Search This Blog

Showing posts with label Cyber Fraud. Show all posts

Apple App Store Saved Users $1.5 Billion Worth in Fraud Transactions

 

Tech giant Apple claimed that the measures taken to detect malicious apps and actions by developers on the App Store saved users as much as $1.5 billion in potentially fraudulent transactions in 2020. 

The company published detailed statistics on fraud prevention, which prevented more than a million risky and vulnerable apps off the App Store. There are more than 1.8 million apps on the Apple App Store for the iPhone, iPad, and Mac devices. The company has highlighted that the measures in place prevented stolen cards from making transactions, apps that switch functionality after initial review for App Store listing, account frauds by users and developers as well as verified fraudulent reviews.

Apple says that more than 48,000 apps were rejected for containing hidden or undocumented features. The App Review team also rejected more than 1,50,000 apps for spam– copying other popular apps or misleading users with regards to functionality. While over 2,15,000 apps were also rejected for violating the privacy policy guidelines.

The company also had security measures in place for payment methods and didn’t permit more than 3 million stolen credit and debit cards from purchasing on the App Store. In these wide-ranging measures in place, as many as 1 million user accounts were banned from any transactions, 244 million customer accounts were deactivated, 424 million account creation attempts were rejected, and 470,000 developer accounts were terminated for various violations.

“Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat,” says Apple. 

Additionally, 95,000 apps were also removed because they asked users for more data than they needed or mishandled the data that was collected. Apple has repeatedly insisted that privacy is a fundamental right, something that Apple CEO Tim Cook has also asserted, time and again, ahead of the rollout of the new Privacy Labels for all apps on the App Store and the addition of the App Tracking Transparency feature in iOS 14.5 for the iPhone.

The Russian Ministry of Internal Affairs began to identify serial cybercrimes with a special program

The press service of the Russian Ministry of Internal Affairs reported that employees of the department have been using a special program "Remote fraud" in their work for more than one year. Thanks to its program, it was possible to detect signs of about 324,000 crimes committed in cyberspace

"The "Remote Fraud" system, which has been used by employees of the Ministry of Internal Affairs for a year now, shows a high level of its effectiveness. With its help, we detect signs of serial cybercrimes more quickly and qualitatively," said the press service of the Russian Interior Ministry.

It is reported that special software developed for Russian law enforcers collects systematizes, processes, analyzes information that was collected during the investigation of criminal cases committed in cyberspace with the use of computer or telecommunication technologies.

The "Remote Fraud" system captures the required data from the moment a cybercrime report is registered.

On May 2, 2021, the Russian Ministry of Internal Affairs also announced that it was finalizing the development of the service, which will soon be implemented in the ministry's mobile application. The new service, called "Anti-fraudster", is created to increase the efficiency of counteraction to telephone fraud.

The main functionality of "Anti-fraud" is to warn the user that cybercriminals or scammers are calling or sending SMS from phone numbers previously seen in the commission of criminal, fraudulent actions.

"The total cost of developing, implementing and deploying the application is 44.9 million rubles ($606,000). All work will be completed, as we expect, by December 25 of this year. Despite the fact that the idea of developing such a service has long been in the Russian Interior Ministry, the contract with the selected contractor was concluded only at the end of March 2021", reported the press service of the Ministry of Internal Affairs.

Application of the Ministry of Internal Affairs of Russia, which will add the service "Anti-fraud", is already available for download on App Store and Google Play.

It is interesting to note that at the end of April 2021, Sberbank said that the application "Sberbank Online" with the next update will have a service, with the help of which the mobile app will automatically check the phone numbers of incoming calls and warn users in a situation where the caller is suspected of being a fraudster.

Lloyds Bank Warns Britons of Phishing Scam That Could Drain Their Bank Accounts

 

LLOYDS BANK has issued an urgent warning to Britons as many have been attacked by a highly dangerous scam text message. The latest phishing campaign once again centres around text messages, as more and more people become used to using their phones to manage their finances. The text reads: “LLOYDS-SECURITY: You have successfully scheduled a payment of £69.99 to payee MR ADAMS 28/04. If this was NOT you, visit: https://payee-confirmationcentre.com.” 

The malicious link contained within the text message often directs to a phishing website which can easily extract the personal details of unsuspecting individuals. It may also be the case that websites of this kind can download harmful malware onto a person’s desktop which could access their passwords and other sensitive information.

Lloyds Bank has now confirmed the text, and those like it, are a scam that Britons should do their best to avoid. Taking to their social media account, the bank wrote: “This is indeed a scam message and hasn’t been sent by us. Please don’t click on the link and delete the message”. Individuals should also look out for spelling or grammar errors contained within messages, as this is usually a sign of fraudulent correspondence.

