Extortion

now browsing by tag

 
 

#cyberfraud | #cybercriminals | Ashley Madison users face extortion scam, five years on

Source: National Cyber Security – Produced By Gregory Evans Victims of the Ashley Madison data breach are again under attack, this time, via email. In 2015, ‘Impact Team’ dumped 32 million Ashley Madison users’ personal information, credit card and payment details, passwords, security question answers and ‘preferences’ on the dark web, after Avid Life Media […] View full post on AmIHackerProof.com

Ashley Madison Breach Returns with Extortion Campaign

Source: National Cyber Security – Produced By Gregory Evans

The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.

Five years after a huge data breach at extramarital affair website Ashley Madison gave criminals access to the credentials of roughly 32 million users, some victims are being hit once again, this time with a highly personalized extortion attempt.

The extortion message includes detailed personal and financial information on the victim and demands a Bitcoin payment (the equivalent of $1,000 on up) to ensure that incriminating details won’t be shared with friends, family, and employers. The message includes two factors that are becoming more popular in criminal attacks: Details of the ransom payment are in an encrypted .PDF file attached to the email, and the .PDF includes a QR code at the top as a way to access payment information.

Both of these newer details are attempts to evade email filters that increasingly target criminal attack content. According to researchers at Vade Secure, which published a blog post on the new attack, the form of the attack is similar to other messages in a wave of “sextortion” attacks that have been ongoing since July 2018.

For more, read here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Source link

The post Ashley Madison Breach Returns with Extortion Campaign appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Men paid $100K by Uber to hush up hack plead guilty to extortion scheme

Source: National Cyber Security – Produced By Gregory Evans

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data.

Twenty-six-year-old Brandon Charles Glover and Vasile Meacre, 23, entered guilty pleas this week at a federal court in San Jose, California in relation to the theft of records related to 57 million of Uber’s passengers and drivers.

According to the US Department of Justice, the duo stole personal information from databases on AWS cloud servers in a criminal scheme which ran from October 2016 to January 2017. They then audaciously contacted the concerned companies, claiming they had found vulnerabilities in employees’ use of the systems and demanding payment for the erasure of the confidential data.

Controversially, Uber’s security team acceded to the hackers’ demands and paid them $100,000 in Bitcoin in December 2016 to delete the data and keep the breach quiet.

After making the payments, Uber subsequently identified Glover as one of the hackers who had extorted money from them. However, rather than passing information to the authorities, Uber astonishingly met with both Glover and Meacre and convinced them to sign a confidentiality agreement with the hope that the news of the breach would not become public.

It was not until November 2017 that millions of Uber users and drivers found out their personal information had fallen into the hands of criminals.

Dara Khosrowshahi, who became CEO of Uber after the security breach and the payment to the hackers, said in November 2018 that “none of this should have happened, and I will not make excuses for it.”

At the same time, Uber’s security chief Joe Sullivan was ousted from the company alongside one other employee involved in the handling of (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Men paid $100K by Uber to hush up hack plead guilty to extortion scheme <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Identity #theft alert: How 77,0000 Canadians lost $99 million last year in #extortion, #phishing and #romance scams

Source: National Cyber Security – Produced By Gregory Evans

Identity #theft alert: How 77,0000 Canadians lost $99 million last year in #extortion, #phishing and #romance scams

Randy Chester was visiting one of his usual second-hand haunts this summer, a Value Village in Toronto’s east end, when he spied a beautiful shirt and vest for $20. Excited about his new finds, he tapped his debit card, only to be shocked by the resulting message: Insufficient funds.

“I was upset because I knew I had money,” he recalls. He tried the card again at a variety store, a restaurant and then at an ATM belonging to his bank, CIBC, and got the same message. When he called the bank to see what was going on, they asked him if he had been shopping at Yorkdale Mall in the city’s north end. There was a $1,500 purchase debited from his account, but Chester, a cancer patient on disability who uses a walker, had been at a medical appointment at the Princess Margaret Cancer Hospital that day.

“It’s like, hello!” he jokes. “Value Village, yes. Yorkdale Mall, no. I couldn’t get there with my walker.”

Then he remembered that a young man had called him on his flip-phone a few days before, claiming to be from CIBC and saying there was a problem with his debit card. Chester knew better than to talk to anyone about his banking information and hung up. The next day, he got a text message, purportedly from CIBC, that had the last four digits of his debit card number in it, and asked him to text back “Y” for yes if it was his account. He assumed because they had his number already, it was legitimate. He hit Y and send.

“The bank told me they would never send a text message,” says Chester, 61. “I didn’t know that.”

Once he reported the problem, the bank locked down his account, reversed the charges, and gave him a new bank card. But it’s impossible to tell how the scammers got his bank information, which is often the case when it comes to identity theft, says Jessica Gunson, the acting call centre and intake unit manager at the Canadian Anti-Fraud Centre in Thunder Bay, Ont.

