Archives: Cybercrime Alerts

Lisbon, 01 Aug 2019 (Lusa) – Facebook today announced that Polígrafo is its second fact-checking partner in Portugal, after the Observer, who started collaborating with the social network last May .

In early July, Facebook public policy director Andy O’Connell stated in parliament that the social network was “exploring ways to engage fact checkers” in Portugal, in addition to the Observer’s partnership. .

“Today, Facebook announces the expansion of the fact-checking program in Portugal with Polygraph, which is certified by the non-partisan organization International Fact-Checking Network and which, starting this month, will review and evaluate the accuracy of content “on the social network, says the entity in a statement.

“This is the second fact-checking partner in Portugal after the Observer joined the program in May,” he adds.

The Polygraph is dedicated to verifying the statements that are spoken in the public space, by politicians, influencers and the fake news movements.

“Fighting fake news is a responsibility that we take very seriously and that is why we are constantly working on ways to prevent the spread of misinformation on our platform,” says Natalia Basterrechea, Facebook Spain and Portugal public policy officer.

“By expanding our fact-checking program in Portugal we help people better understand the information they see and also reduce the spread of fake content on the platform,” continued the official.

“We are delighted that Polygraph joined our program,” he concluded.

This program is “aligned with Facebook’s three-part structure to improve the quality and authenticity of content in the ‘News Feed’: Facebook removes accounts and content that violates community standards or advertising policies; reduces distribution. Fake news and untruthful content like ‘clickbait’ [strategy to increase internet traffic], and informs people by giving them more context in the ‘posts’ they see, ”says the social network.

The program currently has 54 worldwide information partners in 42 languages, and “Facebook is investing in ways to further scale up these efforts.”

A fact checker is someone or a company that verifies the facts, information available on online platforms, and certifies whether or not the content is true.

 

STATEMENT ISSUED BY THE TAX AUTHORITY

The Tax and Customs Authority (AT) warned last night (7^th August) of fraudulent e-mail messages using the “finance portal” address and urges taxpayers not to open the suggested link.

“The Tax and Customs Authority is aware that some taxpayers have been receiving email messages from the portaldasfinancas.3aqb9 @ .pt address where they are asked to click on a link that is provided,” says AT, noting that “these messages are false and should be ignored.”

In the security alert posted on the Finance Portal (www.portaldasfinancas.gov.pt), AT further stresses that the purpose of these fraudulent messages “is to convince the recipient to access malicious pages by clicking on the suggested link” and warns that “ under no circumstances should [the taxpayer] perform this operation ”.

Over the past few years, AT has been making several similar warnings after it has detected or been aware of attempts to attempt phishing attacks (online fraud).

An international media investigation has revealed that Chinese authorities secretly install an application on tourists’ mobile phones to watch over foreign citizens.

According to an investigation by the British newspaper ” The Guardian”, in collaboration with the German “Süddeutsche Zeitung” and the American “The New York Times”, Chinese border guards in Xinjiang secretly install surveillance applications on the mobile phones of tourists using the Irkeshtam border (between Kyrgyzstan and the Chinese territory) and collect personal information. The software in question extracts emails, messages, and contacts, and can be used to track and track movements.

This measure is in line with the current scrutiny of the Chinese Government in the region concerned, especially where the Muslim community has seen their freedom repressed, with the installation of facial recognition cameras in mosques and on the streets.

Application searches for objectionable content

The research, to which academics and cybersecurity experts contributed, notably the German company Cure53, suggests that the application, designed by a Chinese company, looks for a range of content that authorities perceive as problematic. The long list includes links to Islamic extremism , which includes an al-Qaeda-produced English magazine and several weapons manuals, but also seemingly harmless material such as Dalai Lama literature, Japanese metal band music Unholy Grave), information on Ramadan, and a self-help book written by an American author (“The 33 Strategies of War”).

In a first phase, travellers have to unlock the handsets, which are then taken to a room and returned later. The iPhones are connected to a reader, while in the Androids the application is installed. It is not known what is done with the information extracted nor how long it is stored.

