Security News
Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. All of the offerings are "Essentially copies of the same fake app used to spread the premium SMS scam campaign," Vavra explained, which he said likely indicates that one bad actor or group is behind the entire campaign.
A massive fraud campaign utilizing 151 Android apps with 10.5 million downloads was used to subscribe users to premium subscription services without their knowledge. Researchers at Avast discovered the campaign, naming it 'UltimaSMS,' and reported 80 associated apps that they found on the Google Play Store.
The global fraud detection and prevention market size is expected to reach $62.7 billion by 2028, registering a CAGR of 15.4%, according to ResearchAndMarkets. Thus, to mitigate these frauds, while securing customer as well as business data, the demand for fraud detection and prevention solutions is anticipated to witness an upsurge over the forecast period.
With multiple layers of security in place and biometrics as the central authentication factor, organizations have a future-proofed fraud prevention platform that offers protection against current threats-and whatever new threats the next crisis brings. Layered security involves combining fraud prevention measures like environment detection and anti-spoofing with multimodal biometrics, all underpinned by an AI-powered risk engine that aggregates data from the various layers to generate a risk score for any given customer engagement.
Effective management of fraud has long been a vital capability within organizations, and for good reasons. According to the Association of Certified Fraud Examiners' 2020 global study on occupational fraud and abuse, companies lose an estimated five percent of revenue per year due to fraud.
More than 3,300 U.S. military service members, military dependents and civilians employed by the Department of Defense were compromised as part of a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the Department of Veterans Affairs. A former civilian medical records technician and administrator with the U.S. Army was at the center of the scheme, according to court documents filed in the U.S. District Court for the Western District of Texas.
Fredrick Brown, a former U.S. Army contractor, was sentenced today to 151 months in prison after admitting to his role in a conspiracy that targeted thousands of U.S. service members and veterans and caused millions of dollars in losses. Brown was one of five fraudsters charged with carrying out an identify-theft and fraud scheme that targeted "Service members and veterans, their dependents, and civilians employed by the Department of Defense," according to a 14-count indictment unsealed in August 2019.
Gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime. The US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fradulently obtained cards to spend on themselves.
The Federal Communications Commission in the U.S. this week announced that it started to work on rules that would pull the brake on SIM swapping attacks. The decision comes after the agency "Received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM swapping and port-out fraud."
A sophisticated fraud ring, dubbed Proxy Phantom, has pushed the boundaries of credential-stuffing attacks with a dynamic account takeover technique that was flooding eCommerce merchants in the third quarter. What really set the Proxy Phantom attacks apart was the use of dynamically generated IP addresses from which it launched the campaigns.