Tag: financial fraud
From deepfakes to in-person fraudsters
Boeing Employees' Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers. The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
Pastor Charged with Cryptocurrency Scam
Washington-based Pastor Francier Obando Pinillo has been charged for his involvement in “Solano Fi,” a fraudulent cryptocurrency investment business that Pinillo claims “came to him in a dream.” A pastor in a church based in Pasco, Washington, Pinillo allegedly took advantage of his position to sway members of the congregation to invest in Solano Fi, defrauding over a thousand victims of millions of dollars in what he claimed was a “safe and guaranteed investment.” “Fraudulent investment schemes are not new, but cryptocurrency scams are a new way fraudsters take money from hardworking, honest people,” states US Attorney Vanessa Waldref. The landmark case illustrates how cryptocurrency scams have now become mainstream. Fraudulent cryptocurrency schemes have previously been viewed as the province of highly organized hostile nation-state-backed cybercriminals and shadowy ‘market makers”. But the Pinillo case illustrates how even relatively unskilled crooks are now capable of preying on the greed of unsuspecting investors.
AI enables ransomware boom
A new ransomware group, named Funksec, is the latest example of relatively inexperienced cybercriminals using AI to develop weaponized malware. The group claims that over 85 organizations fell victim to its ransomware attacks in December alone, potentially surpassing every other ransomware group in terms of victim numbers. According to Check Point Research: “FunkSec operators appear to use AI-assisted malware development which can enable even inexperienced actors to quickly produce and refine advanced tools…Presenting itself as a new Ransomware-as-a-Service (RaaS) operation, FunkSec appears to have no known connections to previously identified ransomware gangs.”
The data currency time bomb
Corporations are not only amassing huge amounts of personal data on their customers as never before but also trading that data, frequently without the customer’s knowledge. As yet, the general public is largely unaware of the uses to which their personal information is being put or whose hands it ends up in. At the same time, companies holding the data must tread an increasingly complex regulatory minefield. According to Chris Diebler, Security VP at cybersecurity company DataGrail: “Companies are all terrified of not having enough data as data is the new currency. However, companies need to think seriously about reducing these vast mountains of data. The value of data must be balanced against the cost and security risk of maintaining it." Companies that fail to secure personal data effectively or trade customer data with third parties face considerable potential brand damage when the details are obtained by bad actors and they suffer identity theft or financial fraud as a consequence.
UK Takes Down Russian Money Laundering Ring – December 5th
The FBI warns the public about rising fraud schemes using generative artificial intelligence. The FBI observed that GenAI can be utilized by hackers to create fraudulent social media accounts, generate false websites to entice cryptocurrency investors, and create AI chatbots in order to lure victims into clicking malicious links.
$1bn Korean bust is tip of SE Asian cybercrime iceberg
Authorities in Korea and Beijing dismantled a sprawling voice phishing syndicate responsible for financial losses totaling US$ 1.1 billion. But South-East Asian observers believe this to be only the tip of an impenetrable iceberg of cybercrime in South-East Asia that is rapidly starting spread around the globe. The Korean bust was part of an Interpol-co-ordinated global operation involving law enforcement from 40 countries, territories, and regions and has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than US$400 million in virtual assets and government-backed currencies.
Seasonal cybercrime bonanza is under way
Cybercriminals now have an unprecedented of highly effective custom-made tools designed to defraud online retailers and shoppers during the holiday season. “As we approach the end of 2024, the upcoming holiday season and events like Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited-time offers. They also create ideal conditions for cybercriminals to exploit users and shoppers,” warns threat intelligence firm FortiGuard in its report, Threat Actor Readiness for the Upcoming Holiday Season.
Scammers circling Black Friday shoppers
Scammers have stolen £11.4 billion from UK citizens over the last 12 months. According to the Global Anti-Scam Alliance’s (GASA) latest report, The State of Scams in the UK, conducted in association with the UK’s leading fraud prevention service, Cifas, this represents an increase of £4 billion over the previous year. With the Black Friday sales bonanza looming on both sides of the Atlantic, the findings come as a timely warning to online shoppers. GASA and Cifas anticipate a further spike in scam attempts this week and re-urging consumers to remain vigilant. The warning comes as 1 in 7 (15 percent) consumers surveyed said they lost cash to criminals in 2024, an increase from 10 percent in 2023. The average loss per victim was £1,400, and only 18 percent of victims recovered all their money.
Hackers infiltrate SEC’s X Account to Boost Bitcoin
A cybercriminal in Alabama, suspected of hacking into the US Securities and Exchange Commission’s (SEC’s) X account, has been arrested. He is accused of using the compromised account to post fake messages, causing the value of Bitcoin to boost by $1,000. Hacker Eric Council Jr, also known as “EasyMunny” and “AGiantSchnauzer,” was allegedly able to secure the credentials for the SEC’s X account through a method called “Sim Swapping.” The council created a fake ID using the stolen personal information of someone who had access to the X account. With the fake ID, he was able to purchase a SIM card linked to the victim’s phone in a cellphone provider store in Alabama, giving Council access to the victim’s personal information and log-in credentials.
Deepfakes set to deceive at DEF CON
It looks as if deepfakes will be the hot topic at the big international hacker conference DEF CON in Las Vegas next week, just as they took center stage at InfoSecurity Europe in London in June. Visitors to DEF CON’s Artificial Intelligence (AI) village will be encouraged to create their own highly professional deepfake videos of fellow conference attendees by cybersecurity company Bishop Fox’s red team. The purpose is to educate conference goers about the growing dangers now posed to all organizations by deepfake calls purporting to come from senior executives or highly-trusted members of staff.
High level executives targeted in ongoing attacks
Highly organized cybercriminals suspected to be based in Russia and Nigeria are targeting hundreds of executives in dozens of organizations in an ongoing Microsoft Azure cloud account takeover (ATO) campaign. According to US cybersecurity firm Proofpoint: “As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents.” Innocent but weaponized documents sent to key executives include embedded links to “View Document”, which automatically directs them to a malicious site. The users affected by the attacks occupy a variety of trusted positions within their organizations. Victims include chief financial officers (CFOs), finance managers, account managers, corporate vice presidents, and sales directors. Proofpoint believes that targeting this variety of executive positions is far from being a series of random phishing attacks.