Search This Blog

Showing posts with label Cyber Fraud. Show all posts

Patrons Become Victim to Depop Hacks

 

Since the lockdown started in March, there has been a significant spike in online shopping. This has become a big attraction for people looking for items on famous sites and apps. However, like every online shopping app, there could be issues for consumers, such as hacking, data breach, cyber fraud, etc. And this pandemic came out as a golden opportunity for the Scammers since they have managed to continue plaguing a variety of internet resources. 

One "have a go" tactic of the hackers is "credential stuffing" which requires the use of automated software to log into accounts repeatedly, entering previously uncovered usernames and login information from data breaches of other common online services. However, this dupe won't work if a person doesn't have the same password on many sites or has changed their passwords after being subjected to a data breach. 

One such incident of hacking and data breach has happened with 21 years old, Birmingham based law student, Amelia Strike who was unknowingly logged out of her Depop social shopping app account in October. Regarding which she said that "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed and I realized something wasn't right”, further adding, "I just felt so violated”. 

Later she received a post from a stranger on Instagram, alerting that her account had been taken over by a hacker auctioning Apple Air Pod headphone for £50. She also figured out that the hacker was scamming a lot of Depop customers under her name. The hacker was instructing the patrons to make the payment via PayPal’s “Friend and Family” option. Well, this method of payment overrides Depop's fees and does not offer any protection to buyers. 

She was fast enough to act against the scammer by using her brother’s Depop account and commenting on the offending post and contact for help from the app firm. Her query was noticed, and the firm removed the posts done by the hacker, within few hours and her password was reset. Amelia Strike notices at least three Depop patrons who had made payment by the unauthorized method to the hacker. 

In Amelia Strike's case, to get users to believe scam listing, the hacker even uploaded a picture of her name to a post-it note next to the headphones that were allegedly for sale. This is a common technique used by people selling second-hand goods online to show that images have not been taken from another listing. 

Nevertheless, she is not only the one whose Depop account was hacked, other 14 users have also reported similar cases. And in all such cases, the fraudsters insisted that they be charged directly rather than via the app. Further Depop has requested the patrons to pay via the authentic method and has stated, “We consistently communicate this to our community and reinforce that the only safe way to purchase is on the Depop app or website via the buy button.”

Colombian Woman purloin Rs 17.71 Lakh from SBI ATM

 

Bengaluru Police have confronted a freshly growing crime that goes under the name ATM fraud. In this ATM fraud, the actors steal the money from the ATM by fixing a device and hacking the bank’s servers with their master dupe. In recent times, a Columbian woman has been accused of this fraud. She was held in defrauding the State Bank of India (SBI) with a calculated amount of Rs. 17.71 lakhs with her dupe. This case was registered in the Hegdenagar, Northeast Bengaluru, India. 

This incident was first perceived by a manager of SBI, Sushil Kumar Singh when he acknowledged an unusual call from a man, who had a query stating that he has received Rs. 1 lakh while he was trying to withdraw an amount of Rs. 1,500 from the local SBI ATM at Hegdenagar. This incident was reported to the Sampigehalli Police on the 11th of January. 

On the other hand, upon hearing the situation from the caller, Sushil Singh with his colleagues ran to the troubled ATM right away and started his investigation. The first thing that he did was to switch off all the ATMs at the kiosk as a precautionary measure. This was done so as the other ATMs do not get in the eye of the actor. The very next day, in the morning he found that a device was attached to the cash deposit machine (CDM) at the kiosk. Further in the investigation, a scrutiny of the cash balance receipt revealed that Rs 17,71,500 were missing from the ATM. 

Later the CCTV footage of the ATM as well as the neighboring areas was checked by the bank staff. With the help of the CCTV footage, they concluded that a woman had walked into the ATM near about 2.25 pm on the 11th of January and had fixed the device to the CDM. In this regard, Sampigehalli police evaluated the clues which helped them to track and arrest a woman, named Leidy Stefania Munoz Monsalve, aged 23 on Friday who was the culprit behind the fraud. 

