In its Internet Organized Crime Threat Assessment (IOCTA) report released today, Europol has detailed today's top 8 most prevalent cybercrime trends, for which investigators have seen a rise in detected incidents since the start of the year.
The report, which highlights an upward trend for volume, scope and material cost of cybercrime, comes on the heels of UK authorities announcing earlier in the year that cybercrime has surpassed traditional crime for the first time in their country's history.
Europol says that the digital underground is shifting towards a Crime-as-a-Service business model, with various individuals and groups specializing in a niche crime and providing technical support and service for that crime alone using online services.
From illegal weapons sales to on-demand hacks, and from DDoS-for-Hire services to exploit kit packages, you can buy online almost any type of cybercrime service these days.
If you read Softpedia's Security News section, you can hardly go one day without reading a report on ransomware-related topics. Besides ransomware, Europol also says that banking trojans have been a popular form of malware this year as well.
Recent hacks and data breaches have thrust troves of data in the public eye, which crooks are leveraging for other hacks, fraud, and even extortion.
Europol says it received a large number of fraud complaints, which were traced back to organized crime groups hacking ATMs, EMV, and contactless (NFC) cards.
#5: Online child sexual abuse
The large number of online tools and services providing complex and unbreakable end-to-end encryption, along with anonymous payments supported via crypto-currencies has resulted in "an escalation in the live streaming of child abuse."
More and more crime-related activities have now moved to the Darknet (or Dark Web), a portion of the Internet for which you need special software like Tor and I2P to access. Criminals are taking advantage of the anonymity these networks provide to go about their business unabated.
#7: Social engineering
Europol says that spear-phishing incidents aimed at high-value targets have gone up in 2016, and it highlights the increase in CEO fraud (BEC scams) attacks.
#8: Virtual currencies
Europol says Bitcoin has become the de-facto standard currency for extortion payments. This is also the reason why Europol established a Bitcoin Money Laundering Division earlier this month.
SAN FRANCISCO – Apple on Friday urged iPhone owners to install a security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by malware dealers.
Researchers at the Lookout mobile security firm and Citizen Lab at the University of Toronto said they had uncovered a three-pronged attack targeting the dissident’s phone “that subverts even Apple’s strong security environment.”
Lookout and Citizen Lab worked with Apple on an iOS patch to defend against the attack, called Trident because of its triad of methods, the researchers said in a joint blog post.
“We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5,” Apple said in a released statement.
Trident is used in spyware referred to as Pegasus, which a Citizen Lab investigation showed was made by an Israel-based organization called NSO Group. NSO was acquired by the U.S. firm Francisco Partners Management six years ago.
Lookout referred to Pegasus as the most sophisticated attack it has seen, accessing calls, cameras, email, passwords, apps and more.
The spyware was detected when used against Ahmed Mansoor, a human rights activist who has been repeatedly targeted using spyware.
After receiving a suspicious text with a link, he reported the matter to Citizen Lab, which worked in conjunction with San Francisco-based Lookout to research the affair.
“The attack sequence, boiled down, is a classic phishing scheme: send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information,” the joint blog post said. “This, however, happens invisibly and silently, such that victims do not know they’ve been compromised.”
Mansoor received text messages on Aug. 10 and 11 promising that secrets about detainees being tortured in United Arab Emirates jails could be accessed by clicking on an enclosed link, researchers said.
Had he fallen for the ruse, the Trident chain of heretofore unknown “zero-day exploits” would have broken into his iPhone and installed snooping software.
Once infected, Mansoor’s iPhone would have been turned into a “spy in his pocket” capable of tracking his whereabouts and conversations, Citizen Lab said.
Mansoor was targeted five years ago with FinFisher spyware and again the following year with Hacking Team spyware, according to Citizen Lab research.
“The use of such expensive tools against Mansoor shows the lengths that governments are willing to go to target activists,” the researchers said.
Although the cyberattack on Mansoor was not linked to a specific government, Citizen Lab said indicators pointed to the UAE.
UAE authorities did not comment on the matter.
Lookout and Citizen believe the spyware has been “in the wild for a significant amount of time.”
“It is also being used to attack high-value targets for multiple purposes, including high-level corporate espionage on iOS, Android and Blackberry.”