Lloyds Bank will never ask their customers to share account details such as user IDs, passwords, or memorable information. Neither will they ask Britons for a PIN code, card expiry date, or Personal Security Number. Individuals who are asked to move their money or transfer funds by someone claiming to be from Lloyds Bank can be assured this correspondence is a scam. People who come into contact with a scam text message are strongly encouraged never to click the link and delete the message upon receipt. This is the best way to protect oneself and keep a guard up against dangerous cyber criminals looking to take advantage.

Several individuals have reported close brushes with this scam, which could have the potential to financially devastate those who fall victim. As such, individuals are being warned they must stay alert to such correspondence currently circulating widely. This could go on to be used for the purposes of identity fraud, and could clear out a person’s bank account. In some cases, banks are receptive to helping a person recoup the cost of falling prey, but in other circumstances, there may be nothing that can be done.

Threat Actors are Using YouTube to Lure Users into their Trap

 

Fortinet security researcher ‘accidentally discovered a unique way of tricking YouTube users. Due to Covid-19, as well as the recent surge in the value of the stock market and cryptocurrencies, more people than ever are at home looking for livestock market/crypto-related content on streaming platforms like YouTube, etc. This might be to compensate for the lack of in-person interactions that we would normally have in a non-Covid-19 world, as well as to perhaps make some quick income on the side. During a random midnight search for similar content, the researcher accidentally stumbled upon a LIVE Bitcoin scam on YouTube (yes, this time it was on YouTube and not on Twitter). 

YouTube has various labels/buttons on its home page to identify trending categories of videos, and this one indicated that several scams were streaming “live”. The first video researcher saw after clicking the Live button was titled, “Chamath Palihapitiya - What will be the New World of Finance? | SPACs, Coinbase IPO and NFT” with the URL link “hxxps://www[.]youtube[.]com/watch=cFstoyKl99s”. 

The next thing the researcher noticed was the video’s caption message, “Our mission is to advance humanity by solving the world’s hardest problems. We want to thank our supporters and also help crypto mass adoption, so 1000 BTC will be distributed among everyone who takes part in the event. You can find all the information on the website.” And also, unlike most content creators, the website link “More info: cham-event[.]com” did not include any video descriptions.

Another red flag was that while this YouTube channel had 252k subscribers, there was only ONE video on the channel. This could either be a case of a hacked YouTube channel that had all previous videos deleted, OR it could be that the malicious attacker somehow found a way to add fake subscribers to his/her channel. 

Earlier this month, hackers associated with these scams escalated their activity when they compromised two YouTube channels that maintain over eight million subscribers. In this particular case, the hackers modified these channels to impersonate our brand, using the Gemini name and logo. In light of these ongoing events, we want to share how these attacks work, discuss Gemini’s ongoing actions to protect our customers and provide some tips for YouTube channel owners to better secure. 

Lazarus E-Commerce Attackers Adapt Web Skimming for Stealing Cryptocurrency

 

Cybercriminals with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB. 

Group-IB's latest report builds on findings revealed in July 2020 by Dutch security firm Sansec, which reported that malicious infrastructure and, in many cases, the malware was being used for Magecart-style attack campaigns that had previously been attributed to the Lazarus Group. 

Lazarus - aka Hidden Cobra, Dark Seoul, Guardians of Peace, APT38, Bluenoroff, and a host of other names - refers to a group of hackers with apparent ties to the Pyongyang-based government officially known as the Democratic People's Republic of Korea, led by Kim Jong-Un.

Magecart-style attacks refer to using so-called digital card skimming or scraping tools - aka JavaScript sniffers - that they inject into victim organizations' e-commerce sites. Victims of such attacks have included jewelry and accessories retailer Claire's and Ticketmaster UK, among thousands of others. 

Researchers at Group-IB stated that after reviewing the attack campaign discovered by Sansec, it also found signs suggesting that attackers had been experimenting not just with stealing payment card data but also cryptocurrency.

Group-IB reports that it found the same infrastructure being used, together with a modified version of the same JavaScript sniffer - aka JS-sniffer - that Sansec described in its report. Group-IB has dubbed the cryptocurrency-targeting campaign Lazarus BTC Changer. 

The attackers appear to have stolen relatively little cryptocurrency via the sites' customers: just $9,000 worth of Ethereum and $8,400 worth of bitcoins, Group-IB reports. Group-IB says those stolen funds appeared to have been routed to bitcoin cryptocurrency wallets allegedly owned by CoinPayments.net, "a payment gateway that allows users to conduct transactions involving bitcoin, Ethereum, Litecoin, and other cryptocurrencies." 

Lazarus may have used the site to launder the stolen funds by moving them to other cryptocurrency exchanges or wallets. The cybersecurity firm notes that CoinPayment's "know your customer" policy could help identify the individuals who initiated the transactions. The service's user agreement stipulates that individuals attest that they are not operating in or on behalf of anyone in a prohibited jurisdiction, which includes North Korea.

