Search This Blog

Showing posts with label Cyber Fraud. Show all posts

Cyber Intrusions on a Rise in Oregon, Attackers Bringing in Sophisticated Methods


Cyber intrusions have been on a rise with cybercrime becoming more dangerous and sophisticated than ever. The pervasive and evolving cybercrime poses a serious threat to both the public and private sector networks as attackers target international organizations to steal corporate data and individuals are subjected to identity theft.

In December 2018, Aaron Cole, from the Portland suburb of Oregon City, fell prey to a wire scam and nearly lost his home after being duped into making a fraudulent down payment of $123,000. The attacker sent Cole an email directing him to make the payment and tricked him into believing that it is from the title company he had been working with. At the time, Cole did not realize that a sophisticated network of hackers had been keeping track of his interactions with the title company. Although the email appeared similar in structure to the original emails he received from his title company, it had slight differences.

It was only when the title company reached out Cole on due dates, asking him to send the money, the realization of the blunder hit the Oregon man hard. He suddenly realized that he was duped by cybercriminals to give away all the money which he had saved from the sale of his former house along with other family savings.

Cole's title company, WFG came to his immediate rescue and made up for the losses, in turn, Cole is helping the company in spreading the word about more such scams. He was fortunate to be hired for the same amount he lost to the hackers - to be a spokesperson at the National Title Insurance Company.

“They warned we're never going to send you an email with wire instructions, it'll be an encrypted email. We’ll call you with wire instructions. They're putting all the red flags out there that they can possibly think of,” said Cole. “I was looking at it more like the terms of use when you want to download an app and you just skip through the thing and you click accept.”

While explaining the unfortunate incident and the state of mind which followed, the Oregon Husband and father of two said: "It was the worst feeling."

"And then having to go home and tell my wife that I just gave away all the money. She could tell right when I walked in the house and just sat down, and I just couldn't come up with the words to tell her." He added.

Referencing from the statements given by Gabriel Gundersen, an FBI supervisory special agent with the Oregon Cyber Task Force, "The emails have gotten well-crafted and quite detailed. They're highly tailored to that particular victim."

"It's a social engineering piece, where they're coercing a victim to do something based on an artificial agenda or an artificial timeline." He added.

Earlier the attempts made by attackers to dupe people were uncoordinated and clumsily executed due to which individuals had a scope of making distorted sense of anything which strikes them as strange and makes them feel uncomfortable, however now these cyber traps are set sophisticatedly making it difficult for individuals to locate the red flags.

Security officers are in a constant race with the attackers, ensuring they are not lacking behind with the fixes for every new approach slammed in by con men. However, the overall impact is still staggering as crucial systems are bypassed, disrupting the entire functioning of vital medical and banking networks.

Mumbai Techie Loses Rs 3 Lakh, Card Info Used 56 Times Abroad



A few days before Diwali, a Mumbai based engineer on a maternity leave to look after her new-born woke up to a shocking discovery from her bank as she was informed that she has fallen prey to a debit card fraud. While she was asleep, her debit card was used online to carry out 56 transactions, resulting in a loss of Rs 3.3 lakh, reported Times of India.

Around 2:30 am an automated phone call from the bank in which she has a savings account, alerted her about transactions carried out on her debit card and told her to reach out to customer care if the transactions had not been made by her. Upon receiving her response, customer care got her card blocked immediately and she also lodged a complaint with the Kanjumarg police, however, there are no remarkable leads on the case yet.

The unfortunate incident happened just a few days before Diwali and ruined the Diwali plans for the Mumbai techie's family. Notably, the transactions were made internationally and the owner did not receive any text or call requesting a one-time password (OTP). According to the statements given by the victim and her husband, they had never used the particular debit card internationally before. They had used it lately on domestic websites while shopping for baby products.

What experts have to say about the fraud? 


While commenting on the matter, cybersecurity expert, Vicky Shah said, "There could be various reasons how this happened. One of the possibilities is that the card could have been cloned. When a card is used internationally, an OTP is not required. Another possibility is that the card details were compromised. There were recent reports about details of 1.3 million cards being leaked. It’s a matter under police investigation." He also pointed out the RBI norms, which bound the bank to reverse the lost amount back into the victim's bank account within a time frame of 10 days as the transaction was carried out internationally.

