Search This Blog

Showing posts with label Scammers. Show all posts

Scammers are Tricking Consumers via QR Code Phishing Campaign

 

QR codes - the little Digi squares, an effective tool for contactless transactional activities especially during the Covid-19 pandemic. Quick Response (QR) codes were originally developed back in the mid-nineties for utilization in the Japanese auto-making industry as a swift, machine-readable technique to reserve information regarding a specific item, whether for production, inventory, or eventual scale. 

QR code is the most convenient method to pay or receive money and this tool has seemed to grow exponentially in the last 5 years, mainly due to the explosion in the popularity of smartphones over the past decade. Most of the modern-day Android and iOS camera apps read the codes naturally unlike the previous years where the users have to download a particular QR code-scanning apps to access the information programmed into the tiny squares.

The biggest concern begins when fraudsters start to use QR codes as a doorway to secure consumers' private information regarding bank details, private messages, etc. So how to identify what’s hidden in the QR codes and gain the necessary knowledge to identify a fraudulent one?

The popular method used by the fraudsters is to send texts to the consumers like – ‘Congratulations! You have won 2000 Rs.’ along with the picture of the QR code. This text will prompt the consumers to scan the QR code, enter the amount which will redirect the consumers to the UPI PIN page to receive the money in their account. Most of the consumers with less awareness are trapped in the net laid by the scammers and end up paying the scammer the amount.

The next popular method used by scammers to trick the consumers is to embed a fake QR code into a phishing email, text, or via social media platform. If the consumer scans the fake code which will redirect the consumer to the website with realistic-looking landing pages and the consumer will prompt the consumer to login via PII (personally identifiable information). A fabricated QR code has the ability to take the consumer to the websites where malware can be automatically installed and used to steal critical information from the consumers’ device or even share spyware or viruses.

Three methods to prevent yourself from QR code scam 

1.) Read the message carefully and pay attention to the small details while making transactions via QR code. 

2.) The device used for making payments should be updated frequently and install security software. If any suspicion arises immediately get in touch with your bank and request them to alter your login credentials.

 3.) If the problem is severe you can contact the police and register a formal complaint with the cyber cell, the consumer can also register an online complaint on the National Cybercrime Reporting Portal – cybercrime.gov.in.

FBI Warns Victims Against Scammers Threating with Jail Time

 

Recently the US FBI has noted an increase in phone calls that usually spoof the Bureau’s telephone number. The actors pretend to be FBI officers and ask the victims for their personal information. The FBI headquarters’ number sometimes is "spoof" or false, so that the call appears to originate from the FBI on the calling ID of the destination. In this scam, fraudulent callers posing as an agent of the FBI ask for the personal information of the recipient. These calls are however fraudulent; any genuine law enforcement officer would not ask a citizen for their personal information. The FBI describes this form of fraud as impersonation fraud, which revolves around criminals attempting to raise money. 

The FBI says that the criminals at times attempt to ransom victims to gain publicly identifiable information, whether physical or financial. The scammers are getting more subtle, coordinated, technologically advanced, and are mostly focusing on young and elderly people. 

The most recent case holds the actors acting as FBI agents and threatening their targets with fines and jail times, unless and until the target accords any piece of personal information to the actor. The FBI alerted that the organization has been notified of many such incidents where the actor attempts to steal their personal details. Seemingly, most of the fraudsters are targeting people from North Florida.  

One of the victims of the fraud claimed that scammers first contacted him as a representative of sweepstakes to agree on giving out confidential information in return for a big prize. Following a failure to distribute all the information sought, a second scammer who impersonated an FBI officer called the victim and demanded the same information to help target the sweepstakes organization in its investigation. In another case, the victim was contacted by a threat actor posing to be an FBI representative and asked for personal information. 

"The caller claimed to have an immediate need for personal information about the victim—to include financial account numbers—in order to eliminate the victim as a suspect in the alleged crime," stated the FBI. "When the victim declined to provide the information, the caller threatened fines and jail time." 

In regards to such incidents, the FBI advises the targets to reach out to the nearest local office to verify the incident and help in the further investigation to solve the case. They also said that none of the FBI agents would ever ask for money or personal information and therefore one must be vigilant against such scams.

NHS Urged Public to Remain Vigilant Regarding Fake Covid-19 Vaccinations

 

Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine.

NHS has alerted the public by tweeting on their official account that no registration is required for the real vaccination. We would never ask for bank details, verification of documents such as your passport, driving license, bills, or payslips, and no payment is required for the vaccination.

