Search This Blog

Showing posts with label Cyber Fraud. Show all posts

Swedish Crypto Scammer Jailed for 15 Years in Gold-Backed Fraud

 

A citizen of Sweden was sentenced to 15 years in prison for manipulating a cryptocurrency scam claiming to pay investors based on the value of gold reserves.

Roger Nils-Jonas Karlsson, 47, and his firm, Eastern Metal Securities (EMS), were charged with a securities fraud, wire fraud, and money laundering in March this year after being prosecuted in the United States following his arrest in Thailand in 2019. Later, he was extradited. 

Karlsson claimed to operate an investment service based on cryptocurrency and investors who participated in EMS from 2012 to 2019 were offered a plan to buy stocks for less than $100 and ultimately realize a return equivalent to 1.15 kilograms of gold. In 2019, 1.15 kg of gold was worth more than $45,000. Today, its worth could be over $58,000.

To participate in the scheme, investors were asked to buy shares through cryptocurrencies: Bitcoin (BTC) and Ethereum (ETH). Moreover, merchants had been instructed that in case of the ‘unlikely’ occasion wherein the shares fail to attain their promised worth, participants would have 97% of their initial investment returned.

Karlsson ensured that EMS remained functional for the longest possible duration, he did so via frequent rebranding and issuing updates offering asset statements. Additionally, he misleadingly argued that paying out an unlimited sum all of sudden, would have a damaging impact on international monetary methods, and the company worked with the US Securities and Exchange Commission (SEC) to explain payment delays.

However, as is commonly the case with extreme return on investment, the promise was too good to be true. Investors found no profit, and instead, Carlson, who also used online aliases such as Steve Hayden, Euclid Deodoris, and Joshua Millard, sucked up cryptocurrencies and used the money to buy properties and a resort in Thailand. US prosecutors estimate that investors have been fooled for more than $16 million.

"Karlsson admitted he had no way to pay off the investors. Karlsson's fraud targeted financially insecure investors, causing severe financial hardship for many of them,” the US Department of Justice (DoJ) said.

In addition to the 15-year sentence, Karlsson has been ordered to forfeit the resort in Thailand, different properties, accounts, and has obtained a financial judgment of $16,263,820. Prosecutors also hope to secure restitution for past EMS investors and an order is expected in court within 90 days. 

Sussex-Based Couple Loses £15,000 to Scammers

 

Loreta and Mindaugas from Horsham, Sussex, were lured in a fake bonus offer from a fraudster who seemed to be working for Coinbase Platform - shortly before the site was listed as a public company.

Mindaugas, an executive at a UK-based company, received an email on March 24, 2021, that purportedly came from Coinbase, claiming that he was eligible for a bonus on Coinbase. The victim tried to claim a £60 bonus supposedly offered by Coinbase and in just nine minutes, £ 15,000 were deducted from the couple’s crypto savings. 

“At first, we thought it might be some kind of mistake or a glitch. But since their knowledge base had no option that covered any bugs or glitches, we decided to inform Coinbase that my husband’s account has been compromised. But all we got back was a password reset request,” Loreta said. 

Coinbase is a popular stock trading website used for buying and selling Cryptocurrency with over 56 million users and worth $ 99.6 billion. 

Double Fraud

Shortly after changing his account password, Mindaugas received a second call from the supposed Coinbase support agent. The scammer told him that Coinbase was answering to the open support ticket concerning his compromised account and promptly began to question Mindaugas about the cyber fraud. 

After finishing the interrogation, the scammer offered Mindaugas two options.“Either we call the police, in which case there is no guarantee that we’ll ever get our money back, or they give us a refund without getting involved with the authorities. My husband was still in shock and rather disoriented, so at that moment, he agreed to proceed with the second option,” Loreta told CyberNews. 

“He said 'we see that you have an account at Binance and since Coinbase and Binance are sister companies' - and that’s when I saw he was trying to dupe us. Next thing I hear; he’s telling us to prove our identity either by transferring £5,000 from our Binance account to Coinbase or by giving them our Binance authentication code so that they can transfer the missing £15,000 to my husband’s Binance account" Loreta explained.

After spotting suspicious activity, Mindaugas and Loreta declined to trade and reported the fraud to the police. However, his case was promptly closed due to a ‘lack of evidence’. They also contacted Coinbase for help but they've had no response. 

"We’re still waiting for an answer. And since 'only' £15,000 was stolen, we’re not very hopeful that the police will do anything about it," Loreta said. 

The Cyber News investigation team began investigating the fraud after the couple contacted them for help. Researchers have identified that cryptocurrencies have been cleaned in an elaborate way Wallet network. This effectively makes stolen funds “untraceable” and helps scammers to prevent them from being caught. 

“Due to the anonymity of the crypto market, scams targeting the general public tend to be barely visible. In fact, phishing attacks are becoming more sophisticated, making it increasingly difficult to identify fake messages that appear to come from trusted people or brands. Companies like Coinbase need to be responsible for keeping their customers as safe as possible,” Edvardas Mikalauskas, Senior Researcher at Cyber News, stated. 

