Archives: Cybercrime Alerts

Cybercrime Alerts news and reviews

It was reported on the 16th March 2017 that the abta.com web server for the Association of British Travel Agents (ABTA) was recently hacked by “an external infiltrator” who exposed the details of 43,000 individuals. Around 1,000 of these included files that could include personal identity information of customers of ABTA members uploaded since 11 January 2017, while around 650 may also include personal identity information of ABTA members. As the UK’s largest travel association, ABTA’s members include travel agents and tour operators.

The unauthorised access was said to be possible due to a system vulnerability “that the infiltrator exploited” to access some data provided by some customers of ABTA Members and by ABTA Members themselves.

On immediate investigation, ABTA said it identified that although ABTA’s own IT systems remained secure, there was a vulnerability to the web server managed for ABTA through a third-party web developer and hosting company.

“This, unfortunately, means some documentation uploaded to the website, as well as some information provided by customers, may have been accessed,” ABTA’s CEO, Mark Tanzer said.

As a precautionary measure, it has taken steps to warn its members and customers of ABTA members who have the potential to be affected. The group has also alerted the relevant authorities, including the Information Commissioner (ICO) and the police.

This is a typical example of a cancer scam message. A rich businessman (so he says) is dying of cancer and wants your help in disposing of his fortune. Alas, there really is no rich businessman and no fortune: there’s just a scammer sending phony messages like this randomly to thousands of people (like you), hoping one of them will take the bait. Date: Tue, 30 Aug 2016

Subject: Dear Good Friend
From: “Sr. Diego De Martinez” personal@minfra.gba.gov.ar
Reply-To: diego.rrr70@outlook.com

My Name is Sr. Diego De Martinez,

I am from Portugal I have been diagnosed with cancer. It has defiled all forms of medical treatment, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone (not even myself) but my business. Though I am very rich, I was never generous, I was always hostile to people and only focused on my business as that was the only thing I cared for.

But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it.

I would want to have a Personal and Trustworthy Relationship with you, as I intend and willing to empower the change of ownership for the transfer of my Deposits to your personal possession for further Investment and Charity Disbursement to the Less Privilege and Homeless write me via my mail: diego.rrrr70@gmail.com

I will send you the photos of me and my very hopeless and selfish family a member, including my wife who I learnt is getting married to my personal friend and attorney, Thank you for your due consideration. God be with you. You can reach me through my private email address at diego.rrrr70@gmail.com

Yours Brother

Sr. Diego De Martinez

Beware of this phishing attack in the name of Microsoft. Simple deleted and do not click on the tab highlighted in bold below.The account shown as xxxxxxxxxxxxxxxxxxxx below has been changed from the actual account name shown in the original email.

The email senders address is  rmerenyi45 (at) hotmail.com, which is the giveaway

Subject 10268 info

Microsoft account

Unusual sign-in activity

We detected something unusual about a recent sign-in to the Microsoft account xxxxxxxxxxxxxxxxxxxx

Sign-in details:

Country/region: Romania

IP address: 004.30.2.938

Date: Sun, 26 Mar 2017 07:20:35 -0000

If this was you, then you can safely ignore this email.

If you’re not sure this was you, a malicious user might have your password. Please review your recent activity and we’ll help you take corrective action.

Please check out document for further instructions.

 

Thanks,

The Microsoft account team

There have recently been a number of reports concerning this.

Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list. The exploit is often successful because many unsuspecting friends just accept the scammer’s requests, assuming that the actual user has created a new account for some reason or forgetting that they are already friends with that person.

The scam doesn’t require any advanced technical knowledge or skills because the user accounts aren’t actually hacked, just copied. Anyone on Facebook can see anyone else’s profile picture and copy the image. Furthermore, because of the nature and purpose of social networking, most people’s friend’s lists are public, which means that the attacker can see, and send a request to, any or all of the user’s friends.

The user’s actual account has not been compromised and their messages and other data are as secure as they had been, depending on their privacy and security settings. The risks involved with Facebook cloning fall on the user’s friends. Once the scammer has accessed enough of the victim’s friends, there are a number of ploys that may be attempted. The scammer may, for example, request emergency funds, pretending to be stranded somewhere while travelling, or try to get advance funds from the targets for some bogus future payoff. In other cases, the scammer may use social engineering tactics to convince targets to provide sensitive information, which can then be used for identity theft.

