of a recent cyber fraud known as the "jumped deposit scam." First, scammers persuade victims by making a modest, unsolicited deposit into their bank accounts. 

How does it operate? 

A scammer uses UPI to transfer a tiny sum to the victim's bank account. After that, they ask for a larger withdrawal right away. The victim might quickly verify their bank account amount due to this sudden deposit. The victim must input their personal identification number (PIN) to access their bank details, and the stolen withdrawal is authorized. The difference money is stolen by fraudsters.

The Hindu reports, “Scammers exploit the recipient’s curiosity over an unsolicited deposit to access their funds.”

The public was previously warned by the Tamil Nadu Cyber Crime Police to exercise caution when dealing with such unforeseen deposits. It noted that the latest scam was the subject of numerous complaints to the National Cyber Crime Reporting Portal.

What to do?

There are two methods UPI customers can use to guard against jumped deposit scams. 

Since withdrawal requests expire after a certain amount of time, wait 15 to 30 minutes after noticing an unexpected transaction in your bank account before checking your balance. Try carefully entering an incorrect PIN number to reject the prior transaction if you don't have time to wait a few minutes. 

Additionally, to confirm the legitimacy, notify your bank if you discover an unexpected or sudden credit in your account. Scam victims need to file a complaint with the cybercrime portal or the closest police station.

Banking attacks on the rise

The State Bank of India recently highlighted several cybercrimes, including digital arrests and fake customs claims, in light of the rise in cybercrimes. To safeguard themselves, the bank advised its clients to report shady calls and confirm any unexpected financial requests. 

It explained scams like "digital arrests," where scammers pretend to be law enforcement officers and threaten to question you about fictitious criminal conduct. For easy chores, some scammers may offer large quantities of money as payment. After that, they might request a security deposit.
Read more »
Scam
Cyber Awareness Cyber Crime Digital Arrest India Internet Scam

Digital Arrest: How Even The Educated Become Victims

Digital Arrest: How Even The Educated Become Victims

One of the most alarming trends in recent times is the surge in digital arrest scams, particularly in India. These scams involve cybercriminals impersonating law enforcement officials to extort money from unsuspecting victims. 

Cybersecurity threats are rapidly escalating in India, with digital arrest scams becoming a major issue. Even well-educated individuals are falling victim to these sophisticated schemes. 

Digital Arrest: A Scam

The concept of a digital arrest does not exist in law. These scams involve cybercriminals masquerading as law enforcement officials or government agencies like the State Police, CBI, Enforcement Directorate, and Narcotics Bureau. 

These scams often leverage official-sounding language and sometimes even use fake police or court documents to appear legitimate. Scammers sometimes use deepfake technology to create convincing video calls, making it even harder for victims to distinguish between a real and a fraudulent interaction.

Scammers may also send fake arrest warrants, legal notices, or official-looking documents via email or messaging apps. They accuse victims of severe crimes like money laundering, drug trafficking, or cybercrime. 

Common claims include: "a phone number linked to your Aadhaar number is involved in sending abusive messages or making threatening calls," "a consignment with drugs addressed to you has been intercepted," or "your son has been found engaged in nefarious activity." They may even fabricate evidence to make their accusations more credible.

The Problem in India

India has seen a significant rise in digital arrest scams, affecting individuals across different strata of society. The problem is exacerbated by the fact that many people are unaware of the nuances of cybercrime and can easily fall prey to such tactics. 

Factors contributing to the rise of these scams in India include:

  1. Increased Internet Penetration: With more people accessing the Internet, especially on mobile devices, the pool of potential victims has expanded significantly.
  2. Lack of Cyber Awareness: Despite the growth in internet usage, there is a significant gap in cyber awareness and education. Many individuals are not equipped with the knowledge to identify and respond to such scams.
  3. The sophistication of Scammers: Cybercriminals are becoming increasingly sophisticated, using advanced technologies and psychological tactics to manipulate victims.

The impact of digital arrest scams on victims can be severe. Apart from financial loss, victims often experience psychological distress and a loss of trust in digital platforms. Educated individuals, who might otherwise be cautious, can also fall victim to these scams, as the fear of legal repercussions can cloud judgment.

Read more »
Scam
Amazon Hacking links phishing Scam

Chenlun’s New Phishing Schemes Target Big-Name Brands

 


A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data. This operation is put at the hands of the threat actor "Chenlun," who was seen tricking people last year for masquerading as a USPS delivery alert during the holiday season. On 18 October 2024, consumer targeting waves, this wave represents new waves in tactics that target trusting consumers on the most-used brands.

Phishing Attack Evolution: From USPS Notification Scam to Authentication and Authorization Hack

In December 2023, DomainTools reported on the earlier approach that Chenlun used through exploiting USPS alerts to instruct users on how to navigate to fraudulent websites. This scheme, also labelled as "smishing, tricked users into message prompting them to visit virtually identical websites to the one genuine USPS websites. These next sent information that victims did not need to provide. With the current attack, however, Chenlun used the more narrow deception of alerts that there is unauthorised access to his or her online store accounts. This prompted victims into confirmation of their account information with links that led him to a scam website. To this end, it goes without saying that one ought to be careful when opening any link on email or text.


Advanced techniques of hiding and concealing evidence

The strategies that Chenlun uses today are more advanced than that of not being detected. The phishing attack this year is different from the past years because it does not use domain names containing USPS but instead uses a DGA. A DGA automatically generates new, arbitrary domain names, which creates an added difficulty in blocking malicious websites and makes it challenging for the security systems to identify phishing attempts. The constant change in the infrastructure of the domain leaves Chenlun free to continue their attacks without instant interference from cybersecurity defences.


Changed Domain Structures and Aliases

The latest phishing campaign also demonstrates the changed structure of the Chenlun domain. Last year, the fraudsters utilised domains like the official USPS websites. This time around, they change them into simple domains and even switch to other registrars and name servers. Now, they use NameSilo and DNSOwl, for example, and not Alibaba Cloud's DNS service, just like last year. The changing tendency makes phishing attempts less predictable and also complicates the procedure for cybersecurity analysts in relation to the identification and monitoring of suspicious domains.

Moreover, the most recent activity of Chenlun used pseudonyms like "Matt Kikabi" and "Mate Kika". These pseudonyms, which were first identified in the 2023 report, have more than 700 active domains. Reusing these identities, Chenlun has been able to maintain a massive presence online undetected by cybersecurity tools.