“They need to implement strict controls in detecting and blocking malicious or anomalous activity before criminals have the opportunity to steal cryptocurrencies. CyberNews always previews URLs before clicking links or buttons, pays attention to messages sent to your inbox, and tells consumers to use unique passwords and multi-factor authentication for their online accounts, and warned that the embedded link is a “serious danger signal,” Edvardas added.

Russian banks to launch a system against telephone fraud

Financial organizations are planning to launch a pilot project of a system for accounting and analyzing telephone fraud, said Alexey Voilukov, vice president of the Association of Banks of Russia. The service will allow to monitor calls, identify unscrupulous operators and more effectively track the fraudsters.

The Association will present the developments to the regulatory agencies along with proposals for changing the legislation. In order to improve the response to criminal attacks, the project should be implemented on the basis of the site of the supervisory authority, for example, the Ministry of Internal Affairs.

Experts believe that the owner of such a system should be one of the government agencies, authorized to request information from operators about the sources of traffic and to process data containing the secrecy of communications.

"It is necessary to tighten legislation in the field of personal data protection and tighten control over bank employees since fraudsters often obtain information about customers through leaks," added experts.

Tinkoff Bank believes that it will take about a month to test the project after the creation of an interdepartmental anti-fraud group. The bank will become one of the pilot's participants.

Other major credit organizations also supported the idea of implementing the system. The pilot of the project can start as early as the end of 2021 or the beginning of 2022. However, full work will require changes in the law.

According to Tinkoff, the number of malicious calls in the first quarter of 2021 increased 2.3 times compared to the same period in 2020. In addition, about 80% of phone scammers use number spoofing, so after launching the project of the system of accounting and analysis of telephone fraud, it will be much more difficult for them to carry out attacks.


Chinese Hackers Target Indian SBI Users Via Phishing

 

Recently Indian officials have reported that China-based cybercriminals are targeting customers of the Indian National Bank State Bank of India (SBI) with phishing scams by offering gifts. Hackers are asking users to update their KYC through a website link as they offer gifts worth around 5 million (INR 50 lakh) from the bank via a WhatsApp message. 

The research wing of New Delhi-based think tank CyberPeace Foundation, in collaboration with Autobot Infosec Pvt Ltd, investigated two similar cases that have targeted SBI customers, as of late. 

"All the domain names associated with the campaign have the registrant country like China," the research team informed IANS. The operational group will send you a message in which you will find a requesting KYC verification, the message will appear to be authentic and will resemble the official SBI online page. 

On clicking the "Continue to login" button, it will redirect the users to a full-kyc.php page, then it will ask them to fill in their credentials like username, password, and a captcha to log in to the online banking. 

"Following this, it asks for an OTP sent to the user's mobile number. As soon as the OTP is entered, it redirects the user to another page that asks the users to enter some confidential information again like account holder name, mobile number, date of birth. After entering the data, it redirects the user to an OTP page," the researchers informed. 

The team of researchers has suggested that the customers should avoid opening such links sent via social platforms, and if anyone finds anything suspicious they are recommended to contact their bank branch.

More than 3 million Russians have become victims of a new online fraud scheme

Experts of the cybersecurity company Group-IB note that fraudsters skillfully disguise fake payment pages: they often contain logos of the international payment systems Visa, MasterCard.

"By creating phishing sites for popular services and online stores, scammers have learned to imitate payment pages protected by 3-D Secure, a technology that was previously considered one of the most effective to ensure the protection of user payment data when paying for online purchases worldwide", said the experts.

Attackers attract the victim with fraudulent advertising or spam mailing to the phishing page of the online store. There, the user enters payment data, paying for the selected product or service. Then SMS code is sent to the user's phone number to confirm the transaction. The user enters the code into the same form on the legitimate 3-D Secure page, and the money goes to the fraudster's card.

According to experts, to protect themselves, users must first pay attention to the source of the payment in an SMS message from the bank with a transaction confirmation code.

"If the words Card2Card or P2P are specified there, but the payment was not initiated from the specified resources, you should not enter the received code to confirm the payment," noted experts.

Information security expert Alexey Lukatsky stressed that it is necessary to pay attention to the name of the site, to its design, to possibly grammatical errors that are there, and to the domain on which this site is hosted.

The expert added that it is necessary to pay attention also to the 3-D Secure page.

"Because this domain must also be identical to the domain whose bank issues a card. Accordingly, if the domain name indicates something different or similar to our bank, then this is also a sign of fraud," added Mr. Lukatsky.

Social Media Influencers are the Latest Target of Cyber Criminals

 

The number of cybercrimes and scams is rapidly increasing with the advancement of technology. The police said that a new cyber fraud with social media influencers has been detected. 

There are a great number of followers of social media influencers on social media and companies are paying them regularly for their handles to promote their products. Many famous people get roped in, too. 