Several posts that frequently make the rounds claim that all or almost all Facebook accounts are being cloned, which is not the case. Nevertheless, account cloning is an actual threat. As with the burden of risk, the onus is also on the account owner’s friends to protect themselves from the exploit. The best way to prevent yourself from falling prey to Facebook cloning scams is to be careful about friend requests in general: Don’t automatically accept requests without checking out the requester’s profile and never accept unless the account seems valid. If you receive a request from someone who is already a friend, be doubly suspicious.

Santander customers are being targeted by scammers using fake text messages. Here’s what to watch out for and the information you should never reveal.

Criminals are targeting Santander customers using a text message trick to steal funds out of current accounts.

All of the victims who have lost money are now struggling to recoup their losses as they all revealed their One-Time Passcode to the scammers. This is a vital piece of information fraudsters need to steal money.

Here’s what you need to know to keep your accounts safe.

How the scam works

In the latest spate of incidents criminals are reportedly using a technique called number spoofing to send messages to victims that appear to be from the bank and part of an existing thread.

These warn that there has been unusual activity on the account and that the customer needs to call a number or click a link to verify information.

Scammers then convince the victims to provide account details for their online banking and generate a One-Time Passcode (OTP), which allows them to empty the accounts.

The OTP is an extra layer of security Santander uses to authorise things like setting up a new payee or changing details on the account.

 

Can victims get their money back?

Sadly, Santander will not refund the victims of this nasty smishing scam because they handed over the essential OTP code, which allowed the fraudsters to siphon the money.

How to stay safe

Your bank will never contact you to ask for your account details, Pin or your OTP code.

You should ignore and report any message, call or email you get asking for this sort of sensitive personal information.

If you think if you have become a victim of a smishing scam, contact your bank as soon as possible using the number on the back of your debit card.

 

A misconfigured, unsecured backup drive containing a huge amount of sensitive (but not classified) data on US Air Force officers has been sitting online, accessible to anyone, for who knows how long

The discovery was made by MacKeeper security researchers, who managed to pinpoint the owner of the device – a Lieutenant in the force – and notify him of the danger.

Among the documents on the drive the researchers found were:

  • Personal information (names, addresses, ranks, Social Security numbers) of over 4,000 officers, including information about the security clearance levels of hundreds of officers
  • SF-86 application forms for two US four-star generals (containing highly sensitive info such as their foreign contacts and activities, psychological and emotional health, financial record, etc.)
  • A file that contains Defence Information Systems instructions for encryption key recovery
  • A scanned image of the Lieutenant’s JPAS account (Joint Personnel Adjudication System) from the Department of Defence (with the login url, user ID and Password to access the system)
  • Some NATO documents, scans of passports and email files

“The most shocking document was a spread sheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims. It’s impossible to tell who else might have accessed the drive before the researchers flagged it and it was taken offline, as the device was easily discoverable with a simple online search.

There’s a wider problem

It is widely known that all kinds of information can be found exposed online, in unsecured servers, databases, and devices.

Unfortunately, this particular situation doesn’t seem to get any better with time, despite the fact that inadvertent leakage of sensitive info is regularly covered by news outlets. People simply don’t know or forget to secure these assets, or misconfigure them by mistake, allowing remote attackers free access.

Cloud backups are a huge security risk if not managed properly. By failing to use the most basic security measure, a password, the US Air Force left all the information necessary to carry out a targeted cyber extortion campaign free for the taking,” Vishal Gupta, CEO of Seclore.

“In all likelihood, the lieutenant colonel responsible for the unsecure backup was completely unaware that he or she was putting this data at risk. Government IT teams must put foolproof measures in place that ensure that regardless of who is acting on or storing sensitive documents, adequate security precautions remain in place”” he concluded.

Cybercriminals have been abusing a payment module to steal credit card data from online shops powered by the Magento ecommerce platform, web security firm Sucuri reported on Friday.

The targeted module is the Realex Payments Magento extension, which integrates with the Realex Realauth Remote payment gateway. The Realex Payments extension allows Magento store owners to process mail and telephone orders by entering the payment details themselves.