Meanwhile, the victim's husband tweeted, "Bank representatives should have noticed that something was wrong when dozens of transactions were made so early in the morning. They should have called us before approving the transactions."

Websites tricking buyers with fake high-end products!


Bengaluru: The city's Cyber Crime Police Station (CCPS) has been receiving cases of a new modus operandi, where sellers on websites fraud people by delivering them fake products instead of the plush ones they ordered. Victims of this "gifts scam", as it is being called have lost from Rs 2,000 to Rs 10,000 , with around five cases being filed per day.

People are being scammed on websites as well as a popular Facebook marketplace where exorbitant and high quality products are advertised but the buyers receive fake, low-quality or copy products. In response, police did raid a go-down but no constructive steps have been taken as shutting down the alleged websites or finding the miscreants.

“Two days ago, a go-down was raided at Ramanagara where fake products were stored. They would advertise good-quality products and cheat customers with fake ones. This year, two cases were cracked - the second one by the CID cyber cell,” says K N Yeshvanth Kumar, cybercrime inspector in-charge of the Cyber Crime Police Station.

The buyers are being duped on various purchases, Essesse Satheesh, a product developer accounts- "I purchased a second hand Apple Watch but received a fake and lost Rs 16,000." Another buyer wanted to file a complaint to the police, to see the site shut down, "I had lost only Rs 2,000, but more than getting my money back, I want to inform the police that the website Mindhole.com is fake and that others should not fall for it".

Bengaluru has only one cybercrime police station with a tally of 8,200 cases this year, and in 2018 CCPS registered 5,036 cases and officials says that this number could easily go up to 10,000 if more cyber crime police stations are not introduced in the city; to open more of these has been repeatedly proposed to no effect.

Since 2017, only 3,000 of 12,000 cases have been disposed. “The numbers may seem alarming but that is because one station caters to the whole city. The CCP stations will come in soon but cannot say when,” said Additional Commissioner of Police (Crime) Sandeep Patil.

An App Helping Scammers Hack into Bank Accounts on the Rise in Bengaluru


An app called AnyDesk, utilized by telecallers pretending to be officials from legitimate banks is clearly on the rise in Bengaluru, helping hackers effectively access to the bank accounts of clueless customers.

AnyDesk is said to be a tool that gives remote access to digital devices and can be downloaded from Google Play and App Store. In February this year, the Reserve Bank of India cautioned of a digital banking fraud that utilizes AnyDesk as the main attack route.

Bengaluru cyber police have registered 25 cases over the last two months and as per a senior cybercrime investigator people have lost between Rs 15,000 and Rs 2 lakh subsequent to downloading the application.

The fakes talk about complimentary gifts, coupons and limits to draw their exploited people. “They use these to bait people into sharing their pin, and then access OTPs and credit card and CVV numbers saved on their phones,” he says.

The callers essentially persuade the victim to share their pin saying it is important to enact free insurance or extra credit. OTPs are their greatest weapons as they can be utilized to get to photos and recordings as well as personal data, which is now and then used to compromise and blackmail people, the official says.

“They can also see your chats and get passwords you may have stored on your phone,” the officer says. Reasons given by scam telecallers to extract information from the customers:

  1. Your ATM card has expired. 
  2. Your ATM card needs to be reactivated. 
  3. Your reward points need to be upgraded. 
  4. Your reward points can be cashed. 
  5. Your Aadhar and PAN need to be linked to your ATM card.

And so the banks have warned the people to remain cautious regarding certain parameters like:

  1. No bank ever asks you to share your OTP, CVV and Internet banking details over the phone. 
  2. People calling from banks based in Karnataka first speak in Kannada, and not in Hindi or English. Bank employees don’t ask you to deposit money through Google Pay. 
  3. Don’t install any app that allows remote access to your phone.

Bengaluru: Passport offices alerts public against fake websites


Bengaluru: Passport offices throughout the country are apprehensive about the increase in fake websites that masquerade as official portals for passport related services and siphon off applicant's data and money.

The ministry has been issuing advisories and alerts on its social media handles to caution the public against such fraudulent websites. The crime branch, working with the ministry has also started awareness drives in order to prevent passport applicants from being duped by bogus.