“It certainly sounds like a variation on phishing,” she says, but notes that it’s unusual because the thief already had Chester’s bank information when he or she sent the text.

“We do know thieves have been known to dumpster dive, and it underlines the importance of having a paper shredder in the home and in the office. We need to treat our personal information like cash.” For that reason, experts advise leaving your Social Insurance Number card and birth certificate in a safe place at home, since thieves can do a lot of damage with your name, birth date and SIN.

The Canadian Anti-fraud Centre, jointly managed by the Ontario Provincial Police, the RCMP, the federal Competition Bureau, manages the central database for fraud complaints. Investigators across the country rely on its vast stores of data to compare notes on mass-marketing fraud and online scams. In 2016, it logged more than 77,000 complaints that resulted in losses of more than $99-million, with the top scams by complaint involving extortion, phishing, and fake computer-service companies. The frauds that resulted in the most money lost were romance scams, at more than $20-million.

Though Gunson could not begin to guess how criminals got Chester’s information, she said it is important never to leave a paper receipt of a transaction in or near the banking machine, and to use online banking to check balances, rather than printing them out at ATMs.

“When it comes to identity theft and identity fraud, the difficulty is in pinpointing the source. Unless (investigators) find a boiler room where people are mass producing ID, it is difficult to determine on an individual basis where it is coming from.”

The good news is most cases of identity theft and identity fraud result in little financial loss to the victims, but Gunson says it takes time and effort to untangle the mess.

In Montreal, actor Paul Burke figures someone used a surveillance camera or fake keypad or card reader to obtain his PIN, which they used to empty his account of $700 in the summer of 2010. He called the bank, which contacted the RCMP. And then he waited.

“ I called them back after a week and I said, ‘I have zero money. I need my money back,” says Burke, 48.

Within a day or two of that call he had the money in his account, but to this day he has no clue what happened.

“It was so bizarre. I consider it a one-off, but obviously I should be more careful.”

The post Identity #theft alert: How 77,0000 Canadians lost $99 million last year in #extortion, #phishing and #romance scams appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Lax perimeter security exposes bank to hacker extortion attempt

Digital protection and security.Protect system, privacy web information, vector illustration

Source: National Cyber Security – Produced By Gregory Evans

Lax perimeter security exposes bank to hacker extortion attempt

Failure to follow standard network security best practice has exposed a Californian investment bank to cyber criminals’ demands
Hackers have attempted to extort money from an investment bank in California after bypassing network defences to steal documents.
WestPark Capital, based

The post Lax perimeter security exposes bank to hacker extortion attempt appeared first on National Cyber Security.

View full post on National Cyber Security

Fending off cyber extortion can be difficult

Source: National Cyber Security – Produced By Gregory Evans

Fending off cyber extortion can be difficult

A basic computer setup connected to the internet grants a malicious hacker the power to steal sensitive information, affect a company’s stock value, and hold corporations to a ransom with the click of a mouse. The advent of anonymizing technologies such as the Tor network and virtual cryptocurrencies like Bitcoin are taken advantage of by cybercriminals to operate in clandestine ways. The reality is this: the wired infrastructure we rely upon where everything from a nuclear reactor to a Wall Street firm can be hacked into merely for being connected to the internet has opened a whole new world of possibilities to criminals operating on the Internet. A ransom demand or a threat over an email was the natural step in the evolution of criminals on the Internet operating in anonymity. Recent report says CSO salaries could reach a quarter of a million dollars. A notable example of a cyber extortion in the past year is the much-publicized Ashley Madison data breach, an incident that will forever remain in infamy – particularly due to the sensitive data obtained by hackers. Threatening a company with blackmail following a breach of data of over 30 million customers whose personal details and private […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Fending off cyber extortion can be difficult appeared first on National Cyber Security.

View full post on National Cyber Security

Traverse City Man Arrested for Extortion, Sex Crimes

Police arrested a Traverse City man for taking videos of women in dressing rooms.

The Traverse City Police Department and Michigan State Police’s Computer Crimes Unit have been working on this case since May.

Police say a lot of work went into catching this man.

They arrested him on a six count felony which includes extortion, having child pornography and using a computer to commit a crime.

Jesus Rodriguez-Maturino was arrested Monday.

In May, a woman contacted Traverse City Police, saying someone reached out to her on Instagram.

He was threatening to release nude photos of her if she didn’t send him more.

Then in June, Michigan State Police got a call from someone in Alpena saying they found a Tumblr account with more than a hundred videos.

Read More

The post Traverse City Man Arrested for Extortion, Sex Crimes appeared first on Parent Security Online.

View full post on Parent Security Online