Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2023

Russian Carding Landscape: Inside Russian Carding Fraud Part 2

In part one of this four-part series on card cracking fraud, we covered the basics of what carding is, how carders use bots to power their attacks, and defined the most important terms and phrases within the carding vocabulary in our Carder’s Dictionary. Click here if you missed it or need a recap. In part two, we’ll be talking more specifically about the carding landscape in Russia and on Russian-speaking forums and online communities.

INETCO in the News: Commentary: How Emerging Technologies Can Help Solve EBT Fraud

Ali Solehdin – Digitaltransactions.net – August 11, 2023 Instances of electronic benefits transfer (EBT) fraud have become more prevalent in the United States as criminals become more brazen and increasingly prey on society’s most vulnerable.

What is Carding? Inside Russian Carding Fraud: Part 1

Carding fraud is a financially devastating attack made more damaging by bot-based automation that allows it to run at scale. Russian cybercriminals are especially prolific in the carding space. The Netacea threat research team recently conducted an in-depth investigation into this notorious carding fraud ecosystem.

Common Types of Financial Frauds and How to Protect Your Money Online

In today's interconnected world, where digital transactions have become the norm, it is vital to be aware of the ever-present threat of fraud scams and take proactive measures to protect your hard-earned money. Whether it's one of the many types of cybercrimes (phishing emails, identity theft, online shopping scams, or investment fraud), fraudsters are constantly devising new ways to exploit unsuspecting individuals.

The Blurred Lines Between Payment Fraud and Cybercrime: Implementing Robust Security Solutions to Stay Safe Online

Once upon a time, there was a small business owner named Alice, who fought to keep her retail establishment afloat amid the stormy seas of a global pandemic. Like many other merchants, she embraced the digital revolution and moved her store online. This allowed her to reach more customers and keep her business buoyant. Her store, Alice’s Wonderland, offered a vibrant range of local handicrafts that started garnering attention on social media. It was a tale of small business success.

Salesforce Becomes the Latest Platform to Unwittingly Aid Phishing Scammers

Cybercriminals used the legitimacy of Salesforce’s email gateway to bypass security scanners and target Meta customers in an effort to steal Facebook credentials. One of the initial challenges any phishing attack has is to make it past security measures designed to scan and identify malicious emails. One such way is to misuse a legitimate well-known platform’s outbound sending of emails.

What Is Call Spoofing?

Call spoofing is when someone, usually a scammer or cybercriminal, disguises their caller ID information to hide who they really are. Call spoofing can also spoof the cybercriminal’s location to make it appear as if the call is coming from a specific location. With call spoofing, the caller will pretend to be someone they’re not to convince the individual to provide them with their personal information.

INETCO in the News: AI and Machine Learning as a Solution to the EBT Fraud Epidemic

Ali Solehdin – The Banking Exchange In 2022 alone, the Supplemental Nutrition Assistance Program (SNAP) distributed over $113.9 billion to nearly 22 million households across the United States. This figure represents an increase of over $5 billion from the year prior and nearly a $40 billion increase from 2020. Unfortunately, as the SNAP allocation has increased, criminals — from individuals to organized crime rings — have stolen an increasing share of these benefits.

New PCI Password Requirements Could Be the Impetus for Credential Harvesting Scams

As the retirement countdown for the current version of PCI is now less than six months, a new standard for password length, complexity, and change frequency may create some risk. Valid credentials have become a very hot item, as threat actors realize the low risk and high value of simply becoming an Initial Access Broker (rather than performing an entire cyber attack themselves).

Wordfence Becomes the Latest Brand to be Impersonated Putting 800 Million Sites at Risk

With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at risk. Today, it's estimated there are over 810 million websites that run on Wordpress. One of Wordpress’ most used plugins is Wordfence – a security platform made specifically for the website platform.

Unraveling the Tactics and Impacts of Account Takeover Fraud

It’s the third day of your long-awaited vacation. While relaxing at the beach, you hear a not particularly welcome chime on your phone (because who takes a vacation from their phone), indicating a new email notification. Your bank notifies you that a significant transaction has been made on your account― a purchase you immediately realize you didn’t authorize. Your heart pounds as you log into your banking app only to find your account empty.

Boarding Pass Selfies and Cybersecurity Don't Mix

There is no such thing as a vacation for cybercriminals. We recently released our top summer cybersecurity travel tips to help keep you safe. Earlier this year, we posted about travel-themed phishing attacks, and Forbes just posted a great reminder about the dangers of sharing your boarding pass on social media. Read below for their advice.

What To Do if You Are a Victim of Credit Card Fraud

If you discover you are a victim of credit card fraud, start the recovery process by notifying your credit card issuer, placing a fraud alert on your credit report, freezing your credit and contacting the three major credit bureaus. However, before taking these steps, you should determine if you are in fact a victim of credit card fraud.

Bad Actor Uses Fake Android Chat to Install Malware

Researchers at CYFIRMA warn that the Bahamut threat actor is using a malicious Android app to deliver malware. “The suspected Android malware, known initially as ‘CoverIm’ was delivered to victims via WhatsApp, and was found to be disguised as a dummy chatting application named ‘SafeChat,’” the researchers write.