Citizen Lab has also found evidence that “state-sponsored actors” used NSO weapons against a Mexican journalist who reported on high-level corruption in that country and on an unknown target in Kenya.
The NSO tactics included impersonating sites such as the International Committee of the Red Cross, the British government’s visa application processing website and a wide range of news organizations and major technology companies, the researchers said.
Mansoor’s decision to enlist Citizen Lab instead of falling into the trap gave researchers a rare chance to expose the work of “shady cyber arms dealers” who command high prices for morally questionable services, said Lookout’s vice president of security research, Mike Murray.
Invoices posted online have shown that hackers can charge tens of thousands of dollars per target hit with their software.
“The smartphone is a valuable target, and breaking into it is a valuable skill set,” Murray said. “People who can do this, and with wiggle room in their moral code, have realized the business opportunity.”
NSO Group has been around since 2010, and the capture of one of its weapons was billed as a first.
Studying Trident has helped cyberdefenders find ways to spot spyware that had been operating unseen, and they are “actively catching it in the wild now,” Murray said.
He declined to reveal anything about other targets, saying that they were people likely to be under surveillance in other ways by local authorities.
Citizen Lab saw the attack on Mansoor as further evidence that “lawful intercept” spyware has significant abuse potential, and that some governments can’t resist the temptation to use such tools against political opponents, journalists and human rights defenders.
Residents who use Yahoo Mail are being encouraged by the S.C. Department of Consumer Affairs to take action to secure their online accounts following the announcement last month of a massive breach.
During the last two weeks of September, Yahoo announced that at least 500 million user accounts had been compromised.
An investigation by Yahoo following suspicions of an attack in July uncovered a far larger, allegedly state-sponsored attack in recent weeks, according to the Associated Press.
“We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said in a statement last week.
Given the importance most people place on protecting personal information, the Department of Consumer Affairs is encouraging Yahoo Mail users to take action by following several tips, said Megan Stockhausen, communications coordinator with the agency.
- Change the account password and security questions immediately. Use strong, creative passwords (uppercase, lowercase and special characters) and don’t share them with anyone. Also, don’t use the same passwords or security questions for multiple accounts, especially when using an email address as the login name on a site.
- Watch out for phishing attempts, which is defined by asking for personal or sensitive information via a phone call, text or email is a tactic used by scammers. Never reply to texts, pop-ups, or emails that ask for verification of personal information. Avoid clicking on links or downloading attachments from suspicious emails or texts.
- Closely monitor financial and benefits statements/accounts. Check all monthly statements and account activity, especially for financial accounts saved as payment options on internet merchant sites.
Review them carefully and notify the financial institution/provider as soon as an unauthorized or suspicious item is spotted.
- Consider a fraud alert and security freeze. Scammers may use the stolen information to open new accounts.
A fraud alert and security freeze are free security measures for a credit report. A fraud alert tells a business accessing the report to take extra steps to verify that the person holding the account is the one seeking its goods/services.
When a security freeze is in place, no one can access the report without the account holder approving it.
Stockhausen said these tips can help anyone trying to secure any personal online information.
In this series of blog posts we examine the most common forms of phishing attacks and appropriate countermeasures to protect both individuals and organizations – in this post we explore Business Email Compromise and the potential fall-out for executives.
At the start of 2016, the FBI warned that it had seen a 270% increase in CEO scams, also known as Business Email Compromise (BEC) scams.
With these scams, savvy cyber criminals are taking the time to harvest personal information and learn the processes within a company. Once armed with this information, they target carefully selected employees with a spear phishing email designed to get access to confidential business information or transfer money into an unknown account.
- Ubiquiti Networks – the finance department was targeted by a fraudulent request from an outside entity that resulted in $46.7 million being transferred to an overseas account held by external third parties after an employee was impersonated.
- Mattel – a finance executive wired more than $3 million to the Bank of Wenzhou after the ‘new CEO’ requested a vendor payment. According to reports, Mattel quickly realized that it had been victim of a fraudulent request and worked with Chinese authorities to get the money back.
- FACC – the Austrian aircraft parts maker, whose customers included Airbus, Boeing and Rolls-Royce, reported that they had fired their chief executive after cyber criminals stole €50 million ($55.7 million) in an email scam.
