Search This Blog

Showing posts with label Cyber Fraud. Show all posts

Russian Cyber Criminals started using bots to deceive victims

Fraudulent call centers started using bots to filtering distrustful victims in order to force them to call back and assist them on their own

According to experts, this approach makes it possible to reduce the cost of attacks on victims and increase conversion.

"The robot says: "Your card in this bank is blocked, call us back at this number”. When the victim calls back, allegedly the bank's security officers answer, ” explained Artem Gavrichenkov, technical director of Qrator Labs. He added that scammers make up to hundreds of calls a day using such robots.

Fraudsters also use fake IP telephony service numbers, bulk SMS sending services and messages in Messengers on behalf of the Bank, said Sergei Nikitin, deputy head of the Group-IB computer forensics laboratory.

The fraudsters in this case used "reverse social engineering", said Alexey Drozd, head of the information security department at SerchInform. In such cases, the victim calls the attackers.

Andrey Zaikin, Head of Information Security at CROC, explained that people are not used to the use of robots by scammers, this increases the credibility of hackers.

The technology also makes the attack cheaper, adds Mikhail Kondrashin, technical Director of Trend Micro in Russia and the CIS. A robot is a simple software for auto-calling, notes Mr. Zaikin. Developers of voice platforms usually do not charge a fee for creating such a bot, and the average cost of a call is 2.5–3.5 rubles ($0.3-$0.4) per minute.

Previously, many fake call centers operated from prisons, but recently, according to Group-IB, most are organized outside and sometimes even abroad. According to experts, international cooperation at the state level is necessary to neutralize them.

New types of fraud related to Bank cards of Russian Banks have been spotted

Fraudsters encourage Bank customers to withdraw funds at a branch or ATM on their own and then transfer money to the account of the attackers

"There are cases when fraudsters, through psychological influence on the client, ask to transfer funds through an ATM and/or withdraw funds through the cashier, while providing fake documents from the Bank," said Mikhail Ivanov, Director of the Information Security Department of RosBank.

Stanislav Pavlunin, Vice President and Security Director of Pochta Bank, noted that this is one of the latest schemes of cybercriminals, which is a kind of the most common method of fraud - social engineering.

The vast majority of fraudulent operations are carried out using social engineering methods, explained Ilya Suloev, Director of the Information Security Department of Otkritie Bank. This was confirmed by Sberbank, which since the beginning of 2020 has recorded almost 2.9 million customer requests about fraudulent attempts. In comparison with 2019, the number of such requests has more than doubled.

The most popular way to influence potential victims is still phone calls. According to OTP Bank, fraudsters can be represented by employees of the security service of the Bank or government agencies. 

The number of telephone fraud attempts has increased this year, confirmed Oleg Kuserov, Managing Director of Absolut Bank.

"The growth of such attacks is associated, in our opinion, both with an increase in the number of fraudulent call centers and with major data leaks in 2020 from various enterprises, including online stores," said Vyacheslav Kasimov, Director of the Information Security Department of Credit Bank of Moscow.

Sergey Afanasyev, Executive Director and Head of the Statistical Analysis Department of Renaissance Credit Bank, also noted that another common type of Bankcard fraud, in addition to social engineering, is phishing — stealing money through fraudulent duplicate sites.


Money stolen from bank accounts of Russians twice as much as last year

In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.

According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.

The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.

Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.

Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.

Group-IB spotted a new fraud scheme to steal money from Zoom users


Under the guise of receiving monetary compensation "in connection with COVID-19" or for subscribing to the service, users are lured to fraudulent sites where money and Bank card data are stolen

Group-IB has documented a new Zoom scam to steal money and user data. This was reported by the press service of the company.

The study began after users complained about the emails they received from the Zoom service. They offered to get compensation "in connection with COVID-19" and provided a link to fraudulent sites where the victim's money and Bank card details were stolen. Analysts from the Group-IB's Computer Emergency Response Team (CERT-GIB) found that the emails were sent not from a fake domain, but from an official service.