Cyber fraud is a kind of cybercrime fraud that uses the Internet to hide information or to provide erroneous data to knock victims out of money, property, and heritage. 

Cyber Law Expert N.Karthikeyan notes that mainstream media cannot include an advertisement on gambling or false investments. Such imaginary operators can utilize these influencers of social media who are unaware of the consequences. There are influencers on social media that only promote fictitious mobile apps. Fraudsters also send dubious links as supporters of influencers on social media. Once the victims click in and the details are registered, the fraudsters acquire complete control of the influencer's page or channel. They'll then post their content – that can be anything.

However, the Cyber Crime Cell officials noted that no specific complaint had yet been made on the matter. 

A woman social media influencer who was a candidate in recent elections said, " After uploading my affidavit into ECI website, I had three lakh downloads. I got good reviews on a social media page but only one person alleged that I had hacked the ECI site- which was baseless. He went on leveling allegations on me. I just ignored it." 

With the increase in such cyber frauds, a Youtuber who himself was a victim of this, stated that the overwhelming majority of influencers on social media are being used by fraudsters. They at times typically represent themselves as an established company or brand and appeal to influencers with lucrative publicity deals while proposing to administer the ads on behalf of the influencers. Later, they gather personally identifiable information or passwords from social media and seize complete control of the website or handle used by the influencers. 

"We have lodged a complaint against an Instagrammer who specifically targeted women influencers. He texted asking them to join in an Instagram live. If they accepted and came on live, he would level baseless allegations. If they didn’t agree to live as he was the stranger, he projected them as scammers, " said Joe Praveen Michael, an event manager.

Maryland Officials Found 508,000 “Potentially Fraudulent” Unemployment Claims

 

Over the last six weeks, more than half a million "potentially fraudulent" jobless claims have been made in Maryland, according to state labour officials. Officials say about 508,000 unemployment claims have been flagged as Maryland Governor Larry Hogan joins a group of 25 other GOP governors who have decided to discontinue federal unemployment payments. According to The Washington Post, approximately 1.3 million bogus claims have been made in Maryland since the beginning of the pandemic.

“As the economy recovers and states across the country continue to opt out of the federal benefits program, bad actors are becoming more brazen and aggressive in their attempts to exploit unemployment insurance programs than ever before,” Maryland Labor Secretary Tiffany Robinson told the Post in a statement. 

Fallon Pearre, a spokeswoman for the Labor Department, declined to say how many of the "potentially fraudulent" claims have been proven to be false or whether any will result in legal action, but she did tell the Washington Post that the claims had been submitted to federal law enforcement. 

Marylanders will lose an additional $300 per week in benefits under Hogan's decision, which comes two months ahead of the Biden administration's original deadline, and gig workers will be without benefits entirely, according to the Post. 

According to the Washington Post, Robinson recently stated that the Labor Department had hired LexisNexis Risk Solutions to assist in the identification of possibly false claims. Over 64% of the nearly 200,000 transactions were detected as fraudulent, according to the business. 

According to the Washington Post, Robinson told the Maryland state House Economic Matters Committee, "Fraud is rampant, so we have to remain on top of it." When pushed by a state senator about the types of fraud that had been discovered, Robison stated that the bulk of the cases involved stolen identities. “We know there are foreign actors across the country and across the world that are using the identities that they have obtained,” she said. 

Maryland officials identified an unemployment fraud operation last year that resulted in $501 million in bogus claims, with over 47,000 phoney claims filed using stolen identities and information obtained from earlier data breaches.

China-Based Hackers Luring Indians into Fake Tata Motors Scam

 

On Thursday, cyber-security researchers in India announced the discovery of a malicious free present marketing campaign managed by China-based hackers to gather personal user data. The marketing campaign is pretending to be an offer from Tata Motors, the biggest automobile manufacturing company in India, reports IANS.

The analysis workforce at New Delhi-based CyberPeace Foundation received some malicious links via WhatsApp, related to a free gift offer from Tata Motors, accumulating personal information about customers together with their browser and system information. 

“The campaign is pretended to be an offer from Tata Motors but hosted on the third-party domain instead of the official website of Tata Motors which makes it more suspicious,” the research team stated.

This malicious campaign being operated on a fake website is titled “Tata Motors Cars, Celebrates sales exceeding 30 million”. On the landing page, a congratulations message is displayed with an attractive photo of a Tata Safari car. Users are asked to participate in a quick survey to get a free TATA Safari vehicle. 

“Also, at the bottom of this page, a section comes up which seems to be a Facebook comment section where many users have commented about how the offer is beneficial,” the researchers revealed.

After clicking the OK button, users are given three chances to win the prize. After finishing all the attempts, it says that the user has won “TATA SAFARI”.

“Congratulations! You did it! You won the TATA SAFARI!” Clicking on the ‘OK’ button, it then instructs users to share the campaign with friends on WhatsApp. The user doesn’t actually end up winning the car, the page simply keeps redirecting the user to multiple advertisements webpages. The Foundation recommended that people avoid opening such messages sent via social platforms.

