Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Scamming. Show all posts

AI Tools Fueling Global Expansion of China-Linked Trafficking and Scamming Networks

 

A recent report highlights the alarming rise of China-linked human trafficking and scamming networks, now using AI tools to enhance their operations. Initially concentrated in Southeast Asia, these operations trafficked over 200,000 people into compounds in Myanmar, Cambodia, and Laos. Victims were forced into cybercrime activities, such as “pig butchering” scams, impersonating law enforcement, and sextortion. Criminals have now expanded globally, incorporating generative AI for multi-language scamming, creating fake profiles, and even using deepfake technology to deceive victims. 

The growing use of these tools allows scammers to target victims more efficiently and execute more sophisticated schemes. One of the most prominent types of scams is the “pig butchering” scheme, where scammers build intimate online relationships with their victims before tricking them into investing in fake opportunities. These scams have reportedly netted criminals around $75 billion. In addition to pig butchering, Southeast Asian criminal networks are involved in various illicit activities, including job scams, phishing attacks, and loan schemes. Their ability to evolve with AI technology, such as using ChatGPT to overcome language barriers, makes them more effective at deceiving victims. 

Generative AI also plays a role in automating phishing attacks, creating fake identities, and writing personalized scripts to target individuals in different regions. Deepfake technology, which allows real-time face-swapping during video calls, is another tool scammers are using to further convince their victims of their fabricated personas. Criminals now can engage with victims in highly realistic conversations and video interactions, making it much more difficult for victims to discern between real and fake identities. The UN report warns that these technological advancements are lowering the barrier to entry for criminal organizations that may lack advanced technical skills but are now able to participate in lucrative cyber-enabled fraud. 

As scamming compounds continue to operate globally, there has also been an uptick in law enforcement seizing Starlink satellite devices used by scammers to maintain stable internet connections for their operations. The introduction of “crypto drainers,” a type of malware designed to steal funds from cryptocurrency wallets, has also become a growing concern. These drainers mimic legitimate services to trick victims into connecting their wallets, allowing attackers to gain access to their funds.  

As global law enforcement struggles to keep pace with the rapid technological advances used by these networks, the UN has stressed the urgency of addressing this growing issue. Failure to contain these ecosystems could have far-reaching consequences, not only for Southeast Asia but for regions worldwide. AI tools and the expanding infrastructure of scamming operations are creating a perfect storm for criminals, making it increasingly difficult for authorities to combat these crimes effectively. The future of digital scamming will undoubtedly see more AI-powered innovations, raising the stakes for law enforcement globally.

Stay Safe When Charging Phone in Public: Scammers Steal Money Using USB Ports via "Juice Jacking"

Juice Jacking

Staying connected is more important than ever in today's fast-paced society. Our smartphones and other devices keep us connected with friends, family, and work, but their battery life limits their utility. That's why public charging stations, popular in airports, hotels, cafes, and other public places, maybe a lifesaver when our devices run out of power.

But did you realize that something as basic as charging your phone in public might expose your sensitive information? Scammers increasingly use public charging stations to steal critical user information from smartphones in a scam called "Juice Jacking."

What exactly is Juice Jacking?

Juice jacking is a cyberattack in which scammers install phony charging stations in public locations. These charging stations are designed to secretly take sensitive data from devices plugged into them. When a person puts their device into a fake charging port, scammers access it and gather personal information such as passwords, credit card information, and other sensitive information. Scammers may even install malware straight into the victim's gadget to control it remotely in some circumstances.

How to Keep Safe

  • While it can be difficult to tell if charging stations are real or fake, here are some precautions to safeguard your devices from this cyber attack.
  • It is best to bring your charger and avoid unauthorized data transfer to guarantee the safety of your device.
  • Always have a portable power bank if you need to charge something while travelling.
  • Use a USB data blocker for enhanced security. It's a little adaptor that keeps data from being exchanged between your device and the charging station.

By following these easy guidelines, you may avoid becoming a victim of Juice Jacking and keep your personal information protected while on the go. Don't let con artists take advantage of you. Use caution when utilizing public charging outlets to stay watchful and secure your personal information. 






 

Customers  Threatened by a Data Breach at Hong Kong's Harbour Plaza Hotel

 

Hong Kong's privacy authority is looking into a hack against the Harbour Plaza hotel company, which revealed more than 1.2 million visitors' booking information. The investigation's goal is to learn more about what kind of private details were compromised. Customers have been warned to keep an eye out for any strange activity in their accounts and to be aware of any unexpected emails, calls, or messages in the meantime. 

"The impacted data was the information of visitors who remained within these hotels," the PCPD tells ISMG. "As the investigations into the cyberattack are ongoing," the PCPD told ISMG, declining to specify the type of hack, the threat actor involved, or the data compromised. 

According to Harbour Plaza's statement, the Hong Kong Police was also notified along with certain other relevant authorities. The company has hired an undisclosed third-party cybersecurity forensics agency to investigate and control the problem, as well as improve its security perimeter in the future. 