"The thing is that when registering, Zoom offers the user to fill out a profile - specify "First name" and "Last name", providing the ability to insert up to 64 characters in each field. Fraudsters use this opportunity by inserting the phrase: “You are entitled to compensation in connection with COVID-19" and indicate a link to a fraudulent site,” explained the company.

After clicking on the link, users were asked to enter the last 4 or 6 digits of their Bank card number. Fraudsters calculated "compensation" for the user: from 30 thousand to 250 thousand rubles ($385 - $3,200). But to get this money, the victim had to pay a small amount "for legal assistance in filling out the questionnaire" - about 1 thousand rubles ($12). So, users entered card data on such resources, but as a result, they lost both money and Bank card data.

According to the Deputy head of CERT-GIB Yaroslav Kargalev, the Zoom service needs to implement a more thorough verification of the data that the user enters when registering an account, as well as completely prohibit the use of third-party links in the profile. Since the beginning of 2020, CERT-GIB has recorded the appearance of about 15.3 thousand domains containing the name Zoom - the surge in registration occurred during the period of remote work.

The Central Bank of Russia spotted a fraud scheme using the voice menu of one of the banks

The Central Bank of Russia informed banks that fraudsters use the voice menu to get information about the status of customers' accounts, using only the last four digits of the card.

It all started with the fact that one of the credit organizations reported a sharp increase in the number of calls to customers from fraudsters, and the attackers knew the exact amount on the accounts.

It turned out that the scammers made phone calls to the IVR system (Interactive Voice Response), replacing customer numbers. When calling from a client's number, they requested information about the remaining funds by entering the last four digits of the Bank card.

After that, the scammers called potential victims and introduced themselves as Bank employees. As proof of authenticity, they provided customers with information about their account balances. After that, they successfully used social engineering methods to steal money.

The phone numbers of customers and their Bank cards were compromised and spread on the Internet. The Central Bank believes that fraudsters could get them from the Joom client base, which was in the public domain. Then, representatives of the online store and banks assured that there is no danger for customers, since the data that fell into the hands of fraudsters is not enough to debit money from their accounts.

It turns out that the last four digits of the card may be enough to get confidential information from Bank customers. But this information is not officially classified as secret and is printed on any check.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, the use of biometrics can simplify the identification process for the user and make this process more secure. At the same time, the expert believes that the use of biometrics would increase its cost for the Bank. Thus, despite the recommendations of the Central Bank, banks will continue to minimize their costs in this area, risking making their customers victims of fraud.

The Russian quality system (Roskachestvo) reported on the new traps of scams in WhatsApp

The absolute majority of fraud in WhatsApp occurs through social engineering when the text prompts the user to click on a link or download a file, said Ilya Loevsky, deputy head of Roskachestvo. So, criminals often make mass mailings with various profitable offers or lotteries to encourage the user to participate and click on an infected link or download a suspicious file.

"As a rule, hackers use big names of companies, such as Google, Apple, Facebook, hot topics like COVID-19, or super-profitable offers (last year it was a "promotion" about 1000 free gigabytes of the Internet for the 10th anniversary of the service). Fraudsters often fake official WhatsApp profiles by copying the name and design,” the expert gives examples.

According to the expert, sending such messages to your contacts is undesirable, as it only contributes to the spread of fraud.

However, after clicking on a malicious link, anything can happen to the victim, from stealing personal data to withdrawing funds from their card.

It is interesting to note that in June 2020, ESET reported a phishing attack aimed at the audience of WhatsApp and Telegram messengers. Users received messages asking them to fill out a questionnaire and get four barrels of beer from a famous brand as a gift.

One of the conditions for participation in the campaign was the mandatory forwarding of messages to ten contacts in WhatsApp.

In January of this year, a similar phishing attack was launched on WhatsApp users. Victims were lured by messages that a famous sports brand was celebrating an anniversary and giving t-shirts and shoes. To receive gifts, users were encouraged to click on the link.

Loevsky concluded that sometimes messages from unknown users may contain just forwarded files that spread panic in society, so it is better to disable auto-upload of media files in the messenger settings and not accept files from unknown accounts.

