Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Spain. Show all posts

Report: Spanish Authorities Discover CPF Nomination Note on iPad of Slain Singaporean Woman in Spain

 

Singaporean authorities, along with two banks and Hong Kong police, thwarted a scam targeting a 70-year-old victim, recovering over S$370,000. The Singapore Police Force (SPF) disclosed that DBS detected suspicious transactions amounting to about S$180,000, promptly blocking further transfers and alerting the Anti-Scam Centre (ASC) who then informed Hong Kong's Anti-Deception Coordination Centre (ADDC).

The investigation into the killing of a Singaporean woman in Spain has taken a curious turn with the discovery of a Central Provident Fund (CPF) nomination note on her iPad. The note indicated her intention to nominate an individual as a beneficiary due to their longstanding friendship and mentioned a loan of US$50,000, raising questions about the motive behind the crime.

CPF, a mandatory social security savings scheme, allows individuals to nominate beneficiaries to receive their savings in the event of death. The presence of the note, dated Mar 24, found on the victim's iPad, suggests premeditation. The woman, identified as Ms Audrey Fang, was found dead with multiple stab wounds in Spain, where a Singaporean man, Mitchell Ong, was arrested in connection with her murder.

Concerns have arisen regarding the possibility of Ong being nominated as the beneficiary of Ms Fang's CPF money. Her family is taking steps to verify this and investigate any financial transactions, including transfers from her bank account. Doubts have been raised about the authenticity of the note, particularly regarding currency discrepancies and language usage.

Details surrounding Ms Fang's last-minute trip to Spain and her interactions with Ong before her death have also come to light. Her family finds the circumstances of her trip unusual, especially considering her impending plans for another holiday. Ong's behaviour, including extending his hotel stay and making dubious claims to hotel staff, adds complexity to the investigation.

Ms Fang's family is seeking closure and clarity on her relationship with Ong, as prosecutors pursue a significant sentence if he is convicted.

1.3 million Iberdrola Customers Hit In Cyberattack

 

A few days ago, the Iberdrola group was hit by a cyberattack that successfully exposed the sensitive credentials of 1.3 million customers, the company confirmed. 

The company further added that the computer breach was stopped within a few hours and the matter was resolved the same day. However, unfortunately, the attack has affected 1.3 million users. The hackers, reportedly, could only access name, surname, and ID. They failed to get access to bank, tax, or electricity consumption data. The next day, once the breach was closed, the company detected massive attacks that did not achieve its objective. 

Following the attack, a statement was released by the company for its customers in which Iberdrola assured that all the necessary steps have been taken to mitigate the impact of the attack and no financial data such as bank details, account numbers, or credit cards details have been violated. Additionally, for future safety, the company has recommended its customers be more cautious of any emails or communications impersonating to be from Iberdrola. 

"If you have received the statement issued by the company, you must be vigilant and regularly monitor what information circulates on the Internet to detect if your private data is being used without your consent," the representatives added. 

The group was chaired by Ignacio Galán who brought forth the same attacks that took place in the Cercanías service in Madrid, in the Congress of Deputies, or in other European institutions. However, he said that the attackers have not had access to critical data. Further, Iberdrola revealed that “we were warned by the United States government about the possibility of a cyber-attack after the invasion of Ukraine.”

Iberdrola is a giant Spanish multinational electric utility company that has more than 34,000 employees serving around 31.67 million customers. The company has the largest shareholders in the global market. According to the 2013 report, the largest shareholder of the company was Qatar Investment Holding, Norges Bank, Kutxabank, and CaixaBank.

Spanish Police Arrested SIM Swappers who Stole Money from Victims Bank Accounts

 

The Spanish National Police have arrested eight suspected members of a criminal organisation who used SIM swapping assaults to steal money from the victims' bank accounts. 

SIM switching assaults are used by criminals to get control of victims' phone numbers by duping mobile operator workers into transferring their numbers to SIMs controlled by the fraudsters. The attackers can steal money, cryptocurrency, and personal information, including contacts linked with online accounts, once a SIM has been stolen. Criminals could take over social media accounts and utilise SMS to circumvent 2FA services utilized by online services, including financial services. 

In the incident under investigation by Spanish police, the cybercriminal gained the victims' personal information and bank details via fraudulent emails in which they pretended to be their bank. The fraudsters were able to falsify the victims' official documents and use them to dupe phone store staff into issuing them with replica SIM cards. They were able to overcome SMS-based 2FA needed to access bank accounts and take the money once they had the SIM cards. 

The press release published by the Spanish National Police stated, “Agents of the National Police have dismantled a criminal organization dedicated, presumably, to bank fraud through the duplication of SIM cards. There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents. With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

The first SIM swapping attack linked to this group occurred in March 2021, when Spanish authorities received two reports about fraudulent transactions in different parts of the country. Crooks used bank transfers and digital quick payment services based in the region of Barcelona to launder the stolen funds. Seven people were arrested in Barcelona and one in Seville as a byproduct of the operation. The suspects' bank accounts were also banned by the authorities. 

The FBI announced this week that SIM swap attacks have increased, with the objective of stealing millions of dollars from victims by hijacking their mobile phone numbers. According to the FBI, US individuals have lost more than $68 million as a result of SIM switching assaults in 2021, with the number of complaints and damages nearly doubling since 2018. The FBI's Internet Crime Complaint Center (IC3) received 1,611 SIM switching assault reports in 2018, compared to 320 complaints between 2018 and 2002, resulting in a total loss of $12 million. 

