Search This Blog

Showing posts with label Scammers. Show all posts

Fraudsters are Mailing Modified Ledger Devices to Steal Cryptocurrency

 

Scammers are mailing fraudulent replacement devices to Ledger customers who were recently exposed in a data breach, which are being used to steal cryptocurrency wallets. 

With increased cryptocurrency values and the use of hardware wallets to secure crypto funds, Ledger has become a frequent target for scammers. After receiving what appears to be a Ledger Nano X device in the mail, a Ledger user published a devious fraud on Reddit. The gadget arrived in authentic-looking packaging with a sloppy letter claiming that it was sent to replace their existing device as their customer information had been leaked online on the RaidForum hacker community. 

"For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device," state the fake letter from Ledger. 

"For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again." 

Despite the fact that the letter contained numerous grammatical and spelling issues, the information for 272,853 persons who purchased a Ledger device was published on the RaidForums hacking site in December 2020. This provided a slightly convincing reason for the new device's arrival. 

A shrinkwrapped Ledger Nano X box was also included in the package, containing what appeared to be a genuine device. After becoming skeptical of the device, they opened it and posted photos of the printed circuit board on Reddit, which clearly indicated the modification of devices. 

Mike Grover, a security researcher, and offensive USB cable/implant expert informed BleepingComputer that the threat actors added a flash drive and hooked it to the USB port based on the photos. 

Grover told BleepingComputer in a conversation about the photographs, "This appears to be a simple flash drive slapped on to the Ledger with the purpose of being for some form of malware delivery." 

"All of the components are on the other side, so I can't confirm if it is JUST a storage device, but.... judging by the very novice soldering work, it's probably just an off-the-shelf mini flash drive removed from its casing." 

As per the image examining, Grover highlighted the flash drive implant connected to the wires while stating, "Those 4 wires piggyback the same connections for the USB port of the Ledger." 

According to the enclosed instructions, it instructs people to connect the Ledger to their computer, open the drive that appears, and execute the accompanying application. The person then enters their Ledger recovery phrase to import their wallet to the new device, according to the guidelines. 

A recovery phrase is a human-readable seed that is used to produce a wallet's private key. Anyone with this recovery phrase can import a wallet and gain access to the cryptocurrency contained within it. After entering the recovery phrase, it is sent to the attackers, who use it to import the victim's wallet on their own devices to steal the contained cryptocurrency funds. 

This fraud is acknowledged by Ledger and they issued warnings about it in May on their dedicated phishing website. 

Recovery phrases for Ledger devices should never be shared with anybody and should only be input directly on the Ledger device the user is trying to recover. The user should only use the Ledger Live application downloaded straight from Ledger.com if the device does not allow to enter the phrase directly. 

Ledger customers flooded with scams: 

In June 2020, an unauthorized person gained access to Ledger's e-commerce and marketing databases, resulting in a data breach. 

This information was "used to send order confirmations and promotional mailings — largely email addresses, but with a subset that also included contact and order details including first and last name, postal address, email address, and phone number." 

Ledger owners began getting several of the phishing emails directing them to fraudulent Ledger apps that would fool them into inputting their wallet's recovery codes. After the contact information for 270K Ledger owners was disclosed on the RaidForums hacker community in December, these scams became more common. 

The leak resulted in phishing operations posing as new Ledger data breach notifications, SMS phishing texts, and software upgrades on sites imitating Ledger.com.

WhatsApp Hijack Scam, Here's All You Need To Know

 

By posing as a friend and asking for SMS security codes, scammers are continuing to target WhatsApp users and hijack their accounts. The con has been around for years, yet victims have continued to fall for it, with many sharing their stories on social media. Users should never give out their security codes to anyone, even if they appear to be a buddy, according to WhatsApp. 

If users receive six-digit WhatsApp codes that they did not expect, they should be concerned. When setting up a new account or signing in to an existing account on a new device, such codes are frequently seen. However, if the code is obtained unexpectedly (without the user's request), it could be a scammer attempting to gain access to your account. 

The fraudster would then send you a WhatsApp message asking for the code. The most essential thing to remember is not to share the code, as the message appears to be from a legitimate friend or family member in most circumstances, even though the account has already been hacked. 