Russian media reported on fake domains for pre-ordering coronavirus vaccine

After the Russian Ministry of Health registered the first coronavirus vaccine, the number of new domains associated with the vaccine increased on the Internet.

Creating a phishing site takes three to four hours thanks to designers and illegal CDNs, and earnings from them can range from thousands of dollars and much more depending on the audience and period, said Andrey Zaikin, head of the Information Security department at CROC IT company.

In the ten days since the vaccine was registered, 113 related domains appeared in the .com and .ru zones, said Eugene Voloshin, Director of the cybersecurity company Bi.Zone. Infosecurity a Softline Company adds that in July-August 2020, 445 domains were registered, which is about nine per day.

Such sites started appearing in March. They offered to buy a non-existent vaccine and medication for coronavirus.

One resource in English offered to pre-order a vaccine in the amount of 10,000 to 1 million doses and pay a quarter of the cost of the batch, reported the Telegram channel @In4security.

According to Check Point, the number of actual attacks related to the coronavirus has decreased: in July, there were about 61 million on average per week, and in June - about 130 million per week. In contrast, Trend Micro believes that the number of Internet threats exploiting the topic of coronavirus is growing, as the number of complaints from citizens has increased three to four times. In the first half of 2020, the company identified 9 million such threats.

The volume of phishing increased as people became much more active on the Internet during the pandemic and this continues to this day, believes expert of Kaspersky Lab. 

More than 100 websites selling air tickets in Russia turned out to be fraudulent

Cybercriminals continue to deceive people. According to the Group-IB, over the past few months, more than 100 fraudulent sites in the field of online ticket sales have appeared on the Network.

If in July there were about 30 such pages, in August there were about 100, said Yakov Kravtsov, head of the anti-counterfeit department of the company's brand protection department.

"The last one and a half to two months there has been a boom in the creation of phishing and fraudulent resources related to ticket sales,” said Mr. Kravtsov.

He noted that most of these portals are dedicated to selling air tickets. There are also websites where it’s possible to book hotels and rent cars. Criminals use these sites to get people's card data and money.

Most of these resources are currently blocked, but you still need to be careful. According to Kravtsov, fraudsters often take the brands of well-known aggregators for ticket sales or act under the name of large air carriers.

"Some resources were created before the quarantine, but because of the pandemic, these sites were activated when the borders began to open,” said Mr. Kravtsov. He recommended paying attention to the domain name of the resource and not trust “crazy discounts".

Earlier, E Hacking News reported that  Group-IB together with the Federal Tax Service (FTS), identified the activity of fraudsters in the Network. Criminals send phishing emails on behalf of the tax service.

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

eSIM Swapping Fraud: Cyber Criminals Targeting Airtel Customers in Hyderabad


Hyderabad witnessed three back to back cases of cyberfraud wherein criminals targeted Airtel customers promising them eSIM connection that led to a fraud of more than 16 lakh Rs. In the wake of the frauds, the Hyderabad cyber crime police station issued an advisory alerting Airtel customers regarding the fraudsters befooling people in the name of the eSIM connection.

S. Appalanaidu, a resident of Miyapur, Hyderabad received a message on 11th July informing him that if he fails to update his KYC details, his SIM card would get blocked. “Dear Customer Your SIM Card Will Be Blocked in 24 hours Please Update Your eKYC verification Thanks”. The message read.

Later, he received a phone call from a person acting to be a customer care executive for Airtel who asked Mr. Appalanaidu to forward the e-mail address sent by him to #121 i.e., Airtel customer care number, in order to get his KYC updated online. Reportedly, after forwarding the email-id, Mr. Appalanaidu got an auto-generated SMS from the service provider for registering the email address for his contact number. Once the e-Sim request was forwarded by him to Airtel along with the email address, he received another auto-generated SMS handing him the e-SIM enabled handset and asking to proceed with the same. After that, he received a Google view form link on which he submitted the name of his bank and forwarded it to the caller. Immediately after his SIM card got blocked and a sum of Rs. 9,20,897 had been deducted from his bank account. Following the incident, Mr. Appalanaidu filed a complaint on 14th July urging for necessary actions to be taken by cyber police.