Although there is no evidence to conclude that the data is used to track people’s movements on the trip, the stored information allows authorities to locate someone if used in conjunction with the location data of the device.

A tourist who crossed the border this year confirmed to “The Guardian” to have been installed an application on the mobile phone. He said that at some point authorities had asked the phones and their security codes for several travellers, who waited for about an hour until they got back, without receiving any information about it.

The Chinese authorities were contacted to comment on the matter but there was no response until the article was published.

Revelation “very alarming” says NGO

According to Chinese authorities, about 100 million people visit Xinjian every year, including domestic and international tourists. The Irkestam Pass is the westernmost border of China and is used by merchants and tourists.

Edin Omanović, of the British NGO “Privacy International”, called the revelation “very alarming in a country where installing the wrong application or seeing some wrong article could lead to detention.” “This is yet another example of why the surveillance regime in Xinjiang is one of the most illegal and diffuse in the world,” he added.

According to Maya Wang, head of Human Rights Watch in China, it was well known that “Xinjiang residents, particularly Turkish Muslims, are subject to multidimensional and uninterrupted surveillance in the region,” whereas “what has been found goes furthermore, suggesting that even foreigners are subject to such mass and illegal surveillance. “

I guess there are many people in Portugal using WordPress -Content Management System (CMS) their websites. But how secure is it? This report by State of Security gives a alarming situation if you fail to provide the site with proper security maintenance.

WordPress is currently one of the fastest growing content management systems. As of this writing, WordPress is used by 34% of all websites and has a CMS market share of 60.7% Some 24,808,989 live websites that use WordPress. What’s more, there are over 800 new sites built daily and more than 55,000 plugins.

In 2018 WordPress suffered 90 percent of CMS cyberattacks, (up from 83 percent in 2017) Keeping your WordPress site safe from cybercriminals requires that you avoid the systems worst security practices. When a WordPress site broadcasts worst security practices, you can rest assured — the cyber criminals will always line up to listen.

WordPress worst security practices include:

1. Minimal or no WordPress maintenance (not updating core, plugins, and themes).
2. Not backing up the database and files.
3. Lack of malware checks, security scans, security plugins (or services) and security monitoring.
4. Failure to limit login attempts.
5. Failure to use sitewide SSL.
6. The use of weak passwords.
7. Using the default user admin account instead of using a custom name.
8. Adding too many admins (use caution when giving user privileges).
9. Not using two-factor authentication (2FA).
10. Using plugins and themes from untrustworthy sources.
11. Failure to use the latest PHP version.
12. Failure to use a firewall.
13. Using “cheap” low quality or shared hosting.

Though the above list is not comprehensive — on the positive side, it provides a baseline to build upon. To clarify, moving away from WordPress worst security practices

A gang of fraudsters have been jailed for a total of more than 43 years for their parts in the theft of millions of pounds from businesses and individuals in the UK and abroad.

Ten people were convicted between 26 and 28 March for their roles in a large-scale “diversion fraud” scam using hacking software following a six-month trial, and sentenced at Blackfriars Crown Court on Thursday, 2 May:

The court heard during the trial that the gang targeted businesses and individuals by hacking into their email accounts, and stealing large sums of money.

Officers from the Metropolitan Police Falcon Fraud Squad launched the investigation after receiving referrals from Action Fraud UK. Detectives identified a total of 228 separate frauds committed by the same network between 2014 to 2018, and totalling £10,112,312.54.

A total of 69 victims provided evidence during the trial. Many of them have been unable to recover their losses.

Several victims were traced with the help of the National Fraud Intelligence Bureau whose Action Fraud service allows both domestic and overseas victims to report fraud online.

The gang used computer malware to intercept and steal the log-in details of email accounts belonging to businesses and private individuals worldwide, with the intent of identifying high-value financial transactions.

They then intercepted emails about these transactions and sent spoof emails, duping the victims into paying the funds into alternative UK-based “mule” bank accounts – accounts obtained and controlled by the fraudsters for this purpose – instead of the intended recipient.

A total of 165 “mule” accounts, opened with fake identification documents or bought from unscrupulous account holders, were identified by detectives.