Agari research found that more than 85% of spear phishing attacks are enabled by legitimate cloud services, and the majority do not contain a malicious link or attachment, which make them a lot harder to detect.
A multi-pronged approach is required to counter these types of targeted attacks:
- Strengthen Internal Processes – To counter the threat of this type of attack, organizations must introduce policies that ensure that no one person or single email can authorize transactions. Instead, there needs to be a mixture of communication channels verifying any request for confidential or financial information.
- Multi-Layered Approach – There is not a single solution available that can solve the breadth of the email security problem. What’s needed is multiple controls – a cocktail of complementary solutions that provides a multi-layered approach to cyber security where prevention, early detection, attack containment, and recovery measures are considered collectively.
- Establish Per-message Authenticity – Organizations need a solution that considers sophisticated data science and email security intelligence in order to reinstill trust into the email ecosystem and establish the ‘true’ identity of an email’s sender.
Download Agari’s executive brief on the Top Phishing Attacks of 2016 to learn more about best practices to stopping phishing attacks.
- Data Breach of Employee Information
- Consumer Email Fraud
“Verification Required” email purporting to be from PayPal claims that your account has been limited due to several listed security issues and you must click a “Remove Limitation” button to address the issues.
The email is not from PayPal and the claim that your account has been limited is untrue. In fact, the email is a phishing scam designed to steal your PayPal account login credentials, your credit card numbers, and other sensitive personal information.
According to this email, which claims to be from PayPal, your account has been limited and your “verification is required”. The email, which addresses you as “Dear Customer”, claims that the limitation has been imposed because someone else has logged into your account, you sent or received money related to fraudulent activity, and you violated the terms and the user agreements.
It features a “Remove Limitations” button that will supposedly allow you to deal with the account issues mentioned.
However, the email is not from PayPal and the claim that your account has been limited is a lie. Instead, the email is a typical phishing scam designed to steal your personal information.
If you hit the “Remove Limitations” button, you will be taken to a bogus website that has been built to emulate a genuine PayPal login page. The page asks you to login with your PayPal email address and password. After logging in, you will be taken to a second form that asks you to verify your account by supplying your credit card numbers, your name and address details, and other identifying information. After submitting the requested information, you may receive a final message claiming that you have successfully removed the account limitations.
Meanwhile, the criminals can use the information you supplied to hijack your PayPal account and steal or misuse its funds as well as use your credit card for fraudulent transactions. They may also be able to steal your identity using the personal and financial information they have gathered from you.
PayPal scams like this one are very common. Be wary of any PayPal message that claims that your account has been limited, disabled, or suspended and you must click a link or open an attached file to verify account details. PayPal will never send you an email or text message that makes such demands. Note also that PayPal will always address you by name in its messages. Genuine PayPal messages will never use generic greetings such as “Dear Customer”.
If you receive one of these emails, do not click any links or open any attachments that it contains.
The PayPal website includes information about how to recognize and report such phishing scams.
EAU CLAIRE, Wis. (RELEASE) -- College students are often intended targets of scams. Newly independent and excited to be on their own, that freedom can make them targets of and susceptible to scams.
Students don’t always necessarily recognize when a scam comes knocking. As college students begin to head back to campus, the BBB wants to remind students and parents about preventing fraud when they’re away from home.
BBB has some information on the top scams for college students to avoid:
Roommate/Rental scheme – If you post an ad for a roommate on Craigslist, beware of “fake roommates” who are out of the country, but can provide the rent upfront in the form of a money order. When you receive it, the amount is higher than the amount requested (overpayment scam). You are asked to cash it, and wire back the rest. This is a scam!
Credit Cards – Credit card offers are all over campus. While it’s important to build credit, it’s more important to maintain good credit. Many of these cards have annual fees or charge high interest rates on purchases. Shop around for the best rate and pay off your credit card bills every month.
Employment – Beware of ads that pop up near campus offering jobs with “no experience necessary.” Often, these “opportunities” are bogus! If you are interviewed in a hotel lobby or required to sign a contract, or have to pay for everything including training, travel, lodging, food, etc. associated with the job – forget it! Check out a company first with bbb.org.
