Cybercrime Rapper Sues Bank over Fraud Investigation

A partial selfie posted by Punchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev...

U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams

The U.S. Department of Justice DoJ has sentenced a 31-year-old man to 10 years in prison for laundering more than $4.5 million through business email compromise BEC schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in Januar...

CVE-2024-4307 SQL injection vulnerability in HubBank

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...

CVE-2024-4307 SQL injection vulnerability in HubBank

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...

Romance scammer deepfakes Mark Ruffalo to con elderly artist

Deepfakes have settled into a groove, as most scam techniques do. It seems most deepfakers have decided to make as much cash as possible from unsuspecting victims instead of doing anything particularly earth-shattering with their technology. One curious twist we may not have seen coming is the...

How to spot the signs of a virtual kidnap scam

Threats and bluster play a key role in most online attacks: Ransomware has its ransom note; trolls threaten to ramp up the pressure; tech support scammers insist your PC needs urgent assistance. Some take it a step further, leaning in with a more direct approach, ranging from death threats to...

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise BEC attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result o...

How Email Attacks are Evolving in 2021

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise BEC attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari. These type of attacks don’t garner the same attention...

Major BEC Phishing Ring Cracked Open with 3 Arrests

Three men suspected of participating in a massive business email compromise BEC ring have been arrested in Lagos, Nigeria. A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted in the arrest of the Nigerian nationals, believed to be responsible for distributing...

BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B

A study of more than 9,000 instances of business email compromise BEC attacks all over the world shows that the number has skyrocketed over the past year, and that the social-engineering scam has expanded well beyond its historic roots in Nigeria. The report from Agari’s Cyber Intelligence Divisi...

BEC Wire Transfers Average $80K Per Attack

The average wire-transfer loss from business email compromise BEC attacks is significantly on the rise: In the second quarter of 2020 the average was $80,183, up from $54,000 in the first quarter. That’s according to the recently released Anti-Phishing Working Group APWG’s Phishing Activity Trend...

Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates

With Business Email Compromises BECs showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 O365 breaches and how to properly investigate them. This blog post is for those who have yet to dip their toes into the waters of an O365 BEC...

Tax Scams – Everything you need to know to keep your money and data safe

Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress. There are two things that...

Microsoft Halts a Global Fraud Campaign That Targeted CEOs

A sophisticated scheme was designed to trick businesses in more than 60 countries into wiring large sums of money to attackers...

Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million

In a recent highly targeted BEC attack, hackers managed to trick three British private equity firms into wire-transferring a total of $1.3 million to the bank accounts fraudsters have access to — while the victimized executives thought they closed an investment deal with some startups. According ...

'Ultimate' MiTM Attack Steals $1M from Israeli Startup

Hackers pulled off an elaborate man-in-the-middle campaign to rip off an Israeli startup by intercepting a wire transfer from a Chinese venture-capital firm intended for the new business. New research by Check Point Software details how the security vendor uncovered the wire-transfer heist, in...

News Wrap: Deepfake CEO Voice Scam, Facebook Phone Data Exposed

In this week’s news wrap ended Sept. 6, the Threatpost team breaks down the biggest news of the week, including: Cybercrooks successfully fooling a company into a large wire transfer using an AI-powered deepfake of a chief executive’s voice and Facebook, Microsoft and a number of universities...

Don’t Blame Employees who fall for a BEC scam!

The BBC reports that a media company based in Scotland is now suing a former employee who fell for a Business Email Compromise BEC scam. In the scam, the employee received emails which appeared to be from the managing director and requested wire transfers. The employee worked with her line manage...

ThreatList: 60% of BEC Attacks Fly Under the Radar

Up to 60 percent of business email compromise BEC attacks don’t involve a malicious link, making it more difficult for employees and email security systems to spot that something is amiss, a recent report found. Researchers at Barracuda, in a new study of 3,000 BEC attacks, found that most of the...

How attackers are abusing high-profile users and executives

Email is the prime communication channel for businesses and their employees worldwide. In fact, last year saw more than 269 billion emails sent per day, and Radicati Group researchers predict that by 2021, this number will rise to more than 319 billion. With so much critical and sensitive...