Collaboration as a Critical Form of Defense Against Phishing

DomainTools emphasises that effective countermeasures against phishing attacks require the collective efforts of organisations. Recommendations from security experts include active monitoring of registration patterns, sharing threat intelligence, and developing robust strategies that can counter changing phishing techniques.

DomainTools further emphasises that Chenlun's strategy changes reflect the ongoing problem that cybersecurity professionals face. By constantly changing obfuscation techniques, Chenlun underlines the importance of domain-related data in identifying patterns and suspect domains.


Takeaway for Business and Consumers

Continuous activity by Chenlun also points to the fact that vigilance needs to be maintained, given the sophistication in phishing scams. Business entities need to strengthen cybersecurity measures in monitoring domain registrations and promote threat intelligence sharing. Individual consumers need to maintain vigilance by avoiding a response to unsolicited messages or links.

In short, Chenlun's latest phishing campaign calls out for proactive defence. While the attackers continue adapting with a view to remain unseen, the necessity for people to stay updated and network inter-sectorally is the urgent requirement in the world of digitization.


Read more »
Scam
Bengaluru Cyber crimes Fraud porter Scam

Delivery Partners Exploit App Loophole, Defraud Logistics Company in Bengaluru

 




This is a major fraud case whereby delivery partners exploited a weakness in the logistics app Porter, syphoning Rs 90 lakh from Bengaluru. The swindle was detected by a routine business audit conducted in July by Smart Shift Logistics Solutions Pvt Ltd, which runs Porter. After this, an official of the logistics company filed a complaint with the police. Insider involvement was ruled out through automated operations.

The authorities suspected it could be an inside job when the fraud was first detected, considering the scale of the crime. They looked at the backend operations of the company and found nothing internal as most processes were automated. This led to a deep probe with Sarah Fathima, the Deputy Commissioner of Police (Southeast), assigning a team to trace the refunds made by the company since January. This series of operations was headed by ACP Govardhan Gopal, along with inspector Eshwari from the Southeast Cybercrime, Economic Offences, and Narcotics (CEN) police station.


Understanding the Scam

The investigators soon came across several refunds credited to the same accounts, and a rather clear fraud pattern began to emerge. The police were following this chain of suspicious transactions when it led them to a Shreyas TL, a 29-year-old from Hassan's Hirisave. Based on confession questioning of Shreyas, the police managed to seize three others: Kaushik KS, aged 26, from Mandya, Ranganath PR, also 26, and Anand Kumar, 30, both from Mandya.

These were earlier cab drivers and food delivery partners for various online applications who chanced upon loopholes in the Porter app after dabbling in such scams in other delivery services. They eventually managed to pinpoint how to exploit the Porter system through trial and error for their financial gains.


How the scam was run

Porter has a system where the driver can get a part of the total bill through his wallet whenever he accepts the job. And if he rejects the delivery, he will have his money back automatically. The application does not allow abusing this system, and therefore it has a strict cancellation policy where it blacklists the drivers in case they cancel two deliveries consecutively.

The fraudsters bypassed the system. Geo-spoofing is an application of the technology, using which they manipulated the app so as to pose their locations at places where there are few available drivers. This way, they accepted the jobs using their fake delivery accounts. The amount of the bill was credited to their digital wallets. Then the amount was drawn from these wallets into bank accounts. They canceled the delivery, and customers canceled the order and received a refund.

The reason they did not get blacklisted was because of repeated cancellations, so to avoid that, the gang bought fake phone numbers from Telegram groups and created new accounts on the app with them. Additionally, the gang practiced geo-spoofing to change their location into neighbouring states, making it hard for the authorities to trace them.


A Perfected Scam

The operation of the gang was so sophisticated that they managed to make off with a total of Rs 90 lakh from the company. Taking advantage of loopholes in the automation of the app, they had syphoned off the amount without raising any suspicion in the beginning. But finally, after going through a detailed investigation, it was traced by the police, and the fraudsters were caught.

This case shines a light on the importance of secure and foolproof systems in online platforms, especially those handling financial transactions. It also highlights the need to frequently audit and monitor company automated processes to detect fraud before it gets out of hand.




Read more »
Trading
Apple cryptocurrency Cyber Fraud Cybersecurity Fake Apps Fraud Google investment phishing Scam Trading

Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

 

A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment scam known as "pig butchering," where fraudsters lure victims into investments by posing as romantic partners or financial advisors.

Victims are manipulated into losing funds, with scammers often requesting additional fees before disappearing with the money.

Group-IB, based in Singapore, noted that the campaign targets victims globally, with reports from regions like Asia-Pacific, Europe, the Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, are labeled under "UniShadowTrade" and have been active since mid-2023, offering promises of quick financial gains.

One app, SBI-INT, even bypassed Apple’s App Store review process, giving it an illusion of legitimacy. The app disguised itself as a tool for algebraic formulas and 3D graphics calculations but was eventually removed from the marketplace.

The app used a technique that checked if the date was before July 22, 2024, and, if so, displayed a fake screen with mathematical formulas. After being taken down, scammers began distributing it via phishing websites for Android and iOS users.

For iOS, downloading the app involved installing a .plist file, requiring users to trust an Enterprise developer profile manually. Once done, the fraudulent app became operational, asking users for their phone number, password, and an invitation code.

After registration, victims went through a six-step process involving identity verification, providing personal details, and agreeing to terms for investments. Scammers then instructed them on which financial instruments to invest in, falsely promising high returns.

When victims tried to withdraw their funds, they were asked to pay additional fees to retrieve their investments, but the funds were instead stolen.

The malware also included a configuration with details about the URL hosting the login page, hidden within the app to avoid detection. One of these URLs was hosted by a legitimate service, TermsFeed, used for generating privacy policies and cookie consent banners.

Group-IB discovered another fake app on the Google Play Store called FINANS INSIGHTS, which had fewer than 5,000 downloads. A second app, FINANS TRADER6, was also linked to the same developer. Both apps targeted countries like Japan, South Korea, Cambodia, Thailand, and Cyprus.