The device that was fixed to the CDM works by hacking the bank’s servers connected to the ATM, which enables the actors to withdraw the money stored into the kiosk. However, the Police have recovered the stolen money from the ATM. The police mentioned that “The Hegdenagar case, along with three others from Banaswadi, Halasuru, and Nelamangala, appears to be her first foray in cybercrime”.

Currently, Monsalve is in custody for further investigation. Well, this is not the first time that Monsalve was arrested, she has been a part of thefts earlier as well. But was released on bail.

Bitcoin Scammers Tricked People by Using Elon Musk’s Name

 

Security researcher MalwareHunter team exposed a cryptocurrency scam through which scammers were targeting the users on Twitter, this scam was running in the name of TESLA CEO Elon Musk. Scammers were tricking people by hacking verified Twitter accounts and swapping the name to ‘Elon Musk’ and responding to the tweets of real Elon Musk.

The scammers were successful in tricking the users on Twitter by requesting them to send cryptocurrencies in exchange for collecting a huge amount later. The threat actors have managed to earn $587,000 in bitcoin through a scam promoting fake Elon Musk cryptocurrency giveaway.

MalwareHunter team stated that scammers hacked the inoperative accounts, “big % but not all. At least 2-3 was active within a few weeks to few days, of those one looked possible the last activities were not from the original owner but of course couldn’t verify”. This is not the first time that scammers have tricked Twitter users in the name of Elon Musk giveaway, in 2018 scammers successfully managed to earn $180,000 by running an Elon Musk giveaway promotion. 

Cybersecurity organization Adaptiv assembled the data in June 2020 which showed that Bitcoin scammers have managed to earn nearly $2million over a period of two months and no surprise, scammers have used the name of Elon Musk. Elon Musk gave concerning remarks on these scams in February 2020 by stating “the crypto scam level on Twitter is reaching new levels, this is not cool”.

Threat actors targeted the verified Twitter accounts and took advantage of Twitter’s new protocol as Twitter shut down the feature to verify an account in July due to the company was targeted by the scammers in a major cryptocurrency scam.

The Russian expert explained why scammers distribute free SIM cards

 

SIM cards that are distributed on the street without signing a contract are most likely issued to someone else. Most often, they are used to establishing control over your account in a service. According to Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of information security companies, the use of such a SIM card can turn into various troubles.

"It is better to refuse such offers and certainly not to use these SIM cards. The main argument is that you can't prove that this SIM card belongs to you. Accordingly, from the point of view of the law, you are not a subscriber and do not have any rights," explained the expert.

Fraudsters can reissue the card and then all calls and SMS messages will be sent to the new SIM card. Now there are a lot of services and applications that use SMS to restore access in case you forget your password.

"Be prepared to lose access to these services if you use free SIM cards", warned the expert.

Many Internet services still use SMS for delivery and other confidential information. However, for several years now, short text messages (SMS) have been recognized as an unreliable means of communication. Increasingly, this method of data transportation discredits itself and leads to various incidents.

According to Mr. Pudov, attackers will try to establish control over your accounts, they will request a password reset and, if the password comes to the number of the SIM card issued to you, they will get access to it. Then the only question is how they can benefit from this: monetize the traffic of your social network account, send your friends a request to "urgently help with money", use your account to send phishing messages.

"Previously, this attack was actively used to intercept online banking confirmation codes to steal money, even if the SIM card belonged to you. Using banking Trojans or other hacking methods, hackers obtained the victims 'online banking credentials, and then a duplicate SIM card," concluded Pudov.

The RBI Warns Patrons of Unauthorized Money Lending Apps

 

Reserve Bank of India has forewarned Indians against unauthorized money lending apps that are increasingly rising day by day, consequently subjecting customers to fraudulent deeds. The threat actors lure the patrons with instant loans, capitalizing on their needs, and then trouble victims for the dues.

What are unauthorized money lending apps?