They were used to receive the proceeds of the diversion fraud, where the money was quickly transferred onto other accounts, some of which were untraceable.

The fraudsters also used the funds from mule accounts to buy and export thousands of pounds of baby milk to Nigeria, to launder the money.

According to data from security company Kaspersky, recently published 22% of the Portuguese population was the target of a computer attack attempt in 2018.

Portugal is the second country in the world with the highest percentage of single users affected by spam and phishing. According to the figures revealed, almost one in four of the population was the target of a computer attack last year.

In the first place in the ranking comes Brazil, a country in which 28% of the population was the target of spam or phishing in 2018. Just below Portugal comes Australia, a nation in which 20% of the population was targeted by cybercriminals.

Overall, according to Kaspersky Lab Spam and Phishing report for 2018, Portugal ranks 16th in the list of countries that are the preferred targets of hackers in attacks carried out by mass mailing, receiving 1. 6% of all malicious emails sent globally.

According to the same report, China is the country from which more spam messages are sent, representing 11.69% of the total number of malicious messages sent globally. In second place the US, responsible for 9.04% of the world spam, followed by Germany with 7.17%. In this ranking Portugal does not even appear in the top 20 of the most ‘spam’ producing nations.

Among the reasons for the biggest spam campaigns   are the General Regulation on Data Protection (RGPD), the World Cup in Russia and the launch of the iPhone XR and XR Max.  Spam accounted for 52.48% of all emails sent globally last year and almost 75% of these messages were less than 2KB in size.

“The year 2018 showed that cybercriminals continue to be aware of global events and use them to achieve their goals. We have seen a considerable increase in crypto-related phishing attacks and it is expected that new schemes will emerge in 2019, “reads the Russian company’s report.

“Email continues to be the most widely used method in corporate communications and remains a very tempting target for hackers. Phishing allows you to avoid protected information systems. Social engineering continues to cheat and, as statistics show, hackers continue to use it to infiltrate systems, “said Alfonso Ramirez, managing director of Kaspersky Lab Iberia, in a statement.  (Report source DN)

Young adults who may have less experience of the tax system should be especially vigilant against springtime refund scams, warns HM Revenue and Customs (HMRC).

Scammers are increasingly targeting vulnerable or elderly people and those with less familiarity with the tax system, such as young adults.

During April and May, fraudsters regularly blitz taxpayers with refund scams by email or text pretending to be HMRC. Criminals do this to coincide with legitimate rebates being processed by HMRC.

They will encourage people to provide bank details, in exchange for a payment worth hundreds of pounds, on a fake government website to harvest private information and steal money. HMRC will never ask someone to provide bank details by text or email.

Last Spring alone, HMRC received around 250,000 reports of tax scams — which is nearly 2,500 a day — and requested that over 6,000 phishing websites be deactivated.

The tax authority is urging anyone who knows someone that could be vulnerable to scams to be warned and prepared. HMRC’s top tips:

Recognise the signs – genuine organisations like banks and HMRC will never contact you out of the blue to ask for your PIN, password or bank details.

HMRC will never advise you of a refund in an e-mail or SMS message.

• Stay safe – don’t give out private information, reply to text messages, download attachments or click on links in emails you weren’t expecting.
• Take action – forward suspicious emails and details of suspicious calls claiming to be from HMRC to phishing@hmrc.gov.ukand texts to 60599, if you have suffered financial loss contact Action Fraud on 0300 123 2040 or uyse their on-line reporting tool
•  Check GOV.UKfor information on how to avoid and report scams and recognise genuine HMRC contact.

If you think you have received an HMRC related phishing/bogus email or text message, you can check it against the examples shown in this guide

42% of used hard drives sold through eBay still contain sensitive data according to new research from a leading international data security company.

Of these, 15% were found to contain personally identifiable information (PII) even where sellers stated they had used proper data sanitation methods prior to the sale.

The study, carried out by Blancco Technology Group in conjunction with partner, Ontrack, analysed 159 drives purchased in the US, UK, Germany and Finland.

The findings highlight a major concern that whilst sellers recognise the importance of removing data, they are using methods which are inadequate.