Users are advised to be cautious with links, avoid messages from unknown sources, verify investment platforms, and review apps and their ratings before downloading.
Read more »
Scam
Hong Kong malware Online Scams phishing Scam

Cybersecurity Attacks Rise in Hong Kong, Scammers Steal Money


Hong Kong has experienced a rise in cybersecurity threats, scammers are targeting individuals and businesses. A recent survey highlighted by the South China Morning Post (SCMP) reveals that nearly two-thirds of victims have suffered financial losses or wasted valuable time due to these cyber threats. This alarming trend underscores the urgent need for heightened awareness and robust cybersecurity measures.

The Growing Menace of Cyber Scams

In the past year, 49% of Hong Kong respondents faced online threats, up from 40% previously, according to Norton. Scams were the most common, impacting 34% of respondents, with nearly two-thirds losing money or time. Phishing and malware each affected 28% of respondents.

Cyber scams have become the most prevalent online threat in Hong Kong. These scams range from phishing emails and fraudulent websites to sophisticated social engineering tactics. 

Phishing and Malware

Phishing attacks, where cybercriminals disguise as legitimate entities to steal personal information, have seen a marked increase. These attacks often come in emails or messages that appear to be from trusted sources, such as banks or government agencies. Once the victim clicks on a malicious link or downloads an attachment, their personal data is compromised.

Malware attacks are another growing concern. These malicious software programs can infiltrate systems, steal data, and cause extensive damage. The SCMP survey indicates that a considerable portion of the population has been affected by malware, leading to data breaches and financial losses.

In June, police arrested 10 individuals for impersonating mainland security officials and defrauding a 70-year-old businesswoman of HK$258 million (US$33.2 million) in a phone scam. 

By August, local authorities, including the police and the Hong Kong Monetary Authority (HKMA), instructed 32 banks and 10 stored-value-facility operators to broaden their anti-fraud alerts to cover suspicious transactions at bank counters and online.

The Human Factor: A Critical Vulnerability

Despite advancements in technology, human vulnerabilities remain a significant risk factor. Cybercriminals often exploit the lack of awareness and vigilance among users. For instance, clicking on suspicious links, using weak passwords, and failing to update software are common mistakes that can lead to security breaches.

Read more »
Security
Cyber Fraud Data Leak Privacy Scam Scamster Security

Chemical Giant Orion Loses $60 Million in Email Scam

 

Luxembourg-based Orion S.A., a leading supplier of carbon black, has been defrauded of a staggering $60 million. The company alerted the US Securities and Exchange Commission (SEC) on August 10th through an official filing (Form 8-K).

The filing reveals that a non-executive employee became the target of a criminal operation. The document states: "On August 10, 2024, Orion S.A. determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulent wire transfers to accounts controlled by unknown individuals."

While Orion refrained from sharing specific details about the attack, the nature of the incident - multiple fraudulent wire transfers initiated by an employee - strongly suggests a BEC scam.

In a typical BEC scam, cybercriminals gain access to a legitimate email account belonging to a high-ranking official within a company or impersonate them through a spoofed email address. They then target employees with access to company finances, tricking them into authorizing unauthorized payments.

Common tactics employed by BEC scammers include:

  • Urgency and secrecy: Criminals may claim the company is in the process of acquiring a competitor and needs to expedite the transaction confidentially to avoid media attention or alerting rivals.
  • Impersonation: Scammers may use stolen email credentials or create lookalike email addresses to convincingly impersonate executives.
  • Phone calls: In some cases, the attackers may even follow up with phone calls to pressure the targeted employee into acting swiftly.

The effectiveness of BEC scams lies in their ability to exploit gaps in communication within large organizations. Many employees may not have personal interactions with senior management, making them more susceptible to falling for impersonations and deceptive tactics.

Reports indicate that BEC attacks are a major form of cybercrime, causing significant financial losses, and rivaling the damage inflicted by ransomware attacks.

Read more »
Scam
Android Users APK Files bank account cyber attack Financial Fraud KYC Scam

New APK Scam: Protect Your Bank Account from Fraudsters


 


Punjab and Sind Bank (PSB) recently issued a public notice alerting customers to a new scam involving fraudulent messages and malicious APK files. This scam threatens grave  financial losses if customers do not take proper precautions.

How the APK Scam Works

Step 1: Creating Panic with Fake Messages

Scammers initiate the fraud by sending text messages that mimic legitimate bank communications. These messages claim that recipients must update their Know Your Customer (KYC) information to avoid having their bank accounts blocked. The fraudulent messages create a sense of urgency, making recipients more likely to follow the instructions.

Kaushik Ray, Chief Operating Officer of Whizhack Technologies, explains that these messages exploit users' fears and desires, bypassing rational judgement. The goal is to trick recipients into downloading a malicious APK file, a common format for Android apps.

Step 2: Installing Malicious APK Files

Once recipients are convinced by the false narrative, they are instructed to download and install an APK file. These files often contain malware. Upon installation, the malware grants hackers access and control over the victim's mobile device.

Step 3: Executing Cyber Attacks

With control of the device, hackers can perform various malicious activities. These include installing a keylogger to capture sensitive information like banking credentials and passwords, launching ransomware attacks that lock the device until a ransom is paid, and accessing the clipboard to steal copied information such as account numbers.

How to Protect Yourself from APK Scams

To protect against these scams, PSB advises customers to take the following precautions:

1. Avoid Downloading Files from Unknown Sources: Only download apps from trusted sources like the Google Play Store.

2. Do Not Click on Suspicious Links: Be wary of links received in unsolicited messages, even if they appear to be from your bank.

3. Block and Report Suspicious Contacts: If you receive a suspicious message, block the sender and report it to your bank or relevant authorities.

4. Never Share Personal Information Online: Do not disclose personal or financial information to unverified sources.

Why APK Scams Target Android Users

Ray highlights that this scam primarily targets Android users because APK files are specific to Android devices. iOS devices, which use a different file format called IPA, generally have stricter controls against installing third-party apps, making them less vulnerable to this type of attack. However, iOS users should remain vigilant against phishing and other scams.

Real-Life Impacts of the APK Scam

Imagine receiving a message that your bank account will be frozen if you do not update your KYC information immediately. This could lead to panic about how you will pay for everyday expenses like groceries, school fees, or utility bills. Scammers exploit this fear to convince people to download the malicious APK file, giving them access to your device and your money.

Stay alert, verify the authenticity of messages, and protect your personal information to safeguard your financial assets.


