Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label trading apps. Show all posts

US Forex Scam Lasted for Ten Years

Two US men, Patrick Gallagher, 44, of Middleborough, Massachusetts, and Michael Dion, 49, of Orlando, Florida, both pled guilty to one charge of conspiracy to commit financial crimes in a foreign exchange operation that spanned a decade. 

Forex: Is it a con?

The world's currencies are traded on the Forex market, a credible platform.  It would be tricky to trade the currencies required to pay for imports, sell exports, travel, or conduct cross-border business without the Forex market. However, because there is no centralized or regulated exchange and massive leverage positions (which theoretically have the potential to earn traders a lot of money), are available, con artists use the scenario and rookie traders' desire to join the market. 

Since the forex market is a 'zero-sum' market, in order for one trader to profit, another dealer must lose money. As a result, the forex market does not by itself increase market value. 

About the Scam  

According to the Department of Justice, hackers established a fake organization called Global Forex Management and lured investors by assuring them large profits based on falsified trading performances from the past.

Hackers alleged that IB Capital, the business of a conspirator, would use an online trading platform to trade the victims' money. Rather, Gallagher and Dion were stealing the money from the victim investors while collaborating with other criminals in the Netherlands.

Gallagher and Dion carried out their scheme in May 2012 by deliberately setting up negative trades for the investors, effectively stealing $30 million from their victims.

After fabricating the enormous trading loss, Gallagher and Dion used shell businesses they had built up all across the world to transfer the stolen funds.

How can we detect a forex scam?

Learning how to correctly trade on the Forex market is the single most crucial thing a person can do to avoid getting conned. Finding reliable Forex brokers, on the other hand, is a challenge in this situation. Before trading with real money, practice making long-term profits on demo accounts. Be aware that it can take years to thoroughly learn the Forex trade, just like it does with any professional ability. Avoid any claim that suggests 'you can generate money quickly.'

Furthermore, don't accept the assertions made at face value; instead, take the time to conduct your own investigation. The legitimacy of the business that makes the claims or offers the course or expertise is something else a person might wish to investigate. 

ACY Accidentally Exposes User Data On Web

Anurag Sen, a famous cybersecurity expert said that ACY Securities, an Australia-based trading company accidentally posted huge amounts of personal and financial data of unsuspected users and businesses on the web for public access. The incident happened because of misconfigured database that ACY Securities owns. Sadly, the data leak had over 60GB worth of data that was left in the open without any protection. 

It means that anyone with basic knowledge about obtaining unsafe databases from platforms like Shodan can gain full access to ACY's data. The data had logs from February 2020 to this date, getting updated regularly. The exposed data includes- full name, postal code, address, date of birth, email address, gender details, contact number, password, and banking, and financial information. The attack hit businesses in various countries including China, India, Spain, Russia, Brazil, Australia, Romania, Malaysia, the United States, the United Kingdom, Indonesia, and United Arab Emirates. 

The expose is very severe because, at the beginning of this year, Anonymous and affiliated hacker groups totaled 90% (estimated) of Russian cloud databases, leaked to the public. The exposed data in these leaks was without a password or authentication. 

In the ACY Securities incident, if we consider the extent and nature of leaked data, the case could've turned out to have the worst implication. For instance, threat actors could have downloaded tha data and performed phishing scams, identity thefts, marketing campaign scams, and microloans identity scams.

"misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. In 2021, the number increased to 399,200 exposed databases," read a post on HackRead.

167 Fake iOS & Android Trading Apps Brought to Light by Researchers

 

Sophos, a worldwide leader in cybersecurity, has found 167 fake Android and iOS apps that criminals have been using to rob people who still believe they have a very well, trustworthy financial trading, banking, or cryptocurrency application. A research article titled, ‘Fake Android and iOS apps disguised as trading and cryptocurrency apps,’ illustrates how criminals utilized social technology, fake web pages like a fake iOS App Slot, and an iOS app tester to deliver the fake apps to unsuspecting customers. 

Fake applications were investigated and the results showed that all were very similar to each other, as stated by Sophos researchers. Many have included the "chat" option to integrate customer service. When researchers attempt to communicate by using chat with support teams, answers were almost alike. They also discovered a single server loaded with 167 counterfeit trading and cryptocurrency applications. In combination, this indicates that, according to Sophos, all fraud might be carried out by the same party. 

In one of the scenarios examined, the scammers approached the customers through a dating app by creating a profile and exchanging messages with specific objectives before attempting to encourage them to download and add money and cryptocurrency to a counterfeit application. The attackers blocked access when their targets later tried to withdraw funds or close the account. 

In other instances, websites built to resemble a reputable company, such as a bank, have been able to attract the targets. To persuade the users to install an app from the genuine App Store, they have even developed a fake "iOS App Store" download page with fabricated customer reviews. 

When the visitors pressed upon the links to install fake apps for Android or iOS, something like a smartphone web app was obtained but was only a shortcut icon connected to a fake website. 

Technicians have also delivered fake iOS applications via third-party websites to encourage developers towards testing new applications with a small number of Apple device users before applying to the official App Store. 

“People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, a senior threat researcher at Sophos. “The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable.”

“To avoid falling prey to such malicious apps, users should only install apps from trusted sources such as Google Play and Apple’s app store. Developers of popular apps often have a website, which directs users to the genuine app and, if they have the skills to do so, users should verify if the app they are about to install was created by its actual developer. Last, but not least, if something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is,” he further added.

Sophos also recommends the user install an anti-virus program on the mobile device to defend Android and iOS devices from cyber attacks, like the Intercept X for Mobile.