“Selling old hardware via an online marketplace might feel like a good option, but in reality, it creates a serious risk of exposing dangerous levels of personal data,” said Fredrik Forslund, VP, cloud and data erasure, Blancco.

“By putting this equipment into the wrong hands, irreversible damage will be caused – not just to the seller, but their employer, friends and family members. It is also clear that there is confusion around the right methods of data erasure, as each seller was under the impression that data had been permanently removed. It’s critical to securely erase any data on drives before passing them onto another party, using the appropriate methods to confirm that it’s well and truly gone.

Education on best ways to permanently remove data from devices is a vital investment to negate the very real risk of falling victim to identity theft, or other methods of cybercrime.”

This sextortion attempt was launched worldwide on 18th March 2019. The senders address in this case is “althahenning (at) xfsw.gov-cia.cf”. There are many other address being used but all have the letters “cia” in the address.

This is an obvious scam. Do not reply or click on any links or open any attachments.

The email reads as follows with the subject heading: “Central Intelligence Agency – Case #32967485”

“Case #32967485

Distribution and storage of pornographic electronic materials involving underage children.

My name is Altha Henning and I am a technical collection officer working for Central Intelligence Agency.

It has come to my attention that your personal details including your email address  listed in case #32967485.

The following details are listed in the document’s attachment:

• Your personal details,
• Home address,
• Work address,
• List of relatives and their contact information.

Case #32967485 is part of a large international operation set to arrest more than 2000 individuals suspected of paedophilia in 27 countries.

The data which could be used to acquire your personal information:

Your ISP web browsing history,

• DNS queries history and connection logs,
• Deep web .onion browsing and/or connection sharing,
• Online chat-room logs,
• Social media activity log.

The first arrests are scheduled for April 8, 2019.

Why am I contacting you ?

I read the documentation and I know you are a wealthy person who may be concerned about reputation.

I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case. Here is my proposition.

Transfer exactly $10,000 USD (ten thousand dollars – about 2.5 BTC) through Bitcoin network to this special bitcoin address:

3ARduDPYxkfmieBAcC4sMnD1j3qaniYwzZ

You can transfer funds with online bitcoin exchanges such as Coinbase, Bitstamp or Coinmama. The deadline is March 27, 2019 (I need few days to access and edit the files).

 

Upon confirming your transfer I will take care of all the files linked to you and you can rest assured no one will bother you.

 

Please do not contact me. I will contact you and confirm only when I see the valid transfer.

 

Regards,

Altha Henning

 

Technical Collection Officer

Directorate of Science and Technology

Central Intelligence Agency”

In the lead up to the half term holidays 110 reports had been received by Action Fraud UK involving losses of £98,043, through fraudsters attempting to entice victims who are looking for cheap flights abroad.

Victims are being cold called by fraudsters purporting to be travel companies. However fraudsters in these cases are using new tactics to gain the victim’s trust. Intelligence suggests they appear to know that the victim has recently been searching to book flights online. It is suspected that this is because the victim has provided their contact details when making a search for flights on a bogus website which records their personal details. Once contacted, the victim wrongly believes the call to be genuine and a deliberately low quote for the desired flights tempts many victims into making payment.

After having made a payment for flights as a result of the call, victims have reported receiving a confirmation email but further enquiries with the airline have revealed their booking does not exist. When victims have attempted to re-contact the suspect they have found that all contact has been severed.

Prevention

Action Fraud is urging people to be wary of unsolicited calls, emails and texts offering questionably good deals on flights. Remember, if it sounds too good to be true, it probably is.

If you’re purchasing tickets from a company you don’t know and trust, carry out some research first, such as searching the company’s name on the ABTA and ATOL databases. You can also ask friends or family for advice before you make a purchase.

Avoid paying for tickets by bank transfer as it offers you little protection if you become a victim of fraud. Instead, use a credit card or payment services such as PayPal.

Never reveal any personal or financial details as a result of an unsolicited call, email or text. Even if someone knows your basic details (such as your name and contact details), it doesn’t mean they are genuine.