Security News
Identity theft can lead to a nightmare of events, from scammers ruining people's credit score, to selling their information on the dark web, and even impersonating people to pass background checks. "If you think your data has no value then why would scammers spend so much time trying to steal your data if it's worthless? The truth is that anyone can be affected and it is important to stay vigilant and use proper protection," said Jakub Kroustek, Avast Malware Research Director.
Money mules, individuals whose bank accounts are used by fraudsters to transfer money, are becoming an increasingly prominent aspect of cybercriminals' economic business models too. In the US particularly, fraudsters are targeting unwitting consumers to become money mules.
Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit card payments for Microsoft-themed support scammers. The Justice Department and the Feds claim [PDF] Nexway, along with a web of related companies based in France, Switzerland, Germany, and the US, violated the FTC Act and the Telemarketing Sales Rule by processing payments for India-based Tech Live Connect and "Other foreign clients" that commit telemarketing fraud via tech support scams all over the world, although the agency and the department are regulating the United States side of things.
Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of ID verifications carried out for its customers in 2022, Ondato found that ID cards were used in 52% of fraudulent verification attempts - far ahead of driving licences and passports.
Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. The criminals behind these cryptocurrency fraud scams approach their victims via various dating platforms, messaging apps, or social media platforms, build trust, and introduce them to investment schemes which eventually allow them to empty the targets' crypto wallets.
The last few days of America's tax season are stressful enough, dealing with deadlines and, increasingly, online scams. Threat researchers at cybersecurity firm Securonix said the gang - which may be based in Russia - sends emails containing a password-protected zip file with names that sound like they could be tax-related, such as TitleContractDocs.
BEC attacks are usually aimed at stealing money or valuable information, but the FBI warns that BEC scammers are increasingly trying to get their hands on physical goods such as construction materials, agricultural supplies, computer technology hardware, and solar energy products. In 2022, the FBI also warned of a BEC scheme aiming to steal shipments of food products and ingredients.
According to various researchers and security firms, threat actors are already out hunting for SVB-exposed prey through both passive and active phishing scams, including similar fake domains and business email compromise attacks. Dean of Research at SANS Technology Institute, Johannes Ullrich clocked a rapid increase in the number of domain registrations containing the word "SVB" since the March 10th collapse.
"In 2022, investment scam losses were the most scheme reported to the Internet Crime Complaint Center," the FBI shared in its 2022 Internet Crime Report. 2022 Internet Crime Report: Additional findings The number of complaints received by the IC3 is a bit smaller than the year before, but the overall recorded losses are highest than ever When it comes to BEC scams, the IC3 saw a slight increase of targeting victims' investment accounts instead of the traditional banking accounts, and an increase of BEC bad actors spoofing legitimate business phone numbers to confirm fraudulent banking details with victims.
Pro-Russian scammers using social engineering and impersonation to trick prominent western commentators into conducting recorded video calls have kicked these campaigns "Into high gear" over the past 12 months, according to security researchers. Once their targets bite the email lure, and agree to follow-up hoax video calls, TA499 kicks things off with a serious question or two.