Read more »
Transactions
Bengaluru Cyber Crime Scam Stock market Transactions

Stock Market Scam in Bengaluru: Businessman Loses Rs 5.2 Crore



In a recent cybercrime incident, a 52-year-old businessman from Bengaluru fell victim to a stock market scam, losing a staggering Rs 5.2 crore. The victim, referred to as Sharath for anonymity, reported the incident to the cybercrime police on April 8. According to his account, the ordeal began when he received a WhatsApp message on March 11 promoting stock market investments with promises of high returns. Despite refraining from clicking the accompanying link, Sharath found himself involuntarily added to a WhatsApp group named "Y-5 Ever Core Financial Leader," boasting around 160 members.

Subsequently, Sharath received numerous calls from unidentified numbers, urging him to download an application linked to the investment scheme. Initially resistant, Sharath eventually succumbed to the persuasion tactics employed by the fraudsters and downloaded the app. Under the guidance of the perpetrators, Sharath began purchasing stocks facilitated by multiple accounts provided by the fraudsters. Assured that his funds were being invested in the stock market, Sharath transferred a staggering Rs 5.2 crore to five designated accounts by April 2.

Despite his growing suspicions, Sharath's attempts to withdraw profits or reclaim some of his invested capital for further investments were thwarted by the fraudsters. It was only then that he realised he had fallen victim to a scam. In response to the complaint, authorities have initiated legal proceedings under the IT Act, with ongoing investigations. Efforts have been made to freeze the funds in the fraudsters' accounts in collaboration with bank officials, raising hopes for potential recovery of some of the lost money, as confirmed by a senior police official.

Senior Citizen Scammed: Woman Loses Rs 6 Lakh

In another distressing incident, a 61-year-old woman fell prey to cybercriminals impersonating Delhi police and Customs officials. Exploiting her fear, the fraudsters falsely accused her of drug smuggling and money laundering, coaxing her to transfer Rs 6.56 lakh. Manipulating her trust, they provided fake validation procedures, leading to her significant loss.

These incidents serve as stark reminders of the growing tactics of cybercrime and the importance of caution while engaging in online transactions. Authorities urge the public to exercise caution and scepticism when encountering unsolicited investment opportunities or suspicious requests for financial transactions. As investigations continue into these cases, efforts to combat cybercrime through deliberate security measures and real-time data sharing remain imperative to safeguard individuals and businesses from falling prey to such fraudulent schemes.


Read more »
US Schools
CAPTCHA Security cyber attack Cyber Attacks PHaas phishing Scam Storm-1575 Tycoon US Schools

Rise in Phishing Attacks Targeting US Schools Raises Concerns

 



Through a recent report by PIXM, a cybersecurity firm specialising in artificial intelligence solutions, public schools in the United States face a significant increase in sophisticated phishing campaigns. Threat actors are employing targeted spear phishing attacks, utilising stealthy patterns to target officials in large school districts, effectively bypassing Multi-Factor Authentication (MFA) protections.

Since December 2023, there has been a surge in MFA-based phishing campaigns targeting teachers, staff, and administrators across the US. The attackers, identified as the Tycoon and Storm-1575 threat groups, employ social engineering techniques and Adversary-in-the-Middle (AiTM) phishing to bypass MFA tokens and session cookies. They create custom login experiences and use services like dadsec and Phishing-as-a-Service (PhaaS) to compromise administrator email accounts and deliver ransomware.

The Tycoon Group's PhaaS, available on Telegram for just $120, boasts features like bypassing Microsoft's two-factor authentication. Meanwhile, Microsoft identifies Storm-1575 as a threat actor engaging in phishing campaigns through the Dadsec platform. The attacks involve phishing emails prompting officials to update passwords, leading them to encounter a Cloudflare Captcha and a spoofed Microsoft password page. If successful, attackers forward passwords to legitimate login pages, requesting two-factor authentication codes and bypassing MFA protections.

The attacks commonly target officials such as the Chief of Human Capital, finance, and payroll administrators. Some attempts involve altering Windows registry keys, potentially infecting machines with malicious scripts. The attackers conceal their tracks using stealth tactics, hiding behind Cloudflare infrastructure and creating new domains.

Despite using CAPTCHAs in phishing attacks providing a sense of legitimacy to end-users, there's potential for malicious trojan activity, including modifying Windows registry keys and injecting malicious files. These attacks can result in malware installation, ransomware, and data exfiltration.

Schools are the most targeted industry by ransomware gangs, with student data being a prominent prey of cybercrime. A concerning trend shows unprecedented data loss, with over 900 schools targeted in MOVEit-linked cyber attacks. Recent data leaks, such as the one involving Raptor Technologies, have exposed sensitive records belonging to students, parents, and staff, raising concerns about student privacy and school safety.

To protect against these phishing attacks, organisations are advised to identify high-priority staff, invest in tailored awareness efforts, caution users against suspicious links, and implement proactive AI-driven protections at the browser and email layers.

To take a sharp look at things, the surge in phishing attacks targeting US schools states the significance of cybersecurity measures and the need for increased awareness within educational institutions to safeguard sensitive information and ensure the privacy and safety of students and staff.


Read more »
Scam
2FA Cash App Cyber Security Data protection Financial Fraud Holiday Scam Identity Theft Money Transfer Scam

Fallen Victim to Zelle Scams During the Holiday Season

Identity theft is a serious concern at a time of rapid technology development and digital commerce. It becomes essential to strengthen our defenses against potential cyber threats as we negotiate the complexities of internet platforms and financial services. Identity protection must be prioritized immediately, as shown by several recent instances. 

A thorough analysis by CNET states that as more people become aware of the significance of protecting their personal information online, there is a growing demand for identity theft protection services. The paper emphasizes that because hackers have become more skilled, protecting sensitive data needs to be done proactively.

The holiday season, a time of increased financial activity, poses additional challenges. Fraudsters exploit popular money transfer services like Zelle, Venmo, and Cash App during this period. As we enter 2023, it is crucial to be aware of potential threats and adopt preventive measures. Emily Mason's analysis serves as a wake-up call, urging users to exercise caution and be vigilant in protecting their accounts.

One of the prevalent scams involves Zelle, as reported by sources. Victims of Zelle scams find themselves ensnared in a web of financial deceit, with the aftermath often leaving them grappling for solutions. Refund scams, in particular, have become a cause for concern, prompting financial experts to emphasize the need for enhanced security measures and user education.

