Category: Fraud

This is a story of one piece of what is probably a complex employment scam. Basically, real programmers are having their resumes copied and co-opted by scammers, who apply for jobs (or, I suppose, get recruited from various job sites), then hire other people with Western looks and language skills are to impersonate those first people on Zoom job interviews. Presumably, sometimes the scammers get hired and…I suppose…collect paychecks for a while until they get found out and fired. But that requires a bunch of banking fraud as well, so I don’t know.

EDITED TO ADD (10/11): Brian Krebs writes about fake LinkedIn profiles, which is probably another facet of this fraud system. Someone needs to unravel all of the threads.

As WFH culture has picked up, all because of the never ending COVID-19 pandemic, hackers are seen targeting WhatsApp Work Group in order to get details of users and impersonate the group admins to seek fund transfers by seeking alms through personal messages.

Law enforcement agencies in America and in countries like India are getting complaints from public and private firm employees against frauds that have accounted for millions so far.

Forensic experts investigating such cases have concluded that fraudsters often from countries like Nigeria, Russia and China pose as WhatsApp group admins by using the original admins image as a DP and slowly gain confidence of the members of the group. Then seek fund transfers on the name of family emergency and other reasons. As all this happens within a few hours or a couple of days, victims do not get the time to seek verification and end up falling prey to such hacks.

As the cyber crooks involving in such frauds are highly trained, they do not leave a trace. As they convert the received fund into gift vouchers and sell the same to customers of other countries for a 30% discount.

Although efforts are underway to nab these criminals, their operations often link them to such countries where international laws never apply, nor does the government show any interest in nabbing such criminals when contacted.

Russia has shown a lot of interest in solving such disputes to a certain extent, following by China. But other countries, especially the government of Nigeria, never showed interest in curtailing the crime and lending support to the police of the other nations.

Thus, the only way to curb such crimes is to stay vigilant and entertain no fund transfer requests received via SMS or WhatsApp. Better meet the person in person or contact via a video call and then take a decision to avoid any future troubles.

 

The post Hacker’s target WhatsApp Work Group for frauds appeared first on Cybersecurity Insiders.

There’s a high chance that you or someone you know has been impacted by email fraud or identity theft. At the very least, you’ve likely received a variety of spam emails and text messages asking to provide a payment or confirm your identity. The good news is that cybersecurity protection is constantly evolving and improving, […]… Read More

The post Your Guide to the Latest Email Fraud and Identity Deception Trends appeared first on The State of Security.

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud:

Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped.

But the thief has a method which circumnavigates those basic safety protocols.

Once they have the phone and the card, they register the card on the relevant bank’s app on their own phone or computer. Since it is the first time that card will have been used on the new device, a one-off security passcode is demanded.

That verification passcode is sent by the bank to the stolen phone. The code flashes up on the locked screen of the stolen phone, leaving the thief to tap it into their own device. Once accepted, they have control of the bank account. They can transfer money or buy goods, or change access to the account.

Scammers were able to convince YouTube that other peoples’ music was their own. They successfully stole $23 million before they were caught.

No one knows how common this scam is, and how much money total is being stolen in this way. Presumably this is not an uncommon fraud.

While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before. YouTube’s Content ID system, meant to help creators, has been weaponized by bad faith actors in order to make money off content that isn’t theirs. While some false claims are just mistakes caused by automated systems, the MediaMuv case is a perfect example of how fraudsters are also purposefully taking advantage of digital copyright rules.

YouTube attempts to be cautious with who it provides CMS and Content ID tool access because of how powerful these systems are. As a result, independent creators and artists cannot check for these false copyright claims nor do they have the power to directly act on them. They need to go through a digital rights management company that does have access. And it seems like thieves are doing the same, falsifying documents to gain access to these YouTube tools through these third parties that are “trusted” with these tools by YouTube.

With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers and businesses alike. In 2021 alone, email spoofing and phishing increased by 220% and caused […]… Read More

The post Email Fraud in 2022: What you Need to Know appeared first on The State of Security.