Security News
Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU. The crime group created over 100 fake "Phishing" sites targeting users in France, Spain, Poland, the Czech Republic, Portugal, and other European countries, enticing them with products below market prices. Orders placed by the victims didn't correspond to actual purchases, while the threat actors stole credit card details they entered on the phony sites.
For context, digital skimming attacks occur when threat actors deploy malicious code onto a merchant website where they target their checkout pages to scrape and harvest consumer payment account data, such as primary account number, card verification value, expiration date and personally identifiable information. Cryptocurrency bridge services were a favored target for threat actors in 2022 and from January through early October 2022, the cryptocurrency ecosystem experienced 13 separate bridge attacks totaling $2B. What can payment processors and e-commerce merchants do to help protect themselves against enumeration attacks?
Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. "The well-known IcedID version consists of an initial loader which contacts a Loader server, downloads the standard DLL Loader, which then delivers the standard IcedID Bot," Proofpoint said in a new report published Monday.
New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. Proofpoint has identified two new variants of the IcedID loader, namely "Lite" and "Forked", both delivering the same IcedID bot with a more narrow-focused feature set.
Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence and facial morphing technology. With the increased availability of visual editors and printing devices, attempting to use face morphing for cheating identity verification systems has never been as easy as today.
Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "Sprawling and complex scheme to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers." One of Guo's operations was called Himalaya Exchange.
Keeping up with financial fraud is incredibly difficult because accurate fraud detection requires a deep, real-time analysis of all the events surrounding a transaction. Teams need to have a portfolio of techniques to call upon, a centralized structure for identifying and combatting threats, and an agile approach to fight cyber-attacks and financial fraud.
There is no universally accepted definition of synthetic identity fraud, in part because this type of fraud often overlaps with first-party fraud and identity theft. Fraud controls on deposit accounts are often less rigorous, and once a criminal has established a deposit account, they may be offered a credit account with little identity verification.
Three of the principals of an Australian scheme that offered free payroll services to tech contractors have been found guilty of conspiring to defraud the Commonwealth and conspiring to deal with the proceeds of crime. Plutus Payroll claimed it could offer a free service because it was paid in advance by employers that hired contractors, and was not obliged to make income tax payments instantly.
The U.S. Federal Trade Commission revealed today that Americans lost almost $8.8 billion to various types of scams in 2022, following a significant surge of over 30% more lost to fraud compared to the previous year. In 2021, Americans also reported losses of more than $5.8 billion to fraud, another massive increase of over 70% compared to 2020.