Threat Actors Target Covid-19 Vaccine Cold Chain Via Spear-Phishing Campaign

 

Cybercriminals are continuing to target the COVID-19 vaccine cold chain, the means of delivering and storing vaccines at safe temperatures, with spear-phishing campaigns that leverage pharma and biomedical lures, according to an updated IBM X-Force report. 

Threat actors are specifically targeting transportation, healthcare, IT, and electronics sectors. Researchers also discovered the attackers targeting government agencies and vendors that support public health entities, among other targets.

The latest research is an update of a December IBM X-Force report that shed light on widespread phishing tactics leveraged by cybercriminals against vaccine supply chain organizations and other healthcare sectors. IBM X-Force established a cyber task force at the beginning of the pandemic to track cyber threats targeting critical infrastructure organizations.

The global phishing campaign against cold storage supply chain members was first discovered in September, initially tied to Gavi, the Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program. The threat actors masqueraded as biomedical executives and targeted enterprise leadership members in the IT, finance, sales, and procurement departments, who would likely be involved with vaccine cold chain efforts.

 The attackers sent the messages to multiple employees across the enterprise, with some messages purporting to be of help or support pages of the targeted enterprise. Instead, the messages contained malicious HTML attachments that opened locally on the devices and prompted victims to enter user credentials for access. This week’s update revealed the researchers have detected an additional 50 files tied to spear-phishing emails targeting at least 44 entities in 44 different countries, including the US and Canada. 

“The expanded scope of precision targeting includes key organizations likely underpinning the transport, warehousing, storage, and ultimate distribution of vaccines. Spear-phishing attempts were associated with multiple executive activities and other roles," researchers explained.

Particularly, the cybercriminals are targeting CEOs, purchasing managers, system administrators, presidents, heads of supply and logistics, finance directors, HR officers, and a host of other leaders within the enterprise organization. IBM researchers first noticed the latest phishing campaign directly following the publication of the previous report. The malicious email was addressed to a German pharmaceutical and bioscience solutions company working on vaccine production and associated activities. The target also appeared to be a client of one of the original targets detected in the initial campaign.

“While our previous reporting featured direct targeting of supranational organizations, the energy and IT sectors across six nations, we believe this expansion to be consistent with the established attack pattern, and the campaign remains a deliberate and calculated threat,” wrote the researchers.

Cyber Criminals began to use a new scheme to defraud Russians

The classic scheme to defraud Russian bank clients with the help of malicious emails is experiencing a second birth. Now the scammers, presenting themselves as Yandex.Money operators, demand to transfer funds to a bitcoin wallet under the threat of publishing compromising videos.

They are relying primarily on the fact that the potential victim will react to a familiar brand: the letters are sent from the email address inform@money.yandex.ru. Yandex.Money electronic payment service, which belongs to Sberbank, changed its name to YooMoney last year.

In the letter, the attacker, who calls himself a programmer, claims that he managed to hack into the user's computer and gain full access to it and related devices, including the camera. According to the scammer, he managed to make an intimate video of the victim, and if he doesn't get what he wants, he will send the video to his entire contact list.

"Transfer $650 to my bitcoin wallet. My bitcoin wallet (BTC Wallet): bc1qpg0uv2dcsjvpe9k2y7knxpzfdqu26tvydeu4pf. After receiving payment, I will delete the video and you will never hear from me again. I give you 50 hours (over two days) to pay. I have a notification of reading this email and a timer will go off when you see this email," the scammer intimidates the victim.

YooMoney's press office said they are aware of this technique by the scammers and have already taken appropriate action. "The information is sent from a domain that we no longer own. Yesterday we received information about this and passed it on to the domain owner's security service," the service stated.

Extortion of this kind is quite well known and has a long history, explained the agency executive director of the Association of participants in the market of electronic money and remittances Pavel Shust. Such messages can be sent in the thousands, hoping that someone will believe the threats and transfer money after all. The expert explained that in reality, of course, no one has hacked the computer and has no compromising materials, this letter should simply be deleted and forgotten about it.

Mackenzie Scott Scam: Fraudsters asking Fake Donations in Billionaire's name

 

A major phishing campaign that reached tens of thousands of inboxes impersonated as MacKenzie Bezos-Scott grant foundation promising monetary advantages to recipients of the e-mail in exchange for a processing fee. 

The processing fee is referred to as an "advance fee," and it has been used since before the internet, with the "Nigerian prince" version popularising it. But this phishing campaign took advantage of the charitable acts last year from author MacKenzie Scott, ex-wife of Amazon founder Jeff Bezos. 

The scam surfaced after Mackenzie Scott revealed in December that she had donated $4.2 billion of her fortune to over 300 organizations, including food banks and other charities that assist the people in need. Ironically, one food bank in Arkansas, which had received an authentic email from Scott about a legitimate donation, initially mistook it for a hoax. 