According to the researchers, hackers are using Cloudflare technologies to hide the real IP addresses of the front-end domain names used in the free gifts from Tata Motors campaign. The CyberPeace Foundation, a think tank and non-governmental organization of experts in the field of cybersecurity and policy, has collaborated with Autobot Infosec Private Limited to investigate this realization that these sites are online fraud.

Uttarakhand, India Special Task Force Exposed a China Based Money Laundering Racket

 

The Police of Uttarakhand, India claimed that the web racket has duped naïve investors with at least 250cr Rs by guaranteeing to almost double their money in just 15 days but rather by turning it out in the cryptocurrency. 

Pawan Kumar Pandey was detained on a Monday night from Gautam Buddh Nagar, Noida a district in Uttar Pradesh, who is accused of running a ghost corporation to transfer his defrauded money to his alleged "handler in China." He has been caught with his 19 laptops, 592 SIM, 5 mobile phones, 4 ATM cards, and a passport. 

Uttarakhand police chief (DGP) Ashok Kumar said that after two Haridwar locals, Rohit Kumar and Rahul Kumar Goyal had complained about this scam the racket was scrutinized. 

“A week ago, they claimed that one of their friends told them about a mobile app on Google Play Store named Power Bank, which doubled returns on investment within 15 days. Believing him, they downloaded the app and deposited ₹91,200 and ₹73000,” said Kumar. 

However, after one month of making the deposit, when they didn't receive any returns, they realized that they were tricked, he added. 

The special task force launched a test to find out that the relevant mobile app was available on the Google Play Store from February 2021 to May 12, 2021, during which a minimum of 50 lakh individuals installed the application. Police also established that the money deposited through the app was moved to the detained person's bank accounts via payment gates. 

He said the money was subsequently converted into cryptocurrencies. The application was connected to China during the cyber forensic examination, where Pandey's operators reside. They used to cash the cryptocurrencies into their local currencies to complete the money laundering chain, that began with the Indians being duped by the app. 

“In this case too, they partnered with Pandey and used his identity documents to register a shadow company with the Registrar of Companies (RoC) and to open two bank accounts, where the money siphoned off from the victims was deposited. They opened a shadow company in Noida named Purple Hui Zing Zihao. Pandey was registered as the company’s owner and the firm was shown as the developer of the fraudulent app,” said Bharne, Uttarakhand’s deputy inspector general (law & order). 

Pandey added that though he earned commissions from the Chinese accused, the bank accounts and the business was handled remotely. He had received a salary payment of 1.50 lakh from the Chinese. He also told cops that his operators are using the same modus operandi, as there are many other identical apps. Initially, however, the accused doubled certain investments to win the confidence of future investors. 

“We have taken at least 20 such shadow companies under our radar for suspected fraudulent activities like the above-mentioned one. We have received 20 other similar complaints from people in the state and they [the complaints] are under probe,” the senior police officer said.

Russian Man Convicted of $7 Million Digital Advertising Scam

 

A Russian person was found guilty in the United States of using a bot farm and hiring servers to create fraudulent internet traffic on media sites, causing businesses to pay inflated advertising rates. 

Prosecutors said Aleksandr Zhukov, 41, was the brains of the Methbot operation, in which 1,900 servers were used to generate millions of bogus online ad views on websites such as the New York Times and the Wall Street Journal. According to the US, Zhukov gained $7 million from the scheme and channeled the money into offshore accounts around the world, citing a text in which he referred to himself as the "King of Fraud." 

The group allegedly called their plan "Metan," which is the Russian term for methane, while the FBI and prosecutors referred to it as Methbot, and later as Media Methane, which was the name of Zhukov's company with operations in Russia and Bulgaria. 

Zhukov and his colleagues negotiated deals with advertising networks to display their ads on websites, then received a commission for each ad that was viewed. According to prosecution filings, Zhukov and his collaborators instead established bogus sites and manipulated data centres to produce false users to make it appear like actual people were viewing the ads from September 2014 to December 2016.

"Zhukov represented to others that he ran a legitimate ad network that delivered advertisements to real human internet users accessing real internet web pages," according to a superseding indictment filed on February 12, 2020. 

"In fact, Zhukov faked both the users and the webpages: he and his co-conspirators programmed computers that they had rented from commercial data centers in the United States and elsewhere to load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue," it says. 

Victims of the scheme "included The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable," the Department of Justice said in a news release. 

On a temporary US arrest order, Zhukov was arrested in Bulgaria in November 2018. In January 2019, he was extradited to the United States and pleaded not guilty to the accusations against him.

Interpol Seize $83 Million in Operation Against Online Financial Fraud

 

More than 500 suspects were arrested in the Interpol-coordinated Operation ‘HAECHI-I’ and $83 million were seized which belonged to the victims of online financial crime. Over 40 law enforcement officers across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I and intercepted $83 million from being transferred to the accounts of their perpetrators.

Law enforcement agencies were specifically focused on five types of online financial crime: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.