Money lending apps are rackets where you could get an instant personal loan offered through mobile apps at inflated interest rates by some unauthorized lenders. These apps are easily available on Google Play Store and do not have any tie-up with any banks or Non-Banking Financial Institutes. Any patron can avail the loan within a few weeks or less after updating all the personal information like Aadhar Card, PAN card, etc., details in the app. 

The company misguides the patrons into fraud by drastically reducing the original amount of the loan. The modus operandi of the app includes taking and feeding all the personal information of the patron in one particular app and then circulating the phone number across other such fraud apps. The other apps would now call the patrons and lure them into availing more loans. The lender would claim that the patrons are eligible for the loan as they have already verified the credentials from the previous app from which they borrowed the loan. Notably, ‘n’ number of patrons fell into this trap and later regretted the same. In the entire process, there comes a time when the patron needs to pay more than the borrowed amount due to the high-interest rate, GST fees, and other penalties for overlooking the due date. 

The worst part comes when these lenders circulate the patrons' private and confidential information on the internet and various other media platforms. They threaten the patron and also their relatives via various social media platforms. 

In the last few months especially after the COVID-19 situation where a lot of people have lost their jobs, such cases of fraud have seen a significant surge. A lot of them have registered a complaint against the money lenders. These apps are under the media scanner of law enforcement officials of India for indulging in unlawful practices, especially while colleting the dues from the patrons. 

On the other hand, The Digital Lenders Association of India (DLAI) trusts that there is a clear demarcation between legally regulated entities and unreliable firms. In this regard, they added, “we have been proactive in ensuring our members follow a strict code of conduct that serves as a guideline. It covers multiple aspects such as interest rates, recovery mechanism, and data privacy”. 

While warning the patrons of such fraudsters, RBI stated in its press release, “Moreover, consumers should never share copies of KYC documents with unidentified persons, unverified/unauthorized Apps and should report such Apps/Bank Account information associated with the Apps to concerned law enforcement agencies or use Sachet portal to file an online complaint.”

PayPal Phishing Scam 2021, Here's How to Stay Guarded

 


Another PayPal phishing campaign attempts to take account logins and other personal data. Noxious individuals are sending clients instant messages warning them that their accounts are permanently "limited" and urging them to sign in and verify their identity and account via a given link. Just as it is run of the mill with PayPal phishing messages, this trick likewise incorporates all the vital parts to deceive clients – a short claim that threatens with the outcome and a phony link that diverts clients to a caricaturing site. 

Cybercriminals abuse clients' inexperience and lack of experience by employing infamous social engineering techniques. They create emails or messages that resemble those from real organizations, which persuades victims to give away their details readily. 

The given hyperlink in the new PayPal phishing campaign diverts telephone clients to a spoofing webpage that appears to be indistinguishable from that of PayPal, however, the web address is observably different. Also, prospective victims are quickly approached to sign in to their accounts. Along these lines, they are diverted to a page where a couple of clarifications on why their accounts have been limited are shown, and they are encouraged to secure their accounts. At that point, PayPal clients see another page where they are approached to give their data, such as complete name, date of birth, and billing address. When clients fill in these details, every one of them is then shipped off to the operators behind the scam. They could utilize them to abuse users' PayPal account, open new bank accounts, or utilize the individual's data for future phishing campaigns. 

On the off chance that you've been fooled into filling these fields, at that point the following steps should be taken to avoid becoming a cyber victim: 

 • Sign in to your PayPal account and change the password right away. 

 • On the off chance that a similar password is utilized for signing in to some other accounts, visit them and change it also. 

 • Inform PayPal regarding such a scam and that you might have got influenced. 

 • To ensure no false accounts are made in your name – issue a temporary freeze on your credit report.

To ensure safe, stay wary of such malicious links and stick to the terms and conditions of the organization. Additionally, please note that PayPal could never send its clients any instant messages or force them to visit and sign in to their system immediately, only cybercriminals operate that way. The organization just sends emails that incorporate such data, and it generally contains a clarification for the constraint.