One victim, Charlie, told the BBC, "I got a WhatsApp message from my good friend Michelle, stating she was locked out of her account. She stated she sent the access code to my phone instead of hers by accident and that I could just screenshot it and send it over." In actuality, Charlie had given the scammer the code to his own account. 

He told the BBC, "I guess I fell for it since we all know how annoying technology can be and I was eager to help. I didn't realise what had happened for a day." Charlie stated that he had deleted WhatsApp and would no longer use it. 

The hijacker can pretend to be you and send messages to your friends and family using a stolen account. They might act as if you're facing a financial emergency and beg your contacts for money. It also provides them with the phone numbers of your contacts, allowing them to try the six-digit code trick on fresh victims. By gaining access to your account, the fraudster will be able to see sensitive information in your group chats. 

WhatsApp advises users to be cautious and not reveal their One Time Password (OTP) or SMS security code to anybody, even friends and relatives. Citizens can also enable two-step verification for added security.

Pay Attention: These Unsubscribe Emails Only Lead to Further Spam

 

Scammers send out fake 'unsubscribe' spam emails to validate legitimate email addresses for future phishing and spam campaigns. 

Spammers have been sending emails that merely inquire if the user wants to unsubscribe or subscribe for a long time. These emails don't specify what the user is unsubscribing or subscribing to, and spammers are using them to see if the recipient's email address is real and vulnerable to phishing scams and other nefarious activity. 

If they get the needed confirmation, they’ll bombard it with various spam emails. The campaign is simple in design - the victim will get a basic email with this call to action in it asking whether the consumer wants to unsubscribe or subscribe: 

“Please confirm your Subscribe (sic) or Unsubscribe. Confirm Subscribe me! Unsubscribe me! Thank you!” 

If the user clicks on the embedded subscribe/unsubscribe links, the mail client will generate a new email that will be forwarded to a large number of different email addresses controlled by the spammer. 

After sending the mail, users expect to be unsubscribed from future communications but they are, however, confirming for the spammers that their email address is real and under surveillance. 

BleepingComputer created a new email account for testing purposes, which they never used on any website or service. When they responded to multiple confirmation emails received on another email account using the new email address. After sending unsubscribe/subscribe responses from the new account, their new account was bombarded with spam emails within a few days. 

This test also revealed that spammers are utilizing these subscribe/unsubscribe emails to fine-tune their mailing lists and confirm email addresses that are vulnerable to phishing and frauds. 

It was also stated that these attacks aren't restricted to spam emails; nothing stops scammers from using phishing or social engineering against the target email, which is sometimes more hazardous and difficult to detect and stop. 

Consumers should never click any links they receive in an email unless they are fully certain of the sender's validity and the link's integrity, according to security experts. No credible company will ever send an email with only the alternatives to "Subscribe or Unsubscribe" and without any information.

Virtual Wallet Users are Being Scammed

 

People are carrying less cash as technology advances, preferring to use debit cards, credit cards, and smartphone payment apps instead. Although using virtual wallets like Venmo, PayPal, and Cash App is easy and becoming more common, there is a risk of being scammed by someone who does not appear to be who they claim to be. Virtual wallets are applications that you can download on your Android or iPhone to make it simple to send and receive money from friends, relatives, and other people. To move money, these apps are connected to a bank account. 

Scammers are always on the lookout for their next victim, and these apps provide them with an ideal opportunity to defraud people of their hard-earned money. Fraudsters have devised a number of strategies for intercepting payments or convincing app users to pay them directly. 

Last year, the Better Business Bureau reported on a new scheme in which con artists send messages requesting the return of unintended payments after making deposits into their victims' accounts. 

When the victim checks their account and discovers these transfers, which were made with stolen credit cards, they refund the funds, by which point the scammer has replaced the stolen credit card credentials with their own. The money is then sent to the fraudster, and the victim is held responsible until the owner of the stolen card files restitution claims. 

In contrast to Cash App and Venmo, PayPal is the oldest form of virtual wallet. In a PayPal scam, the scammer asks a seller to send the things he or she "bought" to a particular address. They discover that the address is invalid after the scammer "pays" for the item and the seller sends the package, but it's too late. 

