Search This Blog

Showing posts with label Fraudsters. Show all posts

Mackenzie Scott Scam: Fraudsters asking Fake Donations in Billionaire's name

 

A major phishing campaign that reached tens of thousands of inboxes impersonated as MacKenzie Bezos-Scott grant foundation promising monetary advantages to recipients of the e-mail in exchange for a processing fee. 

The processing fee is referred to as an "advance fee," and it has been used since before the internet, with the "Nigerian prince" version popularising it. But this phishing campaign took advantage of the charitable acts last year from author MacKenzie Scott, ex-wife of Amazon founder Jeff Bezos. 

The scam surfaced after Mackenzie Scott revealed in December that she had donated $4.2 billion of her fortune to over 300 organizations, including food banks and other charities that assist the people in need. Ironically, one food bank in Arkansas, which had received an authentic email from Scott about a legitimate donation, initially mistook it for a hoax. 

Eyal Benishti, the CEO of tech security company Ironscales said, “That may have primed fraudsters to develop a phishing scam based on Scott's donations in the hope that some organizations would believe that they, too, are receiving valid emails”. About 200 of its customers have received the bogus Mackenzie Scott emails, although none have fallen for the bait, he added. 

Fraudsters initiated the scam by sending out spoofed emails that claimed, MacKenzie Bezos-Scott grant foundation is distributing funds from their foundation. In fact, the emails were sent not to distribute billions to charity, but fleece victims. 

However, the fake Mackenzie Scott emails had a few tip-offs that hints they weren't real: 

1. Sender’s title appeared as “Mackenzie Scott Grant” but the return email address was to the domain ‘@mintme.com’ 
2. Multiple grammatical errors in the email body 
3. Sender’s name and signature were different 

The fraudsters alleged that they are from the "MacKenzie Bezos-Scott foundation" and have chosen a recipient for a grant. Further, they ask for the recipients' full name and address, and if they answer, recipients are required to submit a small processing fee to unlock the grant. Of course, there's no grant; it's just a tactic to extort money from the victims.

Scams have escalated as a result of large-scale relief programs such as stimulus checks and the Paycheck Protection Program, which has drawn out fraudsters trying to trick people into giving away sensitive data, such as Social Security numbers. With the ongoing levels of hardship due to the coronavirus pandemic, people are more susceptible to scams at the moment.

E-Sim Fraud and Prevention

 

Some mobile service providers have eSIM-enabled cell phones which don't need an actual SIM card. They have a little chip inside the phone and the data on this eSIM is rewritable so the client can change the operator without any problem. The victim normally gets a message cautioning that his/her SIM card will be blocked, which says: “Dear customer, your SIM card will be blocked in 24 hours.” Or “Please update your eKYC verification.” These criminals call the network clients in the name of customer care executives and ask them to request e-SIM activation.

After the message, fraudsters call their victim claiming to be telecom organization's customer care executive; say from Airtel, Reliance Jio, or Vodafone-Idea. The message, which looks like from the customer care cell of a mobile service provider, requests that clients click on a link and fill a form. This form can ask for multiple types of data like Bank Details, PII, and so on. Clients are then approached to forward an email ID, sent by the fraudsters, to the customer care of that specific telecom operator. The email ID belongs to the scamsters so that they can register their mail IDs.

In the wake of getting their own email ID enrolled with the victim’s mobile number, the caller at that point requests the victim to forward an eSIM request to the service provider with an enlisted email ID. They deceive the client into sending an email sent by the service provider on their enlisted email addresses.

When the eSIM service gets activated, the activation QR code for eSIM goes to the email ID given by the fraudster. After eSIM activation, the actual SIM that is running in the victims' phone consequently gets blocked. The fraudster registers the eSIM with digital wallets and links it to the victim's bank accounts to steal money. Following this, the casualties are made to fill in their details, including bank details, in a google form. That is the way cybercriminals gain admittance to the bank accounts of these users. 

 A few safety measures to prevent e-SIM frauds: 

1. Go to the SIM provider directly to get your e-SIM. 

2. Your SIM is never blocked in the wake of upgrading from physical sim to e-SIM. Never believe scammers threatening that your SIM will be hindered unless you upgrade. 

3. Never give your details for SIM up-gradation or share any OTP/click on given un-verified links.


Reference: Rahul Tyagi, Co-founder, SAFE Security. 

Fraudsters are Exploiting Google Apps to Steal Credit Card Details

 

Threat actors are using a novel approach to steal the credit card details of e-commerce shoppers by exploiting Google’s Apps Script business application platform. Threat actors are abusing Google Apps Script domain ‘script.google.com’ to hide their malicious activities from malware scan engines and evade Content Security Policy (CSP) controls.