The extension itself is not vulnerable, but attackers can abuse it after they compromise the targeted Magento shop. In the attacks observed by Sucuri, hackers added a malicious function.

The function collects personal and financial data entered by users on the compromised website and sends it back to an email address controlled by the attacker.

Sucuri said it had tracked “massive attacks” where hackers had injected malicious scripts into Magento websites in an effort to steal card data.

“Magento credit card stealers are indeed on the rise. While the information here is specific to Magento, realize that this can affect any platform that is used for ecommerce,” said Bruno Zanelato, malware analyst and team lead at Sucuri. “As the industry grows, so will the specific attacks targeting it. That’s why it is so important to keep your Magento website up to date and apply all the latest security patches!”

These types of attacks are not uncommon, and cybercriminals have used various tricks to evade detection and ensure that their malware is persistent.

A man of 31 years was arrested by the PJ suspected of computer fraud, forgery, illegitimate access and money laundering, crimes that caused damages of more than 400 thousand euros.

In a statement released on 16th March 2017, the PJ said that the case involved the “manipulation of data on bank transfers, illegitimate access to electronic systems and ordering operations with subsequently involving the laundering of money.”

The opening of accounts in banking institutions were made using false identities. The PJ has found that the losses caused amounted to more than 400 thousand euros.

“The Judiciary Police is continuing investigations in order to investigate the nature and extent of criminal connections, continuing to follow specific cases of similar criminal phenomena,” the statement said.

The arrest was the newly created National Unit to Combat Cybercrime and Technological Crime of the PJ.

The Judiciary Police of Setúbal detained a man suspected of having cheated 13,000 people in 15 million euros, through an internet platform in which he marketed applications for mobile phones and other computer products.

According to a statement from the PJ, the defendant, 46, “pretended to dedicate himself to internet marketing of mobile phones and other computer applications” in a pyramid scheme, in which persons could earn income through entry of new customers.

“The originator using an international network, formed a commercial company that, in seven months, between 2013 and 2014, pretending to dedicate itself to selling mobile phones and other computer products, promising to raise income for new clients.

According to the PJ, the operator still promised gains for clients but instead appropriated 15 million euros.

The PJ communiqué also states that “inquiries by the authorities of the United States of America on the activity of the international platform used by the detainee led in 2014 to the closure of the Internet site used by that entity.”

The detainee, who is accused of  felonies of qualified fraud, qualified tax fraud and money laundering, has already been present at the first judicial interrogation, and has been subjected to coercion of daily presentations, prohibition of contacts with others involved and surrendering of passport if intending to leave the country.

Protecting yourself against pyramid selling fraud

If you’re considering any type of investment, always remember: if it seems too good to be true, it probably is. High returns can only be achieved with high risk. Pyramid schemes often involve products that are overpriced and have no real resale value. You should think about the true value of your investment before convincing friends and family to join the scheme.

What to do if you are a victim

  •  Inform the police immediately
  • If you’ve given the fraudsters your bank account details, alert your bank immediately.
  • Keep any written communications you’ve received from the pyramid scheme. They may help you give evidence to the authorities.
  • Be aware that you’re now likely to be a target for other frauds. Fraudsters often share details about people they’ve successfully targeted or approached, using different identities to commit further frauds

 

A record 172,919 identity frauds were recorded in 2016 more than in any other previous year, according to Cifas, the UK’s leading fraud prevention service.

Identity fraud now represents over half of all fraud recorded by the UK’s not-for-profit fraud data sharing organisation (53.3% of all frauds recorded to Cifas), of which 88% was perpetrated online.

How fraudsters steal your identity

The vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating.

To carry out this kind of fraud successfully, fraudsters need access to their victim’s personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways, from stealing mail through to hacking; obtaining data on the ‘dark web’; exploiting personal information on social media, or though ‘social engineering’ where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.

Who’s most likely to be a victim?

Growing numbers of young people have fallen victim in recent years and this upward trend continued in 2016 with almost 25,000 victims under 30. In particular Cifas recorded a 34% increase in under 21s. 2016 also saw increases in victims aged over 40, with 1,869 more victims recorded by Cifas members.