Tag Archive for: fraud

This is how ‘smishing’ works, the fraud that uses SMS to infect mobile phones – CVBJ


12/01/2021

On at 19:01 CET

EP

Check Point Research has warned of the campaigns of ‘smishing‘, a series of cyberattacks that They use texting and social engineering to mislead users, infect their computers and steal sensitive data and money.

SMS from ‘phishing‘, that is, the text messages that simulate their sending from a known body or brand, include a supposed notification for the user, such as a complaint, and accompany it with a link for your follow-up.

By clicking on the link, the user is urged to download a malicious Android application, and to enter sensitive data, such as the bank card. Once installed, the ‘app’ steal all SMS from the infected device, allowing criminals to use the credit or debit card and access the SMS that are sent as part of the two-factor authentication.

The malicious application checks the command and control (C&C) server controlled by cybercriminals for new commands to be executed periodically. In addition, to maintain persistence, after sending the card information, the application can hide its icon, making it difficult to control and uninstall.

This methodology described by the Check Point researchers has been detected in the ‘smishing’ campaigns directed against Iranian citizens, who supplant the Government of the country, and which has led to the theft of billions of Iranian rials from victims, with estimated figures of between 1,000 and 2,000 dollars per user. In addition, third parties can access stolen data ‘online’ since it has not been protected.

The company indicates in a statement that cybercriminals are taking advantage of a technique known as ‘smishing’ botnets, in which compromised devices are used as ‘bots’ to spread SMS of ‘phishing’ similar to other potential victims.

Attackers use various Telegram channels to promote and sell their tools for between $ 50 and $ 150, providing a complete ‘Android campaign kit’, including the malicious app and underlying infrastructure, with a dashboard that can be easily managed by anyone via a simple Telegram bot interface.

The campaign takes advantage of social engineering and causes significant economic losses, despite the low…

Source…

4 ways to commit mobile fraud at scale – SecurityInfoWatch



4 ways to commit mobile fraud at scale  SecurityInfoWatch

Source…

Baseless fraud claims are hurting election security in this Michigan town


Welcome to The Cybersecurity 202! Cybersecurity Awareness Month is officially over. Thanks for sticking with this newsletter as we enter National Fun with Fondue Month

Below: An Iran-linked hacking group is threatening to out those using an Israeli LGBT dating app, and Microsoft won a big NSA cloud-computing contract. 

Trump-backed conspiracy theories are endangering election security in another small town



(Amanda Voisard/for The Washington Post)


© Amanda Voisard/for The Washington Post
(Amanda Voisard/for The Washington Post)

A second local election official who parroted former president Donald Trump’s baseless election fraud claims is now under police investigation for how she handled voting equipment.

Loading...

Load Error

Stephanie Scott (R), clerk of tiny Adams Township in Michigan, potentially made her township’s election equipment more vulnerable to hacking when she allegedly removed a tablet from an election machine that counts votes from paper ballots and may have tampered with it before police recovered it, the Associated Press reported.

Whaaaat?

A few days earlier, state officials barred Scott from running her township’s elections after she resisted signing off on state-required logic and accuracy testing for election equipment. Scott has echoed conspiracy theories from Trump, saying she doesn’t trust the election equipment and suggested the testing may have been cover for state officials to rig vote tabulators. 

“The county clerk’s office and now Secretary of State are demanding I drop off my machine for unfettered access, and God only knows doing what to it,” she told the nonprofit news organization Michigan Bridge. “When you have the fox guarding the hen house, somebody’s got to stand up and guard those hens.”

Scott also blocked a contractor from performing preventive maintenance on voting equipment. 

Michigan Secretary of State Jocelyn Benson (D) ordered the clerk in neighboring Hillsdale County to supervise Adams Township elections after Scott was stripped of the responsibility. 

“The secretary will continue fighting to hold accountable anyone who threatens the integrity or security of Michigan elections,” a Benson spokeswoman said. 

Facts

Source…

CompoSecure releases Arculus solution to reduce fraud and online hacking


US-based card manufacturer CompoSecure has launched Arculus, a business solution to protect customer data and prevent fraud.

Working with Nok Nok Labs, CompoSecure has developed this FIDO-enabled ‘internet ID and payment card’ technology as a virtual key for the authentication of a user into almost any digital service (website, mobile app, digital payment, social media, etc.).

Ecommerce is a primary use case for Arculus, as global retail sales are expected to reach USD 4.9 trillion this year, according to the press release. The Arculus multi-factor identity authentication can stem the flood of payment fraud that happens every year, which is estimated to cost merchants USD 40.62 billion in losses by 2027, according to data put forth by the company in the press release.

Arculus expects to integrate its digital security technology into a business’ legacy payment platform, providing key-based security.

Source…