Technology Phishing scams are costing us more than ever. This trick is most likely to catch you out

18:25  12 february  2020
18:25  12 february  2020 Source:   zdnet.com

Apple engineers propose a way to make using two-factor texts easier

  Apple engineers propose a way to make using two-factor texts easier If you've ever used online banking or any other highly-secure website, chances are you've encountered a one-time passcode (OTP) before. These are SMS messages sent to your phone with a unique code that verifies your identity with the website you're on. For a lot of users, inputting this code into the website involves tapping back and forth between the browser and the SMS client -- and in some cases even having to physically write down the code, because it's so long or complicated. Now, Apple engineers have put forward a proposal designed to make the whole process easier and more secure.The proposal has two main objectives.

1. Phishing email scams . More than one third of all security incidents start with phishing emails or Phishing scams are based on communication made via email or on social networks. We ’ve seen many spam email campaigns in which phishing were the main attack vector for malicious criminals

The most common way that a phisher gets the ball rolling on a bank phishing attack is by sending out thousands of spoof emails. When those people receive emails that are supposed to be from those companies, they are more likely to trust them.

Businesses are losing over $700m a month to cyber criminals because employees are falling victim to phishing attacks, business email compromise campaigns and gift card scams – and the amount of money being lost is still on the rise.

a hand holding a knife: Young asian entrepreneurs women hands holding credit card for online shopping at home,teenager owner business,success and online shopping concept.© Getty Images/iStockphoto

Young asian entrepreneurs women hands holding credit card for online shopping at home,teenager owner business,success and online shopping concept.

Large wire transfers make a significant percentage of the successful attacks – with the criminals behind them using phishing and impersonation attacks to trick unwary staff into handing over hundreds of thousands of dollars in one go. But the most common scam involves crooks tricking victims into sending gift cards which can be worth as little as $250.

It's tax season, which means it's also tax scam season. Here's what you need to know

  It's tax season, which means it's also tax scam season. Here's what you need to know From phony IRS calls demanding gift card payments to threats of canceling your Social Security number -- here are some of the most common tax scams for this tax season.Now with tax season upon us, individuals and groups will once again attempt to defraud taxpayers and the US government out of millions of dollars, using techniques and technologies that range from the old school to the cutting edge. This year is no different, and the IRS has been feverishly issuing warnings about how to spot the red flags and strategies for staying out of scammers' crosshairs.

Phishing scams have been around practically since the inception of the Internet, and they will not 1. Keep Informed About Phishing Techniques – New phishing scams are being developed all the Keep your eyes peeled for news about new phishing scams . By finding out about them as early as

Many early phishing scams came with tell-tale signs that they were not legitimate - including strange spelling, weird formatting, low-res images and messages which often didn't Spear phishing is more advanced than a regular phishing message and aims at specific groups or even particular individuals.

Analysis by researchers at Agari – published in the cyber security company's latest Quarterly Fraud and Identity Deception trends report – found that gift cards frauds gained traction in the run up to the end of 2019, accounting for 62 percent of all BEC attacks, up from 56 percent during the previous quarter.

These attacks often involve cyber criminals taking over business email accounts and using a stolen identity to email others in the organisation to request the purchase of gift cards.

A common tactic is to pose as someone in management asking for an employee to do them a favour – because in many cases, the employee won't question a request that's supposedly coming from their boss. The run up to the holiday seasons provided criminals with the perfect opportunity to conduct gift card attacks, as they could easily claim that the request was for Christmas gifts.

FBI: BEC scams accounted for half of the cyber-crime losses in 2019

  FBI: BEC scams accounted for half of the cyber-crime losses in 2019 Average loss per BEC scam amounted to nearly $75,000, per complaint, on average.The FBI said that almost half of the reported losses -- an estimated $1.77 billion -- came from reports of BEC (Business Email Compromise), also known as EAC (Email Account Compromise) crimes.

More than 3 million consumers fall victim to scams each year, but you don't have to be one of them. But the real figure could be much higher – many victims fail to report losses, often due to embarrassment. So what are the scams most likely to catch people out ? Here is our top 10.

Most of us hit ignore or delete or toss junk mail in the rubbish knowing that these messages and solicitations are most likely so-called mass-market But why do people fall prey to these scams ? My colleagues and I set out to answer this question. Some of our findings are in line with other research

The average amount request in gift card attacks has risen slightly to $1,627, with the minimum amount tending to come in at $250. In some more ambitious cases, cyber criminals have asked for gift cards worth $10,000 to be transferred – by targeting employees across multiple departments at the same time.