If the shipping company is unable to locate the address, the item will be marked as undeliverable. The scammer would then contact the shipping company and provide a new address in order to accept the package while claiming they did not receive it. 

The scammer would then collect the item and file a complaint with PayPal claiming that the item was never delivered. PayPal will refund the money charged to the scammer because the buyer has no evidence that the item was shipped. As a result, the seller loses both money and goods to the con artist. 

App developers should take action to protect their users from these types of scams. Multifactor authentication and secondary confirmation, such as emailed security codes, are examples of these safeguards. According to Microsoft research, multifactor authentication will prevent 99.9% of fraud attempts involving compromised login credentials.

Microsoft Detected a BEC Campaign Targeted at More than 120 Organizations

 

Microsoft discovered a large-scale business email compromise (BEC) program that attacked over 120 organizations and used typo-squatted domains that were registered only days before the attacks began. Cybercriminals continue to harass companies in order to deceive recipients into accepting fees, exchanging money, or, in this case, buying gift cards. This kind of email attack is known as business email compromise (BEC), which is a dangerous type of phishing aimed at gaining access to sensitive business data or extorting money via email-based fraud.

In this operation, Microsoft discovered that attackers used typo-squatted domains to make emails appear to come from legitimate senders in the consumer products, process manufacturing, and agriculture, real estate, distinct manufacturing, and professional services industries. 

BEC emails are purposefully crafted to look like regular emails as if they were sent from someone the intended client already knows, but these campaigns are much more complicated than they seem. They necessitate planning, staging, and behind-the-scenes activities. 

"We observed patterns in using the correct domain name but an incorrect TLD, or slightly spelling the company name wrong. These domains were registered just days before this email campaign began," the Microsoft 365 Defender Threat Intelligence Team said. 

Despite the scammers' best efforts, Microsoft found that "the registered domains did not always comply with the company being impersonated in the email." The attackers' surveillance capabilities are evident when they called the targeted workers by their first names, despite their methodology being faulty at times.  

To give authenticity to the phishing emails, scammers used common phishing tactics including bogus responses (improved by also spoofing In-Reply-To and References headers), according to Microsoft.

 
"Filling these headers in made the email appear legitimate and that the attacker was simply replying to the existing email thread between the Yahoo and Outlook user," Microsoft added. "This characteristic sets this campaign apart from most BEC campaigns, where attackers simply include a real or specially crafted fake email, adding the sender, recipient, and subject, in the new email body, making appear as though the new email was a reply to the previous email." 

Though the tactics used by these BEC scammers seem crude, and their phishing messages seem to be clearly malicious, BEC attacks have resulted in record-breaking financial losses per year since 2018. The FBI formed a Recovery Asset Team in 2018 intending to retrieve money that can still be traced and freezing accounts used by fraudsters for illegal BEC transactions.

Centre of Attraction for Scammers : NFTs

 

NFTs - non-fungible token have been around for a few years now, but recent attention has sparked a surge throughout the market. NFTs are all here to stay, according to proponents, as they're more stable. Though enthusiasts may be correct about NFTs' long-term viability, as they may also no longer be a significant part of the art market once the original frenzy subsides. The art market's key elements are authenticity and originality, and NFTs certainly delivers both. 

A non-fungible token (NFT) is a data unit on a digital ledger known as a blockchain that really can represent a single digital object and therefore is not interchangeable. NFTs can be used to depict digital files like art, audio, video, video game objects, and other types of creative work. However, the definition can appear to be fundamentally abstract, it comes down to being able to assert exclusive possession of a collectible. 

"The higher the value of a cryptocurrency, the higher the volume of fraud targeting its users," says Abhilash Garimella, research scientist at fraud prevention firm Bolster.

NFTs can reflect digital possession of almost everything, for instance we can take, Twitter CEO Jack Dorsey's first tweet, Grimes' original art, Marvel artists' exclusive superhero comic drawings, and every other form of artistic work, including videos and audio. The Marvel comics entered the blockchain world, where an Ethereum-based Spiderman NFT was sold for $25,000. And till now the NFT "cryptocurrency collectibles" have sold for more than $100 million. 