Scholarship/Grants – Scholarship-finding services “guarantee” grants or scholarships. They sell lists to students on potential scholarship or grant opportunities. However, nearly all available financial aid comes from the federal government or from individual colleges. Go to grants.gov for more information.
Safeguard your ID – Keep your personal information, including your driver’s license, student ID, debit cards, credit cards, and bank information in a SAFE place. Be wary of any online solicitations, emails, social media sites, or phone calls asking for your personal information. NEVER give out personal information to someone you don’t know.
When it comes to investing, there are precious few certainties, other than the fact that nobody works for your financial best interest as completely as you do.
That fact became obvious to the clients of the Warrenville, Ill., company Capital Management Associates recently when the SEC brought a suit against the father-and-son team that run it for "cherry picking" trades.
We'll get back to that story in a moment. But it's important for everyone to know that even the ethical players in the financial industry earn their living based on the fees they get directly from you or via the providers of products they recommend to help you achieve your goals.
In addition, because financial management is somewhat complicated and the future is never guaranteed, it's an industry rife with opportunities for fraud and theft. That's especially a risk when people turn over complete control of their hard-earned cash to an "expert" who promises to manage it for them.
If you suspect that your financial adviser may be scamming you, here are five signs that can help you uncover it.
In the case against Capital Management Associates, the SEC alleges that the duo ran trades without specifying whether they were for clients' accounts or for the owners' accounts. Then, once the profitability or loss of the trade was assured, the company would backdate that information, assigning the profitable trades for themselves and the losers to clients.
Losing money in an investment is not a crime, but cherry-picking among winning and losing trades after the fact is.
How could clients of Capital Management Associates have known that they were getting saddled with the bad trades? The short answer is: by staying in the loop.
Those who trust their adviser to trade on their behalf should, at the very least, insist on receiving a running total of all trades when they are made. If your financial adviser can't or won't do that for you, then chances are pretty good that you're being scammed.
Bernie Madoff swindled investors out of billions of dollars in what has been called the largest Ponzi scheme ever uncovered. While Madoff, a former chairman of the Nasdaq stock exchange and securities representative on SEC industry panels, knew enough to hide from the regulators for decades, his returns were too consistent to be real.
Sponsored Links Any time an investment advisor is guaranteeing returns or assuring consistency, year in and year out, there's a pretty good chance it's a scam. And while there are a few legitimate annuities with investment accounts structured in a way to "guarantee" you won't lose money, they're generally just high-cost insurance plans where you're paying dearly for those guarantees through the structure of the deal.
Any legitimate investment worth owning will still be available tomorrow, after you've had the time to think about it (and research it independently). Any pushy advisor telling you things like, "You've got to act today to get in on the ground floor" or "You don't have time to read the paperwork" is asking you to act without reviewing something, which is a common hallmark of a scam.
While there are real deadlines for things like IRA contributions, the money in those accounts can easily sit as cash until you've had time to review the details of the investment recommendation. And be aware that prices in the stock and bond markets do change regularly -- often several times throughout a trading day. If your adviser brings you an investment to consider and you do take the time to review it before buying, don't be surprised if the price winds up being a bit different than initially discussed.
Still, it's better to wait and lose a little bit than to lose everything to an outright scam.
If you're working with a financial adviser, that advisor is getting paid by you, either directly by checks you write or indirectly via commissions, spreads, or fees generated by the investments you make. Any adviser claiming otherwise is hiding something -- likely an outlandishly high fee for placing an investment or insurance policy, which can often run north of 7 percent of the invested amount.
A competent advisor deserves to be paid for his or her time and expertise. But one that won't tell you how much you're paying for the service or how you're paying for it is an adviser to walk away from.
Sign No. 5: Your Account Is Being Churned and Burned.
And speaking of fees, be wary of an adviser who regularly churns your account through multiple trades of similar types of annuities, mutual funds, or other investments. If your adviser is getting paid through a hidden commission from making the transaction, that activity is very likely lucrative for the adviser ... but not so much for you.
Not all investments work out, of course, but a common definition of insanity is doing the same thing over and over again while expecting different results.
If your advisor is trying to convince you that the investment you are in is so much worse than a fairly similar one you should be in, that's a sign that neither investment is likely right for you.