The multiple variants of phishing emails are floating around the internet but they all point towards the NHS, claiming a message from the NHS website ‘noreply@nhs.gov.uk’ (the original NHS website is NHS.uk). Scammers are using mail subject identical to “IMPORTANT – Public Health Message. Decide whether if you want to be vaccinated”.
 
Cybersecurity consultant Daniel Card explained that traffic data is suggesting fraudsters have tricked thousands of recipients to click on the fake website but it remains unclear how many recipients have filled in the form. National Cyber Security Centre and Action Fraud have urged people to report scam emails or texts.

Health secretary Matt Hancock stated that “vaccines are our way out of this pandemic, it is vital that we do not let a small number of unscrupulous fraudsters undermine the huge team effort underway across the country to protect millions of people from this terrible disease”.

This was not the first phishing campaign related to the covid-19 vaccination, at the start of this month fraudsters sent bogus text messages to the recipients posing to be from the NHS and asking recipients to register for a vaccine and provide bank details for verification.

Patrons Become Victim to Depop Hacks

 

Since the lockdown started in March, there has been a significant spike in online shopping. This has become a big attraction for people looking for items on famous sites and apps. However, like every online shopping app, there could be issues for consumers, such as hacking, data breach, cyber fraud, etc. And this pandemic came out as a golden opportunity for the Scammers since they have managed to continue plaguing a variety of internet resources. 

One "have a go" tactic of the hackers is "credential stuffing" which requires the use of automated software to log into accounts repeatedly, entering previously uncovered usernames and login information from data breaches of other common online services. However, this dupe won't work if a person doesn't have the same password on many sites or has changed their passwords after being subjected to a data breach. 

One such incident of hacking and data breach has happened with 21 years old, Birmingham based law student, Amelia Strike who was unknowingly logged out of her Depop social shopping app account in October. Regarding which she said that "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed and I realized something wasn't right”, further adding, "I just felt so violated”. 

Later she received a post from a stranger on Instagram, alerting that her account had been taken over by a hacker auctioning Apple Air Pod headphone for £50. She also figured out that the hacker was scamming a lot of Depop customers under her name. The hacker was instructing the patrons to make the payment via PayPal’s “Friend and Family” option. Well, this method of payment overrides Depop's fees and does not offer any protection to buyers. 

She was fast enough to act against the scammer by using her brother’s Depop account and commenting on the offending post and contact for help from the app firm. Her query was noticed, and the firm removed the posts done by the hacker, within few hours and her password was reset. Amelia Strike notices at least three Depop patrons who had made payment by the unauthorized method to the hacker. 

In Amelia Strike's case, to get users to believe scam listing, the hacker even uploaded a picture of her name to a post-it note next to the headphones that were allegedly for sale. This is a common technique used by people selling second-hand goods online to show that images have not been taken from another listing. 

Nevertheless, she is not only the one whose Depop account was hacked, other 14 users have also reported similar cases. And in all such cases, the fraudsters insisted that they be charged directly rather than via the app. Further Depop has requested the patrons to pay via the authentic method and has stated, “We consistently communicate this to our community and reinforce that the only safe way to purchase is on the Depop app or website via the buy button.”

Attackers Hacked the Digital Pass System of Moscow residents


Moscow's residents are warned about scammers who offer to issue digital passes for moving around the city on social networks

Recall that on last week Moscow Mayor Sergei Sobyanin and Moscow Region Governor Andrei Vorobyov signed a decree according to which special digital passes are introduced for trips in Moscow and the Moscow Region on personal and public transport. Quarantine residents of Moscow will need to receive a QR code on the City Hall website for each exit from their homes. QR codes can begin to be issued on Monday, April 13, 2020.

A bot appeared in Telegram that offers citizens to get a digital pass through the messenger. It asks for the phone number and personal data of the citizen, including passport. Also, hackers offer to issue a pass on social networks.

Moreover, Telegram channel 4chan posted information that while the QR code issuing system was in beta testing, unknown hackers managed to hack it.

"The program for generating QR codes for quarantine from the Moscow government has not yet left the beta test, but it has already been hacked and generated universal promotional codes that will allow you to go around Moscow unlimited," the channel authors write.

The author of the microblog @A_Kapustin in the social network Twitter managed to post several electronic passes. Some of them, according to the user, allows you to walk within a kilometer from home, and others give the owner the opportunity to freely walk around Moscow. Some QR codes are already blocked, according to the author, but new generations appear in the network.

At the same time, scammers became active in another segment. Russians began to receive SMS messages notifying them of violations of their self-isolation regime and demanding to pay a fine for these offenses.

Experts believe that the situation is complicated, because the Russians do not have time to follow the rules that the authorities of a particular region introduce, which means they are afraid to make something wrong. This is used by scammers, organizing entire schemes using SMS, social networks and messengers. The goal is to get access to data for emptying Bank cards.

