Archives: Cybercrime Alerts

Cybercrime Alerts news and reviews

Adriana María Tostón Díez Captain in the Spanish Civil Guard, who is currently posted to Europol, was in Lisbon last week attending an international conference, in which he spoke about the importance of research online, “cyber-patrolling”, for the detection, prevention and investigation of crimes.  He explained that this was a little explored area, but one that the Specialist considers to be of the utmost importance, since the virtual space is today, the stage for a great part of the illicit activities.

In an interview with Diario de Noticais (DN) he was asked why cyber-patrolling was so important?

Captain Diez replied “ it has always been important to detect crimes. A few years ago, it was in physical space that most of the crimes occurred. Now we have to adapt to the new reality, the internet, the open and the so-called darknet. To be able to detect and prevent crimes in this new environment, the patrolling online is the way that agencies and the police should follow. It is extremely important to maintain and increase this activity so as to ensure the safety of citizens.

D N asked about a recent operation by the Spanish police against the spread of child pornography which had repercussions in other European countries, leading to Europol coordinating research. Is this the future of criminal investigation: European coordination?

Already in the past there have been a number of operations against child pornography co-ordinated at European level by Europol or internationally by Interpol. Basically, it’s the same, but we need to use new tools to detect, investigate and accuse. Even today, suspects use the peer-to-peer system to contact each other and exchange material. We have to be aware of this.

Fraudulent Airbnb listings are on the rise with scammers using fake pictures in a bid to lure in unsuspecting tourists.

A typical example of this type of fraud was an advert of a luxurious six-bedroom property just a stone’s throw from Bondi Beach, Australia. However when checks were conducted through Google reverse image search, it revealed the property was actually located in Key Biscayne, Florida – more than 15,000km away.

There is absolutely no place for fake listings on our platform, and we have zero tolerance for this type of illegal behaviour,’ an Airbnb spokesman said.

‘More than 150 million guests have had safe, positive experiences on Airbnb and while incidents are incredibly rare, we take them very seriously and move fast to deal with them.

‘Our global Trust and Safety team works 24/7 to protect our community and prevent attempts at fraud, and while no industry has a 100 per cent safety record, that is what we strive for and we will keep working as hard as we can to achieve that goal.

‘Airbnb will never ask you to pay the cost of a reservation off-site or through email. The bottom line is when you book a reservation through our secure platform, you receive the benefits of Airbnb’s global trust and safety team and the 40 safety features that kick in long before a transaction can take even place.’

Airbnb scammers are hijacking users’ accounts with great reviews and then burgling them once they’ve gained access to the home, an investigation has found.

Several users of the accommodation-booking website have had their homes burgled after scammers managed to hijack their accounts.

According to the BBC, three of them had their properties burgled after leasing their home to what they thought were verified users.

Scammers managed to hack into their account and change some of their personal details so they could pull off the thefts.

Airbnb was made aware of the investigation and is now cracking down on scammers by tightening their security.

One of their improved features includes sending text warnings if profiles are altered and two-step authentication.

Read more from Metro News

Previously, InterContinental Hotels Group said about 100 of its hotels were hacked, but now it turned out the number is 1200.

According to HackRead a few months earlier, it was reported that a number of InterContinental hotels have been targeted by a credit card stealing malware now the IHG has confirmed that the reports were actually true.

The attack is believed to have started in late September and since then, hackers have targeted at least 1200 InterContinental Hotels, according to TheVerge. The group has three hotels in Portugal.

According to Krebson Security (the journalist investigating this matter), the culprits installed the malware in the point-of-sale software via remote hacking tools, allowing them to steal credit card information of customers every time a credit card is swiped.

The number of affected users hasn’t been determined yet, but it’s safe to say that the number is quite big because over 1200 hotels were compromised.

The information stolen by the hackers includes names of the credit card holders, expiration dates, and internal verification code of every credit card swiped at the affected

Read the full story here.

Fraudsters need just three details to steal your identity and access your accounts, take out loans, credit cards, mobile phones in your name.

And most of it can be found on Facebook

In an article by Emilia Murray, in The Telegraph Money section, she explains “all it takes is a name, date of birth and address – and most of this can be found on social media profiles, such as Facebook. And if your settings are not private, this is available for anyone to see”.

A third of British adults with online profiles include their full name and date of birth, according to a YouGov survey.

The survey revealed that 48pc of 18 to 24-year-olds divulge this information on social media sites compared to 28pc for those between 35 and 44.

Read the full article

Europol and INTERPOL have supported the Spanish National Police on Operation Tantalio, a complex investigation targeting the distribution of child sexual exploitation material through darknet platforms and Whatsapp. So far 38 suspects were arrested in Europe and South America. The arrests took place in Argentina, Bolivia, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Germany, Guatemala, Italy, Mexico, Paraguay, Peru, Portugal, and Spain.

Specialists in combating child sexual exploitation from the Spanish National Police, Europol and INTERPOL worked through action days at the headquarters of the Spanish National Police Headquarters on 28-29 March. The arrests and house searches conducted led to the seizure of hundreds of devices containing several terabytes of child sexual exploitation material.

The joint action in Europe against more than 30 suspects across 5 countries has been coordinated by Europol.  More than 100 targets have been focused on through INTERPOL in 13 countries across Central and South America. Altogether 18 different law enforcement agencies worldwide launched coordinated legal activities aimed at tackling this interconnected criminal network.

The investigations by the Spanish National Police’s High-Tech Crime Unit began in mid-2016 and focused at first on the TOR1 network. Prompted by clear evidence of prolific sharing of indecent images, the Spanish investigators revealed links diverting users to private groups on WhatsApp.  A total of 25 groups, formed by invitation only, are currently being investigated.