Eyal Benishti, the CEO of tech security company Ironscales said, “That may have primed fraudsters to develop a phishing scam based on Scott's donations in the hope that some organizations would believe that they, too, are receiving valid emails”. About 200 of its customers have received the bogus Mackenzie Scott emails, although none have fallen for the bait, he added. 

Fraudsters initiated the scam by sending out spoofed emails that claimed, MacKenzie Bezos-Scott grant foundation is distributing funds from their foundation. In fact, the emails were sent not to distribute billions to charity, but fleece victims. 

However, the fake Mackenzie Scott emails had a few tip-offs that hints they weren't real: 

1. Sender’s title appeared as “Mackenzie Scott Grant” but the return email address was to the domain ‘@mintme.com’ 
2. Multiple grammatical errors in the email body 
3. Sender’s name and signature were different 

The fraudsters alleged that they are from the "MacKenzie Bezos-Scott foundation" and have chosen a recipient for a grant. Further, they ask for the recipients' full name and address, and if they answer, recipients are required to submit a small processing fee to unlock the grant. Of course, there's no grant; it's just a tactic to extort money from the victims.

Scams have escalated as a result of large-scale relief programs such as stimulus checks and the Paycheck Protection Program, which has drawn out fraudsters trying to trick people into giving away sensitive data, such as Social Security numbers. With the ongoing levels of hardship due to the coronavirus pandemic, people are more susceptible to scams at the moment.

Centre of Attraction for Scammers : NFTs

 

NFTs - non-fungible token have been around for a few years now, but recent attention has sparked a surge throughout the market. NFTs are all here to stay, according to proponents, as they're more stable. Though enthusiasts may be correct about NFTs' long-term viability, as they may also no longer be a significant part of the art market once the original frenzy subsides. The art market's key elements are authenticity and originality, and NFTs certainly delivers both. 

A non-fungible token (NFT) is a data unit on a digital ledger known as a blockchain that really can represent a single digital object and therefore is not interchangeable. NFTs can be used to depict digital files like art, audio, video, video game objects, and other types of creative work. However, the definition can appear to be fundamentally abstract, it comes down to being able to assert exclusive possession of a collectible. 

"The higher the value of a cryptocurrency, the higher the volume of fraud targeting its users," says Abhilash Garimella, research scientist at fraud prevention firm Bolster.

NFTs can reflect digital possession of almost everything, for instance we can take, Twitter CEO Jack Dorsey's first tweet, Grimes' original art, Marvel artists' exclusive superhero comic drawings, and every other form of artistic work, including videos and audio. The Marvel comics entered the blockchain world, where an Ethereum-based Spiderman NFT was sold for $25,000. And till now the NFT "cryptocurrency collectibles" have sold for more than $100 million. 

Bitcoin and other cryptocurrencies have been questioned, despite proponents believing they are the future of economic systems and opponents dismissing them as nothing but a digital Ponzi scheme. Bitcoin mining is said to use as much energy as used by entire countries. People have become much more hesitant to buy and sell off their assets on the blockchain as they have become more aware of its vast energy requirements. Despite the fact that the blockchain is also said to be safe, there've been numerous cryptocurrency hacks. Both of these factors can deter young people from joining the craze, making it more difficult for NFTs to achieve long-term success. 

Hackers are indeed searching for ways to get as many Bitcoin, Monero, Ethereum, and other valuable digital coins as feasible, as shown by their fondness for ransomware, crypto mining, and hacking through cryptocurrency exchanges and extracting all of their assets in recent times. 

In 2020, two Florida teens and a British man duped a number of people into thinking that the 130 high-profile Twitter accounts they'd took over might potentially double people's bitcoin assets once they'd been collected by Elon Musk and Bill Gates. Many people have fallen for the scam which involves Musk allegedly offering "free" NFTs after victims "verified" themselves by giving a small number of bitcoins "temporarily". This was one of the NFTs scams.

Email Scam Under the Name of IRS Try to gain EFIN of Tax Preparers

 

A lot of people are familiar with the US Internal Revenue Service (IRS) scam letters about the tax season that are phishing for money. Now, in a virtual version of the fake IRS letter, a different kind of IRS scam aims for tax practitioners. 

The IRS has instructed tax practitioners to seek for the scam that tries to obtain the E-Filing Identification Number (EFIN) of a victim. Here, intruders use a fake email to attack the identity and customer information of tax preparers. Besides, attackers can impersonate the tax preparer and submit fake tax returns to receive refunds, if they have the data. 

The hoax started with a scam email, as per the IRS. The message claimed to have come from 'IRS tax e-filing.' This was an e-mail that went under the heading - ‘Verifying your EFIN before e-filing.’ The e-mail informs the tax preparer that certain documents are to be sent to check and get approved by the e-file staff. It then requests a copy of its EFIN and the license number of its driver. To make the situation more urgent, the email warns that, unless you comply, the IRS will disable e-filing access for the tax preparer. 