Senior Citizens, the Victims of Airline Ticket Fraud

 

Think you've discovered a truly incredible deal when you see a last-minute aircraft ticket accessible simply for a small amount of the typical cost? Be cautious before you purchase, or you could end up with no ticket and losing your cash to crooks.

Crooks utilize falsely accessed, compromised, or hacked credit card details to purchase air tickets. They offer these tickets for sale at haggled costs through misleading sites that appear to be legitimate or social networking accounts that give off an impression of being for real travel services or agents. 

The criminal 'travel agents' request prompt installment, regularly with money, bank move, or virtual monetary currencies. After getting your installment, the criminal sends you the flight booking affirmation with their original purchase details erased. At times you will get multiple OTPs on your telephone, and on the off chance that you give the OTP to that phony agent, abundant measures of cash will be siphoned from your account. 

Kumar (name changed), a senior citizen, said in his police objection that he was attempting to book a flight ticket to Thiruvananthapuram via a mobile application. Despite the fact that he had wrapped up making the installment, he got an instant message saying that the fund transfer has not gone through. He later learned that a whopping total of Rs. 7 lakh had been siphoned from his account,  thereupon Kumar called the ticket booking firm's customer care number, they revealed to him that they couldn't restore the sum because of some technical glitch and requested Kumar to give details of a different bank account. At the moment, Kumar got a few OTPs of bank exchanges that occurred without his knowledge. 

Another case has come to light where a senior resident lost Rs 1 lakh in online fraud. A Delhi-based senior resident had booked an Air India ticket and wished to cancel it. He attempted to cancel the ticket on the web and couldn't succeed due to some error. The report that highlighted the incident, further added that when the elderly person reached the customer care number, he was given a different mobile number by the executive. When he called on that mobile number, the individual on the opposite side of the telephone figured out how to get his financial balance and Debit card details. During that time, he got three to four OTPs on his mobile which he shared with the individual. When the senior citizen disconnected the call, he received a message that Rs 1 lakh was debited from his account. 

It is assessed that the aircraft business misfortunes have arrived at near USD 1 billion every year, due to the deceitful online acquisition of flight tickets. These online exchanges are exceptionally lucrative for organized crime and are continually linked to even grave crimes including immigration, trafficking in human beings, drug sneaking, and terrorism.

Russian Cyber Criminals started using bots to deceive victims

Fraudulent call centers started using bots to filtering distrustful victims in order to force them to call back and assist them on their own

According to experts, this approach makes it possible to reduce the cost of attacks on victims and increase conversion.

"The robot says: "Your card in this bank is blocked, call us back at this number”. When the victim calls back, allegedly the bank's security officers answer, ” explained Artem Gavrichenkov, technical director of Qrator Labs. He added that scammers make up to hundreds of calls a day using such robots.

Fraudsters also use fake IP telephony service numbers, bulk SMS sending services and messages in Messengers on behalf of the Bank, said Sergei Nikitin, deputy head of the Group-IB computer forensics laboratory.

The fraudsters in this case used "reverse social engineering", said Alexey Drozd, head of the information security department at SerchInform. In such cases, the victim calls the attackers.

Andrey Zaikin, Head of Information Security at CROC, explained that people are not used to the use of robots by scammers, this increases the credibility of hackers.

The technology also makes the attack cheaper, adds Mikhail Kondrashin, technical Director of Trend Micro in Russia and the CIS. A robot is a simple software for auto-calling, notes Mr. Zaikin. Developers of voice platforms usually do not charge a fee for creating such a bot, and the average cost of a call is 2.5–3.5 rubles ($0.3-$0.4) per minute.

Previously, many fake call centers operated from prisons, but recently, according to Group-IB, most are organized outside and sometimes even abroad. According to experts, international cooperation at the state level is necessary to neutralize them.

