Search This Blog

Showing posts with label Fraudsters. Show all posts

Fraudsters are Exploiting Google Apps to Steal Credit Card Details

 

Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps Script business application platform. Threat actors are abusing Google Apps Script domain ‘script.google.com’ to hide their malicious activities from malware scan engines and evade Content Security Policy (CSP) controls.

Eric Brandel, a cybersecurity researcher unearthed the scam while analyzing Early Breach Detection data provided by Sansec, a cybersecurity firm focused on fighting digital skimming. Brandel explained that threat actors bank on the fact that the majority of the online stores would have whitelisted all Google subdomains in their respective CSP configuration (a security protocol for blocking suspicious code execution in web apps). They take advantage of this trust and abuse the App script domain to route the stolen data to a server under their possession. 

Once, the malicious script was injected by the fraudsters in the e-commerce site, all the payment details stolen from the exploited e-commerce site were transferred as base64 encoded JSON data to a Google Apps Script custom app, using script.google.com as an exfiltration endpoint. Then, the stolen data was transferred to another server - Israel-based site analit. tech – handled by fraudsters.

Sansec stated that “the malware domain analit[.]tech was registered on the same day as previously discovered malware domains hotjar[.]host and pixelm[.]tech, who are hosted on the same network.” Google services such as Google Forms and Google Sheets are also exploited in the past by FIN7 cybercriminal gang for malware command-and-control communications. This gang has targeted banks and point-of-sale (POS) terminals EU and US firms using the Carbanak backdoor.

“Typically, a digital skimmer (aka Magecart) runs on dodgy servers in tax havens, and its location reveals its nefarious intent. But when a skimming campaign runs entirely on trusted Google servers, very few security systems will flag it as ‘suspicious’. And more importantly, popular countermeasures like Content-Security-Policy (CSP) will not work when a site administrator trusts Google”, Sansec explained the workings of the fraudsters.

Fraudsters are Using Fake W-8BEN Forms for 2021 Tax Season

 

A huge number of US citizens get ready for the 2021 tax season, swarms of fraudsters and scammers are getting ready to rip off residents and non-residents alike. Fraudsters had a promising beginning foreseeing the buzz encompassing tax filing season, with phishing efforts impersonating the government agency as early as November 25, 2020, as indicated by Bitdefender Antispam Lab. Spikes in IRS-related phishing tricks scams were seen on January 19 and 21 when a large portion of the incoming agency-related correspondence was set apart as spam. 

Authorities say a huge number of individuals—from regular residents to sophisticated professionals—fall prey to IRS and other scams every year, losing millions of dollars in the process. As per a Federal Trade Commission (FTC) report, imposter scams cost Americans some $667 million in 2019—and those were only the cases reported to authorities. Numerous victims never document reports, regularly out of shame.

This warm-up was no happenstance, since the 2020 fiscal year rounded up, round about $2.3 billion were involved in tax fraud, as indicated by the agency’s annual report. Identity thieves utilized stolen Social Security numbers and other personally identifiable information (PII) to file early tax returns in the name of legitimate taxpayers, or utilized frivolous tactics to startle recipients into making prompt payments to stay away from arrest or deportation. 

Fraudsters are focusing on non-residents in the US utilizing a phony variant of the W-8BEN Form (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting) to steal sensitive information. This rendition of the scam has been spotted more than 80,000 times since November 25, 2020, with more recognizable spikes expected to hit inboxes until April 15. Unlike traditional phishing, which expects recipients to get to a spoofed website or download a malicious attachment, scammers have set up a phony fax number where recipients should forward their data. The fake version will advise you to give specific data excluded from the genuine W-8BEN US tax exemption document, for example, your passport number, profession, mother's maiden name, bank account name and number and investments. 

Fraudsters have additionally reused older renditions of IRS impersonation scams by utilizing the Economic Impact Payments as a feature of The Coronavirus Aid Relief, and Economic Security (CARES) Act.

Cyber criminals convicted of stealing more than £1 million using Fake job ads

Organized criminal network of five men and one woman have been convicted for stealing more than £1million from job hunters using fake job advertisements.

The members of the criminal are Adjibola Akinlabi (aged 26), Damilare Oduwole (26), Michael Awosile (27), Nadine Windley (26) and Temitope Araoye (29) and a malware writer "Tyrone Ellis (27)".

The evidence gathered by authorities including phone and online chat records shows that they made more than £300,000 from their fraud scheme. However, the officers believe it could be much higher , possibly more than £1million ($1.6m).

According to the National Crime Agency report, the fraudsters targeted innocent job hunters with fake job ads. Those who responded to the ads were sent a link via email asking them to complete an application form. Once the user clicks the link , it inadvertently install malware in victim's system.

The malware is capable of recording keystrokes and capturing victim's financial and personal data.

The compromised information is used by the fraudsters to get a new credit and debit cards, pin numbers.

The crooks will remain in custody and expected to be sentenced on Thursday 14 November.