The scammers started to use fake video to steal money of the Russians



Fake videos appeared on the Internet with overlapping faces and voices of famous people with the help of which scammers steal funds. IT company JET warned Russians about this.

"A relatively new phenomenon deep fake has appeared on the network, it is fake videos with overlapping faces and voices of famous people on videos of various contents using Deep Learning technologies. This technology allows you to replace the movement of the lips and human speech on the video. It is difficult for an ordinary user to identify such fakes, and many take them for the truth," the company said.

Experts of the company found in the network fraudulent video using the image of the Russian showman and actor Dmitry Nagiyev, where he offers to visit a certain site and get a prize or cash reward. The company said that site visitors may lose money.

The company JET noted that the victims got to the portal with the generated domain name. Such sites only work for a couple of days, but criminals constantly open new ones.

According to Anna Oleinikova, an expert on neural networks in the company JET, deep fake is an extremely serious threat. "The range of malicious use of deep fake and similar technologies is very wide: blackmail, discrediting of media persons and politicians, unfair competition in business and politics," she said.

At the same time, the company notes that ordinary users can try to identify fakes, based on several signs. So, on fraudulent videos all the time eyes are open or half-closed, and around the head at sharp movements and change of lighting there are strange loops.

In turn, Stanislav Ashmanov, the head of the company "Neural networks of Ashmanov", said that it is very difficult to create believable deep fake. This requires a lot of different data and a complex algorithm. Now everything that appears on the Network suffers from a lack of quality and looks quite improbable.

“In my opinion, technology has not yet been completely improved to make video indistinguishable from reality, cheap and easy,” he added.

Hackers stole money from Kukuruza(Kykyryza) cards using Apple Pay


83 Kykyryza(Kukuruza) cardholders suffered from the theft of funds. The fraudsters gained access to the logins and passwords from the mobile and Internet banking, and then they connected Apple Pay and withdrew funds. Now the problem is solved, the money is returned.

The Kykyryza card is a multifunctional bonus payment card, which is offered to its customers by the United Russian company Svyaznoy/Euroset. The card works in the Mastercard payment system.

Since May 2 complaints of Kykyryza cardholders about the theft of their funds began to appear on the website Banki.ru. Victims of the attack received SMS that their card is connected to Apple Pay, immediately after that, the money was withdrawn to the Tele2* number. All victims indicate that they did not receive SMS or Push-notifications with a verification code to connect to Apple Pay.

It turned out that hackers attacked a social service, where they received data about the owners of Kykyryza cards to log into the account and then they checked if the victims used the same username and password in the mobile or Internet Bank. If the data was the same, then the attackers connected mobile application Kykyryza to the Apple Pay and proceeded to withdraw money.

The company Svyaznoy/Euroset confirmed the theft of funds from Kykyryza card owners, noting that the number of victims is small, as only 20 million cards were issued. According to Alexander Malis, the SEO of the company, only 83 cardholders suffered.

“The hackers stole about 2 million rubles ($ 31 000),— said Mr. Malis.— The stolen funds were already returned to all the victims.”

Vladimir Dryukov, the Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the mobile application with this method of theft showed two serious vulnerabilities — the lack of protection from the change device when you log in to the mobile Bank and the lack of protection from the selection of the numbers.

However, according to Mr. Malis, Kykyryza card showed a high level of security in the conditions of a mass attack. He also clarified that a special update has already been released, which will not allow an unauthorized user to change the mobile device.

Scammers disguise themselves as divisions of the Central Bank of Russia


Cyber Criminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

The attackers disguised themselves as divisions of the Central Bank FinCERT and Alfacapital. It is known that the attacks were carried out by hacker groups Silence and Cobalt, who had previously organized cybercrime. Also along with them operated a new hacker group, which had not been seen before.

The scheme of crimes was the same: the scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

Representatives of many banks confirm the frequent attacks. The criminals tried to penetrate the infrastructure of the financial organization for the withdrawal of money.

The IT-company Positive Technologies conducted their own statistics and found that over 201 million people suffered from such attacks in 2018.

Moreover, banking infrastructure was attacked in 78% of cases, web resources - 13 %, ATMs and POS-terminals - 9 %, personal data - 39% , credential theft , card information, trade secret - 5%, personal correspondence and other information - 8%.

In addition, on February 18, Kaspersky Lab recorded an increase in attacks by Buhtrap and RTM banking Trojans in Russia. At the end of last year, experts recorded an increase in the activity of the banking Trojan RTM 50 times, compared to 2017.