Steal

now browsing by tag

 
 

#infosec | Hackers Steal Customer Info from UK FinTech Loqbox

Source: National Cyber Security – Produced By Gregory Evans

A UK-based fintech was hit by a “sophisticated” cyber-attack last month, compromising the payment information and personal details of its customers.

The firm, which helps customers improve their credit score by taking out and repaying loans with it, revealed the incident in an email to customers seen by MoneySavingExpert.

It happened on February 20 this year, and although the number of customers affected is thus far unknown, the variety of personal information compromised should set alarm bells ringing for those affected.

It includes customers’ names, dates of birth, postal addresses and phone numbers alongside: the first six and last four digits of their card number, expiry date, sort code and two digits from their bank account number.

This information isn’t enough on its own for hackers to use in payment or account takeover fraud, but it could certainly be deployed to make follow-on phishing attacks more convincing.

If a victim responded to such an email with more of their details, hackers could piece together enough digital information to commit a range of identity fraud scams.

“Cyber-criminals are quick to create genuine-looking fake sites and emails designed to manipulate further information out of their victims including passwords or other missing data,” warned ESET cybersecurity specialist, Jake Moore.

Loqbox itself has claimed to have notified the relevant regulatory authorities and police, and has taken steps to address the security issues which led to the breach.

It reassured customers that any funds paid into accounts were still secure. However, there’s no public breach notification on its website or Twitter feed, the latter not having been updated since June 2019.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Hackers Steal Customer Info from UK FinTech Loqbox appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | What Kind Of Phone Calls And Messages Can Steal Your Money

Source: National Cyber Security – Produced By Gregory Evans

Phone calls need not always be the bearer of good news. In its recent report, a telecommunication firm said that around 44.6% of the phone calls made in 2019 were made by the scammers, and the numbers will rise up further in 2020.

Incidents of cyber crimes and phone scams are so frequent these days that the next phone call you are about to receive- might be a call from a scammer trying to steal your money.

Before you get up and receive your ringing phone, you might want to read this list of the most common type of phone call scammers that can put you at risk. Who knows maybe a little bit of awareness can save you from being scammed?

1. “Your ATM card has been blocked”

People often receive phone calls
from scammers impersonating bankers. To rattle you off and to show you that
they are ‘real’, they might even tell you your ATM card
number and the expiration date. While they have all that information with them,
they try to get you scared by telling you that the bank is blocking your ATM
card or even credit card for some discrepancies in your account. They say that
they can make it all go away and need to access your account for that, and so
they ask for your card’s PIN.

Do not share your PIN as it will actually give them access to your bank account, more than you would like, letting them withdraw all the money from your account.

2. “Send us the OTP to let us bank transfer your cash reward”

If asking your bank account details
directly wasn’t enough, they try to tempt you with attractive offers. Scammers
make phone calls saying that you have won a competition or a lottery; you might
not remember participating in. They say that you have won a huge sum of money
and/or a holiday in your dream destination.

For that, they need your bank
account number and ATM PIN so that they can transfer the sum directly to your
bank account.

While the reward might look tempting enough and the caller might seem trustworthy, these callers are most likely to withdraw all your hard-earned money instead of giving you a ‘reward’.


ALSO READ: Did You Get Trapped In The Netflix Phishing Scam?


3. “This is Techsupport, we want to help you”

With developing IT cells of the scammers, they often pose as tech support as well. They pose as IT guys from tech companies helping you get rid of your computer virus. They start by asking you to download software that helps you share your computer with them and gives them remote control access to your computer as well.

While you see them ‘helping’ you,
they are quite likely to be downloading all your personal information in the
background. Sometimes they often hold all your computer data ‘hostage’ and
threaten to give it back to you only if you pay a certain sum of money.

4. “Please confirm your Aadhar Card number”

This important identity card of
Indian citizen holds all of their key information. Along with the name, birth
date, family details, it has their bank account details, PAN card details and
many more. To gain access to all that information, bank account details and
more, scammers often come up with various schemes, that ends with them asking
for your Aadhar card number.

Please do not share that your Aadhar card details with anyone as your personal information can be misused.

5. “Click the link to spend time with this lovely lady”

We all receive such enticing emails
and messages that promise company to lonely souls. Although you’re intelligent enough
to spot the red alert in the message and understand it to be a scam, you might
receive some other messages and emails that can tempt you. Whatever it may seem
DO NOT click on the links that follow the ad mails and messages.

These links mostly take you to a homepage that gives the hackers access to your computer, and hence, your personal information and data.

As the number of scammers increase
in number with every passing year, they often come up with new ways to trick
you. Banks never call you asking for your bank details as they already have it
themselves. 

Do not disclose them to a ‘banker’ over the phone, as they are mostly a fraud impersonating a banker. If you feel your bank account details are at risk, do not hesitate on visiting your bank and talking to the bank manager, or even reporting a complaint to the police.