This season, many other major tax scams have also been identified by the IRS and other sources. For example, the IRS cautioned taxpayers in early February against threatening 'ghost' preparers of the tax return who are refusing to sign the returns they are making. Every return prepared needs the Preparer Tax Number and it should be signed by the tax preparers as well. The IRS says that the lack of signature may suggest the fraudulent activity of the tax preparer. They may be promising, depending on the size of those refunds, for example, big refunds charging huge fees and accordingly. 

Through investing in their e-mail security defense, organizations can protect themselves and their users against such an IRS scam. One way they could do this is to develop a safety education program and educate employees about some of the most common kinds of publicly available tax-based phishing emails and other scams. Organizations should continuously test their employees to keep their employees informed of this IRS scam and similar attacks. Threat intelligence should be used to keep up with the latest tax scams. 

Furthermore, the IRS advised the tax preparers to avoid undertaking any of the email steps. It's best to delete the email and not respond in any way.

India's Top 5 Banks Targeted in a Phishing Scam

 

The customers of State Bank of India (SBI), ICICI, HDFC, Axis Bank, and Punjab National Bank (PNB) have been alerted regarding a serious security vulnerability. Threat actors are trying to lure Indian users into revealing important private information using the mobile apps of the aforementioned banks. The report suggests that suspicious messages prompted users to submit an application for disbursement of the income tax refund. 

The threat actors are attaching a link with these texts that looks like an income tax e-filing web page. The suspicious links originate from the US and France without a domain name and are not linked with the Indian government, as per the revelation made in an investigation by New Delhi-based think tank CyberPeace Foundation along with cybersecurity services firm Autobot Infosec. 

Furthermore, the report claims that all IP addresses associated with the campaign belong to some third-party cloud hosting providers. The entire campaign uses the normal or plain HTTP protocol instead of the secure https. This means that anyone on the network or the internet can intercept traffic and obtain confidential information in normal text format to misuse against the victim.

How do threat actors exploit vulnerabilities?

Threat actors install malware in these banking apps and then lure the users in downloading an application from a third-party source instead of the Google Play Store. This application then asks the administrator to provide all rights and permit unnecessary use of the device. 

On opening the link http://204.44.124[.]160/ITR, users are redirected to a landing page, which looks similar to the official government income tax e-filing websites. Now, the users are asked to click on the 'green color' and proceed to the verification steps. Users are further asked to submit private information such as their full name, PAN number, Aadhaar number, address, PIN code, date of birth, mobile number, email address, gender, marital status, and banking. 

Apart from this, they are also asked to fill in information such as account number, IFSC code, card number, expiration date, CVV, and card PIN. All of this information is being finally transferred to the threat actors.

Twitter Ads used by Scammers to Promote Fake Cryptocurrency

 

One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote" an existing tweet in order to promote their own services and information, by showing it to other followers or users on Twitter. The scammers' report on Twitter checked accounts supporting bogus cryptocurrency scams. The scams are allegedly made under the name of these well-known individuals or companies such as Elon Musk's Tesla, Gemini Exchange, Chamath Palihapitiya, and Social Capital. The threat actors have indeed been unbelievably successful with a round of attacks raising over $580,000 in a single week. 

If anyone receives messages from Tesla, Elon Musk, Gemini exchange, Palihapitiya Chamath, Social Capital, or other famous cryptocurrency donations – individuals or companies, they must go as far as they can from such types of posts, because the handles are compromised, and they are scammed. 

Since these scams continue to produce revenue by plundering thousands of dollars via the promotion of Bitcoin, the threat actors are also beginning to threaten other recent prominent cryptocurrencies, including Dogecoin. Dogecoin is the cryptocurrency of Billy Markus and Jackson Palmer, software engineers, who wanted to build an immediate, enjoyable, and conventional banking fees-free payment system. Dogecoin has as its emblem and its name as the face of Shiba Inu dog from the "Doge" memes. 

Twitter users are able to "promote" an ongoing tweet by paying for it being displayed to many other users in their Twitter feeds to advertise its services and content. Security researchers such as Zseano, Jake, and MalwareHunterTeam have found a new technique that crypto-currency fraudsters use, i.e. via tweets on Twitter. 

The technique comprises of the splitting up of URLs so as not to differentiate them by the Twitter algorithms of advertising for fraud. This then brings users to fakes landing pages which have been the social capital; exchanges between Tesla and Gemini, etc. and leads the user to additional real websites with the topics of Tesla or Elon Musk and an address with a Bitcoin, Dogecoin, or Ethereum. Besides, users can send coins to the address and they will actually increase the sum in return. 

