Security News
As the popularity of Buy Now, Pay Later grows, organizations and consumers must remain vigilant or risk becoming a victim of fraud, as account takeover attacks - where cybercriminals take ownership of online accounts using stolen passwords and usernames - surged by 148% last year. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses how organizations need to prepare for fraudulent BNPL activity.
A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges. According to court documents [PDF], Paunescu allegedly ran a "Bulletproof hosting" service using computers in Romania, America, and other locations to help cybercriminals distribute Gozi and other malware including the Zeus Trojan and SpyEye Trojan.
Two Florida residents will spend years behind bars and pay more than half a million dollars for wire fraud and identity theft, among other illicit deeds, for running COVID-19 scams. US District Judge William Jung on Friday sentenced Randy Xavier Jones, a 34-year-old man of Sarasota, Florida, to five years and one month in federal prison for wire fraud and aggravated identity theft.
Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing.
In the first half of 2022, BioCatch estimates fraudulent transfers to money mule accounts totaled $3 billion and that there are approximately 2 million mule accounts in the US. Additionally, researchers found that the average mule transaction amount is $1,500 - a low amount to avoid detection when executing mule campaigns at a large scale. In this Help Net Security video, Erin Englund, Threat Analytics Lead at BioCatch, explains what money mules are, why are they becoming so prevalent, and how we can defend against them.
A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.
Seasoned fraud expert PJ Rohall has recently become the new Head of Fraud Strategy & Education at SEON. In this Help Net Security interview, he talks about how he entered the industry, about the evolving fraud landscape, and offers advice to other fraud fighters. Do former fraudsters make the best fraud fighters? What attributes do good fraud fighters have in common?
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "Complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent.
Microsoft is warning that toll fraud malware is one of the most prevalent threats on Android and that it is evolving with features that allow automatic subscription to premium services. In a report today, Microsoft shares technical details on how toll fraud malware works and how it can be prevented on Android.
Pre-pandemic, most online fraud was committed by individuals or small groups and were straightforward attempts to access individual's data or business accounts or were applicant-level identity fraud. It's rarely one-and-done with fraud rings as they thrive like any other business by creating repeatable solutions and seeking out ideal "Customers." Once a fraud ring identifies a weakness in a technology, outdated legacy fraud detection stacks, or poor process and procedures in place, they'll continue to commit fraud until the vulnerability is closed.