Image Credits: Google Images

Sources: Economic Times, Financial Express, Business Today

Find The Blogger @AyushArcher05


Other Recommendations:

Source link

The post #cyberfraud | #cybercriminals | What Kind Of Phone Calls And Messages Can Steal Your Money appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Criminals using ‘Frankenstein identities’ to steal from banks

Source: National Cyber Security – Produced By Gregory Evans It started out like any other online loan. Notre Dame Federal Credit Union reviewed the application. It did the necessary background checks, and authenticated the applicant’s credit score and background. But it wasn’t until a group of borrowers in Missouri abruptly stopped making payments that the […] View full post on AmIHackerProof.com

When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company

When hackers get hacked” should become the tagline of 2018. After several other similar incidents, it is now the turn of an Android spyware maker that advertises its spyware to be used against children and employees. A target of a vigilante hacker, the company known as SpyHuman offers surveillance software for Android devices that enables its users to intercept phone calls, text messages, track GPS locations, read messages on WhatsApp and Facebook, and use the target device’s microphone.

It now appears that a hacker has stolen customer text messages and call metadata from the spyware company. Call metadata includes phone numbers the target devices dialled or received calls from along with their duration and dates. Hackers managed to access over 440,000,000 call details through exploiting a basic security flaw in the website.

advertisement:

nso-pegasusRELATEDControversial Israeli Spyware Firm Robbed by Its Own Employee Who Tried Selling Code for $50 Million!

“These spy apps should be out of market, most people spy on girls and [their] data image […] always sensitive,” the hacker wrote in a message that was obtained by Motherboard. “No one have rights to do that and same these apps and provider making money by doing this.”

While SpyHuman sells its spyware as a tool to monitor children and employees, it’s mostly used to illegally spy on partners and spouses without their consent. “Several review websites and social media posts do push the app for such purposes, and archives of particular SpyHuman pages include phrases such as ‘know if your partner is cheating on you,’ and suggests monitoring your husband’s texts in case he is having an affair,” the publication reports.

The company gave the following (non)explanation when asked about how it makes sure its software isn’t being used for illegal surveillance:

staff-surveillance-2RELATEDMicrosoft Exposes FinFisher Gov Spyware – Says Windows Defender ATP Can Now Detect the Notorious Spyware

“As a precaution, at an initial stage of our app installation, we always ask users that for what purposes they are installing this app in the target device. If they select child or employee monitoring then our app stays hidden and operate in stealth mode. Otherwise, it will create visible Icon so that one can know that such app is installed on his/her devices.”

As is apparent, since its users can always select a child or an employee – which in itself raises several questions – they don’t necessarily have to reveal if they are using the product for spying on people, mostly partners, without their consent.

– If you are a victim of spyware or technology-facilitated abuse, this is a very comprehensive resource list offering guidelines and help.

The post When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New #identity theft #scheme: #scammers use #US Postal #Service to #steal #information

Source: National Cyber Security – Produced By Gregory Evans

Stepahnie Vagim says it was her quick thinking mailman who saved her from identity theft just two days before Christmas.

Mail theft victim, Stephanie Vagim said, “Apparently someone went online and requested a vacation hold under my address that wasn’t me. He didn’t recognize the name so he brought me the mail.”

In the stack, letters for lines of credit – that a scammer was itching to get their hands on.

“The JC Penny, the Kohls Community Bank. Someone could have furnished their own home brought Christmas gifts for everyone they know and all under my name.”

And Vagim says it was all executed through their USPS website. The thief filled out the “request hold mail service” form to stop deliveries to her home.

The person, according to the form, planned on picking the mail up from the post office without Vagim ever knowing.

We spoke over the phone with a USPS Postal Inspector. He says this is not the first time a crime like this has happened.

“We are seeing this we’ve had similar crimes take place in the Central Valley in the Sacramento in the Bay Area and the key is the minute you realize something is not right say something,” Jeff Fitch said.

Meantime while Vagim is warning people of this new fraudulent scheme, she is hoping the government will find a way to stop it from happening so easily.

The post New #identity theft #scheme: #scammers use #US Postal #Service to #steal #information appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #steal 19M #California voter #records after #holding #database for #ransom

Source: National Cyber Security – Produced By Gregory Evans

In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.

Database Was Left Exposed

The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.

Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.

Cybercriminals Held Voters Database For Ransom

Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.

The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.

Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.