New types of fraud related to Bank cards of Russian Banks have been spotted

Fraudsters encourage Bank customers to withdraw funds at a branch or ATM on their own and then transfer money to the account of the attackers

"There are cases when fraudsters, through psychological influence on the client, ask to transfer funds through an ATM and/or withdraw funds through the cashier, while providing fake documents from the Bank," said Mikhail Ivanov, Director of the Information Security Department of RosBank.

Stanislav Pavlunin, Vice President and Security Director of Pochta Bank, noted that this is one of the latest schemes of cybercriminals, which is a kind of the most common method of fraud - social engineering.

The vast majority of fraudulent operations are carried out using social engineering methods, explained Ilya Suloev, Director of the Information Security Department of Otkritie Bank. This was confirmed by Sberbank, which since the beginning of 2020 has recorded almost 2.9 million customer requests about fraudulent attempts. In comparison with 2019, the number of such requests has more than doubled.

The most popular way to influence potential victims is still phone calls. According to OTP Bank, fraudsters can be represented by employees of the security service of the Bank or government agencies. 

The number of telephone fraud attempts has increased this year, confirmed Oleg Kuserov, Managing Director of Absolut Bank.

"The growth of such attacks is associated, in our opinion, both with an increase in the number of fraudulent call centers and with major data leaks in 2020 from various enterprises, including online stores," said Vyacheslav Kasimov, Director of the Information Security Department of Credit Bank of Moscow.

Sergey Afanasyev, Executive Director and Head of the Statistical Analysis Department of Renaissance Credit Bank, also noted that another common type of Bankcard fraud, in addition to social engineering, is phishing — stealing money through fraudulent duplicate sites.


Money stolen from bank accounts of Russians twice as much as last year

In Russia, for the period from January to August 2020, more than 100 thousand thefts of funds from a Bank account were recorded, twice as much as last year. The number of cases of fraud using electronic means of payment has also doubled.

According to the Prosecutor General's Office, now every fifth fact of theft is associated with the theft of funds from accounts.

The Central Bank said that hacker attacks are more frequent in 2020, but the effectiveness of attacks on banks has not increased. Fraudsters are now increasingly trying to deceive citizens using social engineering, so the number of calls has increased four times. At the same time, new criminal schemes have not appeared, but now criminals have begun to actively use the topic of COVID-19.

Vitaly Trifonov, Deputy head of the Group-IB Computer Forensics Laboratory, explained the reasons for the increase in attacks: "On the one hand, this is facilitated by the gradual digitalization of life, when more and more people make purchases online, pay with a card and use an ATM less. On the other hand, there are simple and working fraud schemes that do not require special skills or investment”.

Moreover, in the past year and a half, cases of theft of money from citizens using social engineering methods have become more frequent in Russia. According to a study by Digital Security, when files are transferred via email and cloud services, metadata about them is saved and used by fraudsters.

Group-IB spotted a new fraud scheme to steal money from Zoom users


Under the guise of receiving monetary compensation "in connection with COVID-19" or for subscribing to the service, users are lured to fraudulent sites where money and Bank card data are stolen

Group-IB has documented a new Zoom scam to steal money and user data. This was reported by the press service of the company.

The study began after users complained about the emails they received from the Zoom service. They offered to get compensation "in connection with COVID-19" and provided a link to fraudulent sites where the victim's money and Bank card details were stolen. Analysts from the Group-IB's Computer Emergency Response Team (CERT-GIB) found that the emails were sent not from a fake domain, but from an official service.

"The thing is that when registering, Zoom offers the user to fill out a profile - specify "First name" and "Last name", providing the ability to insert up to 64 characters in each field. Fraudsters use this opportunity by inserting the phrase: “You are entitled to compensation in connection with COVID-19" and indicate a link to a fraudulent site,” explained the company.

After clicking on the link, users were asked to enter the last 4 or 6 digits of their Bank card number. Fraudsters calculated "compensation" for the user: from 30 thousand to 250 thousand rubles ($385 - $3,200). But to get this money, the victim had to pay a small amount "for legal assistance in filling out the questionnaire" - about 1 thousand rubles ($12). So, users entered card data on such resources, but as a result, they lost both money and Bank card data.