 The fake websites that the offices caught were-
 www.indiapassport.org,
 www.online-passportindia.com,
 www.passport-seva.in,
 www.passport-india.in,
 www.passportindiaporlal.in and www.applypassport.org. (Sc.TOI)

Whereas, the official website to apply for a passport is- "www.passportindia.gov.in" and the official mobile application to avail passport related services is - "mPassport Seva".

Victims who were cheated by these bogus websites and mobile applications approached the passport office and filed complaint at the local police station, said Officials at the Regional Passport Office, Bengaluru. Not only websites but mobile applications and brokers outside the passport offices also demand more payment and could be stealing personal data like Adhaar Card, Voter Id, resident proof and birth certificate to partake in more serious crimes like identity theft or selling the data to immigrants.

The officials said they came across websites that charged unwarranted prices for filling up online forms for a new passport and other services and even people who were highly educated fell victim to the fraud. Where the real cost for a passport is Rs.1,500 for normal and Rs.3, 500 for tatkal, these fraudsters are charging from Rs. 4,500 to Rs. 6,000. And money is the lighter concern, the bigger threat is the theft of personal data like Adhar Number, Voter ID and phone connections.

These websites used logos of other government schemes like Swachh Bharat Abhiyan to appear more genuine and true. Even on Google Play Store, at least eight unauthenticated and false applications were found.

This problem is not centrist to Karnataka, as cases from all over the country have been popping up, for instance, NCR and Bhuvaneshwar being two of the areas. Bharath Kumar Kuthati, regional passport officer, Bengaluru, says "they are creating awareness by issuing warnings on social media. It is a pan-India problem and the department is taking steps to counter it."

Cyber Criminals Use New Method To Steal Funds From Bank Customers' Account


According to a report of the Central Bank, this year, Bank fraudsters have a new way of stealing from Bank cards, they pose as Bank employees using the technology to substitute phone numbers. Special IP-telephony services allow them to perform substitution of numbers, or scammers disguise the number using the letters OOO instead of 000 and so on.

It is noted that the two tools help the scammers to commit thefts. The first is access to personal data. Only in the last six months, the Central Bank specialists found 13 thousand ads for buying or selling names and phone numbers. Attackers, who got personal data, can easily simulate a conversation as an employee of a credit institution, insurance company or government agency.

The second tool of scammers is special programs that allow them to disguise as the official number of the Bank. The Central Bank recognised the falsification of Bank numbers as a new massive way of stealing money from the population.

According to the Bank of Russia, this summer the number of fraudulent calls to customers increased dramatically, and in June-August, the regulator sent data to Telecom operators on more than 2.5 thousand numbers from which calls to customers of Banks were received. However, only 200 numbers were blocked.

Experts believe that blocking numbers is not the best way to combat fraud. It would be more correct to stop the leakage of personal data from Banks and other organizations.

Thefts are mostly associated with the substitution of phone numbers, and Telecom operators refer to the lack of norms in the law. We will initiate changes to the law on communications, - said Artem Sychev, the First Deputy Head of the Department of information security of the Central Bank.

Sneaky Android adware hides its own icon to avoid removal – find out how to get rid of it!



Security researchers at SophosLabs have discovered 15 apps in the Play Store that contain a manipulative strain of adware that hides its own icon in the launcher to avoid being uninstalled by making the process unusually difficult for the users, it disguises itself as a harmless system app. There is a possibility of more such apps being present on the Play Store beside these 15 discovered ones. Some apps of similar nature have gone a step further and were found upon opening the phone’s App Settings page, hidden beneath names and icons that make them appear as legitimate system apps.

Some people tend to download an app, without giving its requirement much of a thought or consideration, the habit may have led you into inadvertently downloading these malicious apps such as QR code reading, free calls and messaging, phone finder, backup utilities and image editor apps which have adware embedded in them and serve no purpose at all other than to generate revenues for the developers by displaying intrusive advertisements. To exemplify, Flash on Calls & Messages – aka Free Calls & Messages is one such app, which shows a fake error message when the user launches it, telling the user that it is incompatible with his device. Then the user is directed to the Google Play Store entry for Google Maps, to mislead the user into believing that the Maps app is the reason for the crash, which is not at all true.