Individuals should take the following steps, as per the FBI: 

• Do not post details regarding financial assets, such as bitcoin ownership or investment, on social networking platforms or forums. 
• Do not disclose the mobile number account details to representatives who ask for the account password or pin over the phone. Verify the call by calling the mobile carrier's customer support number. • Posting personal information online, such as your phone number, address, or other identifying information, is not a good idea. 
• To access online accounts, use a variety of unique passwords. 
• Any changes in SMS-based connectivity should be noted. 
• To gain access to online accounts, use strong multi-factor authentication solutions such as biometrics, physical security tokens, or standalone authentication software. 
• For easy login on mobile device applications, do not save passwords, usernames, or other information. 

On the other hand, mobile providers should take the following safety measures, according to the FBI: 

• Employees should be instructed and training sessions on SIM swapping should be held. 
• Examine incoming email addresses containing formal correspondence for minor differences that could make fraudulent addresses appear real and match the names of actual clients. 
• Establish stringent security standards that allow workers to effectively check customer credentials before transferring their phone numbers to a new device.

Bogus Backup Message from WhatsApp Delivers Malware to Spanish Users

 

Authorities in Spain have issued a warning about a phishing campaign that impersonates WhatsApp to deceive consumers into installing a trojan. The recipients are advised to get copies of their chats and call records from a website that only sells the NoPiques virus. 

The NoPiques (“Do not chop”) malware is packaged in an a.zip archive that infects vulnerable devices on execution. The Spanish language subject line for dangerous emails is often ‘Copia de seguridad de mensajes de WhatsApp *913071605 No (xxxxx)', however, this may not be the case always as it can vary. Unlike many malware-peddling phishing messages in English and other languages, the emails are written in grammatically correct Spanish, or at least with few faults. 

The Spanish National Cybersecurity Institute's (INCIBE) Oficina de Seguridad del Internauta (OSI) has issued a warning regarding the malware campaign. “If you haven't run the downloaded file, your device may not have been infected. All you have to do is delete the file that you will find in the download folder. You should also send the mail you have received to the trash,” said INCIBE. 

“If you have downloaded and run the malicious file, your device may have been infected. To protect your device, you must scan it with an updated antivirus or follow the steps that you will find in the device disinfection section. If you need support or assistance to eliminate the Trojan, INCIBE offers you its response and support service for security incidents,” they added. 

INCIBE said that they remind consumers: in case of doubt about the legitimacy of an email, they should not click on any link or download any attached file. To check the veracity, consumers can contact the company or the service that supposedly sent them the email, always through their official customer service channels. 

They also said that in addition, for greater security, it is advisable to periodically back up all the information that consumers consider important so that, if their computer is affected by a security incident, they do not lose it. They further added that it is also advisable to keep their devices updated and always protected with an antivirus.

Spanish Government Witnesses Cyber Attack

 

Earlier this morning, the Ministry of Labour and Social Economy of the Spanish government witnessed a cyber-attack. At the moment, Ministry did not comment on the specifications, nature, and severity of the attack. 

According to the official website of the department, the Ministry organizes and supervises Spain’s employment work, social economy, and look after social responsibility policies. This Ministerial Department has an annual budget of around €39 million. 

In the wake of the attack, the IT cyber-researchers at the department – an agency within Spain’s National Intelligence Centre from the National Cryptological Centre together with the Spanish Ministry of Labor and Social Economy (MITES) are investigating the attack and working to restore services. 

“The Ministry of Labor and Social Economy has been affected by a computer attack…” 

“…The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible," MITES’ media office said earlier today. 

After the cyber-attack the official website of the Ministry was still accessible, however, the communications office and the multimedia room were down. 

"The computer attack that the Ministry of Labor and Social Economy has suffered has NOT affected the operation of the State Public Employment Service, The Electronic Office, the website, and the set of services continue to be provided normally,"  SEPE reported. 

Furthermore, a government agency of the Spanish, Servicio Público de Empleo Estatal (SEPE) – a part of MITES that took a severe hit by ransomware in March due to which the services of the department were inaccessible for around two weeks – reported that it was not affected by the cyberattack. 

According to the resources, the SEPE department was hit by a Russian Ryuk ransomware gang on March 09, 2021.  As a result, over 700 agency offices across Spain were badly impacted. Besides, the agency’s workstations, the ransomware attack had impacted remote working stations of the department. It should be noted that the Spanish labor agency is the only ministry that has been hit by a ransomware attack in Spain.

Ryuk Ransomware Hits Spain's Employment Agency

 

The Spanish State Employment Service (SEPE) has been targeted by a ransomware attack which has resulted in hundreds of offices being knocked offline. According to Central Independent Trade Union and Civil Servants, the ransomware attack on SEPE has affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments.

SEPE is a Spanish government agency for labor that provides employment opportunities to the public. The ransomware is said to have spread beyond SEPE’s workstations and also targeted the agency’s remote working employees’ devices. 

The SEPE published a note on their website which said, “currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually other services to the citizens, companies, benefit and employment offices. The application deadlines for benefits are extended by as many days as the applications are out of service. In no case will this situation affect the rights of applicants for benefits.” 

According to Business Insider Spain, the cyberattack is the work of Ryuk ransomware. Ryuk is a ransomware-as-a-service (RaaS) group that’s been active since August 2018 and is known for running a private affiliate program. In this program, affiliates can submit applications and resumes to apply for membership. The threat group has targeted several organizations over the past year, such as Universal Health Services.

Gerardo Gutiérrez, director of SEPE confirmed that the agency’s network systems were encrypted by the Ryuk ransomware operators after the incident. “Confidential data is safe. The payroll generation system is not affected and the payment of unemployment benefits and ERTE will be paid normally,” he further added. 

According to Central Sindical Independiente y de Funcionarios (CSIF), the attack has caused hundreds of thousands of appointments made through the agency throughout Spain to be delayed. The ransomware has also spread beyond SEPE’s workstations and has reached the agency’s remote working staff’s laptops.