According to the company's FAQs about the data leak, those who are affected will be alerted. Customers should be "extra cautious against scamming or other attempted schemes," according to the hotel firm, which says "lodging reservation databases" were impacted. It indicates possible information such as a customer's name, email address, phone number, reservation, and stay details may have been hacked. 

Inquiry into the data leak at online retailer HKTVmall 

Separately, the PCPD is looking into a case involving HKTVmall, a well-known shopping and entertainment platform run by Hong Kong Technology Venture Co. Ltd. 

The security breach has endangered the personal details of a "small fraction" of HKTV Co. Ltd.'s 4.38 million registered customers, according to a statement made on Feb. 4. According to the notice, the connected server was in an "other Asian" country. 

According to the company, it promptly notified the Hong Kong Police or the PCPD, and hired two cybercrime firms on January 27 "to conduct an investigation and further enhance HKTVmall's server security measures." 

Customer data that may have been obtained by an unauthorized person, according to HKTVmall, includes:

  • Account names which have been registered.
  • Login passwords which are encrypted and masked.
  • Email addresses which have been registered and that can be contacted. 
  • Names of recipients, shipping addresses, and contact numbers for orders placed between December 2014 and September 2018.
  • Clients who have connected their HKTVmall account to a Facebook account or an Apple ID have the date of birth, official name, and email accounts for Facebook accounts and Apple IDs.

DeFi100, a Crypto Project, Allegedly Scammed Investors of $32 Million

 

According to reports and tweets, DeFi100, a cryptocurrency project, allegedly defrauded investors out of $32 million (roughly Rs. 233 crores). The project has now released a denial of the allegations, but some skepticism appears to still exist. After a very distasteful message appeared on their website on Sunday, rumors of people behind the project fleeing with the money began to circulate. The message on the DeFi100 website read, "We scammed you guys, and you can't do **** about it." DeFi100 has since clarified that their website has been hacked and that the hackers had placed the post, which has since been removed.

“DeFi100 coin exit scams, and runs away with $32 million, and leaves a message for all of us. Feels like the summer of 2017,” tweeted Cryptokanoon, co-founder Kashif Raza. 

DeFi100 is a cryptocurrency similar to Bitcoin, Dogecoin, and Ethereum, among others. It is, however, much less well-known than the other well-known digital assets. The website was still down at the time of publishing. “Oops, looks like the page is lost. This is not a fault, just an accident that was not intentional,” is what it says now. 

On Sunday, the crypto project announced on its official Twitter account that it had not exited as previously thought. “Firstly, total supply of D100 at present is less than 4 million tokens. At the beginning of the project, total supply was 2.5 million tokens. Secondly, D100 was never a yield farming protocol, which was holding investors funds with TVL over 32 million,” it said in a tweet. 

“Thirdly, total tokens sold during IDO were 750,000 at $0.80 per token. These facts are available in public for checking their authenticity. The rumours of stealing $32 million are absolutely false and baseless," it added in the subsequent tweet. "We reiterate it again that we have not made any exit." 

Although the DeFi100 founders have stated that they did not defraud the investors, nothing can be said before the website is up and running again. The value of D100, DeFi100's native token, has dropped 25% in the last 24 hours to $0.08, according to a Coindesk article (roughly Rs. 6). 

The reports of DeFi100 developers defrauding their investors came just days after the FBI, the US's main law enforcement agency, announced that it had received a record 1 million complaints related to online scams and investment frauds in the previous 14 months.

Miscreants Scamming Users into Buying Antivirus Software


Some independent security software affiliates are scamming people by sending emails with the false message that their antivirus is expiring and renew their license, whereby if the user does so, they can earn a commission. A software affiliate program is a marketing technique in which the affiliate recommends the software to customers or visitors and earns a commission on each purchase. Now, these programs have strict rules and guidelines to protect their software and customers from false advertising and being tricked into buying.


BleepingComputer discovered this scam last week when two of their seniors reported it. The mails tell the users that their Norton and McAfee antivirus software is expiring, the very day and to renew their license. The scam starts with emails containing a subject similar to "WARNING: Anti-Virus Can Expire " Sun, 26 Apr 2020", which includes a link stating, "Your Protection Can Expire TODAY!", writes BleepingComputer in their blog. If the link in the mail is clicked, it takes the user DigitalRiver affiliate network, and after dropping a tracking cookie, redirects the user to the purchase page of Norton or McAfee antivirus. If it goes smoothly and the user purchased the software, the affiliate party would get a $10 commission or 20% of the total sale. For this particular scam, they earned around $10 per transaction.

How to protect yourself from these scams 

Most antivirus usually notifies their customers of the expiry date via a notification from the software. If that's the case, you can rest assure that it is legitimate and go ahead with the renewal. But unfortunately, some companies email their users to remind the customer about the expiring article. A simple way to check their authenticity is to look for the name of your antivirus.

Since these rogue fake mails are sent in bulk they probably don't know which software you're using. The next step is to open your antivirus software and check when the software is expiring. Even if it is expiring, it's better to renew it from their website then to rely on these links from the mail.