To fortify your defenses against identity theft and financial fraud, consider implementing the following recommendations:
  • Employ Robust Identity Theft Protection Services: Invest in reputable identity theft protection services that monitor your personal information across various online platforms.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This additional step can thwart unauthorized access attempts.
  • Stay Informed and Vigilant: Keep abreast of the latest scams and fraud techniques. Awareness is your first line of defense.
  • Regularly Monitor Financial Statements: Review your bank and credit card statements regularly for any suspicious activity. Promptly report any discrepancies to your financial institution.
  • Educate Yourself on Common Scams: Familiarize yourself with the modus operandi of common scams, such as refund fraud and phishing attempts, to recognize and avoid potential threats.
Safeguarding your identity in the constantly changing world of digital transactions is a shared duty between users and the platforms they use. People can greatly lower their chance of being victims of identity theft and financial fraud by being informed and taking preventative action. As technology develops, maintaining the integrity of our personal data increasingly depends on taking a proactive approach to security.

Read more »
User Privacy
Banglore Cyber Security Data Privacy Investment fraud Law Enforcement Phising Attacks Scam User Privacy

Bengaluru Police Bust Rs 854 Crore Cyber Fraud

The Bengaluru Police have made significant progress in uncovering a sophisticated cyber investment fraud that involved an astonishing amount of Rs 854 crore. The study clarifies the complex network of mule accounts that was essential to carrying out this financial crime.

The cyber investment fraud, as reported by various news sources, involved the arrest of six individuals allegedly orchestrating the massive scam. The criminals exploited unsuspecting victims through promises of lucrative investment opportunities, ultimately siphoning off a colossal sum of money.

Mule accounts, a term less known to the general public, have emerged as a linchpin in cybercrime operations. These accounts act as intermediaries, facilitating the movement of illicit funds while providing a layer of anonymity for the perpetrators. The Bengaluru Police, in their diligent investigation, uncovered the intricate network of mule accounts that were instrumental in the success of this cyber investment fraud.

The criminals behind the fraud reportedly used a combination of advanced technology and social engineering tactics to lure victims into their scheme. Once hooked, the victims were persuaded to invest significant sums of money, which were then funneled through a complex web of mule accounts to conceal the illicit transactions. The scale and sophistication of this operation highlight the evolving nature of cybercrime and the challenges faced by law enforcement agencies in tackling such crimes.

The timely intervention of the Bengaluru Police showcases the importance of proactive measures in combating cybercrime. The investigation not only led to the arrest of the alleged perpetrators but also served as a wake-up call for individuals to exercise caution and due diligence in their online financial activities.

As the digital landscape continues to evolve, the need for cybersecurity awareness becomes more critical than ever. The Bengaluru case underscores the necessity for individuals, businesses, and law enforcement agencies to collaborate in developing robust cybersecurity measures. Education about the tactics employed by cybercriminals, such as the utilization of mule accounts, is crucial for staying one step ahead in the ongoing battle against online fraud.



Read more »
Social Media
Data Breach Goa Malicious actor Password Hacking Phising Attacks Scam senior citizens Sensitive Information Social Media

Protecting Goa's Seniors from Increasing Cyber Threats

Cybercrimes have increased alarmingly in recent years in Goa, primarily targeting elderly people who are more vulnerable. The number of cybercrime incidents in the state has been continuously increasing, according to reports from Herald Goa, raising concerns among the public and law enforcement.

Data from the Goa Police Department indicates a concerning rise in cases of cybercrime against senior citizens. Scammers frequently use sophisticated techniques to prey on this group's lack of digital literacy. To acquire unlawful access to private data and financial assets, they employ deceptive schemes, phishing emails, and bogus websites.

In an interview with Herald Goa, Inspector General of Police, Jaspal Singh, emphasized the need for enhanced awareness and education regarding online safety for senior citizens. He stated, "It is crucial for our senior citizens to be aware of the potential threats they face online. Education is our strongest weapon against cybercrime."

To address this issue, the Goa Police Department has compiled a comprehensive set of cybercrime prevention tips, available on their official website. These guidelines provide valuable insights into safeguarding personal information, recognizing phishing attempts, and securing online transactions.

Additionally, experts advise seniors to be cautious when sharing personal information on social media platforms. Cybercriminals often exploit oversharing tendencies to gather sensitive data, which can be used for malicious purposes. Individuals must exercise discretion and limit the information they disclose online.

Furthermore, the importance of strong, unique passwords cannot be overstated. A study conducted by cybersecurity firm Norton revealed that 65% of individuals use the same password for multiple accounts, making them vulnerable to hacking. Senior citizens are encouraged to create complex passwords and consider using password manager tools to enhance security.

The increasing number of cybercrimes in Goa that target senior folks highlights how urgent the problem is. It is essential to give priority to education, awareness, and preventative security measures to combat this expanding threat. Seniors can use the internet safely if they follow the advice for prevention and stay educated about potential risks. 
Read more »
Scam
Company Data Breach Job Scams Jobseekers Linkedin New Jobs Online Jobs Perfect Jobs Scam

Online Jobseekers Beware: Strategies to Outsmart Scammers

 


The number of employment scams is increasing, and the number of job seekers who are targets of cunning scammers is also on the rise. A person who is seeking a new job is advised to be vigilant to these scams and to be aware of what to look out for to better protect themselves against them if they are searching for one. 

Precisely what is the scam? 

On fake websites that look like they belong to reputable companies, criminals will pose as them to post fictitious job descriptions that require applicants to apply for fictitious jobs. The scammers will then make false job offers to candidates looking for a job. 

Sometimes, the fraudster may ask for personal information, like a person's address, bank details, or personal information like a passport number. It is becoming increasingly common for these scams to take the form of legitimate recruitment activities, and they often appear to be recruiting through third-party websites or direct email exchanges. 

It is becoming increasingly common for employers to be caught up in this sort of scam, which is known as recruitment fraud. A scammer has been known to target job seekers with fake job openings on LinkedIn as the social networking site receives more than 100 job application submissions per second. 

Approximately two-thirds of British users have been targeted in the last several years, according to a study conducted by NordLayer, a security firm. Scammers do not limit themselves to LinkedIn, with scammers exploiting other genuine, well-known job websites as well as sending email solicitations directly to university students by targeting them directly within their email addresses. 

Scammers employ two main methods to con their victims. A job offer with basic information about the company and its job position sounds very interesting to job seekers, and there is a link that says that if they click on it, a presentation with detailed information about the company and the job role will appear, says Jedrzej Pyzik, a recruitment consultant at the financial recruitment firm FTeam.

It has been observed that after clicking through the link, there are usually some landing pages that require the user to download a certain program, log in, and provide personal information - this is the most common one that has noticed the most, said Jedrzej. 

When that data is obtained, it can be used to steal the job seeker's identity, or even to open a bank account in their name or to apply for credit in their name if the job seeker is not present. Another popular scam involves asking "successful" job applicants to send over a substantial amount of money upfront to have the money paid back when they are hired - a practice known as advance fee scams. 

If a person is told that the amount can be credited towards training fees, criminal background checks by the Disclosure and Barring Service (DBS), travel fees like visas, or equipment that is needed for the job, they may feel more inclined to apply. 

The problem is that if a check is ever received to cover these costs, it will bounce. A large part of the problem is associated with fake job ads, which are especially common when it comes to the recruitment process for students and recent graduates, who may be considered to be less knowledgeable about it. 

Several scams have been targeting US university students lately, according to the security firm Proofpoint, offering jobs in biosciences, healthcare, and biotechnology fields, mostly in recent months. These scams appear to have targeted students in various parts of the country. 

Is there a way to protect from these Frauds? 

To identify phishing scams, follow these five tips: 

It is advisable to avoid generic emails at all costs. A lot of effort is put into casting a wide net when scammers do not include specific information in their scams. It is always a good idea to be cautious when receiving an email that seems overly generic. 

The spelling of domain names and email addresses should be checked very carefully. Even a slight change of lower and uppercase letters can result in a redirect to a different domain where the job seeker may be a victim of identity theft. 

A recruitment agent from an authentic company will most often ask applicants for an in-person interview if the candidate truly meets all the requirements for the job. 

A recruiter will never ask a prospective candidate for financial information or payments as part of an employment application or as a condition of employment or anything similar.

Those who post a job stating the position is the "perfect job" usually make this claim as they rely on the high pay they will offer for positions that do not require any skills and experience. 

It is likely that such a job is a scam and is just too good to be true. There is a concerted effort being made by job platforms to eliminate job scams in their platforms. 

A report from LinkedIn claims that 99.3% of the spam and scams it detects are caught by its automated defences, and 99.6% of the fake accounts it detects are blocked before members even know they exist. Additionally, job websites are also doing their part to help those looking for work. 

It is the company's policy to perform automatic verification processes that confirm the validity of its advertisers, according to Keith Rosser, director of group risk at Reed, a process which involves checking Company House information, the domain information of the company as well as the email addresses and physical addresses of the company's advertisers. 

The job seekers are advised, however, to be cautious and to check whether the employer is legitimate before sharing any personal information with them. Before sharing any personal information, it would be wise to verify that the organization exists.
Read more »
Security
attackers attacks CryptoLabs Cyber Fraud Data Data Safety data security hack Hackers Investors Safety Scam Scammers Security

CryptosLabs Scam Ring Preys on French-Speaking Investors, Amasses €480 Million

 

A group of cybersecurity researchers has uncovered the inner workings of a fraudulent organization known as CryptosLabs. This scam ring has allegedly generated illegal profits amounting to €480 million by specifically targeting individuals who speak French in France, Belgium, and Luxembourg since April 2018.

According to a comprehensive report by Group-IB, the scam ring's modus operandi revolves around elaborate investment schemes. They impersonate 40 prominent banks, financial technology companies, asset management firms, and cryptocurrency platforms. The scam infrastructure they have established includes over 350 domains hosted on more than 80 servers.

Group-IB, headquartered in Singapore, describes CryptosLabs as an organized criminal network with a hierarchical structure. The group comprises kingpins, sales agents, developers, and call center operators. These individuals are recruited to lure potential victims by promising high returns on their investments.

"CryptoLabs made their scam schemes more convincing through region-focused tactics, such as hiring French-speaking callers as 'managers' and creating fake landing pages, social media ads, documents, and investment platforms in the French language," Anton Ushakov, deputy head of Group-IB's high-tech crime investigation department in Amsterdam, stated.

"They even impersonated French-dominant businesses to resonate with their target audience better and be successful in exploiting them."

The scam begins by enticing targets through advertisements on social media, search engines, and online investment forums. The scammers masquerade as the "investment division" of the impersonated organization and present attractive investment plans, aiming to obtain the victims' contact details.

Once engaged, the victims are contacted by call center operators who provide them with additional information about the fraudulent platform and the credentials needed for trading. After logging into the platform, victims are encouraged to deposit funds into a virtual balance. They are then shown fabricated performance charts, enticing them to invest more in pursuit of greater profits. However, victims eventually realize they cannot withdraw any funds, even if they pay the requested "release fees."

"After logging in, the victims deposit funds on a virtual balance," Ushakov said. "They are then shown fictitious performance charts that trigger them to invest more for better profits until they realize they cannot withdraw any funds even when paying the 'release fees.'"

Initially, the victims are required to deposit around €200-300. However, the scam is designed to manipulate victims into depositing larger sums by presenting them with false evidence of successful investments.

Group-IB initially uncovered this large-scale scam-as-a-service operation in December 2022. Their investigation traced the group's activities back to 2015 when they were experimenting with various landing pages. CryptosLabs' involvement in investment scams became more prominent in June 2018 after a preparatory period of two months.

A key aspect of the fraudulent campaign is the utilization of a customized scam kit. This kit enables the threat actors to execute, manage, and expand their activities across different stages of the scam, ranging from deceptive social media advertisements to website templates used to facilitate the fraud.

The scam kit also includes auxiliary tools for creating landing pages, a customer relationship management (CRM) service that allows the addition of new managers to each domain, a leads control panel used by scammers to onboard new customers to the trading platform, and a real-time VoIP utility for communicating with victims.

"Analyzing CryptosLabs, it is evident that the threat group has given its activities a well-established structure in terms of operations and headcount, and is likely to expand the scope and scale of its illicit business in the coming years," Ushakov said.
Read more »
Security
Cyber Fraud Data Data Safety Fraud Safety Scam Security

The Robotic Falcon Manufacturer Falls Victim to Cyber Criminals, Lost £100,000

 

John Donald, an entrepreneur who sells robotic falcons worldwide, has become a victim of cybercrime during the pandemic, despite his tech-savvy background. 

