Security News

In this case, we're referring to Elvis Eghosa Ogiekpolor, jailed for 25 years in Atlanta, Georgia for running a cybercrime group that scammed close to $10,000,000 in uunder two years from individuals and business caught up in so-called romance and BEC scams. BEC is short for business email compromise, an umbrella term for a form of online scam in which the attackers acquire login access to email accounts inside a company, so that the fraudulent emails they send don't just seem to come from the company they're attacking, but actually do come from there.

Scammers of this sort are typically based in high-pressure criminal call centres outside your country, but they make use of internet-based calling services that costs pennies a minute to make calls anywhere in the world, yet show up on your phone with a local number to give them an air of legitimacy and traceability. Sometimes the callers aren't quite scammers, and they really are based in your country, working for a registered company, calling from a number that really is local.

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after falling victim to romance frauds and business email compromise scams.

Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year. The unfortunate 15 year old, whom the CAC identified as Tan Moumou, was playing a mobile game when an unknown person added him as a friend on messaging platform WeChat and claimed he could circumvent China's gaming restrictions.

Like last time, they created an HTML email with a clickable link that itself looked like a URL, even though the actual URL it linked to was not the one that appeared in the text. This time the link you saw if you hovered over the blue text in the email really was a link to a URL hosted on the facebook.com domain.

"Most often associated with digital art, NFTs are considered to be the modern equivalent of an art collection. Only a certain number of NFTs are produced for a project and they have a variety of traits, which can contribute to the value of an NFT from a rarity standpoint," Narang explains. "Most of the popular NFT projects are what are called PFPs projects like CryptoPunks or Bored Apes. Buyers acquire these and use them as their profile pictures on social media, because social media has become our digital art gallery. While it's true that anyone can right click and save a PFP from one of these projects and claim it for their own, because these are blockchain based projects, there is a way to verifiably prove ownership. Twitter recognized the value of NFTs as PFPs, which is why they started offering the ability for cryptocurrency enthusiasts to verify ownership of their NFTs on the blockchain in a more transparent way."

Attackers are targeting the Discord servers of several popular nonfungible token projects. According to Fraser, Discord API leaks "The name, description, members list, and activity data for every private channel on every server." He explained he stumbled on the issue while setting up an automated script to notify him anytime a user enters a certain keyword.

An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan to reroute financial transactions and steal corporate credentials. Interpol linked the suspects to a syndicate of Nigerian fraudsters using a RAT known as Agent Tesla to access business computers and divert monetary transactions to their own accounts.

Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans such as Agent Tesla to facilitate malware-enabled cyber fraud. The law enforcement said that the suspects systematically used Agent Tesla to breach business computers and divert financial transactions to bank accounts under their control.

A new wave of cryptocurrency systems dubbed De-Fi, short for decentralised finance, has arisen to fill that transactional void. Instead of depositing your funds with a licensed and regulated bank, and then trading with those funds by choosing from a carefully curated list of transaction types, De-Fi systems let you invest your money with them, in return for access to a "Smart contract" system that allows you trade automatically with other users of the system in a way to suit yourself.