Security News

Two Florida residents will spend years behind bars and pay more than half a million dollars for wire fraud and identity theft, among other illicit deeds, for running COVID-19 scams. US District Judge William Jung on Friday sentenced Randy Xavier Jones, a 34-year-old man of Sarasota, Florida, to five years and one month in federal prison for wire fraud and aggravated identity theft.

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing.

In the first half of 2022, BioCatch estimates fraudulent transfers to money mule accounts totaled $3 billion and that there are approximately 2 million mule accounts in the US. Additionally, researchers found that the average mule transaction amount is $1,500 - a low amount to avoid detection when executing mule campaigns at a large scale. In this Help Net Security video, Erin Englund, Threat Analytics Lead at BioCatch, explains what money mules are, why are they becoming so prevalent, and how we can defend against them.

A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.

Seasoned fraud expert PJ Rohall has recently become the new Head of Fraud Strategy & Education at SEON. In this Help Net Security interview, he talks about how he entered the industry, about the evolving fraud landscape, and offers advice to other fraud fighters. Do former fraudsters make the best fraud fighters? What attributes do good fraud fighters have in common?

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "Complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent.

Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. In a report today, Microsoft shares technical details on how toll fraud malware works and how it can be prevented on Android.

Pre-pandemic, most online fraud was committed by individuals or small groups and were straightforward attempts to access individual's data or business accounts or were applicant-level identity fraud. It's rarely one-and-done with fraud rings as they thrive like any other business by creating repeatable solutions and seeking out ideal "Customers." Once a fraud ring identifies a weakness in a technology, outdated legacy fraud detection stacks, or poor process and procedures in place, they'll continue to commit fraud until the vulnerability is closed.

The FTC has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "Hundreds of millions of dollars." The FTC wants the courts to order Walmart to return the money to victims and make the corporation cough up penalties for, in the regulator's view, breaking the FTC Act and Telemarketing and Consumer Fraud and Abuse Prevention Act.

Interestingly, the expectations for a friction-free journey have made financial institutions rethink the false dichotomy between maintaining stringent security and a positive customer experience. Savvy financial institutions are realizing that they don't need to choose between customer experience and fraud loss; rather, they need to identify and implement more efficient and effective tools when it comes to verifying with whom they are conducting business.