Based on some of those scams, a total of $39,628.06 so far has been raised through the use of Bitcoin and Ethereum addresses. Unfortunately, several more cryptocurrency addresses are currently used by scammers, so the created sum is significantly greater. It doesn't mean that it is secure, only because the crypto app is in the app store. Recently, a Trezor-named application has been uploaded to the Apple store. Later, it was discovered to be a scam and the software has been used for phishing passwords and private keys.

FTC Busts $110m Charity Fraud Operation



A massive campaign has been started by the US Department of Federal Trade Commission (FTC) with 40 US state forces joining hands of these government agencies who are coming together to crack down a major charity fraud operation that scammed victims for more than $110million. 

The Federal agencies teamed up with 46 government agencies from 38 states and Washington DC. Those who teamed up with regulators, most of them are state attorneys general who came together to shut down the work of sister companies Central Processing Services and Community Services Appeal, Associated Community Services (ACS), and two other fund-raising spin-offs run by ACS managers, The Dale Corporation and Directele.

The scam operation initiated by the threat actors was driven by illegitimate rob calls, which have already compromised around 1.3 billion data of fundraising by the means of misleading fundraising calls, alongside obtaining donations from 67 million clients. ACS and related agencies that faced accusations by the FTC and other state agencies for this scam have agreed to settle down regarding charges. According to the FTC department, certain cases saw that the accused kept around 90 percent of the money that they received from their donors.

The scam operation has been active since 2008 and the threat actors deliberately capitalize on sensitive issues to trick donors such as breast cancer patients, homeless veterans, victims of house fires, and refugee children to encourage victims to donate. 

According to the official data, ACS and Directele both were charged for breaking FTC norms and regulations (that prohibits robocalls to first-time donors and automated calls to prior donors), having well-founded knowledge of all the outcomes. Moreover, ACS was also charged for harassing donors; It made calls around 1.3 million people over 10 times each in a single week and 7.8 million phone calls twice in an hour. Around 500 victims were called 5000 times or more than that, according to the FTC data.

However, since 2019, ACS has stopped operating, having previously charged with the subject of 20 law enforcement actions, but it is said that two accused are still operating this scam campaign with Directele and The Dale Corporation. 

“Deceptive fundraising can be big business for scammers, especially when they use illegal rob calls,” said Daniel Kaufman, acting director of the FTC’s Bureau of Consumer Protection. “…The FTC and our state partners are prepared to hold fraudsters accountable when they target generous consumers with lies.”

Creator of McAfee Antivirus Software Charged For Conspiracy?

 

Creator of McAfee antivirus software, Businessman John McAfee is charged under a conspiracy to commit fraud and money laundering in the U.S. McAfee and his bodyguard Jimmy Gale Watson Jr are found guilty of advertising cryptocurrencies on Mr. McAfee's huge Twitter follower base to inflate prices. As per prosecutors, these currencies were then sold, earning a total of $2m (€1.45 M). The accused have not issued any response to the charges made.  Currently, McAfee (age 75) is under detention in Spain due to separate charges relating to tax fraud, that he is denying. 

The fresh charges were filed in the Manhattan Federal Court, New York. He is facing potential extradition to the U.S, whereas Watson was captured earlier this week. According to BBC, "in 2012, he made headlines after police in the Central American country of Belize investigated the death of one Mr. McAfee's neighbors and named him as a 'person of interest'. Mr. McAfee left the country saying he feared for his own safety. Officials ultimately said he was not a suspect." McAfee and his bodyguard are accused of buying promoting the cryptocurrency assets on Twitter, where Mr. McAfee has millions of followers. 

As per the US justice department and the Commodity Futures Trading Commission, the plan was to sell these assets the moment the asset's price rose. The pair is said to make $11M (€8m) from the cryptocurrency startup payments via promoting the assets on Twitter, while the investors who bought them were unaware of the payments. As per the federal prosecutor, this equals exploiting a widely used social media platform (in this case Twitter) and the enthusiasm of investors in the growing cryptocurrency sector to profit millions via deceit and lies. In the former case which was disclosed the previous year. 

Mr. McAfee was charged for not filing tax returns from 2014-2018. He is also accused of using different people's names to hide his assets which include a yacht and property. "The entrepreneur, who was born in the UK, also launched unsuccessful bids to become the Libertarian Party's candidate for the US presidential elections in 2016 and 2020. Mr. McAfee has previously expressed his disdain for taxes, tweeting in 2019 that he had not filed tax returns for years because "taxation is illegal", reports BBC.  

Experts listed the methods used by fraudsters to obtain personal data

As noted by experts, information leakage in large companies does not often happen, but data theft can occur through contractors

Scammers learn personal data of Russians from gaps in the security of companies or from their informants in them, from social networks of citizens, as well as through phishing sites.

"Often, a person can simply share their name and phone number, for example, on social networks. Such data can also be collected from data leaks," said Sergey Golovanov, a leading expert at Kaspersky Lab.