What Data The Database Had

In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:

City: 
Zip: 
StreetType: 
LastName: 
HouseFractionNumber
RegistrationMethodCode 
State: CA 
Phone4Exchng: 
MailingState: CA
Email: 
Phone3Area: 
Phone3NumPart: 
Status: A 
Phone4Area: 
StreetName: 
FirstName:
StreetDirSuffix: 
RegistrantId:
Phone1NumPart: 
UnitType: 
Phone2NumPart: 
VoterStatusReasonCodeDesc: Voter Requested 
Precinct: 
PrecinctNumber: 
PlaceOfBirth: 
Phone1Exchng:
AddressNumberSuffix: 
ExtractDate: 2017-05-31
Language: ENG 
Dob: 
Gender: 
MailingCountry:
AssistanceRequestFlag 
MailingCity: 
MiddleName:
AddressNumber: 
StreetDirPrefix: 
RegistrationDate: 
PartyCode: 
Phone1Area: 
Suffix:
NonStandardAddress: 
Phone4NumPart: 
CountyCode: 
MailingAdd3: 
MailingAdd2: 
MailingAdd1:
UnitNumber: 
Phone2Exchng: 
NamePrefix: 
_id: ObjectId 
MailingZip5: 
Phone2Area:

Moreover, researchers also found a 22GB file that contained a massive 409,449,416 records of complete California voter registration records. It is believed that the database was created back on May 31st, 2017.

ExtractDate: '2017-05-31',
'District': 
'RegistrantId': 
'CountyCode':, 
'DistrictName':
'_id': ObjectId

MongoDB And Ransom

Since 2016, there have been a number of incidents where MongoDB database have been found exposed on the Internet or held for ransom. In January this year, several unsecured MongoDB databases were hijacked by a hacker, who not only wiped out those databases but also stored copies of them and asked for a ransom of 0.2 bitcoins (roughly US$ 211 at that time).

Researchers also found 13 MillionMacKeeper’ credentials and 58 million business firm accounts exposed online due to misconfigured MongoDB database last year. Last week, AI.Type keyboard app had 31 million customers records exposed online due to misconfigured MongoDB database. In that case, it was discovered that the keyboard app has been spying on users and collecting everything a user does on their smartphone.

Voters Database And Dark Web

A dark web marketplace is a perfect place for hackers and cybercriminals to sell what they steal from others. A year ago, entire US voters’ registration records were being sold on now seized Hansa marketplace, therefore, Californians should not be surprised if their data goes on the dark web for sale.

The post Hackers #steal 19M #California voter #records after #holding #database for #ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #steal $64 #million from #cryptocurrency firm #NiceHash

A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies.

NiceHash matches people looking to sell processing time on computers in exchange for bitcoin.

There have been at least three dozen heists on exchanges that buy and sell digital currencies since 2011, including one that led to the 2014 collapse of Mt. Gox, once the world’s largest bitcoin market.

More than 980,000 bitcoins have been stolen from exchanges, which would be worth more than $15 billion at current exchange rates. Few have been recovered, leaving some investors without any compensation.

The hacks have not kept demand for digital currencies from soaring. Bitcoin’s value has climbed more than 15-fold so far this year, closing at a record $16,000 on the Luxembourg-based Bitstamp exchange on Thursday, ahead of this weekend’s launch of bitcoin futures by CBOE.

Security experts said they expect the cyber-crime spree to pick up as the rising valuations attract interest from cyber criminals looking for victims that lack experience defending against hacks.

“These exchanges are not in my opinion secure,” said Gartner security analyst Avivah Litan. “You don’t know what their security is like behind the scenes.”

NiceHash executive Andrej P. Škraba told Reuters that his firm was the victim of “a highly professional” heist that yielded about 4,700 bitcoin, worth around $64 million.

Sophisticated criminal groups are increasingly targeting the cryptocurrency industry, focusing on exchanges and other types of firms in the sector, said Noam Jolles, a senior intelligence specialist with Israeli cyber-security company Diskin Advanced Technologies.

“The most sophisticated groups are going into this area,” she said.

NiceHash, which advised users to change online passwords after it halted operations on Wednesday, has provided few other details about the attack on its payment system.

“We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service,” it said on its website.

It was unclear whether customers faced any losses from the hack.

Slovenian police said they were looking into the hack, but declined to elaborate.

View full post on National Cyber Security Ventures

Russian government hackers used antivirus software to steal U.S. cyber capabilities

Source: National Cyber Security – Produced By Gregory Evans

Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter. The employee had taken classified material home to work on it on his computer, and his use of…

The post Russian government hackers used antivirus software to steal U.S. cyber capabilities appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Could Use Light to Steal Information Via Security Cameras

Source: National Cyber Security – Produced By Gregory Evans

Where there’s a will, there’s a way, and hackers have plenty of will and countless ways to attack a secure network—even if it’s not connected to the internet. In the latest demonstration proving no network is safe, researchers at Ben-Gurion University of the Negev used security cameras equipped with night…

The post Hackers Could Use Light to Steal Information Via Security Cameras appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Apple’s New iPhone X Could Help Identity Thieves Steal Your Face

Source: National Cyber Security – Produced By Gregory Evans

Apple has announced that it plans to replace previous iPhone login credentials with facial recognition technology to log into the iPhone and to access Apple Pay. This should prompt some privacy and security concerns, but probably not the ones you’re thinking. It’s not the TSA or the Deep State who…

The post Apple’s New iPhone X Could Help Identity Thieves Steal Your Face appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures