Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scam. Show all posts
Scam
Cybersecurity FBI malware Ransom Scam

FBI Warns of Fake Ransom Demands Sent by Mail to US Executives

 



A new scam is targeting top business leaders in the United States, where criminals are sending letters demanding large ransom payments. Unlike typical ransomware attacks that involve hacking into computer systems, this scheme relies on physical mail. The letters claim that hackers have stolen company data and will leak it unless a ransom of $250,000 to $500,000 is paid. However, cybersecurity experts believe this is a fraud, with no actual hacking involved.  


How the Scam Works  

Investigators from the GuidePoint Research and Intelligence Team (GRIT) discovered that several companies have received these ransom letters through the US Postal Service (USPS). The letters are addressed to high-level executives and claim to be from the BianLian ransomware group, a known cybercriminal organization.  

The message states that the company's confidential information has been stolen and will be exposed unless the demanded payment is made within ten days. To make the threat appear real, the letter includes a Bitcoin wallet address and a QR code that links directly to it. Some letters also provide links to BianLian’s dark web site to add legitimacy to the claim.  

Despite these details, security analysts have found no proof that any actual data theft has occurred. The scam relies on fear and deception, hoping that executives will panic and send money.  


Why Experts Believe the Threat Is Fake  

Cybersecurity specialists have carefully examined multiple cases of this scam and found no signs of hacking or data breaches. The companies targeted in this scheme have not reported any unusual activity or unauthorized access to their systems. This strongly suggests that the criminals behind the letters are only pretending to be the BianLian ransomware group.  

The FBI has confirmed that these letters are part of a fraud campaign and do not represent a real cyberattack. Many of the envelopes are marked as "Time Sensitive" to create urgency, and some even list a return address in Boston, Massachusetts, which appears to be another false detail.  

Since there is no actual ransomware attack, businesses do not need to take technical action like removing malware or restoring stolen files. The main risk comes from executives believing the scam and paying the ransom.  


What to Do If You Receive One of These Letters  

If your company receives a similar ransom demand, take the following precautions:  

1. Check Your Systems for Security Issues – Ensure that company networks are protected and that there are no signs of hacking or data leaks. Keeping cybersecurity measures updated is always important.  

2. Do Not Send Any Money – These threats are fake, and paying the ransom will only encourage further scams.  

3. Report the Scam – Contact law enforcement and inform the nearest FBI field office about the letter. Complaints can also be filed with the Internet Crime Complaint Center (IC3).  

4. Inform Key Personnel – Let executives and employees know about this scam so they can recognize and ignore similar fraud attempts in the future.  

 

This scam is a reminder that cybercriminals do not always rely on advanced hacking techniques. Sometimes, they use old-fashioned methods like physical mail to create fear and manipulate victims into paying. While real ransomware attacks remain a serious concern, this particular scheme is based on false claims.  

Companies should stay informed and take precautions to avoid falling victim to these types of fraud. Being aware of such scams is the best way to protect against them.

Read more »
UPI
Banking Digital Arrest Jumped Deposit Scam SBI Scam Technology UPI

Banking Fraud: Jumped Deposit Scam Targets UPI Users


Users of the unified payments interface (UPI) are the victims of a recent cyber fraud known as the "jumped deposit scam." First, scammers persuade victims by making a modest, unsolicited deposit into their bank accounts. 

How does it operate? 

A scammer uses UPI to transfer a tiny sum to the victim's bank account. After that, they ask for a larger withdrawal right away. The victim might quickly verify their bank account amount due to this sudden deposit. The victim must input their personal identification number (PIN) to access their bank details, and the stolen withdrawal is authorized. The difference money is stolen by fraudsters.

The Hindu reports, “Scammers exploit the recipient’s curiosity over an unsolicited deposit to access their funds.”

The public was previously warned by the Tamil Nadu Cyber Crime Police to exercise caution when dealing with such unforeseen deposits. It noted that the latest scam was the subject of numerous complaints to the National Cyber Crime Reporting Portal.

What to do?

There are two methods UPI customers can use to guard against jumped deposit scams. 

Since withdrawal requests expire after a certain amount of time, wait 15 to 30 minutes after noticing an unexpected transaction in your bank account before checking your balance. Try carefully entering an incorrect PIN number to reject the prior transaction if you don't have time to wait a few minutes. 

Additionally, to confirm the legitimacy, notify your bank if you discover an unexpected or sudden credit in your account. Scam victims need to file a complaint with the cybercrime portal or the closest police station.

Banking attacks on the rise

The State Bank of India recently highlighted several cybercrimes, including digital arrests and fake customs claims, in light of the rise in cybercrimes. To safeguard themselves, the bank advised its clients to report shady calls and confirm any unexpected financial requests. 

It explained scams like "digital arrests," where scammers pretend to be law enforcement officers and threaten to question you about fictitious criminal conduct. For easy chores, some scammers may offer large quantities of money as payment. After that, they might request a security deposit.
Read more »
Scam
Cyber Awareness Cyber Crime Digital Arrest India Internet Scam

Digital Arrest: How Even The Educated Become Victims

Digital Arrest: How Even The Educated Become Victims

One of the most alarming trends in recent times is the surge in digital arrest scams, particularly in India. These scams involve cybercriminals impersonating law enforcement officials to extort money from unsuspecting victims. 

Cybersecurity threats are rapidly escalating in India, with digital arrest scams becoming a major issue. Even well-educated individuals are falling victim to these sophisticated schemes. 

Digital Arrest: A Scam

The concept of a digital arrest does not exist in law. These scams involve cybercriminals masquerading as law enforcement officials or government agencies like the State Police, CBI, Enforcement Directorate, and Narcotics Bureau. 

These scams often leverage official-sounding language and sometimes even use fake police or court documents to appear legitimate. Scammers sometimes use deepfake technology to create convincing video calls, making it even harder for victims to distinguish between a real and a fraudulent interaction.

Scammers may also send fake arrest warrants, legal notices, or official-looking documents via email or messaging apps. They accuse victims of severe crimes like money laundering, drug trafficking, or cybercrime. 

Common claims include: "a phone number linked to your Aadhaar number is involved in sending abusive messages or making threatening calls," "a consignment with drugs addressed to you has been intercepted," or "your son has been found engaged in nefarious activity." They may even fabricate evidence to make their accusations more credible.

The Problem in India

India has seen a significant rise in digital arrest scams, affecting individuals across different strata of society. The problem is exacerbated by the fact that many people are unaware of the nuances of cybercrime and can easily fall prey to such tactics. 

Factors contributing to the rise of these scams in India include:

  1. Increased Internet Penetration: With more people accessing the Internet, especially on mobile devices, the pool of potential victims has expanded significantly.
  2. Lack of Cyber Awareness: Despite the growth in internet usage, there is a significant gap in cyber awareness and education. Many individuals are not equipped with the knowledge to identify and respond to such scams.
  3. The sophistication of Scammers: Cybercriminals are becoming increasingly sophisticated, using advanced technologies and psychological tactics to manipulate victims.

The impact of digital arrest scams on victims can be severe. Apart from financial loss, victims often experience psychological distress and a loss of trust in digital platforms. Educated individuals, who might otherwise be cautious, can also fall victim to these scams, as the fear of legal repercussions can cloud judgment.

Read more »
Scam
Amazon Hacking links phishing Scam

Chenlun’s New Phishing Schemes Target Big-Name Brands

 


A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data. This operation is put at the hands of the threat actor "Chenlun," who was seen tricking people last year for masquerading as a USPS delivery alert during the holiday season. On 18 October 2024, consumer targeting waves, this wave represents new waves in tactics that target trusting consumers on the most-used brands.

Phishing Attack Evolution: From USPS Notification Scam to Authentication and Authorization Hack

In December 2023, DomainTools reported on the earlier approach that Chenlun used through exploiting USPS alerts to instruct users on how to navigate to fraudulent websites. This scheme, also labelled as "smishing, tricked users into message prompting them to visit virtually identical websites to the one genuine USPS websites. These next sent information that victims did not need to provide. With the current attack, however, Chenlun used the more narrow deception of alerts that there is unauthorised access to his or her online store accounts. This prompted victims into confirmation of their account information with links that led him to a scam website. To this end, it goes without saying that one ought to be careful when opening any link on email or text.


Advanced techniques of hiding and concealing evidence

The strategies that Chenlun uses today are more advanced than that of not being detected. The phishing attack this year is different from the past years because it does not use domain names containing USPS but instead uses a DGA. A DGA automatically generates new, arbitrary domain names, which creates an added difficulty in blocking malicious websites and makes it challenging for the security systems to identify phishing attempts. The constant change in the infrastructure of the domain leaves Chenlun free to continue their attacks without instant interference from cybersecurity defences.


Changed Domain Structures and Aliases

The latest phishing campaign also demonstrates the changed structure of the Chenlun domain. Last year, the fraudsters utilised domains like the official USPS websites. This time around, they change them into simple domains and even switch to other registrars and name servers. Now, they use NameSilo and DNSOwl, for example, and not Alibaba Cloud's DNS service, just like last year. The changing tendency makes phishing attempts less predictable and also complicates the procedure for cybersecurity analysts in relation to the identification and monitoring of suspicious domains.

Moreover, the most recent activity of Chenlun used pseudonyms like "Matt Kikabi" and "Mate Kika". These pseudonyms, which were first identified in the 2023 report, have more than 700 active domains. Reusing these identities, Chenlun has been able to maintain a massive presence online undetected by cybersecurity tools.


Collaboration as a Critical Form of Defense Against Phishing

DomainTools emphasises that effective countermeasures against phishing attacks require the collective efforts of organisations. Recommendations from security experts include active monitoring of registration patterns, sharing threat intelligence, and developing robust strategies that can counter changing phishing techniques.

DomainTools further emphasises that Chenlun's strategy changes reflect the ongoing problem that cybersecurity professionals face. By constantly changing obfuscation techniques, Chenlun underlines the importance of domain-related data in identifying patterns and suspect domains.


Takeaway for Business and Consumers

Continuous activity by Chenlun also points to the fact that vigilance needs to be maintained, given the sophistication in phishing scams. Business entities need to strengthen cybersecurity measures in monitoring domain registrations and promote threat intelligence sharing. Individual consumers need to maintain vigilance by avoiding a response to unsolicited messages or links.

In short, Chenlun's latest phishing campaign calls out for proactive defence. While the attackers continue adapting with a view to remain unseen, the necessity for people to stay updated and network inter-sectorally is the urgent requirement in the world of digitization.


Read more »
Scam
Bengaluru Cyber crimes Fraud porter Scam

Delivery Partners Exploit App Loophole, Defraud Logistics Company in Bengaluru

 




This is a major fraud case whereby delivery partners exploited a weakness in the logistics app Porter, syphoning Rs 90 lakh from Bengaluru. The swindle was detected by a routine business audit conducted in July by Smart Shift Logistics Solutions Pvt Ltd, which runs Porter. After this, an official of the logistics company filed a complaint with the police. Insider involvement was ruled out through automated operations.

The authorities suspected it could be an inside job when the fraud was first detected, considering the scale of the crime. They looked at the backend operations of the company and found nothing internal as most processes were automated. This led to a deep probe with Sarah Fathima, the Deputy Commissioner of Police (Southeast), assigning a team to trace the refunds made by the company since January. This series of operations was headed by ACP Govardhan Gopal, along with inspector Eshwari from the Southeast Cybercrime, Economic Offences, and Narcotics (CEN) police station.


Understanding the Scam

The investigators soon came across several refunds credited to the same accounts, and a rather clear fraud pattern began to emerge. The police were following this chain of suspicious transactions when it led them to a Shreyas TL, a 29-year-old from Hassan's Hirisave. Based on confession questioning of Shreyas, the police managed to seize three others: Kaushik KS, aged 26, from Mandya, Ranganath PR, also 26, and Anand Kumar, 30, both from Mandya.

These were earlier cab drivers and food delivery partners for various online applications who chanced upon loopholes in the Porter app after dabbling in such scams in other delivery services. They eventually managed to pinpoint how to exploit the Porter system through trial and error for their financial gains.


How the scam was run

Porter has a system where the driver can get a part of the total bill through his wallet whenever he accepts the job. And if he rejects the delivery, he will have his money back automatically. The application does not allow abusing this system, and therefore it has a strict cancellation policy where it blacklists the drivers in case they cancel two deliveries consecutively.

The fraudsters bypassed the system. Geo-spoofing is an application of the technology, using which they manipulated the app so as to pose their locations at places where there are few available drivers. This way, they accepted the jobs using their fake delivery accounts. The amount of the bill was credited to their digital wallets. Then the amount was drawn from these wallets into bank accounts. They canceled the delivery, and customers canceled the order and received a refund.

The reason they did not get blacklisted was because of repeated cancellations, so to avoid that, the gang bought fake phone numbers from Telegram groups and created new accounts on the app with them. Additionally, the gang practiced geo-spoofing to change their location into neighbouring states, making it hard for the authorities to trace them.


A Perfected Scam

The operation of the gang was so sophisticated that they managed to make off with a total of Rs 90 lakh from the company. Taking advantage of loopholes in the automation of the app, they had syphoned off the amount without raising any suspicion in the beginning. But finally, after going through a detailed investigation, it was traced by the police, and the fraudsters were caught.

This case shines a light on the importance of secure and foolproof systems in online platforms, especially those handling financial transactions. It also highlights the need to frequently audit and monitor company automated processes to detect fraud before it gets out of hand.




Read more »
Trading
Apple cryptocurrency Cyber Fraud Cybersecurity Fake Apps Fraud Google investment phishing Scam Trading

Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

 

A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment scam known as "pig butchering," where fraudsters lure victims into investments by posing as romantic partners or financial advisors.

Victims are manipulated into losing funds, with scammers often requesting additional fees before disappearing with the money.

Group-IB, based in Singapore, noted that the campaign targets victims globally, with reports from regions like Asia-Pacific, Europe, the Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, are labeled under "UniShadowTrade" and have been active since mid-2023, offering promises of quick financial gains.

One app, SBI-INT, even bypassed Apple’s App Store review process, giving it an illusion of legitimacy. The app disguised itself as a tool for algebraic formulas and 3D graphics calculations but was eventually removed from the marketplace.

The app used a technique that checked if the date was before July 22, 2024, and, if so, displayed a fake screen with mathematical formulas. After being taken down, scammers began distributing it via phishing websites for Android and iOS users.

For iOS, downloading the app involved installing a .plist file, requiring users to trust an Enterprise developer profile manually. Once done, the fraudulent app became operational, asking users for their phone number, password, and an invitation code.

After registration, victims went through a six-step process involving identity verification, providing personal details, and agreeing to terms for investments. Scammers then instructed them on which financial instruments to invest in, falsely promising high returns.

When victims tried to withdraw their funds, they were asked to pay additional fees to retrieve their investments, but the funds were instead stolen.

The malware also included a configuration with details about the URL hosting the login page, hidden within the app to avoid detection. One of these URLs was hosted by a legitimate service, TermsFeed, used for generating privacy policies and cookie consent banners.

Group-IB discovered another fake app on the Google Play Store called FINANS INSIGHTS, which had fewer than 5,000 downloads. A second app, FINANS TRADER6, was also linked to the same developer. Both apps targeted countries like Japan, South Korea, Cambodia, Thailand, and Cyprus.