Similarly, the criminals cheated two other Airtel users for amounts - Rs. 5,94,799 and 1,03,990 respectively. In the light of that, Hyderabad cyber police issued an advisory to warn customers about how fraudsters are sending a heap of messages and calling them claiming to be Airtel customer care executives and asking them to send requests for the activation of eSIM and eSIM enables devices, which is just another way of cheating customers and tricking them into providing enough personal and financial details for fraudsters to capitalize on. ,

WhatsApp Scam: Hackers stealing Verification Codes from Users


WhatsApp Messenger, a cross-platform messaging app owned by Facebook is the most popular messaging application in the world and recently it's usage increased by 40% amid lock-down. But with it's rising popularity, the users are facing security threats as a new scam has emerged on the Facebook-owned messenger that tries to steal the user's verification code.

The scammers pose as WhatsApp's official account and ask the user to verify his/her identity by providing the six-digit verification code to the account.

This verification code is sent to the user via SMS in order to register their device.

WABetaInfo, a blog that tracks WhatsApp features shared the scam in a tweet. Dario Navarro, a Twitter user asked WABetaInfo that he got such a message and if he should reply, in response the feature tracker responded with “WhatsApp never asks your data or verification codes,”.


According to the message sent to Navarro, the spammer sends the message posing as WhatsApp (with WhatsApp's logo as a profile picture) and in a message written in Spanish ask him to verify his identity and account number by providing the six-digit verification code which the spammer could use to hack the account.

WhatsApp will never ask for your personal details or verification code

WhatsApp clearly states in their FAQs section not to share the verification code, “If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can't complete the verification process and use your phone number on WhatsApp,” the company says.

Any information by the company is either published on their blog or tweeted on their official account. And even if WhatsApp does message you ( a rare phenomenon) it would be from an account with a green tick next to it.

If you get a verification SMS, it means someone is trying to log in to your account, this could be because someone entered the wrong phone number or if someone is trying to hack your account. So, if someone hacks your account, you can simply verify your phone number and the other user will be logged out.

Russian banks revealed new types of fraud


Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work.

VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money.

Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds.

The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish videos on the Internet with a proposal to refund value-added tax to all Russians left without income. In this scheme, customers click on a fraudulent link from the description to the video and independently perform expense transactions, which leads to a loss of money.

"Internet companies began to actively appear that offer customers to take advantage of the volatility of cryptocurrencies and promise a large profit," said Kuznetsov about another scheme.

Finally, financial fraudsters copy popular initiatives of well-known brands and companies to attract their victims, using hashtags of the period of self-isolation, for example, #stayhome and offer to participate in the campaign to get three thousand rubles ($42). For this, it is allegedly necessary to provide card data and a one-time SMS password.

It is worth adding, according to the international company Group-IB, using the remote access program TeamViewer, fraudsters steal from the clients of large banks on average from 6 million to 10 million rubles per month ($84,000 - 140,000).

Russia recognized as the leader in posting fraudulent resources on the Web


According to the results of last year, Russia seized the first place from the United States in terms of
the placement of fraudulent Internet resources, found out in the international company Group-IB, which specializes in repelling and preventing cyberattacks.

If in the previous three years, most of the blocked phishing resources were located in the United States, in 2019, Russia took first place in this indicator. Hosting services in Russia received 34% of blocked phishing resources, in the US 27%. Panama is in third place, it accounted for 8% of blocking.
The company also indicated that in 2019, the total number of blocked phishing resources increased three times, from 4.4 thousand to 14,093.

According to the Group-IB, earlier scammers stopped their campaigns after they were blocked and switched to other brands. Now they continue to work, replacing the blocked pages with new ones. They also complicated and expanded the mechanisms for implementing phishing attacks.

At the same time, the scammers revised their goals: the number of phishing resources for attacks on cloud storage doubled over the year and the number of fraudulent pages targeting users of Internet service providers tripled. This is due to the desire to get personal and payment data of users.