A total of 585 individuals were arrested, and more than 1,600 bank accounts belonging to perpetrators of the cyber-enabled financial crime were frozen. The stolen funds were blocked from getting into the scammers' accounts following multiple joint operations and months of collecting intelligence on the attackers' operations.

More than 1,400 investigations were opened during HAECHI-I’s six-month operational phase targeting cybercrime in the Asia Pacific region (i.e., Cambodia, China, Indonesia, Korea, Laos, The Philippines, Singapore, Thailand, and Vietnam), with 892 cases having already been solved and the rest still being investigated. 

“Online fraudsters often attempt to exploit the borderless nature of the Internet by targeting victims in other countries or transferring their illicit funds abroad. The results of Operation HAECHI-I demonstrate that online financial crime is fundamentally global and that only through close international cooperation can we effectively combat these criminals," said Ilana de Wild, Interpol's Director of Organized and Emerging Crime. 

Last year, Interpol also advised victims of online financial scams to immediately take action to intercept stolen funds before their money reached the scammers' bank accounts. In January 2021, Interpol warned all 194 member states of fraudsters targeting dating app users and trying to trick them into investing through fake trading apps. 

“The key factors in intercepting illicit money transfers are speed and international cooperation. The faster victims notify law enforcement, the faster we can liaise with INTERPOL and law enforcement in the relevant countries to recover their funds and put these criminals behind bars,” Amur Chandra, Brigadier General of the Indonesian National Police and Secretary of Indonesia’s INTERPOL National Central Bureau, stated.

Pay Attention: These Unsubscribe Emails Only Lead to Further Spam

 

Scammers send out fake 'unsubscribe' spam emails to validate legitimate email addresses for future phishing and spam campaigns. 

Spammers have been sending emails that merely inquire if the user wants to unsubscribe or subscribe for a long time. These emails don't specify what the user is unsubscribing or subscribing to, and spammers are using them to see if the recipient's email address is real and vulnerable to phishing scams and other nefarious activity. 

If they get the needed confirmation, they’ll bombard it with various spam emails. The campaign is simple in design - the victim will get a basic email with this call to action in it asking whether the consumer wants to unsubscribe or subscribe: 

“Please confirm your Subscribe (sic) or Unsubscribe. Confirm Subscribe me! Unsubscribe me! Thank you!” 

If the user clicks on the embedded subscribe/unsubscribe links, the mail client will generate a new email that will be forwarded to a large number of different email addresses controlled by the spammer. 

After sending the mail, users expect to be unsubscribed from future communications but they are, however, confirming for the spammers that their email address is real and under surveillance. 

BleepingComputer created a new email account for testing purposes, which they never used on any website or service. When they responded to multiple confirmation emails received on another email account using the new email address. After sending unsubscribe/subscribe responses from the new account, their new account was bombarded with spam emails within a few days. 

This test also revealed that spammers are utilizing these subscribe/unsubscribe emails to fine-tune their mailing lists and confirm email addresses that are vulnerable to phishing and frauds. 

It was also stated that these attacks aren't restricted to spam emails; nothing stops scammers from using phishing or social engineering against the target email, which is sometimes more hazardous and difficult to detect and stop. 

Consumers should never click any links they receive in an email unless they are fully certain of the sender's validity and the link's integrity, according to security experts. No credible company will ever send an email with only the alternatives to "Subscribe or Unsubscribe" and without any information.

Florian Tudor – The Shark Arrested in Mexico

 

Florian Tudor "The Shark," alleged mastermind of the renowned ATM skimming gang, has been detained in Mexico City on Thursday 27th May 2021 following a Romanian court's arrest demand and had gathered hundreds of millions of dollars from bank accounts of tourists visiting Mexico for the past eight years. 

Tudor, from Craiova, Romania, traveled to Mexico to establish Intacash a Top Life Servicios, an ATM services company that operated a network of comparatively new ATMs in Mexico. 

On Thursday, Florian Tudor, "The Shark" was arrested while he was taken into custody by Mexican Attorney General officers. As shown in a video published by media organizations, the situation broke out in wrestling, screaming, and officials bringing Tudor out of the house by his arms and legs. 

The federal law enforcement agency in Mexico alleged that members of Tudor tried to attack a policeman before they were arrested. 

Robert Bica, a Bucharest lawyer of Tudor, verified the Romanian newspaper Libertatea of his detention. Now, in the following two or three weeks, a Mexican judge will decide on his deportation. 

An insider from Romania's organized crime prosecution reported to the same publication that the United States authorities played an important role in investigating Tudor, who is said to have targeted thousands of US tourists in Mexico and is considered responsible for approximately 12% of global skimming. 

Tudor as well as his own Riviera Maya Gang are the most recent twist in a long history of criminality by law enforcement officers and foreign journalists. 

The gang, entitled by Organized Crime and Corruption Reporting Project -OCCRP, has hacked over 100 ATMs around Mexico – Cancun, Tulum, Cozumel, and elsewhere to discreetly raise $1.2 billion from victim bank accounts, as revealed by OCCRP. The system relied in part on Bluetooth skimmers, which bank staff paid for their services implanted in ATMs. 