He clarified that information leaks in large companies do not often happen, as they pay great attention to their cybersecurity. However, data theft can be carried out through contractors who do not always have the necessary resources to ensure security when processing personal data. Also, according to the expert, leaks can occur from small online stores or other services where customers are asked for such information.

As Anastasia Barinova, deputy head of the Group-IB Computer Forensics laboratory, noted, today, fraudsters are actively searching for insiders, including in banks, insurance companies, and financial organizations, since their schemes using personal data are now successful and effective.

“Criminal groups, including fraudulent call centers, can monetize this data, taking advantage of opportunities to steal and withdraw funds,” explained the expert.

In addition, Russians fall into the trap of fraudsters, filling out a form of personal data on a phishing site or publishing photos of documents and bank cards on Internet resources.

Golovanov said that scammers often combine information about potential victims from several sources and use it to gain people's trust. The expert recalled that personal data alone is not enough to conduct financial transactions on behalf of the victim. In this regard, he urged not to disclose bank card details or other confidential information to anyone under any circumstances.

Fraudsters are Exploiting Google Apps to Steal Credit Card Details

 

Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps Script business application platform. Threat actors are abusing Google Apps Script domain ‘script.google.com’ to hide their malicious activities from malware scan engines and evade Content Security Policy (CSP) controls.

Eric Brandel, a cybersecurity researcher unearthed the scam while analyzing Early Breach Detection data provided by Sansec, a cybersecurity firm focused on fighting digital skimming. Brandel explained that threat actors bank on the fact that the majority of the online stores would have whitelisted all Google subdomains in their respective CSP configuration (a security protocol for blocking suspicious code execution in web apps). They take advantage of this trust and abuse the App script domain to route the stolen data to a server under their possession. 

Once, the malicious script was injected by the fraudsters in the e-commerce site, all the payment details stolen from the exploited e-commerce site were transferred as base64 encoded JSON data to a Google Apps Script custom app, using script.google.com as an exfiltration endpoint. Then, the stolen data was transferred to another server - Israel-based site analit. tech – handled by fraudsters.

Sansec stated that “the malware domain analit[.]tech was registered on the same day as previously discovered malware domains hotjar[.]host and pixelm[.]tech, who are hosted on the same network.” Google services such as Google Forms and Google Sheets are also exploited in the past by FIN7 cybercriminal gang for malware command-and-control communications. This gang has targeted banks and point-of-sale (POS) terminals EU and US firms using the Carbanak backdoor.

“Typically, a digital skimmer (aka Magecart) runs on dodgy servers in tax havens, and its location reveals its nefarious intent. But when a skimming campaign runs entirely on trusted Google servers, very few security systems will flag it as ‘suspicious’. And more importantly, popular countermeasures like Content-Security-Policy (CSP) will not work when a site administrator trusts Google”, Sansec explained the workings of the fraudsters.

Threat Actors Targeting British Users in a Facebook Phishing Campaign

 

After targeting the German users in the ongoing Facebook phishing campaign threat actors have shifted their focus onto the British users, nearly 75% of the new victims are based in the UK. Cybernews exposed the phishing campaign on Facebook named “Is that you” after it tricked nearly 4.5 lakh users in Germany since its beginning on January 26.

It seemed like threat actors have abandoned their campaign after getting exposed but they were planning to launch their phishing campaign in another country. The new phishing campaign was launched on February 11 in the UK and since then it has targeted more than 20,000 British users. Cybernews has shared the details of their investigation regarding the ongoing phishing campaign in Germany and the UK with Facebook, CERT UK, Dominican Republic’s cyber police, and wal. ee (the URL shortener service used by the threat actor).

Threat actors are using the same legitimate third-party web statistics service to track the growth of the latest phishing campaign in the UK as they used in Germany. Their methodology of operating is also identified as it was in Germany, threat actors are sending a personal Facebook text to the unsuspected users and are claiming to have discovered a video or image with the victim featured in it. This text then directs the victim through a chain of websites that have been compromised with malicious scripts that accumulate the victim’s credentials and are infected with adware or other malware, depending on the victim’s device.

The two things which are unidentical from the previous phishing campaign in Germany are tracking code and campaign name. Cybernews managed to gain access to the threat actor’s dashboard in order to learn the scale of the campaign and it appears that over 20,000 users are trapped in the net laid by the threat actors. Due to the access to the threat actor’s dashboard, Cyber news was able to spot the devices and browsers predominantly used by the victims.

Three steps to protect yourself against phishing campaign

 1) Your passwords should be unique and complex for all the online accounts and the password manager will suggest you to generate strong passwords.

 2) Enable the multi-factor authentication option (MFA) and try to remain vigilant while using any social media platform and beware of any suspicious text sent to you even from your Facebook contact.