The investigators monitor the activity on these channels using many different resources in this complex case.  They also deal with the demands of different legal frameworks in a worldwide investigation.  Based on the analysis of the criminal activity and evidence gathered, law enforcement managed to link more than 130 suspects to intelligence packages that were prepared and disseminated. The house searches and arrests followed shortly after.

The seized material is currently being analysed by the investigators with the aim of identifying the children who are victims of these crimes and rescue them from their harmful situation.

Europol.s European Cyber Crime Centre (EC3) and the Joint Cybercrime Action Task Force (JCAT) , a group of cyber-liaison officers from different countries who work together in a trust environment within Europol, have supported Operation Tantalio from the outset in the coordination of roles, tasks, meetings and through intelligence analysis and the facilitation of the secure information exchange. INTERPOL played an important role in liaising with the American countries and in the victim identification process.

The Portuguese authorities (Judiciary Police and Public Prosecutor’s Office) have sent more than 8,000 requests directly to Facebook, Microsoft and Google since 2013 to obtain evidence in cases of cybercrime suspicions.

The Diario de Noticais which covered the story states these are crimes of a distinct nature but with one point in common: those undertaken through the internet and social media. Fraudulent online sales cases (which take up a significant portion of cybercrime), identity theft, fake profile creation on Facebook, child pornography, or bank phishing.

The data are contained in the Annual Report of the Office of Cybercrime (affection for the Office of the Attorney General) and evaluates the period from January 2013 to June 2016.

In detail, the authorities sent 2,622 requests for clarification directly to Facebook, 2847 to Microsoft and 2798 to Google. A total of 8267 requests sent through a direct contact, thus dispensing with the most bureaucratic routes. A method of work admitted since 2013 in which these three North American operators were approached by the Portuguese Public Prosecutor’s Office “for the purpose, which was accepted, of establishing criteria of understanding and cooperation. As a result of this approach, it became possible to formulate directly requests to those US service providers, “the report explains. ” No need to resort to the channels of international cooperation.

In the period Jan to June 2016, the Public Prosecutor made 782 requests to Google and 731 to Facebook. Information was provided by Google in 63% of cases and Facebook 48.6%.

This mechanism has proven to be highly effective in practice, facilitating the collection of essential information for criminal investigation expeditiously without the need for bureaucratic complexities of mutual legal assistance mechanisms. ”

The report also reveals that cases of child pornography – some of these cases carried through social networks and websites – have increased. From October 2013 to June 2016, the Central Department of Investigation and Criminal Action (DCIAP) received 2880 reports. Of these, 1350 gave rise to the opening of inquiry, of which 601 were sent to regions. According to the 2016 Annual Homeland Security Report – revealed this month – crimes of child pornography on the Internet grew by 36 % Compared to 2015.

 

In recent weeks there has been an increase in Phishing occurrences in particular through SMS messaging.  The Centro Nacional de Ciberseguranca (CNCS) warns that these SMS are sent with sender mobile numbers from several of the national mobile network operators, through the masking of real numbers (phenomenon known as Caller ID spoofing).

The fraudulent messages are mostly simulated bank communications indicating transactions to be made or monetary amounts receivable, indicating a URL to complete this transaction. The submitted URL directs the potential victim to a fraudulent Web page where credentials or other validation information is required for banking services. New variants of this campaign have also simulated SMS from other entities beyond the banking institutions, Such as the retail industry or postal services.

How to Prevent

The CNCS warns against the fraudulent nature of these SMS and the need to not open the URL sen.

If you have any doubt contact your bank not using any of the links in the message

If you click on link

If you have done so, do not provide sensitive or personal information on the web page presented.

If you believe you have been the victim of such an incident, you are advised to inform your banking institution accordingly and report this fact to the criminal police or judicial authorities.

 

 

The payday loan firm Wonga has suffered a data breach which may have affected up to 245,000 customers in the UK.

The firm said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers”.

The firm said it began contacting borrowers on 8th April 2017 and was offering support through a dedicated phone line.

The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes.

Prof Alan Woodward, a cybersecurity expert at the University of Surrey, said it was “looking like one of the biggest” data breaches in the UK involving financial information.

The range of information stolen may also include the last four digits of customers’ bank cards – information used by some banks as part of the login process for online accounts.

The payday lender has set up a help page for affected customers. It advises them to:

  • Alert their bank and ask them to look out for any suspicious activity. Wonga will also be informing financial institutions about the breach
  • Watch out for scammers or unusual online activity. In particular, customers are told to be cautious about cold calls and emails asking for personal information
  • Contact the Wonga helpline on 0207 138 8330 for further questions

Gmail is the latest victim of a phishing scam that is even fooling experienced technical users.

The scam is being described as one of the most convincing yet, and tricks users into giving their Google login details, allowing the attacker to sift through their messages.

Emails containing the rogue attachment can come from people in the recipient’s own address book, and attacker can even copy their style of writing, convincingly passing the fake email on to the victim’s contacts.

The fake email uses image attachments that look like a PDF file.

When you click on the attachment, you are directed to phishing pages, disguised as the Google sign-in page.

If you enter your details, your Gmail account becomes compromised, allowing the attacker to sift through your sent messages folder and pass on the scam.

Even more worryingly, the phishing pages do not seem to trigger Google’s HTTPS security warnings, which normally warn users if they land on an unsafe page.

The scam was discovered by Mark Maunder, CEO of Wordfence, the security service for WordPress.

To avoid being a victim of the scam, Mr Maunder recommends enabling a two-factor authentication, and keeping a look out for the prefix ‘data:text/html’ in the browser location bar – a sign of a fake web page.

He said: ‘Make sure there is nothing before the host name ‘accounts.google.com’ other than ‘https://’ and the lock symbol.

‘You should also take special note of the green colour and lock symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.’