Last year Tudor was arrested on charges of attempted murder, blackmail, and the development of an organized crime network that is specialized in human trafficking, by a Romanian court following his conviction in absentia. 

Tudor has also been investigated by the Bucharest authorities in the matter of the trafficking of thousands of Romanian of Roma origin in Mexico and the United States where they are reportedly taken to steal, beg and claim refuge for prosecution on the grounds of fleeing Romanian racial persecution. 

Over time, Mexican governments have examined Tudor and his firms' bank accounts and researchers believe that Tudor and his friends have offered protection and hushed money over the years for various Mexican politicians and officials. The Leader of the Green Party in Mexico came down in February when it became apparent that he was receiving cash from Tudor.

The authorities of Mexico have arrested Tudor for the second time. Tudor and his subordinates were arrested in April 2019 for illegally owning guns. The arrest took place only months after Tudor allegedly instructed a former bodyguard to assist US officials in bringing the organization down on profitable skimming practices.

Scammers Employ 'Vishing' Technique to Steal Personal Details of Online Shoppers

 

Scammers are using a unique methodology called ‘vishing’ to trick online customers. In a vishing attack, the fraudster impersonates someone from Amazon but uses a phone call as the weapon of choice. Another tactic employed by the cybercriminal is via email with a contact number and requesting the receiver to call that number. 

Recently, cybersecurity firm Armorblox discovered two distinct email campaigns posing as Amazon. Both emails were identical with a similar Amazon branding and followed a pattern similar to real order confirmation emails from Amazon but, if one knows where to look, there are many indications that the emails are fraudulent.

The first indication is that the emails are sent from a Gmail address or one that looks like it “might” belong to Amazon (no-reply@amzeinfo[.]com) and the recipient is not addressed by their name (a piece of information Amazon would know).

Armorblox researchers noted that scammers are not using the old taction of including a malicious attachment or URL / link, which allowed them to bypass any detection controls that block known bad links. They also made other choices that allowed them to slip past any deterministic filters or blocklists that check for brand names being impersonated (e.g., by writing AMAZ0N – with a zero instead of an “O”). 

What you can do to prevent yourself from these fraudulent schemes? 

With online shopping becoming the new normal, fraudsters will continue targeting this global and immense pool of potential victims. Scammers are using a combination of social engineering, brand imitation, and emotive trigger to lure victims into their trap. If successful, victims could end up handing over their personal data and credit card details, leading to consequences such as identity theft or fraudulent payments made on their behalf. 

The first thing you have to learn is not to open attachments and follow links from unknown emails, and not to call on included phone numbers which may cost you thousands of rupees. If you’re worried that you might be billed for an order you did not make, go to the shop’s website and find the correct phone number yourself.

Secondly, do not share your personal details on a phone call. If you feel the urgency to call back, don't contact the person through any phone number listed in the message. Instead, run a search for a publicly available number for the company.

Lastly, but most importantly use multi-factor authentication (MFA) on all accounts and for all sites. Don't use the same password across multiple accounts and use a password manager to store your passwords.

Virtual Wallet Users are Being Scammed

 

People are carrying less cash as technology advances, preferring to use debit cards, credit cards, and smartphone payment apps instead. Although using virtual wallets like Venmo, PayPal, and Cash App is easy and becoming more common, there is a risk of being scammed by someone who does not appear to be who they claim to be. Virtual wallets are applications that you can download on your Android or iPhone to make it simple to send and receive money from friends, relatives, and other people. To move money, these apps are connected to a bank account. 

Scammers are always on the lookout for their next victim, and these apps provide them with an ideal opportunity to defraud people of their hard-earned money. Fraudsters have devised a number of strategies for intercepting payments or convincing app users to pay them directly. 

Last year, the Better Business Bureau reported on a new scheme in which con artists send messages requesting the return of unintended payments after making deposits into their victims' accounts. 

When the victim checks their account and discovers these transfers, which were made with stolen credit cards, they refund the funds, by which point the scammer has replaced the stolen credit card credentials with their own. The money is then sent to the fraudster, and the victim is held responsible until the owner of the stolen card files restitution claims. 

In contrast to Cash App and Venmo, PayPal is the oldest form of virtual wallet. In a PayPal scam, the scammer asks a seller to send the things he or she "bought" to a particular address. They discover that the address is invalid after the scammer "pays" for the item and the seller sends the package, but it's too late. 

If the shipping company is unable to locate the address, the item will be marked as undeliverable. The scammer would then contact the shipping company and provide a new address in order to accept the package while claiming they did not receive it. 

The scammer would then collect the item and file a complaint with PayPal claiming that the item was never delivered. PayPal will refund the money charged to the scammer because the buyer has no evidence that the item was shipped. As a result, the seller loses both money and goods to the con artist. 