It is worth noting that Group-IB may require blocking resources as a competent organization that cooperates with the Coordination Center of RU domains.

Kaspersky lab reported in November 2019 that cyber fraudsters have developed a new method of corporate phishing to steal personal data from banks. For example, Bank employees receive an invitation to pass certification with the requirement to enter a username and password from their work email. As a result, fraudsters get access to their correspondence, which may contain files with personal data of credit institution clients.

Experts warned of a wave of repeated attacks on victims of cyber fraud



Group-IB specialists identified the spread of a popular scam on the Network. The Double Deception scheme is as follows: people who have already become victims of Internet scams are offered assistance in obtaining compensation for damage, after which scammers steal their personal information, including bank card information.

"The scheme has several scenarios — scammers offer to refund money for participating in popular fake polls, give away or dishonest lotteries. In another case, they promise VAT compensation for expenses on the purchase of foreign goods: medicines and dietary supplements, clothes and shoes, food, fuel, building materials, household appliances, etc.,” said Group-IB.

Experts have studied the working scheme of one of the fraudulent resources. As it turned out, behind it is a network of sites of more than 170 domain names registered for one person. Fraudsters often register their sites in the domain zone .xyz and not in .ru. This allows them to avoid quick locks.

In order to attract victims, fraudsters use several methods. They can send newsletters in social networks, messengers and by mail, or use clones of popular media. Group-IB experts gave an example of the title of one of such fake publications: "a 76-year-old pensioner received 170,000 rubles of VAT compensation and spent all the money on a stripper." From this page, users were redirected to a website where they were asked to calculate their VAT refund amount. To do this, the victim must enter four digits of the Bank card number. The final step of this scheme is to redirect the person who wants to receive compensation to the chatbot. There, the user was asked to talk to a lawyer who would help them get compensation, and finally pay for their services to get a refund. As a result, the victim's card details and money are debited by fraudsters.

Earlier, EHackingNews reported than according to cybersecurity experts, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work.

Information security experts have warned Russians about bonus card fraud schemes.


Fraudsters several thousand times tried to illegally take advantage of discount bonuses of Russians in 2019.

Some attackers gained access to customers' personal accounts, and then bought the products using bonuses, said Alexey Sizov, head of the anti-fraud department of the Application Security Systems Center at Jet Infosystems.

According to him, a fraudster can register a personal account on a card that was issued to another person. The victim will accumulate points without knowing about the existence of his profile, and the attacker will write off bonuses, said Sizov.

The expert added that this is mainly done by novice scammers. According to him, loyalty programs are poorly protected, unlike banking operations. He said that they are estimated at 50 billion rubles ($760 milliard) for the 30 largest retailers.

Alexey Fedorov, Chairman of the Business Russia Trade Committee, said that in 2019, the number of bonus and discount thefts "increased significantly."

According to Fedorov, scammers often pay attention to gas stations. The expert noted that often points are stolen by employees of stores and call-cents who have access to information about loyalty programs. Especially for customers who do not use the accumulated points for a long time, said Fedorov.

The press service of the Russian trading network Magnit told that they also see a problem in fraud with bonus points. However, the damage from it is more image-based, as customers are disappointed in the loyalty program and lose confidence in it.

In addition, representatives of the largest retail chains in Russia said that they have already taken care of the problem of stealing discount points. To protect against such scams, sellers introduce two-factor identification: bonus debits must now be confirmed with a code from SMS, similar to banking operations.

The hacker explained why in Russia cards will become more often blocked


Hacker Alexander Warski told what to expect from Governing Bodies. According to him, bank cards will more often be blocked in Russia.

The information security specialist expressed the opinion of the new law on mandatory notification of blocking of finances on the accounts of Russians. Starting from March 28, according to the new law, credit institutions are obliged to notify customers about the blocking of funds on the same day, necessarily indicating the reason for their actions. According to the hacker, the new law will only contribute to a significant increase in blockages.