Bitcoin and other cryptocurrencies have been questioned, despite proponents believing they are the future of economic systems and opponents dismissing them as nothing but a digital Ponzi scheme. Bitcoin mining is said to use as much energy as used by entire countries. People have become much more hesitant to buy and sell off their assets on the blockchain as they have become more aware of its vast energy requirements. Despite the fact that the blockchain is also said to be safe, there've been numerous cryptocurrency hacks. Both of these factors can deter young people from joining the craze, making it more difficult for NFTs to achieve long-term success. 

Hackers are indeed searching for ways to get as many Bitcoin, Monero, Ethereum, and other valuable digital coins as feasible, as shown by their fondness for ransomware, crypto mining, and hacking through cryptocurrency exchanges and extracting all of their assets in recent times. 

In 2020, two Florida teens and a British man duped a number of people into thinking that the 130 high-profile Twitter accounts they'd took over might potentially double people's bitcoin assets once they'd been collected by Elon Musk and Bill Gates. Many people have fallen for the scam which involves Musk allegedly offering "free" NFTs after victims "verified" themselves by giving a small number of bitcoins "temporarily". This was one of the NFTs scams.

Scammers Disguised as Tesco are Stealing Data Via Phone Scam, Warns Police

 

Wales Police have warned residents of a new phone fraud in which criminals try to trick customers for hundreds of pounds. The scam is brought about by ongoing COVID-19 lockdown restrictions, a time when shopping online and clicking and collecting services have increased enormously. Several people have reported a telephone scam to Dyfed Powys Police, stating that acting fraudsters seemed to be from Tesco. Victims reported that an automatic call has been sent to inform individuals that an order has been placed with Tesco and that £350 is debited. The automatic message continues to say, “if this is not the right amount, please press 1 to go through to our fraud team.” 

Once the frightened victims press ‘1’, they are brought to a scammer who seeks to get as much personal information, including bank details, from them as possible. The police had also cautioned that the scammers seem to be extremely advanced and genuine. Therefore they advised: “If you receive a call like this, it’s best to hang up and either check your Tesco online account yourself or call Tesco directly from a number you have obtained.” 

All in all, the change over the past year to online services and the health and economic complexities resulted in the fraudsters escalating scams. Barclay’s data suggest that impersonation is the highest common form of scam (29 percent ). 

Commenting on the story, Ray Walsh, ProPrivacy's digital data privacy specialist, commented: “These scams rely on clever scripts to convince people that they are being defrauded, so that worried victims hand over sensitive personal data, including their bank details.” 

The fraudsters may even try to persuade the victim to install the software for remote access onto their pc to help delete malware that allowed fake fraud to happen, as per the reports. Anyone who wants to do so will enable cyber-criminals to have direct access to their PC to install any software that steals one’s data. If users receive such a call, they should either verify their own online Tesco account or call Tesco immediately from a number they have received. 

Experts stated that “We remind everyone never to provide their personal information or payment details to anybody who calls them out of the blue, even if they claim to be from a huge brand like Tesco. If you have an order placed with Tesco and you receive a call like this which concerns you, hang up and make an inquiry with Tesco directly to check on the status of your delivery.”

Twitter Ads used by Scammers to Promote Fake Cryptocurrency

 

One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote" an existing tweet in order to promote their own services and information, by showing it to other followers or users on Twitter. The scammers' report on Twitter checked accounts supporting bogus cryptocurrency scams. The scams are allegedly made under the name of these well-known individuals or companies such as Elon Musk's Tesla, Gemini Exchange, Chamath Palihapitiya, and Social Capital. The threat actors have indeed been unbelievably successful with a round of attacks raising over $580,000 in a single week. 

If anyone receives messages from Tesla, Elon Musk, Gemini exchange, Palihapitiya Chamath, Social Capital, or other famous cryptocurrency donations – individuals or companies, they must go as far as they can from such types of posts, because the handles are compromised, and they are scammed. 

Since these scams continue to produce revenue by plundering thousands of dollars via the promotion of Bitcoin, the threat actors are also beginning to threaten other recent prominent cryptocurrencies, including Dogecoin. Dogecoin is the cryptocurrency of Billy Markus and Jackson Palmer, software engineers, who wanted to build an immediate, enjoyable, and conventional banking fees-free payment system. Dogecoin has as its emblem and its name as the face of Shiba Inu dog from the "Doge" memes. 