Users are advised to be cautious with links, avoid messages from unknown sources, verify investment platforms, and review apps and their ratings before downloading.
Read more »
Scam
Hong Kong malware Online Scams phishing Scam

Cybersecurity Attacks Rise in Hong Kong, Scammers Steal Money


Hong Kong has experienced a rise in cybersecurity threats, scammers are targeting individuals and businesses. A recent survey highlighted by the South China Morning Post (SCMP) reveals that nearly two-thirds of victims have suffered financial losses or wasted valuable time due to these cyber threats. This alarming trend underscores the urgent need for heightened awareness and robust cybersecurity measures.

The Growing Menace of Cyber Scams

In the past year, 49% of Hong Kong respondents faced online threats, up from 40% previously, according to Norton. Scams were the most common, impacting 34% of respondents, with nearly two-thirds losing money or time. Phishing and malware each affected 28% of respondents.

Cyber scams have become the most prevalent online threat in Hong Kong. These scams range from phishing emails and fraudulent websites to sophisticated social engineering tactics. 

Phishing and Malware

Phishing attacks, where cybercriminals disguise as legitimate entities to steal personal information, have seen a marked increase. These attacks often come in emails or messages that appear to be from trusted sources, such as banks or government agencies. Once the victim clicks on a malicious link or downloads an attachment, their personal data is compromised.

Malware attacks are another growing concern. These malicious software programs can infiltrate systems, steal data, and cause extensive damage. The SCMP survey indicates that a considerable portion of the population has been affected by malware, leading to data breaches and financial losses.

In June, police arrested 10 individuals for impersonating mainland security officials and defrauding a 70-year-old businesswoman of HK$258 million (US$33.2 million) in a phone scam. 

By August, local authorities, including the police and the Hong Kong Monetary Authority (HKMA), instructed 32 banks and 10 stored-value-facility operators to broaden their anti-fraud alerts to cover suspicious transactions at bank counters and online.

The Human Factor: A Critical Vulnerability

Despite advancements in technology, human vulnerabilities remain a significant risk factor. Cybercriminals often exploit the lack of awareness and vigilance among users. For instance, clicking on suspicious links, using weak passwords, and failing to update software are common mistakes that can lead to security breaches.

Read more »
Security
Cyber Fraud Data Leak Privacy Scam Scamster Security

Chemical Giant Orion Loses $60 Million in Email Scam

 

Luxembourg-based Orion S.A., a leading supplier of carbon black, has been defrauded of a staggering $60 million. The company alerted the US Securities and Exchange Commission (SEC) on August 10th through an official filing (Form 8-K).

The filing reveals that a non-executive employee became the target of a criminal operation. The document states: "On August 10, 2024, Orion S.A. determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulent wire transfers to accounts controlled by unknown individuals."

While Orion refrained from sharing specific details about the attack, the nature of the incident - multiple fraudulent wire transfers initiated by an employee - strongly suggests a BEC scam.

In a typical BEC scam, cybercriminals gain access to a legitimate email account belonging to a high-ranking official within a company or impersonate them through a spoofed email address. They then target employees with access to company finances, tricking them into authorizing unauthorized payments.

Common tactics employed by BEC scammers include:

  • Urgency and secrecy: Criminals may claim the company is in the process of acquiring a competitor and needs to expedite the transaction confidentially to avoid media attention or alerting rivals.
  • Impersonation: Scammers may use stolen email credentials or create lookalike email addresses to convincingly impersonate executives.
  • Phone calls: In some cases, the attackers may even follow up with phone calls to pressure the targeted employee into acting swiftly.

The effectiveness of BEC scams lies in their ability to exploit gaps in communication within large organizations. Many employees may not have personal interactions with senior management, making them more susceptible to falling for impersonations and deceptive tactics.

Reports indicate that BEC attacks are a major form of cybercrime, causing significant financial losses, and rivaling the damage inflicted by ransomware attacks.

Read more »
Subscribe to: Posts (Atom)