According to the Deputy head of CERT-GIB Yaroslav Kargalev, the Zoom service needs to implement a more thorough verification of the data that the user enters when registering an account, as well as completely prohibit the use of third-party links in the profile. Since the beginning of 2020, CERT-GIB has recorded the appearance of about 15.3 thousand domains containing the name Zoom - the surge in registration occurred during the period of remote work.

The Central Bank of Russia spotted a fraud scheme using the voice menu of one of the banks

The Central Bank of Russia informed banks that fraudsters use the voice menu to get information about the status of customers' accounts, using only the last four digits of the card.

It all started with the fact that one of the credit organizations reported a sharp increase in the number of calls to customers from fraudsters, and the attackers knew the exact amount on the accounts.

It turned out that the scammers made phone calls to the IVR system (Interactive Voice Response), replacing customer numbers. When calling from a client's number, they requested information about the remaining funds by entering the last four digits of the Bank card.

After that, the scammers called potential victims and introduced themselves as Bank employees. As proof of authenticity, they provided customers with information about their account balances. After that, they successfully used social engineering methods to steal money.

The phone numbers of customers and their Bank cards were compromised and spread on the Internet. The Central Bank believes that fraudsters could get them from the Joom client base, which was in the public domain. Then, representatives of the online store and banks assured that there is no danger for customers, since the data that fell into the hands of fraudsters is not enough to debit money from their accounts.

It turns out that the last four digits of the card may be enough to get confidential information from Bank customers. But this information is not officially classified as secret and is printed on any check.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, the use of biometrics can simplify the identification process for the user and make this process more secure. At the same time, the expert believes that the use of biometrics would increase its cost for the Bank. Thus, despite the recommendations of the Central Bank, banks will continue to minimize their costs in this area, risking making their customers victims of fraud.

The Russian quality system (Roskachestvo) reported on the new traps of scams in WhatsApp

The absolute majority of fraud in WhatsApp occurs through social engineering when the text prompts the user to click on a link or download a file, said Ilya Loevsky, deputy head of Roskachestvo. So, criminals often make mass mailings with various profitable offers or lotteries to encourage the user to participate and click on an infected link or download a suspicious file.

"As a rule, hackers use big names of companies, such as Google, Apple, Facebook, hot topics like COVID-19, or super-profitable offers (last year it was a "promotion" about 1000 free gigabytes of the Internet for the 10th anniversary of the service). Fraudsters often fake official WhatsApp profiles by copying the name and design,” the expert gives examples.

According to the expert, sending such messages to your contacts is undesirable, as it only contributes to the spread of fraud.

However, after clicking on a malicious link, anything can happen to the victim, from stealing personal data to withdrawing funds from their card.

It is interesting to note that in June 2020, ESET reported a phishing attack aimed at the audience of WhatsApp and Telegram messengers. Users received messages asking them to fill out a questionnaire and get four barrels of beer from a famous brand as a gift.

One of the conditions for participation in the campaign was the mandatory forwarding of messages to ten contacts in WhatsApp.

In January of this year, a similar phishing attack was launched on WhatsApp users. Victims were lured by messages that a famous sports brand was celebrating an anniversary and giving t-shirts and shoes. To receive gifts, users were encouraged to click on the link.

Loevsky concluded that sometimes messages from unknown users may contain just forwarded files that spread panic in society, so it is better to disable auto-upload of media files in the messenger settings and not accept files from unknown accounts.

Russian media reported on fake domains for pre-ordering coronavirus vaccine

After the Russian Ministry of Health registered the first coronavirus vaccine, the number of new domains associated with the vaccine increased on the Internet.

Creating a phishing site takes three to four hours thanks to designers and illegal CDNs, and earnings from them can range from thousands of dollars and much more depending on the audience and period, said Andrey Zaikin, head of the Information Security department at CROC IT company.

In the ten days since the vaccine was registered, 113 related domains appeared in the .com and .ru zones, said Eugene Voloshin, Director of the cybersecurity company Bi.Zone. Infosecurity a Softline Company adds that in July-August 2020, 445 domains were registered, which is about nine per day.