 3) Threat actors usually apply social engineering to tempt you to click on the malicious links or download infected files, think twice before clicking on such suspicious links and report to the cyber cell for the potential cyber fraud.

Fraudsters Target US Tax Experts in Ongoing Phishing Campaign

 

Scammers are targeting US tax professionals in ongoing series of phishing attacks to steal Electronic Filling identification Numbers (EFINs). The International Revenue Service (IRS) has alerted US tax experts regarding the phishing campaign and suggested taking precautionary measures to avoid any loss.

The ongoing series of phishing attacks was started right before the US tax season with the target of stealing both users’ data and tax professionals’ identity. Scammers trick tax preparers by sending phishing emails and asking them to email their copies of “EFIN (e-file identification number) verification and Driver’s license” as a part of the fake verification process.

To make the verification process more authentic scammers threaten the potential victims to freeze their accounts they use to file tax documents online. Due to lack of knowledge or fear the victims hand over their information to the scammers. Once the scammers receive the information, they can file tax returns illegally for refunds by acting as tax professionals. 

IRS Tax E-Filling’ is used as the sender name by scammers in emails and ‘Verifying your EFIN before e-filing as a subject line followed by the content mentioned below:
“In order to help protect both you and your clients from unauthorized/fraudulent activities, the IRS requires that you verify all authorized e-file originators prior to transmitting returns through our system. That means we need your EFIN (e-file identification number) verification and Driver’s license before you e-file."

“Please have a current PDF copy or image of your EFIN acceptance letter (5880C Letter dated within the last 12 months) or a copy of your IRS EFIN Application Summary, found at your e-Services account at IRS.gov, and Front and Back of Driver’s License emailed to complete the verification process. If your EFIN is not verified by our system, your ability to e-file will be disabled until you provide documentation showing your credentials are in good standing to e-file with the IRS.”

Tax experts targeted by this ongoing phishing campaign are recommended not to respond to suspicious emails and to send the emails (as file attachments) to phishing@irs.gov. Tax professionals can also report to the Treasury Inspector General for Tax Administration for further analysis by the IRS Criminal Investigation division.

Sift Exposes New Telegram Fraud Scheme to Exploit Restaurants and Food Delivery Apps

 

As the popularity of food delivery apps is increasing with each passing day so is the revenue,  as a consequence, these apps have been on the hit list of scammers. Sift, a US-based digital trust and safety firm has stated that it has spotted a fraud scheme where scammers leverage the chatting app Telegram to steal from restaurants and food delivery apps.

Sift’s Digital Trust and Safety experts discovered that threat actors are promoting their services on Telegram forums to buy food and beverage orders at steep discounts, using stolen payment information on behalf of clients.

The methodology used by fraudsters

Professional scammers advertise in Telegram forums, such as ‘Fraud Market’ that they can illicitly buy food and beverage orders at a steep discount, typically 60-75% off. Diners who are tempted to take advantage of this offer direct-message the scammers along with a screenshot of their food app shopping cart and their delivery address to place the order.

The scammer accepts the order and the diner pays the scammer using cryptocurrency such as Bitcoin or Ethereum via PayPal, Venmo, or Cash App and the scammer covers the whole cost via a new account, stolen credit card information, or a hacked account.

Brittany Allen, trust and safety architect at Sift explained that “the Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit a crime. End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud.”

Sift experts disclosed that from the third quarter to the fourth quarter of 2020 there was a 14% increment in payment scams targeting restaurants and food delivery apps. This is not the first scheme that Sift experts have uncovered to exploit the restaurants and food delivery services.

Russian experts spoke about the most common fraud schemes on the Internet

One of the trends of the last year, continuing in 2021, was the exploitation of the COVID-19 theme. Denis Legezo, a senior cybersecurity expert at Kaspersky Lab, said that several reports on targeted attacks on research centers dealing with the COVID-19 problem have been published over the past six months.  

One popular type of online fraud is phishing. Last year, Kaspersky Lab found over 7,400 resources. According to experts, scammers are engaged in the distribution of links among Internet users, the addresses of which are difficult to immediately distinguish from the names of real Internet resources. In some cases, the name of the platform is specified correctly, but a word is added to it that should not be in the original, for example, paypal.payments.com instead of paypal.com.

Another common type of fraud is a scam. So, scammers offer users to take a survey or take part in the promotion for a reward. However, users need to pay a small commission, usually about $5. The victims of fraud do not receive any payments, and the commission goes to the scammers.

Denis Legezo noted that ransom attacks will become more frequent.

"Attackers encrypt company data and demand a large ransom, otherwise they promise to put all the data in the public domain," added he.

In addition, SIM-related attacks are activated. An attacker reissues the SIM card, using fake documents or colluding with an employee of mobile phone stores, inserts it into his phone, and withdraws money from the victim's account via SMS commands. 

Most often, the victims of fraud are educated people aged 18-42 years with two diplomas and even an academic degree.