On Google Play Store, most of these camouflaged apps receive negative ratings and reviews which highlight the disappointments and the issues faced by users while using the app. More than 13 lakh phones were populated by these malicious apps, according to SophosLabs.

Quoting Andrew Brandt, principal researcher at SophosLabs, "To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"App developers have, for years, embedded ad-code into their apps as a way to help defray the costs of development, but some developers simply use their apps as a borderline-abusive platform solely to launch ads on mobile devices," he added.

How to get rid of adware apps? 

Referencing from the advise given by Andrew Brandt, "If you suspect that an app you recently installed is hiding its icon in the app tray, tap Settings (the gear menu) and then Apps & Notifications. The most recently opened apps appear in a list at the top of this page."

"If any of those apps use the generic Android icon (which looks like a little greenish-blue Android silhouette) and have generic-sounding names (‘Back Up,’ ‘Update,’ ‘Time Zone Service’) tap the generic icon and then tap ‘Force Stop’ followed by ‘Uninstall.’ A real system app will have a button named ‘Disable’ instead of ‘Uninstall’ and you don’t need to bother disabling it."

"To stay safe when downloading apps from the Google Play Store, users are advised to read reviews and sort them by most recent and filter out the positive four and five-star reviews with no written text,"

"If several reviews mention specific undesirable behavior, it's likely best to avoid that particular app," he says. 

Security forces are frequent victims of fraudulent lotteries, says Central Bank of Russia


In the past 1.5 year, financial fraudsters switched from the elderly to the economically active population. The Central Bank of Russia reported that most of the victims are middle-aged men with experience in the power structures. This was announced at the conference on information security of the financial sector by Artem Sychev, the first deputy director of the Information Security Department of the Central Bank of the Russian Federation.

Sychev explained that he is talking about participation in a fictitious lottery. Most often its victims are people over the age of 50 years or middle-aged men.

"This trick is very simple: participate in the lottery — get a prize. You will not believe it, but men, especially those who somehow related to power structures, become victims much more often than anyone else."

According to Natalia Ratinova, the Candidate of Psychological Sciences, the leading researcher of the University of Prosecutor's Office of the Russian Federation, an excessive share of self-confidence can fail people in uniform. A false sense of self-protection plays a cruel joke, because for scammers everyone is equal.

According to Sychev, now the target category of fraudsters is citizens aged 32 to 48 years. Only an economically active citizen can have a large amount on the card, which is important for criminals. Elderly people usually keep funds on deposits, leaving a small amount on the card, which is not interesting to fraudsters.

According to him, women of economically active age, 65%, also often become victims. At the time the scammers call, they are usually "busy with business."

Earlier it was reported that a new type of fraud is gaining momentum on the Web. Internet users are encouraged to participate in a "win-win lottery" or survey with guaranteed rewards. Users need to pay a commission and enter credit card information to participate. According to intelligent sources, attackers use a server simulating the site of one of the mobile operators to withdraw funds.

According to media reports, the turnover of the fraudulent scheme could amount to hundreds of millions of rubles. Now it’s becoming more difficult to investigate such crimes, because attackers do not just call from fake numbers, but use the bank’s official phone number.

Image credit: rbc.ru

Income Tax Dept alerts taxpayers of phishing mails by fraudsters




The Income Tax department of India has alerted the taxpayers about a phishing email asking them to verify their tax return even though they have e-verified it.

A taxpayer Anika Gupta, received an email from a suspicious email ID, asking her to e-verify her return, while she had already e-verified her ITR through OTP generated by the Aadhaar card.

The email claiming to be from the Income Tax (I-T) Department, it read, “Hello anxxxxx@xxail.com, Income Tax Return for the Assessment Year 2019-2020 has been successfully filed. After Submission, It is mandatory for Tax Payers to e-Verify the Income Tax Return using various verification methods. For your Income Tax Return, e-verification is not d………..read more”

The mail contains three malicious links with the texts ‘read more’, ‘see here’, ‘pending’ and ‘click here’.

Soon after receiving the mail, Gupta alerted the matter to the grievance section of the I-T Department.

