Security News
There is no universally accepted definition of synthetic identity fraud, in part because this type of fraud often overlaps with first-party fraud and identity theft. Fraud controls on deposit accounts are often less rigorous, and once a criminal has established a deposit account, they may be offered a credit account with little identity verification.
Three of the principals of an Australian scheme that offered free payroll services to tech contractors have been found guilty of conspiring to defraud the Commonwealth and conspiring to deal with the proceeds of crime. Plutus Payroll claimed it could offer a free service because it was paid in advance by employers that hired contractors, and was not obliged to make income tax payments instantly.
The U.S. Federal Trade Commission revealed today that Americans lost almost $8.8 billion to various types of scams in 2022, following a significant surge of over 30% more lost to fraud compared to the previous year. In 2021, Americans also reported losses of more than $5.8 billion to fraud, another massive increase of over 70% compared to 2020.
FTX founder Sam Bankman-Fried's eight-count indictment related to the collapse of his crypto empire has been superseded by a new 12-count indictment unsealed in New York which provide graphic details about the extent the defunct biz paid off politicians. According to the superseding indictment [PDF], SBF "Corrupted the operations of the cryptocurrency companies he founded and controlled through a pattern of fraudulent schemes that victimized FTX customers, investors, financial institutions, lenders and the [FEC]."
Europol has dismantled a Franco-Israeli 'CEO fraud' group that employed business email compromise attacks to divert payments from organizations to bank accounts under the threat actor's control. The fraudsters impersonated CEOs when approaching employees in the target organizations' financial departments and tricked them into performing payments to bank accounts under the scammer's control.
8 suspects arrested Seizures include: electronic equipment and vehicles, about EUR 3 million from Portuguese bank accounts, EUR 1.1 million from Hungarian bank accounts, EUR 600 000 from Croatian bank accounts, EUR 400 000 from Spanish bank accounts, EUR 350 000 in virtual currencies. The total value of the seizures is estimated at about EUR 5.5 million.
The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," Sucuri researcher Ben Martin said in a report published last week.
Samsung classified the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month. Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung.
Researchers have shut down an "Expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views," fraud prevention firm HUMAN said.
A massive ad fraud operation dubbed 'Vastflux' that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at cybersecurity company HUMAN. The operation's name was derived from the VAST ad-serving template and the "Fast flux" evasion technique used to conceal malicious code by rapidly changing a large number of IP addresses and DNS records associated with a single domain. The research team at HUMAN discovered Vastflux while investigating a separate ad fraud scheme.