Twitter users are able to "promote" an ongoing tweet by paying for it being displayed to many other users in their Twitter feeds to advertise its services and content. Security researchers such as Zseano, Jake, and MalwareHunterTeam have found a new technique that crypto-currency fraudsters use, i.e. via tweets on Twitter. 

The technique comprises of the splitting up of URLs so as not to differentiate them by the Twitter algorithms of advertising for fraud. This then brings users to fakes landing pages which have been the social capital; exchanges between Tesla and Gemini, etc. and leads the user to additional real websites with the topics of Tesla or Elon Musk and an address with a Bitcoin, Dogecoin, or Ethereum. Besides, users can send coins to the address and they will actually increase the sum in return. 

Based on some of those scams, a total of $39,628.06 so far has been raised through the use of Bitcoin and Ethereum addresses. Unfortunately, several more cryptocurrency addresses are currently used by scammers, so the created sum is significantly greater. It doesn't mean that it is secure, only because the crypto app is in the app store. Recently, a Trezor-named application has been uploaded to the Apple store. Later, it was discovered to be a scam and the software has been used for phishing passwords and private keys.

BEC Scammer Infects own Device, Exposes their Activity

 

In some media depictions, criminal and state-backed hackers are constantly portrayed as cunning and sophisticated, gliding inexorably toward their most recent information heist. These digital operatives are, obviously, human and inclined to botches that uncover their activity. A North Korean man blamed for hacking Sony Pictures Entertainment in 2014, for instance, mixed his real identity with his alias in registering online accounts, making it simpler for U.S. investigators to track him. 

The latest illustration of blundering digital behavior happened when a scammer contaminated their own gadget, offering researchers a front-row seat to the attacker’s scheme and lessons in how to defend against it. “This is a big failure in their operational security as it gives us direct insight into some of the attacker’s tactics and operation,” said Luke Leal, a researcher at Web security firm Sucuri, which made the discovery.  

The assailant was attempting to complete a business email compromise (BEC), a plan that utilizes spoofed emails to trick individuals into sending crooks money. BEC tricks are so common they represented $1.7 billion in losses reported to the FBI in 2019 — or half of all cybercrime losses reported to the authority. To complete the scam, the scammer required more details on equipment utilized at an anonymous oil organization to make malevolent emails to the organization's workers more believable, Leal wrote in a blog post. That implied planting noxious code on gadgets utilized at the organization to monitor communications.

Simultaneously, be that as it may, the attacker obviously neglected to eliminate the malevolent code they put on their own gadget, maybe for testing purposes, giving Leal's team a window into the attacker’s machinations and frustrations. Since it was tainted by the malware, the gadget was sending screenshots back to the control panel the hacker was utilizing in the scam. The researchers saw emails the attacker sent to targeted employees and how they spread out payment demands over various invoices to make the scam more believable. Another such incident took place in 2016 when a couple of security researchers uncovered a Nigerian scammer, that they said operated a new kind of attack called “wire-wire”, this was after a couple of its individuals unintentionally infected themselves with their own malware.

Scammers are Tricking Consumers via QR Code Phishing Campaign

 

QR codes - the little Digi squares, an effective tool for contactless transactional activities especially during the Covid-19 pandemic. Quick Response (QR) codes were originally developed back in the mid-nineties for utilization in the Japanese auto-making industry as a swift, machine-readable technique to reserve information regarding a specific item, whether for production, inventory, or eventual scale. 

QR code is the most convenient method to pay or receive money and this tool has seemed to grow exponentially in the last 5 years, mainly due to the explosion in the popularity of smartphones over the past decade. Most of the modern-day Android and iOS camera apps read the codes naturally unlike the previous years where the users have to download a particular QR code-scanning apps to access the information programmed into the tiny squares.

The biggest concern begins when fraudsters start to use QR codes as a doorway to secure consumers' private information regarding bank details, private messages, etc. So how to identify what’s hidden in the QR codes and gain the necessary knowledge to identify a fraudulent one?

The popular method used by the fraudsters is to send texts to the consumers like – ‘Congratulations! You have won 2000 Rs.’ along with the picture of the QR code. This text will prompt the consumers to scan the QR code, enter the amount which will redirect the consumers to the UPI PIN page to receive the money in their account. Most of the consumers with less awareness are trapped in the net laid by the scammers and end up paying the scammer the amount.