The I-T Department alerted the taxpayers by saying, “Income Tax Department never asks PIN, OTP, Password or similar access information for credit/debit cards, banks or other financial account-related information through e-mail, SMS or phone calls. Taxpayers are cautioned not to respond to such e-mails, SMS or phone calls and not to share personal or financial information.”

The I-T department also requests the user to carefully “Check the domain name. Fake emails will have misspelled or incorrect sounding variants of Income Tax Department web sites and will have incorrect email header.”

The Department further said, “In case if you have received such phishing / suspicious mail – do not open any attachments as it may contain malicious code. Do not click any links. Even if you have clicked on links inadvertently, then do not enter personal or financial information such as bank account, credit/debit/ATM card, income tax details, etc.”

Canara bank issues advisory for ATM users after fraud bid



Over the last few days, a video of a cautious user who spotted a device to read debit card data at a Canara Bank ATM in New Delhi is being circulated widely. The video was shared by a Twitter user @rose_k01. Canara Bank was quick to address the issue, as it responded by ensuring there was no breach of sensitive user data. "It has come to our notice that a video is being circulated on an attempted fraud on one of our ATMs by installing a skimming device. This attempt, which was made in one of our ATMs in Delhi, was found out immediately and the devices were removed expeditiously. Thus no data compromise has happened. We have closed down this particular ATM pending completion of police investigation," Canara Bank said in a tweet.

“We, at Canara Bank take strict measures to safeguard our customers. We immediately located and removed the skimmer from Gowtami Nagar, Delhi ATM," the public sector bank added. The bank further informed through the same tweet that no data has been compromised.

Canara Bank said it has already taken some proactive, preventive and customer friendly measures to protect the interest of customers, so as to prevent loss of their precious money, the bank said further in the tweet.

1) Canara mServe Mobile app: Using the app, customers can switch off their credit or debit cards when not in use thereby preventing any unauthorise use.

2)The bank is installing anti-skimming and terminal security solutions in all the ATMs across the country.

3) For withdrawal of more than ₹10,000 from our ATMs by any of our customers, an OTP facility as additional security feature has been introduced thereby preventing unauthorized use.

4)Bank is flashing Do's/Don'ts to all customers through social media and SMS.

5) Fraudulent transactions due to third-party breaches where neither the customer nor bank is at fault, there cannot be any liability to the customer under the norms on limiting customer liability in unauthorised transactions, in case the incident is reported within three days. Thus the customer is totally protected from any monetary loss.

FBI issues warning against dating sites




An intelligence and security service of the United States has issued a warning for its people to be wary of "confidence/romance scams," after the Bureau saw a 70% annual rise in fraud cases.

The Federal Bureau of Investigation found an exponential increase in the cases where dating sites are used to trick people into money scams, sometimes victims were asked to send money or buy expensive gift items for people met online. 

In 2018 alone more than 18,000 complaints were registered and the total monetary loss was more than $362 million.

The warning issued by the FBI warns actors, "often use online dating sites to pose as U.S. citizens located in a foreign country, U.S. military members deployed overseas, or U.S. business owners seeking assistance with lucrative investments."

Crimes like these target people from all age group, but elderly women—especially those widowed—are especially vulnerable.

The U.S. Department of Defense also issued a warning about "online predators on dating sites claiming to be deployed, active-duty soldiers."

According to the U.S. military, there are now "hundreds of claims each month from people who said they've been scammed on legitimate dating apps and social media sites—scammers have asked for money for fake service-related needs such as transportation, communications fees, processing, and medical fees—even marriage."

Cyber criminals thrive in India’s IT capital

Cyber criminals seem to be thriving in India’s IT capital; in the last four months alone, Bengalureans lost Rs 32 crore to various online scams. A 39-year-old woman was the biggest victim—a fraudulent suitor who befriended her through a matrimonial website made away with Rs 33 lakh.

The cybercrime police station of the Bengaluru city police has recorded a staggering 3,180 cases in four months since mid-January.

Last year, Sumathi (name changed) from Jayanagar had registered with a well-known marriage portal to find a match. Little did she know that the prince charming who approached her as a UK-based Indian doctor expressing interest to settle down with her in Bengaluru was an online imposter. He got her into parting her hard-earned money through numerous online transfers.