App developers should take action to protect their users from these types of scams. Multifactor authentication and secondary confirmation, such as emailed security codes, are examples of these safeguards. According to Microsoft research, multifactor authentication will prevent 99.9% of fraud attempts involving compromised login credentials.

Meal Kit Delivery Scams Increase with Phishing Campaigns

 

Attackers are sending phishing text messages which appear like authentic correspondence from famous brands, such as HelloFresh and Gousto, and thus are piggybacking from this booming marketplace for meal kit delivery services since the epidemic.

Centered in Berlin, HelloFresh SE is a German public-traded meal kit firm. The company is the biggest supplier of meal kits in the USA and operates also in Australia, Canada, New Zealand, Sweden, Western Europe, and Denmark. Whereas Gousto is a meal kit retailer based in Shepherds Bush, London, UK – established by Timo Boldt and James Carter and an SCA Investments Limited trading company. Gousto provides customers with ready-made, fresh ingredients, and easy-to-follow recipe kit boxes. 

The meal-kit phishing operations were uncovered by researchers of Tessian and then several variations of the phishing pitch were published. Some of them are sent via SMS, some via WhatsApp. Some people have been asked to assess their experience. In terms of complexity, messages are widespread, from very persuasive to a Tessian example called “easy to spot,” which has various spelling errors. 

“Your Gousto box is now delivered,” the phishing message read. “Enjoy the reoipej! Rate delivesy and enter wrize diaw at ‘URL’.” 

Tessian added that, usually, thousands of these messages are sent simultaneously via SMS and WhatsApp. 

Gousto however has alerted its clients of the scams by posting a message on their Twitter account: “We are aware that these emails/texts are in circulation, unfortunately, and we would advise against opening them. Our Info Tech team are looking into this suspicious activity." 

The increasing popularity of meal kits coincides with an increase in phishing attacks focused on SMS, known as "smishing," around the world. Digital devices lack a lot of safety, they are all there and the emotional dependency with which many devices have grown makes customers vulnerable to shaking down. Meal kits have been established as an important weapon for cybercriminals to leverage against targets like other pandemic-related issues. 

Commenting on the findings, Tim Sadler, CEO, and co-founder of Tessian said: "Throughout the pandemic, we've seen cyber-criminals jump on trending topics and impersonate well-known brands, with increasing sophistication. Often, scammers will register new web domains to set up convincing-looking fake websites, luring their victims to these pages using phishing scams, and then harvest valuable information.” 

He further added, “These scams are getting harder and harder to spot, with the perpetrators regularly coming up with new tactics to convince users to follow their link and input their confidential data.”

Apple App Store Saved Users $1.5 Billion Worth in Fraud Transactions

 

Tech giant Apple claimed that the measures taken to detect malicious apps and actions by developers on the App Store saved users as much as $1.5 billion in potentially fraudulent transactions in 2020. 

The company published detailed statistics on fraud prevention, which prevented more than a million risky and vulnerable apps off the App Store. There are more than 1.8 million apps on the Apple App Store for the iPhone, iPad, and Mac devices. The company has highlighted that the measures in place prevented stolen cards from making transactions, apps that switch functionality after initial review for App Store listing, account frauds by users and developers as well as verified fraudulent reviews.

Apple says that more than 48,000 apps were rejected for containing hidden or undocumented features. The App Review team also rejected more than 1,50,000 apps for spam– copying other popular apps or misleading users with regards to functionality. While over 2,15,000 apps were also rejected for violating the privacy policy guidelines.

The company also had security measures in place for payment methods and didn’t permit more than 3 million stolen credit and debit cards from purchasing on the App Store. In these wide-ranging measures in place, as many as 1 million user accounts were banned from any transactions, 244 million customer accounts were deactivated, 424 million account creation attempts were rejected, and 470,000 developer accounts were terminated for various violations.

“Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat,” says Apple. 

Additionally, 95,000 apps were also removed because they asked users for more data than they needed or mishandled the data that was collected. Apple has repeatedly insisted that privacy is a fundamental right, something that Apple CEO Tim Cook has also asserted, time and again, ahead of the rollout of the new Privacy Labels for all apps on the App Store and the addition of the App Tracking Transparency feature in iOS 14.5 for the iPhone.

The Russian Ministry of Internal Affairs began to identify serial cybercrimes with a special program

The press service of the Russian Ministry of Internal Affairs reported that employees of the department have been using a special program "Remote fraud" in their work for more than one year. Thanks to its program, it was possible to detect signs of about 324,000 crimes committed in cyberspace

"The "Remote Fraud" system, which has been used by employees of the Ministry of Internal Affairs for a year now, shows a high level of its effectiveness. With its help, we detect signs of serial cybercrimes more quickly and qualitatively," said the press service of the Russian Interior Ministry.

It is reported that special software developed for Russian law enforcers collects systematizes, processes, analyzes information that was collected during the investigation of criminal cases committed in cyberspace with the use of computer or telecommunication technologies.

The "Remote Fraud" system captures the required data from the moment a cybercrime report is registered.

