Security News
A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.
Seasoned fraud expert PJ Rohall has recently become the new Head of Fraud Strategy & Education at SEON. In this Help Net Security interview, he talks about how he entered the industry, about the evolving fraud landscape, and offers advice to other fraud fighters. Do former fraudsters make the best fraud fighters? What attributes do good fraud fighters have in common?
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "Complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent.
Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. In a report today, Microsoft shares technical details on how toll fraud malware works and how it can be prevented on Android.
Pre-pandemic, most online fraud was committed by individuals or small groups and were straightforward attempts to access individual's data or business accounts or were applicant-level identity fraud. It's rarely one-and-done with fraud rings as they thrive like any other business by creating repeatable solutions and seeking out ideal "Customers." Once a fraud ring identifies a weakness in a technology, outdated legacy fraud detection stacks, or poor process and procedures in place, they'll continue to commit fraud until the vulnerability is closed.
The FTC has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "Hundreds of millions of dollars." The FTC wants the courts to order Walmart to return the money to victims and make the corporation cough up penalties for, in the regulator's view, breaking the FTC Act and Telemarketing and Consumer Fraud and Abuse Prevention Act.
Interestingly, the expectations for a friction-free journey have made financial institutions rethink the false dichotomy between maintaining stringent security and a positive customer experience. Savvy financial institutions are realizing that they don't need to choose between customer experience and fraud loss; rather, they need to identify and implement more efficient and effective tools when it comes to verifying with whom they are conducting business.
Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection's first quarter Identity Fraud in Focus report. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft - and therefore are not counted toward Allstate Identity Protection case counts - they are nonetheless burdensome and costly to victims.
Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe. In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.
The Identity Theft Resource Center and LexisNexis Risk Solutions have released the Pandemic-Related Identity Fraud Crime Victim Impacts Report, which shows how individuals and government agencies have been impacted since 2020 by an unprecedented wave of government benefits identity fraud. "We speak with identity crime victims every day at the ITRC," said Eva Velasquez, President and CEO of the Identity Theft Resource Center.