Donald, a 72-year-old grandfather, revealed that fraudsters targeted his family business when it faced a drastic 95% decline in turnover. Reluctantly, he succumbed to their demands and transferred nearly £100,000 to a fraudulent bank account. The incident caused immense stress for Donald and was described by him as an experience he wouldn't wish upon anyone.

Recent statistics released by Police Scotland indicate a concerning 68% rise in fraud cases since 2018, with a majority of them occurring online. 

Donald's company, Robop, which manufactures robot peregrine falcons for bird pest control, experienced significant setbacks due to the COVID-19 pandemic. It was on a Friday afternoon in December 2020, at around 16:30, when Donald received a call that initiated this distressing ordeal. The caller, speaking with an Edinburgh accent, claimed to be part of a joint banking task force and informed Donald about fraudulent activities in his account.

Initially skeptical, Donald probed the caller, but their extensive knowledge about him and his business convinced him of their credibility. Unable to reach his bank on another phone, Donald's suspicions grew stronger. 

The caller then intensified the pressure, citing a limited time window to resolve the issue due to discrepancies between their system and his. In the course of an hour-long conversation, the fraudsters persuaded Donald to transfer funds between his accounts, leaving him feeling foolish afterward but seeing no alternative at the time.

Fortunately, a friend directed Donald to the Cyber and Fraud Centre, where he sought assistance and Donald's bank refunded the stolen amount six weeks later.

Jude McCorry, the center's CEO, revealed that others had not been as fortunate. She added, "We've seen a recent fraud where there was £700,000 transferred on a property deal that went to the wrong account.

"That involved an individual rather than a company. It was huge and the investigation is still going on. Instead of always reacting to these crimes, we need to look at how we prevent it."

Police Scotland acknowledges that cybercrime is significantly underreported, with the published figures representing only a fraction of the actual problem. 

The detection rate for fraud has halved in recent years, standing at a mere 16% of cases. Assistant Chief Constable Andy Freeburn warned about the increasing involvement of Scottish crime groups in cybercrime and fraud. 

He added, "What we have seen over the last year is emerging serious and organised crime groups operating in that space, trying to exploit the Scottish public through cyber, through fraud, and we are now actively working against those gangs.

"This is something we are not going to arrest our way out of. There is a significant threat in Scotland.

"We are having successes in identifying people and recovering money in consultation with banking and financial partners.

"But we are also improving our prevention messaging, making it very clear to the public how they can help themselves by not giving out details, making sure their software is up to date on their computers and reporting anything suspicious to us."

To address this escalating threat, Police Scotland has allocated an additional £4.3 million to its cybercrime strategy, focusing on acquiring new equipment and providing training to operational officers. 

The force has also developed an ethical protocol for the use of emerging technologies. Meanwhile, John Donald urges the public to recognize the sophistication of cyber scams and recommends keeping the bank's fraud helpline on speed dial while emphasizing the importance of prompt responses from banks when people call these numbers. 
Read more »
Stolen Credentials
Cyber Fraud data security Fraudsters Safety Scam Stolen Credentials

The Infamous Cybercrime Marketplace Now Offers Pre-order Services for Stolen Credentials

 

In accordance with Secureworks, info stealer malware, which consists of code that infects devices without the user's knowledge and steals data, is still widely available for purchase through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale increasing at alarming rates. 

Between June 2021 and May 2023, the Russian market alone grew by 670%. “Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access,” said Don Smith, VP of threat research, Secureworks CTU. 

“They are readily available for purchase, and within as little as 60 seconds of installation on an infected computer will immediately generate a return on investment in the form of stolen credentials and other sensitive information. However, what has really changed the game, as far as info stealers are concerned, is improvements in the various ways that criminals use to trick users into installing them. That, coupled with the development of dedicated marketplaces to sell and purchase this stolen data, has really upped the ante,” added Smith. 

Researchers at Secureworks examined the most recent trends in the underground info stealer market, including how this sort of malware is growing more complex and harder to detect, offering a challenge to corporate network defenders. Among the key findings are:

The number of info stealer logs for sale on underground forums grows with time. The number of logs for sale on the Russian market alone surged by 150% in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

The overall growth rate for the number of logs for sale on the Russian market was 670% over a roughly two-year period (measured on a single day in June 2021 and a single day in May 2023).

The Russian market continues to be the largest seller of info stealer logs. At the time of writing, Russian Market has five million logs for sale, which is around ten times more than its nearest competitor.t is well-known among Russian cybercriminals and is often utilized by threat actors globally. Recently, Russian Market has included logs from three new thieves, indicating that the site is adapting to the ever-changing e-crime scenario.

Raccoon, Vidar, and Redline remain the top three info stealer logs for sale. On a single day in February, the following logs, or data sets of stolen credentials, were for sale among these popular info stealers on the Russian Market:
  • The number of raccoons is 2,114,549.
  • Vidar: 1,816,800
  • The redline is 1,415,458.
The recent law enforcement effort against Genesis Market and Raid Forums has influenced the behavior of cybercriminals. Telegram has benefited from this, with more log buying and trading going to specialized Telegram channels for prominent stealers like RedLine, Anubis, SpiderMan, and Oski Stealer. Despite the arrests of several users and the removal of 11 domains affiliated with Genesis Market, the Tor site remains operating, with logs still for sale.

However, activity on the marketplace has nearly ceased, as criminals have begun debating the matter on underground forums, raising concerns about the platform's reliability. A rising market has evolved to address the demand for after-action solutions that aid with log parsing, a time-consuming and difficult operation that is often left to more experienced hackers.

As the number of info stealers and available logs grows, these tools are expected to become more popular and assist to decrease the entry barrier. The successful development and deployment of info stealers, like the overall cybercrime ecosystem, depends on individuals with diverse skills, jobs, and responsibilities. The growth of malware-as-a-service has encouraged developers to innovate in order to better their products and appeal to a broader spectrum of clients.

For example, Russian Market now allows customers to preorder stolen credentials for a certain organization, business, or program for a $1,000 deposit into the site's escrow mechanism. The pre-order service offers no guarantees but allows crooks to progress from opportunistic to targeted.

