16 matches found
The democratisation of business email compromise fraud
Welcome to this week's edition of the Threat Source newsletter. Last weekend, I witnessed a crime. Not a notable crime that you might read about in the press, but an unremarkable fraud attempt that nevertheless illustrates how new threat actor capabilities are emerging. I imagine that most people...
No, Colonel Gaddafi’s daughter isn’t emailing to give you untold riches
It’s not every day you receive a big money offer from someone claiming to sit in political asylum, but here we are. The following missive landed in our spam traps at the weekend. The mail claims to be from the daughter of no less than the late Colonel Gaddafi. Ayesha Gaddafi promises you untold...
Details of a Computer Banking Scam
This is a longish video that describes a profitable computer banking scam thats run out of call centers in places like India. Theres a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, an...
First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered
Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...
What’s in the spam mailbox this week?
We've seen a fair few spam emails in circulation this week, ranging from phishing to money muling to sexploitation. Shall we take a look? The FBI wants to give you back your money First out of the gate, we have a missive claiming to be from the FBI. Turns out you lost a huge sum of money that you...
419 spam: 10 million US dollars, courtesy of “Rev. Goodluck Ebola”
I'm not saying an email claiming to be from the "Central Bank of Nigeria" with a contact handler named "Rev. Goodluck Ebola" will raise too many red flags, but… Click to Enlarge CENTRAL BANK OF NIGERIA OFFICE OF THE GOVERNOR Zaria Street, Off Samuel Akintola Street,Garki 11, Garki-Abuja. Our Ref:...
Turning Tables on Nigerian Business Email Scammers
SAN FRANCISCO – Traditional takedowns of cybercrime enterprises generally rely on court orders that facilitate either taking servers offline or sending the criminals malware that helps identify them or their locations. Sometimes, however, the technical option is second best. Researchers at Dell...
New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had...
New Variant of Ploutus ATM Malware Observed in the Wild in Latin America
Introduction Ploutus is one of the most advanced ATM malware families we’ve seen in the last few years. Discovered for the first time in Mexico back in 2013, Ploutus enabled criminals to empty ATMs using either an external keyboard attached to the machine or via SMS message, a technique that had...
Brazilian Payment Fraud Campaign Steals Billions
UPDATE–Hackers are targeting Brazil’s Boleto payment system, the second most popular payment method in the country, and have conducted hundreds of thousands of fraudulent transactions, though researchers differ over how much money has been stolen. Formally known as Boleto Bancario, Boletos are...
Dyreza Banker Trojan Seen Bypassing SSL
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...
Ramnit Man-in-the-Browser Attack Targets UK Banks
Nowhere is the cat-and-mouse game between attackers and the security of users more evident than with social engineering schemes. Users’ awareness of phishing campaigns, for example, may be improving, but that’s just forcing attackers bent on identity theft and stealing payment card information to...
A Russian Zeus attacker Sentenced from Million Dollar Fraud
A Russian Zeus attacker Sentenced from Million Dollar Fraud A Russian Hacker, who was part of an elaborate Cyber attack that used Zeus Banking Trojan in U.S. visas to move cash stolen from U.S. businesses out of the country was sentenced on March 23 to two years in U.S. federal prison. Nikokay...
Legitimate-Looking Ads Used to Recruit Money Mules for Criminal Operations
Money mules have been aggressively recruited this year to help cybercriminals launder money, according to Fortinet. A recent example of this is the worldwide prosecution of a Zeus criminal operation, which included 37 charges against alleged money mules. Recent Zeus stories illustrate how prevale...
A Closer Look at Work at Home Scams
A recent chat with an individual who was almost tricked into helping organized criminals launder thousands of dollars stolen through e-banking fraud displayed one of the more clever and convincing money mule recruitment Web sites encountered. Read the full article. KrebsonSecurity...
Interview With a Cybercrime Money Mule
Brian Krebs’ terrific reporting on the targeted malware attacks against small businesses in the U.S. continues today with a closer look at the way “money mules” operate and their roles in the cybercrime operation. In this article, Krebs interviews a “money mule” and shows the layers of online job...