"The governing bodies will be more likely to use this tool," - said Warski.
At the moment, the percentage of all illegal withdrawals is 1% of all financial transactions. Scammers use fake phone numbers that are displayed as Bank numbers and disturb people on behalf of the Bank. In this regard, the hacker believes that mobile operators are to blame for allowing the sale of virtual SIM cards.

State Duma Deputy Natalia Poklonskaya believes that the introduction of the new law will make the bank-client relationship system more transparent.

"Now this side of banking will become more open, and blocking the client's account will no longer be unexpected, which means that it will not be able to be a manipulative tool," said Natalia.

Earlier, EhackingNews reported that experts from the information security company Positive Technologies came to the conclusion that hackers will need only five days on average to hack a large Russian Bank.

In addition, it became known that 89% of data leakage incidents in Russian banks were caused by ordinary employees.

Banks also noted the appearance of special Telegram bots, through which people can earn anonymously on the leak of information and personal data. Each case of information disclosure costs 50-100 thousand rubles ($750 - $1,500).

The Central Bank of Russia warned about the new scheme of fraud "taxi from the Bank"


Fraudsters have found a new way to withdraw money from Russians. Social engineering is also in progress: people are offered a new service from banks "taxi to ATM", and on the way, they are convinced to transfer money to a third-party account.

Victims of the new scheme are those who do not use online banking, in particular, the elderly. Attackers force them to transfer money through an ATM, for which they offer to use the "taxi from the Bank" service for free.

This information is confirmed not only in banks but also in the Central Bank. Several people have already become victims of such a fraud, all of them tell about the same story: criminals call from the number "8 800" and report that someone is trying to withdraw funds from the client's card. If the potential victim does not have an Internet Bank, the person was offered a special taxi to the ATM.

"Allegedly, it will be possible to transfer funds to a secure account from ATM. Attackers order a regular taxi for the victim, and when a person is at the ATM, he makes a dictation operation to transfer money to the attacker's account," said Alexey Golenishchev, Director of monitoring operations and disputes at Alfa-Bank.

The Central Bank warned that customers are never asked to make transactions through ATMs when a suspicious operation is suspected. Scammers often offer to transfer money through an ATM, and "taxi from the Bank" is one of the varieties of this scheme.

Sberbank confirms this scenario and recognizes that the scheme is becoming more popular. The victims are lonely people or elderly people who are easily to trick, and they do not have the opportunity to consult with someone. Scammers do not give time to think and convince a person to act quickly.

Usually, the damage from such fraudulent actions is about 15 thousand rubles ($220).
Previously, fraudsters began to practice another way of cheating. A man finds a forgotten card at an ATM, picks it up and then the owner of the card appears. Of course, the owner reports that money has disappeared from his card.

Insider data breaches : a big concern say 97% of IT leaders


According to a survey by Egress, a shocking 97% of IT leaders said insider breach is a big concern. 78% think employees have put the company's data in jeopardy accidentally while 75% think they (employees) put data at risk intentionally. And asking about the consequences and implication of these risk, 45% said financial damage would be the greatest.


Egress surveyed more than 500 IT leaders and 5000 employees from UK, US and Benelux regions. The survey showed serious incompetence of IT sector in handling data and their own security as well as employee confusion about data ownership and responsibility.

On the question of how they manage insider data breach and security measures they use, half of IT leaders said they use antivirus software to detect phishing attacks, 48% use email encryption and 47% use secure collaboration tools. And 58% , that is more than half relied on employee reporting than any breach detecting system.

Egress CEO, Tony Pepper says that the report shows the ignorance of IT leaders towards insider breaches and the lack of risk management on their part.
 “While they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk. Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable. “The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches. They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”

Misdirected and phishing emails are top cause of insider data breaches- 

Misdirected and phishing emails are top cause of accidental insider data breaches as 41% of employees who leaked data said they did it because of phishing emails and 31% said they sent the information to the wrong individual by email.