“What we are seeing is an entire underground economy and supporting infrastructure built around infostealers, making it not only possible but also potentially lucrative for relatively low skilled threat actors to get involved. Coordinated global action by law enforcement is having some impact, but cybercriminals are adept at reshaping their routes to market,” continued Smith.

“Ensuring that you implement multi-factor authentication to minimize the damage caused by the theft of credentials, being careful about who can install third-party software and where it is downloaded from, and implementing comprehensive monitoring across host, network and cloud are all key aspects of a successful defense against the threat of infostealers,” concluded Smith.

Phishing, compromised websites, malicious software downloads, and Google advertisements can all be used to install info stealers on a computer or device. Stolen credentials accounted for nearly one-tenth of the incident response engagements Secureworks was involved in 2022, and were the initial access vector (IAV) for more than a third (34%) of ransomware engagements from April 2022 to April 2023.
Read more »
Sensitive Data Leak
Data Breach E-Commerce Phishing Mails Royal Mail Scam Sensitive Data Leak

Royal Mail's £1bn Losses: Strikes, Cyber Attack, and Online Shopping Crash

The Royal Mail, the UK's national postal service, has reported losses surpassing £1 billion as a combination of factors, including strikes, a cyber attack, and a decrease in online shopping, has taken a toll on its post and parcels business. These significant losses have raised concerns about the future of the company and its ability to navigate the challenges it faces.

One of the key contributors to the Royal Mail's losses is the series of strikes that occurred throughout the year. The strikes disrupted operations, leading to delays in deliveries and increased costs for the company. The impact of the strikes was compounded by the ongoing decline in traditional mail volumes as more people turn to digital communication methods.

Furthermore, the Royal Mail was also targeted by a cyber attack, which further disrupted its services and operations. The attack affected various systems and required significant resources to mitigate the damage and restore normalcy. Such incidents not only incur immediate costs but also undermine customer trust and confidence in the company's ability to protect their sensitive information.

Another factor contributing to the losses is the decline in online shopping, particularly during the pandemic. With lockdowns and restrictions easing, people have been able to return to physical retail stores, leading to a decrease in online orders. This shift in consumer behavior has impacted Royal Mail's parcel business, which heavily relies on the growth of e-commerce.

To address these challenges and turn the tide, the Royal Mail will need to focus on several key areas. Firstly, the company should strive to improve its relationship with its employees and work towards resolving any ongoing disputes. By fostering a harmonious working environment, the Royal Mail can minimize disruptions caused by strikes and ensure the smooth functioning of its operations.

Secondly, it is crucial for the Royal Mail to enhance its cybersecurity measures and invest in robust systems to protect against future cyber attacks. Strengthening the company's digital defenses will not only safeguard customer data but also bolster its reputation as a reliable and secure postal service provider.

Lastly, the Royal Mail must adapt to changing consumer behaviors and capitalize on emerging opportunities in the e-commerce market. This could involve diversifying its services, expanding its international reach, and investing in innovative technologies that streamline operations and enhance the customer experience.




Read more »
Security
Cyber Fraud Fraud Fraudsters Mobile Numbers Safety Scam Security

Police Blocked 20K+ Mobile Numbers Issued on Fake Papers

 

In accordance with a police officer, Haryana Police's cyber nodal unit has blocked 20,545 mobile phones issued on fraudulent and counterfeit paperwork. According to a Haryana police spokesman, the majority of the blocked SIM cards were issued in Andhra Pradesh, with West Bengal and Delhi following closely behind. 

Similarly, the police have detected and reported on the portal more than 34,000 cellphone numbers involved in cyber fraud operating across the state, including 40 hotspot villages in Nuh district. 

“At the same time, the remaining 14,000 mobile numbers involved in cyber fraud will also be blocked soon through the Department of Telecom, Government of India,” the police officials said.

A police official told reporters today that the state crime division is currently monitoring all mobile numbers implicated in cybercrime and is collecting reports from districts on a daily basis. He stated that 102 teams of 5000 Haryana Police officers recently stormed 14 cybercrime hotspot villages in the Nuh district.

“For this reason, at present, Haryana is at the top position in blocking mobile numbers used in cyber fraud. At present more attention is being given to such areas and villages from where cyber fraud incidents are being carried out. Recently, 102 teams of 5000 policemen of Haryana Police raided 14 cybercrime hotspots villages in Nuh district,” he added.

He further stated that Andhra Pradesh has issued the most cellphone numbers implicated in cybercrime, and that they are being used to commit cybercrime in the state.

“Currently, out of the total identified mobile numbers issued on Fake ID, a maximum of 12,822 mobile numbers have been issued from Andhra Pradesh, 4365 from West Bengal, 4338 from Delhi, 2322 from Assam, 2261 from North East states and 2490 from Haryana state. All the numbers are currently operating from different areas of Haryana and the same has been intimated to the Department of Telecom to block them,” he added.

OP Singh, Chief of the State Crime Branch and Additional Director General of Police, stated that the state crime branch, as the state nodal agency for cybercrime, has a team of 40 highly skilled cyber police personnel who have been deployed at helpline 1930 to quickly register reported incidents and collect relevant data.
Read more »
Scam
Cyber Security Data data security Facebook Accounts Fraud Hackers Hacking Safety Scam

Verified Facebook Accounts Being Hijacked to Distribute Malware; Here's How You Can Protect Yourself

 

Hackers have been caught getting into popular verified Facebook pages and using them to distribute malware through adverts on the social media behemoth. Matt Navarra, a social strategist, was the first to notice the harmful effort, exposing the danger on Twitter. 

According to Navarra, whoever is behind the campaign targeted popular Facebook sites first (one of the victims has over seven million followers and has been active for over a decade). If they gained access, they would rename the page something like Meta (Facebook's parent company) or Google. They would then buy an ad on the social media network, targeting page managers and advertising specialists.

“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.

There are several issues with this campaign, according to Navarra, including how the accounts were compromised, how Facebook enabled the threat actors to change the page's name to something seemingly related to Meta while keeping the blue checkmark, and how they were able to buy and run ads that clearly redirect the target audience to a shady website at best. 

According to TechCrunch, Facebook has since disabled all of the affected accounts and shut down the malicious activities. It also stated that Facebook pages now disclose whether or not the page has changed its name in the past, and if so, from what, which is a nice move to increase openness. 

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”
Read more »
Subscribe to: Posts (Atom)