Eric Brandel, a cybersecurity researcher unearthed the scam while analyzing Early Breach Detection data provided by Sansec, a cybersecurity firm focused on fighting digital skimming. Brandel explained that threat actors bank on the fact that the majority of the online stores would have whitelisted all Google subdomains in their respective CSP configuration (a security protocol for blocking suspicious code execution in web apps). They take advantage of this trust and abuse the App script domain to route the stolen data to a server under their possession. 

Once, the malicious script was injected by the fraudsters in the e-commerce site, all the payment details stolen from the exploited e-commerce site were transferred as base64 encoded JSON data to a Google Apps Script custom app, using script.google.com as an exfiltration endpoint. Then, the stolen data was transferred to another server - Israel-based site analit. tech – handled by fraudsters.

Sansec stated that “the malware domain analit[.]tech was registered on the same day as previously discovered malware domains hotjar[.]host and pixelm[.]tech, who are hosted on the same network.” Google services such as Google Forms and Google Sheets are also exploited in the past by FIN7 cybercriminal gang for malware command-and-control communications. This gang has targeted banks and point-of-sale (POS) terminals EU and US firms using the Carbanak backdoor.

“Typically, a digital skimmer (aka Magecart) runs on dodgy servers in tax havens, and its location reveals its nefarious intent. But when a skimming campaign runs entirely on trusted Google servers, very few security systems will flag it as ‘suspicious’. And more importantly, popular countermeasures like Content-Security-Policy (CSP) will not work when a site administrator trusts Google”, Sansec explained the workings of the fraudsters.

Fraudsters are Using Fake W-8BEN Forms for 2021 Tax Season

 

A huge number of US citizens get ready for the 2021 tax season, swarms of fraudsters and scammers are getting ready to rip off residents and non-residents alike. Fraudsters had a promising beginning foreseeing the buzz encompassing tax filing season, with phishing efforts impersonating the government agency as early as November 25, 2020, as indicated by Bitdefender Antispam Lab. Spikes in IRS-related phishing tricks scams were seen on January 19 and 21 when a large portion of the incoming agency-related correspondence was set apart as spam. 

Authorities say a huge number of individuals—from regular residents to sophisticated professionals—fall prey to IRS and other scams every year, losing millions of dollars in the process. As per a Federal Trade Commission (FTC) report, imposter scams cost Americans some $667 million in 2019—and those were only the cases reported to authorities. Numerous victims never document reports, regularly out of shame.

This warm-up was no happenstance, since the 2020 fiscal year rounded up, round about $2.3 billion were involved in tax fraud, as indicated by the agency’s annual report. Identity thieves utilized stolen Social Security numbers and other personally identifiable information (PII) to file early tax returns in the name of legitimate taxpayers, or utilized frivolous tactics to startle recipients into making prompt payments to stay away from arrest or deportation. 

Fraudsters are focusing on non-residents in the US utilizing a phony variant of the W-8BEN Form (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting) to steal sensitive information. This rendition of the scam has been spotted more than 80,000 times since November 25, 2020, with more recognizable spikes expected to hit inboxes until April 15. Unlike traditional phishing, which expects recipients to get to a spoofed website or download a malicious attachment, scammers have set up a phony fax number where recipients should forward their data. The fake version will advise you to give specific data excluded from the genuine W-8BEN US tax exemption document, for example, your passport number, profession, mother's maiden name, bank account name and number and investments. 

Fraudsters have additionally reused older renditions of IRS impersonation scams by utilizing the Economic Impact Payments as a feature of The Coronavirus Aid Relief, and Economic Security (CARES) Act.

Cyber criminals convicted of stealing more than £1 million using Fake job ads

Organized criminal network of five men and one woman have been convicted for stealing more than £1million from job hunters using fake job advertisements.

The members of the criminal are Adjibola Akinlabi (aged 26), Damilare Oduwole (26), Michael Awosile (27), Nadine Windley (26) and Temitope Araoye (29) and a malware writer "Tyrone Ellis (27)".

The evidence gathered by authorities including phone and online chat records shows that they made more than £300,000 from their fraud scheme. However, the officers believe it could be much higher , possibly more than £1million ($1.6m).

According to the National Crime Agency report, the fraudsters targeted innocent job hunters with fake job ads. Those who responded to the ads were sent a link via email asking them to complete an application form. Once the user clicks the link , it inadvertently install malware in victim's system.

The malware is capable of recording keystrokes and capturing victim's financial and personal data.

The compromised information is used by the fraudsters to get a new credit and debit cards, pin numbers.

The crooks will remain in custody and expected to be sentenced on Thursday 14 November.