On May 2, 2021, the Russian Ministry of Internal Affairs also announced that it was finalizing the development of the service, which will soon be implemented in the ministry's mobile application. The new service, called "Anti-fraudster", is created to increase the efficiency of counteraction to telephone fraud.

The main functionality of "Anti-fraud" is to warn the user that cybercriminals or scammers are calling or sending SMS from phone numbers previously seen in the commission of criminal, fraudulent actions.

"The total cost of developing, implementing and deploying the application is 44.9 million rubles ($606,000). All work will be completed, as we expect, by December 25 of this year. Despite the fact that the idea of developing such a service has long been in the Russian Interior Ministry, the contract with the selected contractor was concluded only at the end of March 2021", reported the press service of the Ministry of Internal Affairs.

Application of the Ministry of Internal Affairs of Russia, which will add the service "Anti-fraud", is already available for download on App Store and Google Play.

It is interesting to note that at the end of April 2021, Sberbank said that the application "Sberbank Online" with the next update will have a service, with the help of which the mobile app will automatically check the phone numbers of incoming calls and warn users in a situation where the caller is suspected of being a fraudster.

Lloyds Bank Warns Britons of Phishing Scam That Could Drain Their Bank Accounts

 

LLOYDS BANK has issued an urgent warning to Britons as many have been attacked by a highly dangerous scam text message. The latest phishing campaign once again centres around text messages, as more and more people become used to using their phones to manage their finances. The text reads: “LLOYDS-SECURITY: You have successfully scheduled a payment of £69.99 to payee MR ADAMS 28/04. If this was NOT you, visit: https://payee-confirmationcentre.com.” 

The malicious link contained within the text message often directs to a phishing website which can easily extract the personal details of unsuspecting individuals. It may also be the case that websites of this kind can download harmful malware onto a person’s desktop which could access their passwords and other sensitive information.

Lloyds Bank has now confirmed the text, and those like it, are a scam that Britons should do their best to avoid. Taking to their social media account, the bank wrote: “This is indeed a scam message and hasn’t been sent by us. Please don’t click on the link and delete the message”. Individuals should also look out for spelling or grammar errors contained within messages, as this is usually a sign of fraudulent correspondence.

Lloyds Bank will never ask their customers to share account details such as user IDs, passwords, or memorable information. Neither will they ask Britons for a PIN code, card expiry date, or Personal Security Number. Individuals who are asked to move their money or transfer funds by someone claiming to be from Lloyds Bank can be assured this correspondence is a scam. People who come into contact with a scam text message are strongly encouraged never to click the link and delete the message upon receipt. This is the best way to protect oneself and keep a guard up against dangerous cyber criminals looking to take advantage.

Several individuals have reported close brushes with this scam, which could have the potential to financially devastate those who fall victim. As such, individuals are being warned they must stay alert to such correspondence currently circulating widely. This could go on to be used for the purposes of identity fraud, and could clear out a person’s bank account. In some cases, banks are receptive to helping a person recoup the cost of falling prey, but in other circumstances, there may be nothing that can be done.

Threat Actors are Using YouTube to Lure Users into their Trap

 

Fortinet security researcher ‘accidentally discovered a unique way of tricking YouTube users. Due to Covid-19, as well as the recent surge in the value of the stock market and cryptocurrencies, more people than ever are at home looking for livestock market/crypto-related content on streaming platforms like YouTube, etc. This might be to compensate for the lack of in-person interactions that we would normally have in a non-Covid-19 world, as well as to perhaps make some quick income on the side. During a random midnight search for similar content, the researcher accidentally stumbled upon a LIVE Bitcoin scam on YouTube (yes, this time it was on YouTube and not on Twitter). 

YouTube has various labels/buttons on its home page to identify trending categories of videos, and this one indicated that several scams were streaming “live”. The first video researcher saw after clicking the Live button was titled, “Chamath Palihapitiya - What will be the New World of Finance? | SPACs, Coinbase IPO and NFT” with the URL link “hxxps://www[.]youtube[.]com/watch=cFstoyKl99s”. 

The next thing the researcher noticed was the video’s caption message, “Our mission is to advance humanity by solving the world’s hardest problems. We want to thank our supporters and also help crypto mass adoption, so 1000 BTC will be distributed among everyone who takes part in the event. You can find all the information on the website.” And also, unlike most content creators, the website link “More info: cham-event[.]com” did not include any video descriptions.

Another red flag was that while this YouTube channel had 252k subscribers, there was only ONE video on the channel. This could either be a case of a hacked YouTube channel that had all previous videos deleted, OR it could be that the malicious attacker somehow found a way to add fake subscribers to his/her channel. 

Earlier this month, hackers associated with these scams escalated their activity when they compromised two YouTube channels that maintain over eight million subscribers. In this particular case, the hackers modified these channels to impersonate our brand, using the Gemini name and logo. In light of these ongoing events, we want to share how these attacks work, discuss Gemini’s ongoing actions to protect our customers and provide some tips for YouTube channel owners to better secure.