Security News

The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Should the hackers succeed in breaching the victim's corporate gift card department, they use compromised employee accounts to generate fraudulent gift cards.

A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. The cybercriminals host fake shops on previously expired domains with a good reputation with Google and typically pretend to sell shoes and clothing products at very low prices.

Most businesses struggle with identity verification and have concerns over ability to protect against AI, according to Ping Identity. The report, based on responses from 700 IT decision-makers across the US, UK, France, Germany, Australia, and Singapore, reveals a pressing need for organizations to enhance their identity protection strategies, with 97% having challenges with identity verification and 48% lacking confidence they have the technology in place to defend against AI-related attacks.

Law enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. The law enforcement operation also yielded critical electronic evidence expected to identify other call centers and potential fraud perpetrators.

Could you shed light on the severe financial losses that result from triangulation fraud and explain the intricacies of this scheme? The payments industry estimates triangulation fraud causes financial losses among merchants to range from $660 million to $1 billion monthly.

A recent Enea survey highlights a worrying trend in enterprise security: Following ChatGPT's launch, 76% of businesses are inadequately protected against rising AI-driven vishing and smishing threats. In this Help Net Security video, John Hughes, SVP, Head of Network Security Business Group at Enea, discusses how, despite advancements, most enterprises continue to incur losses due to mobile fraud, mainly through smishing and vishing.

In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise, cyber attackers' use of AI, and securing the supply chain.

Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools. GEOBOX is sold on Telegram channels for a subscription of $80 per month or $700 for a lifetime license, payable in cryptocurrency.

Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide.

A class action complaint [PDF], filed Tuesday in federal court for the District of Northern California, claims that "Over nearly a decade, Google has knowingly kept millions of dollars in stolen money from victims of gift card scams who purchased Google Play gift cards." Filed on behalf of Indiana resident Judy May, the suit alleges Google keeps funds from stolen Google Play gift cards - either by taking its 15-30 percent commission from payments to Google Play app developers made with fraudulently obtained gift cards, or by withholding all funds paid via scammed gift cards for its own benefit.