Security News

China-based scammers are using a combination of fake loan apps and India's real-time mobile payment system, Unified Payments Interface, to separate victims from their cash, according to a report by threat intel firm CloudSEK. "UPI service providers currently operate without coverage under the Prevention of Money Laundering Act," explained [PDF] CloudSEK researchers, letting the scammers' exploit the platforms with relative ease. Chinese payment gateways ensure the authorities cannot pursue the scammers.

Online fraud is a pervasive and constantly evolving threat that affects individuals and organizations worldwide. In this Help Net Security round-up, cybersecurity experts talk about online fraud and damaging effects it has on individuals and organizations.

Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR to trick traders into installing malware that would allow them to steal money from broker accounts. CVE-2023-38831 is a file extension spoofing vulnerability, which allowed attackers to create a modified RAR or ZIP archive containing harmless files and malicious ones.

The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out - only for the software to be laced with malware. By dressing up these apps as beta tests, crooks can persuade curious netizens to download and install them from outside the normal app stores, bypassing whatever passes as a review process these days.

A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about...

Google Cloud's AML AI represents an advancement in the fight against money laundering. In this Help Net Security interview, Anna Knizhnik, Director, Product Management, Cloud AI, Financial Services, at Google Cloud, explains how Google Cloud's AML AI outperforms current systems, lowers operational costs, enhances governance, and improves the customer experience by reducing false positives and minimizing compliance verification checks.

Pro-Kremlin groups Anonymous Sudan, Killnet and Clop have other motivations than just hacktivism as they widen their attack field beyond political targets. The June 19 attack against the European Investment Bank may have been a salvo aimed at thwarting financial pipelines supporting Ukraine's war effort, although the motives of the threat groups are still subject to speculation, experts say.

Uncle Sam announced its commenced over 4,000 legal actions in three months - mostly harshly worded letters - to rein in "Money mules" involved in romance scams, business email compromise, and other fraudulent schemes. Money mules are the individuals who provide money transfer services - occasionally unwittingly - to launder robbery funds.

That model mirrors those of other RaaS groups and illustrates why slowing the ransomware scourge is so hard - affiliates who help to spread the evil code make lots of money. According to Group-IB's report, Qilin affiliates - those who pay to use Qilin's ransomware for their own attacks - can take home 80 percent of the ransom paid.

Digital fraud has significant financial and psychological repercussions on victims, according to Telesign. Businesses may find a new reason to fear digital fraud as the negative impacts of digital fraud on companies' brand perception and the bottom line.