The next popular method used by scammers to trick the consumers is to embed a fake QR code into a phishing email, text, or via social media platform. If the consumer scans the fake code which will redirect the consumer to the website with realistic-looking landing pages and the consumer will prompt the consumer to login via PII (personally identifiable information). A fabricated QR code has the ability to take the consumer to the websites where malware can be automatically installed and used to steal critical information from the consumers’ device or even share spyware or viruses.

Three methods to prevent yourself from QR code scam 

1.) Read the message carefully and pay attention to the small details while making transactions via QR code. 

2.) The device used for making payments should be updated frequently and install security software. If any suspicion arises immediately get in touch with your bank and request them to alter your login credentials.

 3.) If the problem is severe you can contact the police and register a formal complaint with the cyber cell, the consumer can also register an online complaint on the National Cybercrime Reporting Portal – cybercrime.gov.in.

FBI Warns Victims Against Scammers Threating with Jail Time

 

Recently the US FBI has noted an increase in phone calls that usually spoof the Bureau’s telephone number. The actors pretend to be FBI officers and ask the victims for their personal information. The FBI headquarters’ number sometimes is "spoof" or false, so that the call appears to originate from the FBI on the calling ID of the destination. In this scam, fraudulent callers posing as an agent of the FBI ask for the personal information of the recipient. These calls are however fraudulent; any genuine law enforcement officer would not ask a citizen for their personal information. The FBI describes this form of fraud as impersonation fraud, which revolves around criminals attempting to raise money. 

The FBI says that the criminals at times attempt to ransom victims to gain publicly identifiable information, whether physical or financial. The scammers are getting more subtle, coordinated, technologically advanced, and are mostly focusing on young and elderly people. 

The most recent case holds the actors acting as FBI agents and threatening their targets with fines and jail times, unless and until the target accords any piece of personal information to the actor. The FBI alerted that the organization has been notified of many such incidents where the actor attempts to steal their personal details. Seemingly, most of the fraudsters are targeting people from North Florida.  

One of the victims of the fraud claimed that scammers first contacted him as a representative of sweepstakes to agree on giving out confidential information in return for a big prize. Following a failure to distribute all the information sought, a second scammer who impersonated an FBI officer called the victim and demanded the same information to help target the sweepstakes organization in its investigation. In another case, the victim was contacted by a threat actor posing to be an FBI representative and asked for personal information. 

"The caller claimed to have an immediate need for personal information about the victim—to include financial account numbers—in order to eliminate the victim as a suspect in the alleged crime," stated the FBI. "When the victim declined to provide the information, the caller threatened fines and jail time." 

In regards to such incidents, the FBI advises the targets to reach out to the nearest local office to verify the incident and help in the further investigation to solve the case. They also said that none of the FBI agents would ever ask for money or personal information and therefore one must be vigilant against such scams.

NHS Urged Public to Remain Vigilant Regarding Fake Covid-19 Vaccinations

 

Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine.

NHS has alerted the public by tweeting on their official account that no registration is required for the real vaccination. We would never ask for bank details, verification of documents such as your passport, driving license, bills, or payslips, and no payment is required for the vaccination.

The multiple variants of phishing emails are floating around the internet but they all point towards the NHS, claiming a message from the NHS website ‘noreply@nhs.gov.uk’ (the original NHS website is NHS.uk). Scammers are using mail subject identical to “IMPORTANT – Public Health Message. Decide whether if you want to be vaccinated”.
 
Cybersecurity consultant Daniel Card explained that traffic data is suggesting fraudsters have tricked thousands of recipients to click on the fake website but it remains unclear how many recipients have filled in the form. National Cyber Security Centre and Action Fraud have urged people to report scam emails or texts.

Health secretary Matt Hancock stated that “vaccines are our way out of this pandemic, it is vital that we do not let a small number of unscrupulous fraudsters undermine the huge team effort underway across the country to protect millions of people from this terrible disease”.

This was not the first phishing campaign related to the covid-19 vaccination, at the start of this month fraudsters sent bogus text messages to the recipients posing to be from the NHS and asking recipients to register for a vaccine and provide bank details for verification.

