Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label online transactions. Show all posts

Cybercriminals Target UPI Payments: How to Stay Safe

 



The Unified Payments Interface (UPI) has transformed the infrastructure of digital transactions in India, providing a fast, easy, and secure method for payments. However, its rapid adoption has also attracted the attention of cybercriminals. This article delves into the tactics used by fraudsters and the measures users can take to protect themselves.

Cybercriminals employ a variety of deceptive methods to exploit UPI users. Vishal Salvi, CEO of Quick Heal Technologies Ltd., explains that these criminals often impersonate familiar contacts or trusted services to trick users into making quick, unverified money transfers. One prevalent technique is phishing, where fraudsters send emails that appear to be from legitimate banks or UPI service providers, prompting users to reveal sensitive information.

Malware and spyware are also common tools in the cybercriminal's arsenal. These malicious programs can infiltrate devices to steal personal information, including UPI details, or even take control of the device to initiate unauthorised transactions. Social engineering tactics, where fraudsters pose as customer service representatives, are another method. They manipulate users into sharing confidential information by pretending to resolve a payment issue.

Protecting oneself from UPI payment fraud is crucial and can be achieved through vigilance and caution. Financial institutions have implemented multi-factor authentication (MFA) and financial literacy programs to enhance security, but users must also take proactive steps. It is essential never to share your UPI PIN or OTP with anyone. Always verify the authenticity of transactions and use official apps or websites. Ensuring a secure connection (https) before entering any information is another critical step. Regularly updating your app and enabling transaction alerts can help monitor for any suspicious activity.

In the event of a fraudulent transaction, immediate action is vital. The moment you suspect fraud, report the incident to your bank and the UPI platform. Blocking your account can prevent further unauthorised transactions. Filing a complaint with the bank's ombudsman, including all relevant details, and reporting the fraud to local cybercrime authorities are crucial steps. Quick and decisive actions can significantly increase the chances of recovering lost funds.

While UPI has revolutionised digital payments, users must remain vigilant against cyber threats. By following these safety measures and responding to any signs of fraud, users can enjoy the benefits of UPI while mminimising the risks.


E-commerce Breach: Hackers Target Magento, Steal Payment Data

 




In a concerning development for e-commerce security, hackers have been discovered exploiting a critical flaw in the popular Magento platform, leaving numerous online stores vulnerable to data breaches. The vulnerability, identified as CVE-2024-20720 with a severity score of 9.1, was acknowledged and addressed by Adobe in security updates released on February 13, 2024.

The exploit involves injecting a persistent backdoor into e-commerce websites, allowing threat actors to execute arbitrary commands and potentially steal sensitive payment data. Security experts from Sansec revealed that attackers are utilising a cleverly crafted layout template stored in the database to automatically insert malicious code into the system.

By combining the Magento layout parser with the beberlei/assert package, hackers can execute system commands, particularly targeting the checkout cart section of affected websites. This malicious code, facilitated by the 'sed' command, enables the installation of a payment skimmer, designed to capture and transmit financial information to compromised Magento stores under the attackers' control.

This incident underlines the urgency for e-commerce businesses to promptly apply security patches provided by Magento to mitigate the risk of exploitation. Failure to do so could leave them susceptible to financial losses and reputational damage.

The exploitation of vulnerabilities within the Magento platform has become an ongoing concern within the realm of e-commerce security. Since its acquisition by Adobe in 2018 for a significant $1.68 billion, Magento has grown to power more than 150,000 online stores worldwide. However, this widespread adoption has inadvertently made it an enticing target for cybercriminals seeking to exploit weaknesses in its infrastructure. One notable example of such exploitation is the MageCart attacks, which have highlighted the persistent threat posed by outdated and unsupported versions of Magento.

Given the prevalence of these vulnerabilities, it is pivotal for online merchants to prioritise cybersecurity measures to safeguard their customers' sensitive data and uphold trust within the e-commerce ecosystem. This necessitates a proactive approach that includes regular software updates, the implementation of robust security protocols, and continuous monitoring for any suspicious activities.

Industry stakeholders are urged to collaborate closely to enhance cybersecurity resilience and protect the integrity of online transactions. By staying informed and proactive, businesses can effectively combat cyber threats and uphold the security of their e-commerce operations.



