Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Citizens. Show all posts
User Privacy
Amazon Web Services Christmas Scam Cyber Fraud Data Leak US Citizens User Privacy

Massive Data Breach Puts Millions at Risk During Christmas Season

 

As the Christmas season approaches, millions of U.S. citizens could face a potential holiday nightmare after a major data breach exposed 5 million unique credit and debit card details online. The leak threatens to compromise countless transactions during the festive shopping spree.

Security experts from Leakd.com revealed that 5 gigabytes of private screenshots were found in an unsecured Amazon S3 bucket, a cloud storage service provided by Amazon Web Services. These screenshots depict unsuspecting consumers entering sensitive data into fraudulent promotional forms, lured by offers that seem "too good to be true," such as free iPhones or heavily discounted holiday products.

The scam operates by enticing consumers with exclusive holiday gifts or significant discounts, requiring them to make a small payment or subscription to claim the offer. These offers often include a countdown timer to create a sense of urgency, pressuring individuals to act quickly without scrutinizing the details.

However, the promised items never arrive. Instead, the fraudsters steal sensitive data and store it on an unsecured server, where it can be accessed by anyone. This poses a heightened risk during the holiday season when shoppers are more vulnerable due to increased spending, making it easier for malicious actors to carry out unauthorized transactions unnoticed.

What to Do If You’re Affected

If you recently filled out a form promising an unbelievable offer, there’s a strong chance your privacy may have been compromised. Here’s what you should do:

  • Contact Your Bank: Inform your bank immediately and request a card replacement to prevent unauthorized transactions.
  • Monitor Bank Statements: Keep a close eye on your statements for any suspicious transactions. Report anything you don’t recognize.
  • Dispute Fraudulent Charges: If you notice unauthorized charges, contact your bank to dispute them and explore options for reimbursement.

The Growing Threat of Christmas Scams

Unfortunately, credit card theft isn’t the only scam cybercriminals are leveraging this holiday season. Security researchers have reported an increase in text-based scams impersonating delivery services. These scams target online shoppers, exploiting the busy season to steal sensitive information or money.

Examples of such scams include fake delivery notifications requesting payment for a package and inks leading to phishing websites that steal personal or payment information.

How to Protect Yourself

To safeguard yourself during the holiday season:

  • Verify Offers: Avoid offers that seem too good to be true, especially those requiring personal or payment details.
  • Check Sender Legitimacy: Double-check emails or texts claiming to be from delivery companies. Visit the official website directly rather than clicking on links.
  • Enable Fraud Alerts: Activate alerts with your bank to be notified of any unusual transactions.
  • Educate Family Members: Warn loved ones about these scams, especially those who may be less tech-savvy.

The holiday season should be a time of joy, not stress caused by data breaches and scams. By staying vigilant and taking proactive measures, you can protect yourself and your finances from cybercriminals looking to exploit this festive time of year.

Read more »
User Security
Chinese App Ban Cyber Security Cyberwarfare Data Privacy US Citizens User Security

Chinese-Designed Apps Pose Greater Privacy Risks to Americans

 

As the US Congress considers a ban on the Chinese social media app TikTok over security concerns, millions of Americans continue to download Chinese-designed apps that pose even greater privacy risks. Despite this, there has been no outcry from lawmakers or regulators about these apps.

Chinese apps have been growing in popularity in the US, with many of them collecting vast amounts of user data. Unlike TikTok, which has faced scrutiny over its data privacy practices, these apps have largely flown under the radar. 

One such app is WeChat, a messaging app that has become a popular way for Chinese-Americans to stay in touch with friends and family in China. WeChat has been accused of monitoring users’ conversations and sharing data with the Chinese government. 

Another app that has raised concerns is Zoom, a video-conferencing app that has seen a surge in popularity due to the COVID-19 pandemic. Zoom has been criticized for its lax security practices and for sharing user data with third-party companies. 

Despite these concerns, many Americans continue to use these apps without fully understanding the risks involved. This is partly due to a lack of awareness about the potential dangers of Chinese-designed apps, as well as a lack of viable alternatives.

While the US government has taken steps to restrict the use of Chinese technology in certain industries, such as telecommunications, it has yet to take action against Chinese-designed apps. This has left Americans vulnerable to potential privacy breaches and other security risks. 

In conclusion, the debate over TikTok has brought attention to the potential privacy risks posed by Chinese-designed apps. However, it is important for lawmakers and regulators to also consider the risks posed by other apps, and to take steps to protect American consumers from these risks.
Read more »
US Citizens
Data Breach Data Leak FBI Marketplace US Citizens

Feds Take Down SSNDOB Marketplace for Selling Private Data of 24 Million US Citizens

 

SSNDOB, an illicit online marketplace that sold private details of nearly 24 million US citizens, has been taken down following an international law enforcement operation conducted by the FBI, the Internal Revenue Service, the Department of Justice, and Cyprus Police. 

The feds seized four domains hosting the SSNDOB marketplace as part of this operation: "ssndob.ws," "ssndob.vip," "ssndob.club," and "blackjob.biz." 

According to the DOJ, the leaked details included names, dates of birth, SSNs and credit card numbers and generated more than $19 million in revenue. 

"A series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue," DOJ stated. 

While the website also sold UK citizens' birth dates, it was primarily used to sell the private data of US people for as little as $0.50. 

According to cybersecurity firm Advanced Intel, most of the data was stolen via healthcare and hospital data breaches. Subsequently, the attackers used the information to launch a financial scam. 

"SSNDOB was one of the largest crime shops offering a collection of personally identifiable information for fraudsters and played an integral part in fraud schemes. The majority of the customers used the shop data for various types of scams from tax to bank fraud," AdvIntel CEO Vitali Kremez explained. 

Chainalysis, a blockchain analysis firm, published its own report on the SSNDOB incident revealing that the marketplace received approximately $22 million worth of Bitcoin across over 100,000 transactions since April 2015, though the marketplace is believed to have been operating since at least 2013. 

However, one of the most interesting details researchers identified was a link between SSNDOB and Joker's Stash, which shut down its operations voluntarily in January 2021 due to increased pressure from law enforcement agencies, disruptions due to COVID-19, and the decreasing quality of stolen credit cards. 

"Perhaps most interesting of all though is the activity we see between SSNDOB and Joker’s Stash, a large darknet market focused on stolen credit card information and other PII that shut down in January 2021," explains Chainalysis' report. Between December 2018 and June 2019, SSNDOB sent over $100,000 worth of Bitcoin to Joker’s Stash, suggesting the two markets may have had some relationship to one another, including possibly shared ownership."
Read more »
Subscribe to: Posts (Atom)