Tag Archive for: Scamming

Every day, half a million malware apps are created for scamming. Who’s behind them?


HANOI: One hour. That is all the time it takes to build malicious software that can access the camera, messages, calls, storage, microphone, location, contacts — nearly everything — on a victim’s phone.

And cyber threat hunter Ngo Minh Hieu finds more than half a million of such malware apps created every day, in his work for Vietnam’s National Cyber Security Centre.

Vietnam saw a 64 per cent rise in online fraud in the first half of this year compared with the same period last year, according to the country’s Authority of Information Security.

A growing number of incidents in the last five years are related to malware, said Nguyen Quang Dong, the director of the Institute for Policy Studies and Media Development.

The flurry of fraudulent activity has landed Vietnam among the world’s top 10 cybercrime hotspots according to the Global Tech Council, the programme Talking Point found as it investigated who might be behind the malware scams that have emerged in Singapore this year.

FORMER SCAMMER BECOMES CYBER THREAT HUNTER

Between January and August, more than 1,400 victims in Singapore lost at least S$20.6 million in total, police said.

The perpetrators linked to malware scams have mostly played the role of money mules, said Ang Hua Huang, assistant superintendent at the newly operationalised anti-scam command centre run by the Singapore Police Force.

There have been teenagers arrested for suspected involvement.

WATCH: Who are the people behind malware scams? (21:58)

Source…

Hackers Breach U.S. Cellular Customer Database After Scamming Employees


U.S. Cellular, the fourth-largest wireless carrier in America, has suffered a data breach. Hackers reportedly gained access to protected systems by installing malware on a computer at a U.S. Cellular retail store.

According to the breach notification filed with the Office of the Vermont Attorney General the attack began on the 4th of January. Hackers targeted a handful of U.S. Cellular store employees who had access to its customer relationship management (or CRM) software.

The notification doesn’t offer a lot of specifics about the attack itself. It notes only that those employees fell victim to a scam of some sort.

In incidents like this one, hackers will often contact employees and pretend to be IT support staff or outside contractors providing technology services. If they’re convincing enough, the victims are all too willing to grant remote access.

Once connected the attacker can implant malware that sets up the next phase of the attack. Since the U.S. Cellular staff were logged in to its CRM software at the time of the attack, the hackers immediately went to work collecting customer data.

Their activity was detected on January 6th — just two short days later. Unfortunately some U.S. Cellular customers had already been impacted.

The hackers were able to access customer names and addresses, cellular phone numbers, plan information and access PINs used when making changes to service. In some cases the attackers used that information to port customers’ phone numbers to other cellular carriers.

This can be very bad news for consumers. A ported phone number can allow a hacker to break into sensitive accounts if they’re protected by SMS-based two-factor authentication.

Porting can provide fodder for blackmail schemes and access to private photos and other data. A stolen phone number also gives a cybercriminal a convincing starting point for launching further attacks against a victim’s close contacts.

Impact of the attack was limited because the infected computer was quickly isolated before further harm could be done. U.S. Cellular has reset the affected customer PINs,…

Source…

Cosmic Lynx: The highly-professional cybercrime gang scamming businesses out of millions of dollars

Things just got serious.

Business Email Compromise is no longer solely the province of chancers. Organised criminal gangs with a high level of professionalism have seen the opportunity and seized it.

Read more in my article on the Tripwire State of Security blog.

Graham Cluley

Google declares war on Android fleeceware scamming users through sneaky subscriptions

The Google Play Store has announced new policies that aim to kick out “free trial” Android apps that you use underhand techniques to trick unsuspecting users into signing-up for expensive subscriptions.

Graham Cluley