Patrons Become Victim to Depop Hacks

 

Since the lockdown started in March, there has been a significant spike in online shopping. This has become a big attraction for people looking for items on famous sites and apps. However, like every online shopping app, there could be issues for consumers, such as hacking, data breach, cyber fraud, etc. And this pandemic came out as a golden opportunity for the Scammers since they have managed to continue plaguing a variety of internet resources. 

One "have a go" tactic of the hackers is "credential stuffing" which requires the use of automated software to log into accounts repeatedly, entering previously uncovered usernames and login information from data breaches of other common online services. However, this dupe won't work if a person doesn't have the same password on many sites or has changed their passwords after being subjected to a data breach. 

One such incident of hacking and data breach has happened with 21 years old, Birmingham based law student, Amelia Strike who was unknowingly logged out of her Depop social shopping app account in October. Regarding which she said that "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed and I realized something wasn't right”, further adding, "I just felt so violated”. 

Later she received a post from a stranger on Instagram, alerting that her account had been taken over by a hacker auctioning Apple Air Pod headphone for £50. She also figured out that the hacker was scamming a lot of Depop customers under her name. The hacker was instructing the patrons to make the payment via PayPal’s “Friend and Family” option. Well, this method of payment overrides Depop's fees and does not offer any protection to buyers. 

She was fast enough to act against the scammer by using her brother’s Depop account and commenting on the offending post and contact for help from the app firm. Her query was noticed, and the firm removed the posts done by the hacker, within few hours and her password was reset. Amelia Strike notices at least three Depop patrons who had made payment by the unauthorized method to the hacker. 

In Amelia Strike's case, to get users to believe scam listing, the hacker even uploaded a picture of her name to a post-it note next to the headphones that were allegedly for sale. This is a common technique used by people selling second-hand goods online to show that images have not been taken from another listing. 

Nevertheless, she is not only the one whose Depop account was hacked, other 14 users have also reported similar cases. And in all such cases, the fraudsters insisted that they be charged directly rather than via the app. Further Depop has requested the patrons to pay via the authentic method and has stated, “We consistently communicate this to our community and reinforce that the only safe way to purchase is on the Depop app or website via the buy button.”

Attackers Hacked the Digital Pass System of Moscow residents


Moscow's residents are warned about scammers who offer to issue digital passes for moving around the city on social networks

Recall that on last week Moscow Mayor Sergei Sobyanin and Moscow Region Governor Andrei Vorobyov signed a decree according to which special digital passes are introduced for trips in Moscow and the Moscow Region on personal and public transport. Quarantine residents of Moscow will need to receive a QR code on the City Hall website for each exit from their homes. QR codes can begin to be issued on Monday, April 13, 2020.

A bot appeared in Telegram that offers citizens to get a digital pass through the messenger. It asks for the phone number and personal data of the citizen, including passport. Also, hackers offer to issue a pass on social networks.

Moreover, Telegram channel 4chan posted information that while the QR code issuing system was in beta testing, unknown hackers managed to hack it.

"The program for generating QR codes for quarantine from the Moscow government has not yet left the beta test, but it has already been hacked and generated universal promotional codes that will allow you to go around Moscow unlimited," the channel authors write.

The author of the microblog @A_Kapustin in the social network Twitter managed to post several electronic passes. Some of them, according to the user, allows you to walk within a kilometer from home, and others give the owner the opportunity to freely walk around Moscow. Some QR codes are already blocked, according to the author, but new generations appear in the network.

At the same time, scammers became active in another segment. Russians began to receive SMS messages notifying them of violations of their self-isolation regime and demanding to pay a fine for these offenses.

Experts believe that the situation is complicated, because the Russians do not have time to follow the rules that the authorities of a particular region introduce, which means they are afraid to make something wrong. This is used by scammers, organizing entire schemes using SMS, social networks and messengers. The goal is to get access to data for emptying Bank cards.

The scammers started to use fake video to steal money of the Russians



Fake videos appeared on the Internet with overlapping faces and voices of famous people with the help of which scammers steal funds. IT company JET warned Russians about this.