"Gift cards have become the preferred method of cashing out for a number of reasons. First, it makes everyone at any company the potential target of a BEC attack, not just the finance and HR departments. We've seen campaigns that have targeted 30-40 employees at a single company at one time in gift card BEC scams" Crane Hassold, senior director of threat research at Agari told ZDNet.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Gift cards are useful for cyber criminals as tracing how they can be cashed out immediately and it's difficult to trace where the funds have gone. And because they are receiving the gift cards for free – at the expense of the victim – even if crooks sell them on at a low price, they're making a profit.

Puerto Rico's government lost $2.6 million to a phishing scam

  Puerto Rico's government lost $2.6 million to a phishing scam An email phishing scam duped the government of Puerto Rico into transferring more than $2.6 million into a fraudulent account, The Associated Press reports. A government agency transferred the funds on January 17th, but the incident was just discovered this week. Puerto Rico is working with the FBI to investigate and recover the funds. Rubén Rivera, finance director of the island's Industrial Development Company, told AP that the agency received an email alleging a change to a bank account tied to remittance payments. In response, the agency transferred the funds to the fake account.

Frequently, phishing scams start with emails, but they take other forms as well. Even as awareness grows though, the phishers are trying new tricks to get through our defenses It makes your browser, email client, and security tools are more likely to spot when you ’re being phished , and it means the

About Us Learn more about Stack Overflow the company. Business Learn more about hiring developers or Janus is more likely to commit crime than Mike because Janus has a history of mania. More than is a phrase that fits into the pattern of comparative adjective + than , which is

The most common requests are for gift cards for Google Play and eBay, followed by Target, iTunes and Walmart. Best Buy, Amazon, Steam and the Apple Store also make for popular requests.

The values of the gift cards requested might appear small when considered individually, but the total costs adds up, especially given how the attacks remain so successful and easy to cash out.

However, more ambitious attacks are also on the rise, with the number BEC campaigns requesting wire transfers also increasing during the quarter – and increasingly requesting larger sums.

These attacks require a bit more planning from the criminals. In some cases they will hack into the inbox of their target and conduct reconnaissance – and snoop on their contacts – before mimicking them and requesting a transfer of a large sum of money – sometimes in the form of an expected payment with regard to contracts or business deals.

The average figure requested in these campaigns is just over $55,000 – representing a five percent rise compared with the previous quarter. In some cases, attackers will ask for hundreds of thousands or millions of dollars; but the higher the figure, the more likely it is that suspicious will be raised although some of these 'whaling' attacks still prove to be successful, especially for organised criminal gangs.

Romance scams: Americans lost $201 million last year

  Romance scams: Americans lost $201 million last year Online romance scams are growing at a dizzying pace, raking in millions of dollars from unsuspecting victims across the United States. Some of the scams drag on for months or years, and leave the victims crushed emotionally and financially. Just this week, federal officials announced that Americans lost $201 million to online romance scams last year -- nearly a 40% jump since 2018.Here's how to avoid getting your heart and money stolen: They claim to be in these professionsRomance scammers start off with fake profiles using someone else's identity.

Read More : Phishing Scam Alert: Wells Fargo Customers Targeted By Hackers. Manipulative Web Links A typical phishing trick is to send users a Just have the scammer ask for it. Whether through an email, text message, or traditional phone call, scammers are more confident than ever in asking

“ That means that Monday mornings, normally on the commute to work, are the first opportunity adulterers get to communicate with each other after a long weekend of silence. A common trick is to call their lover by a different name on their phone – usually using a name of the same gender.

Criminals are attracted to business email compromised attacks because they're proving to be successful and they're simple to carry out. However, organisations can go a long way to preventing phishing and other email-based attacks from being successful by implementing additional security on accounts, such as multi-factor authentication, as well as human-level checks and balances.

"Companies need to understand that cyber attacks are no longer technically sophisticated. Most cyber attacks today, like BEC, are very simple social engineering attacks and companies need to make sure they have defences in place that are equipped to deal with these types of attacks," said Hassold.

"Companies should have good internal processes in place, so payment requests, regardless of the source, are validated before they are processed," he said.


  • How one romance scammer built an international phishing operation
  • Cyberattack: How we were phished by professional hackers CNET
  • Phishing attacks: Why we're still losing the battle against phoney emails
  • 3 things you need in a cybersecurity awareness training plan TechRepublic
  • Phishing attacks: Watch out for these telltale signs that you've been sent to a phoney website

This mobile phishing scam targeted bank app users; thousands clicked through .
Researchers at Lookout detail an SMS phishing campaign which has tricked smartphone users into clicking on links to phoney websites.UK banks are the latest target of the Marcher malware.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!