“She was lured by an exciting gift packet the man claimed to have sent from the UK. Then came the false excuse of Indian customs officials seizing the gift for duty. She fell for it and transferred lakhs of rupees, trusting the man who trapped her with sweet words and promise of marriage in a brief period,” said an officer.

Rise in matrimonial fraud

Sumathi is one among the many victims of online imposters who’ve siphoned off Rs 32 crore since February through various techniques—credit card skimming, vishing, phishing, e-wallet scam, online car sales con, Facebook fraud, airline ticketing trickery and an array of other Nigerian scams. Matrimonial frauds topped the charts in the four months with hundreds of women being targeted by crooks, mainly through paid portals and Facebook messenger.

“Every day, we register close to 40 FIRs regarding bank frauds, including phishing, vishing and illegal money withdrawal from accounts through ATMs. People still fall prey to lottery fraud, the oldest trick in the trade,” said an officer. He said the cybercrime wing register nearly 1,000 FIRs a month.

Hackers charged with stealing $ 2.4 million



A group of hackers from the cybercrime group known as “The Community” charged in the U.S for “Sim Hijacking” attack and commit wire fraud along with 3 former employees of mobile phone providers.

All the 6 members of “The community ” group alleged to have participated in thefts of victims’ identities and used the data to steal cryptocurrencies via SIM Hijacking attack also known as SIM Swapping.

“SIM Hijacking” or “SIM Swapping” is an identity theft technique that exploits a common cyber-security weakness – mobile phone numbers.

This special technique used by hackers to gain control of victims’ mobile phone number in order to route the victims mobile traffic such as phone calls and short message service (“SMS”) messages through the devices controlled by “The Community”.

According to the fifteen-count indictment unsealed, SIM Hijacking was accomplished by a member of “The Community” contacting a mobile phone provider’s customer service—posing as the victim—and requesting that the victim’s phone number be swapped to a SIM card (and thus a mobile device) controlled by “The Community”. Later, Hijacked new SIM will be used as a gateway to gain control of online accounts such as a victim’s email, cloud storage, and cryptocurrency exchange accounts.

Here is the list of 6 “The Community” 3 former employee of mobile phone provider.

Conor Freeman, 20, of Dublin, Ireland

Ricky Handschumacher, 25 of Pasco County, Florida

Colton Jurisic, 20 of, Dubuque, Iowa

Reyad Gafar Abbas, 19, of Rochester, New York

Garrett Endicott, 21, of Warrensburg, Missouri

Ryan Stevenson, 26, of West Haven, Connecticut

Charged in the criminal complaint were:

Jarratt White, 22 of Tucson, Arizona

Robert Jack, 22of Tucson, Arizona

Fendley Joseph, 28, of Murrietta, California

Russia asked Georgia to extradite hacker Sumbaev


It became known that on November 26 the Prosecutor General's Office of Russia sent an official request for the extradition of Yaroslav Sumbaev, who was detained in Tbilisi.

As a reminder, Yaroslav Sumbaev is the head of the hacker group, consisting of 29 people, earned 258 thousand dollars on fictitious refunds of tickets of Russian Railways and S7 airlines in 2013-2014. The case of hacker group was conducted by Evgenija Shishkina, the senior investigator of the Ministry of Internal Affairs, who was shot on October 10.

Georgian police detained Sumbaev on November 5, as a result of a special operation. He was accused of illegally acquiring firearms and using a fake passport.

The Prosecutor General's Office of Russia guarantees that Sumbaev will be prosecuted only for those crimes for which his extradition is requested: the creation of a criminal community, theft committed by a group of persons.

However, according to a secret source, the Russian hacker will be interrogated in the case of the murder of the investigator Shishkina. The lawyer of Sumbaev said that his client partially admitted the allegations of cybercrime, however, categorically denied any involvement in the murder of the investigator.

The Prosecutor General's Office was unable to comment on Sumbayev’s extradition request.

It is interesting to note that the Ukrainian hacker Yuri Lysenko, accused of stealing more than a billion rubles (15.15 million $) from commercial Banks in Russia, was sentenced to 13 years in a maximum-security colony.