India’s National Cyber Crime Reporting Portal now features a ‘Report and Check Suspect’ tool, allowing users to verify UPI IDs, phone numbers, emails, and social media handles against a database of known cyber fraudsters.
The system targets scams where fraudsters impersonate officials to extort money under the pretense of “digital arrests.” Users can search the database at cybercrime.gov.in to identify potential threats.
The tool complements other initiatives like blocking 669,000 fake SIM cards and implementing enhanced KYC protocols for digital lending. Major tech firms, including Google and Facebook, are collaborating with the Indian Cyber Crime Coordination Centre (I4C) to share threat intelligence and curb misuse of platforms like Google Firebase and Android banking malware.
The Ministry of Home Affairs has also established a Cyber Volunteer Framework, enabling citizens to report illegal online content and promote cyber hygiene. Additionally, the Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS) expedites action against financial frauds.
These initiatives align with India’s broader efforts to secure digital transactions, including mandating multi-factor authentication for government services by 2025.
Cybersecurity experts are raising alarms about a new twist on the classic clickjacking attack technique. Paulos Yibelo, a security engineer at Amazon, has uncovered a variant called “double-clickjacking,” capable of disabling security settings, deleting accounts, or even taking over existing ones. This novel approach reignites concerns over online safety, urging users to be cautious when interacting with websites.
Clickjacking is a malicious tactic where hackers manipulate user clicks on one website to trigger unintended actions on another. For instance, a user might think they are clicking a button to navigate a site but inadvertently perform an action, such as making a purchase, on an entirely different platform.
Double-clickjacking takes this concept further by introducing an additional click. This adaptation helps attackers bypass modern browser protections that no longer deliver cross-site cookies. According to Yibelo, this seemingly minor tweak “opens the door to new UI manipulation attacks that bypass all known clickjacking protections.”
In documented cases, hackers lure victims to phishing websites, often disguised with a standard CAPTCHA verification process. Instead of typing text or identifying objects in images, users are prompted to double-click a button to prove they are human.
Here’s where the attack takes place:
Yibelo explains that this subtle manipulation is effective against many popular websites, allowing attackers to gain OAuth and API authorizations. The attack can also facilitate one-click account modifications, including disabling security settings, deleting accounts, authorizing money transfers, and verifying sensitive transactions. Even browser extensions are not immune to this method.
The Implications for Online Security
The resurgence of clickjacking attacks, now enhanced by the double-click variant, poses significant risks to both individual and organizational security. By exploiting common website interfaces and leveraging seemingly harmless CAPTCHA verifications, attackers can easily gain unauthorized access to sensitive information and functionalities.
Yibelo’s findings serve as a stark reminder of the evolving nature of cybersecurity threats. Websites must remain vigilant, regularly updating their defenses to counter these new manipulation techniques.
How to Stay Safe
Cybersecurity professionals recommend the following precautions to minimize the risk of falling victim to double-clickjacking:
As cyber threats continue to evolve, user awareness remains a critical line of defense. The discovery of double-clickjacking highlights the importance of staying informed and cautious while navigating the digital world. By adopting secure browsing habits and staying vigilant, individuals and organizations can protect themselves against this emerging attack vector.
A fraudulent text message claiming to notify residents about an overdue City of Milwaukee parking penalty has been flagged as a scam and should be deleted, city authorities announced earlier this week.
According to Ald. Lamont Westmoreland, the scam operates by sending recipients a text message stating that a parking ticket must be resolved to avoid late charges. The message urges recipients to click on a link.
Westmoreland warned that clicking the link could expose the user’s phone to malware or ransomware. He also advised anyone who has shared credit or debit card information through the scam to contact their financial institution immediately to ensure their accounts are secure.
The fraudulent text message includes the city’s logo and seal, along with a URL containing “milwaukee.com,” according to a screenshot shared by Westmoreland. These elements make the message appear legitimate, increasing the likelihood of deception.
City's Official Statement
The Department of Public Works clarified that the city does not issue parking penalties via text message. Official tickets are delivered either by registered mail or by being physically placed on the vehicle.
The department urged residents not to click on links or share personal information in response to such messages. Victims of the scam are encouraged to report the incident to the Milwaukee Police Department.
If you have questions about parking tickets, you can contact the city directly at 414-344-0840. Ald. Westmoreland expressed disappointment over the scam, stating: “It’s really sad that scammers are resorting to using what appears to be a legit city source to run a scam like this, but it is not surprising.”
In the age of rapidly evolving artificial intelligence (AI), a new breed of frauds has emerged, posing enormous risks to companies and their clients. AI-powered impersonations, capable of generating highly realistic voice and visual content, have become a major threat that CISOs must address.
This article explores the multifaceted risks of AI-generated impersonations, including their financial and security impacts. It also provides insights into risk mitigation and a look ahead at combating AI-driven scams.
AI-generated impersonations have ushered in a new era of scam threats. Fraudsters now use AI to create unexpectedly trustworthy audio and visual content, such as vocal cloning and deepfake technology. These enhanced impersonations make it harder for targets to distinguish between genuine and fraudulent content, leaving them vulnerable to various types of fraud.
The rise of AI-generated impersonations has significantly escalated risks for companies and clients in several ways:
Prevention tips: As AI technology evolves, so do the risks of AI-generated impersonations. Organizations need a multifaceted approach to mitigate these threats. Using sophisticated detection systems powered by AI can help identify impersonations, while rigorous employee training and awareness initiatives are essential. CISOs, AI researchers, and industry professionals must collaborate to build proactive defenses against these scams.