Such sites started appearing in March. They offered to buy a non-existent vaccine and medication for coronavirus.

One resource in English offered to pre-order a vaccine in the amount of 10,000 to 1 million doses and pay a quarter of the cost of the batch, reported the Telegram channel @In4security.

According to Check Point, the number of actual attacks related to the coronavirus has decreased: in July, there were about 61 million on average per week, and in June - about 130 million per week. In contrast, Trend Micro believes that the number of Internet threats exploiting the topic of coronavirus is growing, as the number of complaints from citizens has increased three to four times. In the first half of 2020, the company identified 9 million such threats.

The volume of phishing increased as people became much more active on the Internet during the pandemic and this continues to this day, believes expert of Kaspersky Lab. 

More than 100 websites selling air tickets in Russia turned out to be fraudulent

Cybercriminals continue to deceive people. According to the Group-IB, over the past few months, more than 100 fraudulent sites in the field of online ticket sales have appeared on the Network.

If in July there were about 30 such pages, in August there were about 100, said Yakov Kravtsov, head of the anti-counterfeit department of the company's brand protection department.

"The last one and a half to two months there has been a boom in the creation of phishing and fraudulent resources related to ticket sales,” said Mr. Kravtsov.

He noted that most of these portals are dedicated to selling air tickets. There are also websites where it’s possible to book hotels and rent cars. Criminals use these sites to get people's card data and money.

Most of these resources are currently blocked, but you still need to be careful. According to Kravtsov, fraudsters often take the brands of well-known aggregators for ticket sales or act under the name of large air carriers.

"Some resources were created before the quarantine, but because of the pandemic, these sites were activated when the borders began to open,” said Mr. Kravtsov. He recommended paying attention to the domain name of the resource and not trust “crazy discounts".

Earlier, E Hacking News reported that  Group-IB together with the Federal Tax Service (FTS), identified the activity of fraudsters in the Network. Criminals send phishing emails on behalf of the tax service.

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

eSIM Swapping Fraud: Cyber Criminals Targeting Airtel Customers in Hyderabad


Hyderabad witnessed three back to back cases of cyberfraud wherein criminals targeted Airtel customers promising them eSIM connection that led to a fraud of more than 16 lakh Rs. In the wake of the frauds, the Hyderabad cyber crime police station issued an advisory alerting Airtel customers regarding the fraudsters befooling people in the name of the eSIM connection.

S. Appalanaidu, a resident of Miyapur, Hyderabad received a message on 11th July informing him that if he fails to update his KYC details, his SIM card would get blocked. “Dear Customer Your SIM Card Will Be Blocked in 24 hours Please Update Your eKYC verification Thanks”. The message read.

Later, he received a phone call from a person acting to be a customer care executive for Airtel who asked Mr. Appalanaidu to forward the e-mail address sent by him to #121 i.e., Airtel customer care number, in order to get his KYC updated online. Reportedly, after forwarding the email-id, Mr. Appalanaidu got an auto-generated SMS from the service provider for registering the email address for his contact number. Once the e-Sim request was forwarded by him to Airtel along with the email address, he received another auto-generated SMS handing him the e-SIM enabled handset and asking to proceed with the same. After that, he received a Google view form link on which he submitted the name of his bank and forwarded it to the caller. Immediately after his SIM card got blocked and a sum of Rs. 9,20,897 had been deducted from his bank account. Following the incident, Mr. Appalanaidu filed a complaint on 14th July urging for necessary actions to be taken by cyber police.