 Tony Pepper adds;
“Incidents of people accidentally sharing data with incorrect recipients have existed for as long as they’ve had access to email. As a fundamental communication tool, organizations and security teams have weighed the advantages of efficiency against data security considerations, and frequently compromise on the latter. 
“However, we are in an unprecedented time of technological development, where tools built using contextual machine learning can combat common issues, such as misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly. Organizations need to tune into these advances to truly be able to make email safe.”

Phishing Scam: Puerto Rico Government Loses More than $2.6 million



Puerto Rico's government fell for an email phishing scam and unintentionally lost over $2.6 million to cyber-criminals behind the scam, as per a senior Puerto Rico official. It is a government-owned agency whose mission is to drive economic development on the island while working with local as well as foreign investors.

These days, scammers launch thousands of phishing scams like these which resulted in it being a top reported crime to the Federal Bureau of Investigation (FBI), in the past year, as per the IC3 annual report released recently. Some top victims of a similar kind of attack from last year include a Texas school district being scammed for $2.3m, a British community housing non-profit being scammed for $1.2m and Nikkei for a whopping $29m.

On Wednesday a complaint was filed to police, in which Rubén Rivera, finance director of the island's Industrial Development Company confirmed that the money has been sent to a fraudulent account by an unsuspecting employee from Puerto Rico's Industrial Development Company. The officials discovered the incident earlier this week and it was immediately reported to the FBI, according to the statements given by the executive director of the agency, Manuel Laboy to the Associated Press.

However, Laboy did not comment on how the officials came to know about the phishing scam and the aftermath of the incident involving employees being dismissed or how this incident affected the overall operations when the funds went missing. He further told that an internal investigation has been instigated to find out if someone disregarded the set standards and were negligent about the laid out procedures, he also added that the officials at the corporation are attempting to recover the lost funds.

The agency received a fraudulent email claiming that the bank account used by them for remittance payments should not be used anymore for that purpose and it also told the agency that they should transfer the money to a new account that belonged to the criminals operating the scam which agency was oblivious to.

Acknowledging the seriousness of the matter and addressing the criticism from the Puerto Ricans Laboy told, “This is a very serious situation, extremely serious, we want it to be investigated until the last consequences,” “I cannot speculate about how these things might happen,” “It’s a big responsibility.”

Canadian Teenager Charged and Arrested for $50 Million Cryptocurrency Theft


Samy Bensaci, an 18-year-old teenager from Montreal, Canada has been indicted for 4 criminal charges in relation to a theft of cryptocurrency worth $50 million in a SIM-swapping scam that targeted cryptocurrency holders, as per the reportings by Infosecurity Magazine, dated 17th of January.

The Canadian authorities have accused the teen hacker of being a part of a hacking group that was involved in the theft of millions of dollars from Canadians and Americans. The scam, of which Bensaci was allegedly a part of, stole, "$50 million from our neighbors to the south and $300,000 in Canada" told Lieutenant Hugo Fournier, a spokesperson for the Sûreté du Québec.

Bensaci was charged and consequently arrested in November and was later released on CA $200,000 bail, on orders of living with his parents in Northeast Montreal, as per the local media reports. As a result of the incident, prosecutors prohibited Bensaci's access to any device that can be connected to the internet including computers, mobile phones, tablets, games, and consoles. Specifically from accessing, “any computer, tablet, mobile phone, game console, including PS3, PS4, Xbox, Nintendo Switch, or any other device capable of accessing the Internet”. He has also been ordered to hand over his passport to local police to assure he does not flee away from the country.

One of the purported victims Don Tapscott confirmed, “We can confirm that last year a hacker attempted to steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”

SIM swapping attack, also known as SIM jacking or SIM splitting is a form of identity theft where an attacker targets a weakness in two-factor authentication to take over an account. The attacker exploits a cell phone carrier's ability to port a phone number to a new device with a new SIM to acquire access to the victim's credit card numbers, bank accounts, and other financial information. The feature is normally used when someone loses access to his phone (or gets it stolen) or is switching service to a new device. As the reliability of customers on mobile-based authentication is growing, SIM swap attacks have also been on a rise in recent times.