Consumer Finance Group Supports Enhanced Privacy in the Use of Digital Euro

Privacy and security in financial transactions are becoming increasingly important in our digital age. The Consumer Finance Group's recent call for stricter privacy protections for the digital Euro is a proactive step to ensure that people's financial information is protected.

The Consumer Finance Group, a prominent advocate for consumer rights, has raised concerns about the potential privacy vulnerabilities associated with the digital Euro, which is currently under development by the European Central Bank. As reported by ThePrint and Reuters, the group emphasizes the need for robust privacy protections.

One of the key concerns highlighted by the Consumer Finance Group is the risk of digital Euro transactions being traced and monitored without adequate safeguards. This could lead to an invasion of financial privacy, as every transaction could potentially be linked to an individual, raising concerns about surveillance and misuse of data.

To address these concerns, the group has proposed several measures:

  • Enhanced Encryption: They suggest implementing advanced encryption protocols to protect the privacy of digital Euro users. This would make it exceedingly difficult for unauthorized parties to access transaction details.
  • Anonymous Transactions: The group advocates for the option of anonymous transactions, allowing users to make payments without revealing their identities. While this could raise concerns about potential illicit activities, it also protects the privacy of law-abiding citizens.
  • Clear Data Retention Policies: Consumer Finance Group also calls for transparent data retention policies, ensuring that personal financial data is not stored longer than necessary and is subject to strict regulations.
  • User Consent: They propose that users should have clear and informed consent regarding the collection and use of their financial data, empowering individuals to make choices about their privacy.

While these measures are essential for safeguarding privacy, it's essential to strike a balance between privacy and security. Implementing stringent privacy measures must also consider the need to combat financial crimes such as money laundering and terrorism financing.

The European Central Bank and policymakers should carefully consider the recommendations put forth by the Consumer Finance Group. Finding the right balance between privacy and security in the digital Euro's design will be crucial in gaining public trust and ensuring the widespread adoption of this digital currency.

The need for stronger privacy protections in the digital Euro is a reminder of the importance of safeguarding personal financial data in our increasingly digitalized society. Regulators and financial institutions must prioritize addressing these privacy issues as digital currencies become more widely used.

Yoga Trainer Defrauded of Rs.94,998 in a Paytm Fraud


In a shocking incident of cyber fraud in Lucknow, India, a yoga trainer lost Rs. 94,998 from her bank account within five transactions that she made online. The victim claims to have been approached by the fraudsters impersonating a BSF personnel who requested to deposit the said amount to a Paytm account.

Sudha Swarnkar, a professional yoga teacher claims to have lost the whopping sum in only 20 minutes. After realizing she has been duped, the victim lodged a complaint to her local cybercrime unit of Lucknow police, with Ashiana police station.

Sudha’s father, Ghanshyam Swarnkar, who works at the information department condemned the police for their delay in investigation, emphasizing the fraudster managed to defraud the money in just 20 minutes with only five transactions, but the police is yet to take action on the matter even after one week since the incident.

Sharing details of the online fraud, Mr. Ghanshyam says that on July 15 his daughter was approached by the fraudster over the phone, claiming to be Pankaj Kumar Pandey, a Border Security Force (BSF) personnel. The ‘BSF personnel’ offered her a role in the two-month-long yoga camp that will be sponsored by BSF in the Lucknow Cantonment area.

After giving more details on the yoga camp to build the victim’s trust, the fraudster asked her to deposit the fees that must be paid as a ‘hiring request’ through the Paytm account linked to her bank account. He claimed that the scammer sent her a Paytm request asking her to complete a Rs 2 transaction and pay the associated fees.

He further noted that the Paytm account showed the username as ‘Bitoli Devi,’ and when it seemed the money was debited, the transaction failed. Following this, at the request of the fraudsters, the victim repeated the transaction process again and again. By the time she realized what was going on, an amount of Rs 94,998 was already debited from her account through the five transactions that she made.

According to Mr. Ghanshyam, the phone number of the fraudster is still active, with him making calls to the victim actively. However, the police did not react to the complaint while confirming that the investigation on the matter is ongoing.