Similarly, the criminals cheated two other Airtel users for amounts - Rs. 5,94,799 and 1,03,990 respectively. In the light of that, Hyderabad cyber police issued an advisory to warn customers about how fraudsters are sending a heap of messages and calling them claiming to be Airtel customer care executives and asking them to send requests for the activation of eSIM and eSIM enables devices, which is just another way of cheating customers and tricking them into providing enough personal and financial details for fraudsters to capitalize on. ,

WhatsApp Scam: Hackers stealing Verification Codes from Users


WhatsApp Messenger, a cross-platform messaging app owned by Facebook is the most popular messaging application in the world and recently it's usage increased by 40% amid lock-down. But with it's rising popularity, the users are facing security threats as a new scam has emerged on the Facebook-owned messenger that tries to steal the user's verification code.

The scammers pose as WhatsApp's official account and ask the user to verify his/her identity by providing the six-digit verification code to the account.

This verification code is sent to the user via SMS in order to register their device.

WABetaInfo, a blog that tracks WhatsApp features shared the scam in a tweet. Dario Navarro, a Twitter user asked WABetaInfo that he got such a message and if he should reply, in response the feature tracker responded with “WhatsApp never asks your data or verification codes,”.


According to the message sent to Navarro, the spammer sends the message posing as WhatsApp (with WhatsApp's logo as a profile picture) and in a message written in Spanish ask him to verify his identity and account number by providing the six-digit verification code which the spammer could use to hack the account.

WhatsApp will never ask for your personal details or verification code

WhatsApp clearly states in their FAQs section not to share the verification code, “If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can't complete the verification process and use your phone number on WhatsApp,” the company says.

Any information by the company is either published on their blog or tweeted on their official account. And even if WhatsApp does message you ( a rare phenomenon) it would be from an account with a green tick next to it.

If you get a verification SMS, it means someone is trying to log in to your account, this could be because someone entered the wrong phone number or if someone is trying to hack your account. So, if someone hacks your account, you can simply verify your phone number and the other user will be logged out.

Russian banks revealed new types of fraud


Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work.

VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money.

Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds.

The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish videos on the Internet with a proposal to refund value-added tax to all Russians left without income. In this scheme, customers click on a fraudulent link from the description to the video and independently perform expense transactions, which leads to a loss of money.

"Internet companies began to actively appear that offer customers to take advantage of the volatility of cryptocurrencies and promise a large profit," said Kuznetsov about another scheme.

Finally, financial fraudsters copy popular initiatives of well-known brands and companies to attract their victims, using hashtags of the period of self-isolation, for example, #stayhome and offer to participate in the campaign to get three thousand rubles ($42). For this, it is allegedly necessary to provide card data and a one-time SMS password.

It is worth adding, according to the international company Group-IB, using the remote access program TeamViewer, fraudsters steal from the clients of large banks on average from 6 million to 10 million rubles per month ($84,000 - 140,000).

Russia recognized as the leader in posting fraudulent resources on the Web


According to the results of last year, Russia seized the first place from the United States in terms of
the placement of fraudulent Internet resources, found out in the international company Group-IB, which specializes in repelling and preventing cyberattacks.

If in the previous three years, most of the blocked phishing resources were located in the United States, in 2019, Russia took first place in this indicator. Hosting services in Russia received 34% of blocked phishing resources, in the US 27%. Panama is in third place, it accounted for 8% of blocking.
The company also indicated that in 2019, the total number of blocked phishing resources increased three times, from 4.4 thousand to 14,093.

According to the Group-IB, earlier scammers stopped their campaigns after they were blocked and switched to other brands. Now they continue to work, replacing the blocked pages with new ones. They also complicated and expanded the mechanisms for implementing phishing attacks.

At the same time, the scammers revised their goals: the number of phishing resources for attacks on cloud storage doubled over the year and the number of fraudulent pages targeting users of Internet service providers tripled. This is due to the desire to get personal and payment data of users.

It is worth noting that Group-IB may require blocking resources as a competent organization that cooperates with the Coordination Center of RU domains.

Kaspersky lab reported in November 2019 that cyber fraudsters have developed a new method of corporate phishing to steal personal data from banks. For example, Bank employees receive an invitation to pass certification with the requirement to enter a username and password from their work email. As a result, fraudsters get access to their correspondence, which may contain files with personal data of credit institution clients.