"A relatively new phenomenon deep fake has appeared on the network, it is fake videos with overlapping faces and voices of famous people on videos of various contents using Deep Learning technologies. This technology allows you to replace the movement of the lips and human speech on the video. It is difficult for an ordinary user to identify such fakes, and many take them for the truth," the company said.

Experts of the company found in the network fraudulent video using the image of the Russian showman and actor Dmitry Nagiyev, where he offers to visit a certain site and get a prize or cash reward. The company said that site visitors may lose money.

The company JET noted that the victims got to the portal with the generated domain name. Such sites only work for a couple of days, but criminals constantly open new ones.

According to Anna Oleinikova, an expert on neural networks in the company JET, deep fake is an extremely serious threat. "The range of malicious use of deep fake and similar technologies is very wide: blackmail, discrediting of media persons and politicians, unfair competition in business and politics," she said.

At the same time, the company notes that ordinary users can try to identify fakes, based on several signs. So, on fraudulent videos all the time eyes are open or half-closed, and around the head at sharp movements and change of lighting there are strange loops.

In turn, Stanislav Ashmanov, the head of the company "Neural networks of Ashmanov", said that it is very difficult to create believable deep fake. This requires a lot of different data and a complex algorithm. Now everything that appears on the Network suffers from a lack of quality and looks quite improbable.

“In my opinion, technology has not yet been completely improved to make video indistinguishable from reality, cheap and easy,” he added.

Hackers stole money from Kukuruza(Kykyryza) cards using Apple Pay


83 Kykyryza(Kukuruza) cardholders suffered from the theft of funds. The fraudsters gained access to the logins and passwords from the mobile and Internet banking, and then they connected Apple Pay and withdrew funds. Now the problem is solved, the money is returned.

The Kykyryza card is a multifunctional bonus payment card, which is offered to its customers by the United Russian company Svyaznoy/Euroset. The card works in the Mastercard payment system.

Since May 2 complaints of Kykyryza cardholders about the theft of their funds began to appear on the website Banki.ru. Victims of the attack received SMS that their card is connected to Apple Pay, immediately after that, the money was withdrawn to the Tele2* number. All victims indicate that they did not receive SMS or Push-notifications with a verification code to connect to Apple Pay.

It turned out that hackers attacked a social service, where they received data about the owners of Kykyryza cards to log into the account and then they checked if the victims used the same username and password in the mobile or Internet Bank. If the data was the same, then the attackers connected mobile application Kykyryza to the Apple Pay and proceeded to withdraw money.

The company Svyaznoy/Euroset confirmed the theft of funds from Kykyryza card owners, noting that the number of victims is small, as only 20 million cards were issued. According to Alexander Malis, the SEO of the company, only 83 cardholders suffered.

“The hackers stole about 2 million rubles ($ 31 000),— said Mr. Malis.— The stolen funds were already returned to all the victims.”

Vladimir Dryukov, the Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the mobile application with this method of theft showed two serious vulnerabilities — the lack of protection from the change device when you log in to the mobile Bank and the lack of protection from the selection of the numbers.

However, according to Mr. Malis, Kykyryza card showed a high level of security in the conditions of a mass attack. He also clarified that a special update has already been released, which will not allow an unauthorized user to change the mobile device.

Scammers disguise themselves as divisions of the Central Bank of Russia


Cyber Criminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

The attackers disguised themselves as divisions of the Central Bank FinCERT and Alfacapital. It is known that the attacks were carried out by hacker groups Silence and Cobalt, who had previously organized cybercrime. Also along with them operated a new hacker group, which had not been seen before.

The scheme of crimes was the same: the scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

Representatives of many banks confirm the frequent attacks. The criminals tried to penetrate the infrastructure of the financial organization for the withdrawal of money.

The IT-company Positive Technologies conducted their own statistics and found that over 201 million people suffered from such attacks in 2018.

Moreover, banking infrastructure was attacked in 78% of cases, web resources - 13 %, ATMs and POS-terminals - 9 %, personal data - 39% , credential theft , card information, trade secret - 5%, personal correspondence and other information - 8%.

In addition, on February 18, Kaspersky Lab recorded an increase in attacks by Buhtrap and RTM banking Trojans in Russia. At the end of last year, experts recorded an increase in the activity of the banking Trojan RTM 50 times, compared to 2017.