Cybersecurity researchers at Group-IB have identified a single scam campaign leveraging over 1500 websites impersonating postal carriers and shippers leading up to Christmas this year. Scammers are always taking advantage of those current trends that involve the potential for heightened emotions. During tax season it’s tax returns. During the NBA’s Final Four, it’s about sports betting or tickets to the game.
A credit card skimmer is a device that is attached to an actual card reader by a threat actor. Skimmers are commonly used by cybercriminals at non-bank ATMs and at gas station fuel pumps. Most skimmers installed at fuel pumps are placed outside of the view of the station administrator. Threat actors use skimmers to scan the information on a victim’s debit or credit card so they can commit credit card fraud or create counterfeit cards to sell on the dark web.
Read also: the US disrupts ALPHV/BlackCat operations, a NY engineer admits the hacks of two crypto exchanges, and more.
Tech scams are continuing to grow in scale and damage. According to CBS News, Americans have reported over $2.7 billion in losses to tech scams from social media alone. Further losses are being accrued through other sources, too, of course; but with that figure coming from one source, alone, the scale of the problem is laid out quite clearly. As more of the nation moves to a digital-first footing, these attacks are only likely to increase in volume, and scale, too.
Embezzlement is an internal crime that someone commits against their organization. The perpetrator's inside knowledge helps them avoid detection and clean up the evidence. It's a problem that can spiral out of control and cause massive damage to an organization's public face. Identifying the warning signs of embezzlement and acting quickly is essential to preventing the worst-case scenario.
Midstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know how to spot these types of attacks before falling victim.
Researchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube videos. Notably, the scammers send the victims a small amount of money (around six dollars) to gain their trust. After this, the victim is invited to a Telegram channel, where the scammer offers to give them much higher-paying tasks if they pay an entry fee of between $21 and $1,083.
Roughly 20 percent of all retail sales occur online. This statistic may sound lukewarm now, but e-commerce is rapidly becoming the lion’s share of global transactions. However, the model’s incredible growth also provides criminals ample opportunity to steal from online businesses. The absence of a physical location removes much of the criminal’s risk, and new strategies constantly pop up. A robust fraud prevention strategy should cover the majority of business operations.
Urging taxpayers and tax professionals to be vigilant, the Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax returns. Apparently, there are actually three certainties in life: death, taxes and scams revolving around taxes. This according to the IRS, as part of their annual Security Summit. As with any major event that has the attention of millions of people simultaneously, tax season is no exception.
Taking traditional “delayed package” scams up a notch, new phishing and smishing attack campaigns are leveraging freemium DNS services to avoid detection by security solutions. In some ways, the old adage “there’s nothing new under the sun” seems to be holding up. Take the latest USPS impersonation scam identified by domain monitoring vendor Bolster. It follows many of the same steps and uses similar tactics as any of the USPS scams I’ve covered before.
Security analysts at identity vendor Sumsub are seeing a massive rise in the use of deepfake fraud in their Identity Fraud Report 2023. And one country may be to blame. While Sumsub’s focus is more around all forms of identity security, it's witnessing a significant increase in deepfakes, as deepfakes are a form of identity fraud. According to Sumsub, the top three fraud trends identified were: The approximate overall growth rate worldwide for the use of deepfakes is 10x.
Read also: TrickBot dev faces up to 35 years in prison, Platypus hackers walk free in France, and more.
A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September. “The first step in this multi-stage attack is a seemingly auto-generated notification email informing the target of a pending charge for their new Disney+ subscription,” the researchers explain.
You should place a fraud alert if you believe you are a victim of fraud or may become one, if you are a victim of identity theft or if you want to prevent your identity from being stolen. You don’t necessarily have to be a victim of fraud to place a fraud alert, you can also place a fraud alert as a security precaution. Continue reading to learn more about what a fraud alert is, how it differs from a credit freeze and how to place a fraud alert on your credit report.
Information security requirements and standards are in a constant state of evolution. Recent issues, such as COVID-19 and the growing global reliance on mobile devices and remote work solutions, have played important roles in this ongoing transformation. At the same time, the increasing sophistication of cyber attackers has added new layers of complexity to the cybersecurity landscape.
It’s natural to want to believe that every new account creation or online purchase signals the legitimate growth of your business. But the alarming rise in financial and data losses attributed to fraud, suggests a different reality. There are thousands of bad actors actively looking to nickel and dime businesses and consumers. In 2022, a staggering 2.4 million fraud reports flooded the Consumer Sentinel Record.
