Articles about Fraud

Password

Credential-stuffers enjoy up to 2% attack success rate – report

Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security. More than three billion credentials were reported stolen worldwide in 2016, with 51 companies admitting a breach. These stolen credentials are routinely abused by cybercriminals …
John Leyden, 17 Jan 2017
A businessman in handcuffs

Ex-Autonomy CFO pleads not guilty to charges he inflated the company's value

The ex-chief financial officer of Autonomy, Sushovan Hussain, has pleaded not guilty to charges he inflated the price of his company's $11bn (£9bn) acquisition by Hewlett-Packard. It is the latest development in the ongoing legal spat after HP wrote down the acquisition by a staggering $8.8bn (£7.1bn) in 2012, a year after the …
Kat Hall, 13 Jan 2017

Smart fingerprint padlock startup to $320k backers: Sorry for the radio silence

TappLock, a startup promising the "world's first smart fingerprint padlock" has claimed that issues with manufacturing in China were behind the months of silence which provoked aggrieved backers to contact The Register, fearing fraud. The padlock business had managed to raise over $320,000 on the crowd-funding site Indiegogo …

Dieselgate: VW pleads guilty, will cough up $4.3bn, throws 6 staff under its cheatware bus

In one of the toughest smackdowns in recent US corporate history, Volkswagen has pleaded guilty to Dieselgate fraud charges, and will cop a massive fine. Meanwhile, six staffers have been charged regarding the engine cheatware scandal and are facing the business end of a trial. According to the US Department of Justice on …
Iain Thomson, 11 Jan 2017
Standup comedian faces the crowd. Photo by shutterstock

What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA

A UK insurance business has been fined £150,000 for its lax security practices after a hard drive containing customers' unencrypted information was stolen. The hard drive disappeared from the offices of Royal & Sun Alliance insurance (ironically it prefers the abbreviation RSA) back in 2015. It contained 59,592 customers' …
DOor to a bank vault. Photo by Shutterstock

Rethink on bank cybersecurity rules might only follow major bank breach, says expert

It might take a major bank to fail as a result of a cyber attack for meaningful changes in cybersecurity practices, regulation and governance in the UK banking market to be implemented, a leading industry commentator has said. In an interview with Out-Law.com, professor Richard Benham, chairman of the National Cyber Management …
OUT-LAW.COM, 10 Jan 2017
Image by LuckyN http://www.shutterstock.com/gallery-1795121p1.html

Two years on, thousands of unpatched Magento shops still being carded

More than 6,000 online stores running eBay's Magento platform have been hacked with credit cards stolen under a campaign that could span almost two years, Germany's Federal Office for Information Security says. Attackers are injecting carding malware on unpatched Magento shops, which steals payment information during …
Darren Pauli, 10 Jan 2017
NHS hosptial photo, by Marbury via Shutterstock

Corrupt NHS official jailed for £80k bribe over tech contract

An NHS official who pocketed £80,000 in bribes for doling out lucrative IT contracts has been sentenced to three and half years in the slammer, while the techie contractor who benefited from them was given 14 months. Peter Lewis, 57, of Windlesham, admitted receiving corrupt payments from Richard Moxon, 41, of Wynbury in …
Bored cat on computer, photo via Shutterstock

Pharma hate figure Martin Shkreli suspended from Twitter

One-time pharmaceutical exec and distasteful windup merchant Martin Shkreli has had his Twitter account suspended after a Twitter spokesman alleged he had harassed a female journalist on the site. Lauren Duca, a freelance journalist who writes for Teen Vogue and a host of left-wing American media outlets, including Vice, The …
Gareth Corfield, 09 Jan 2017
Raising _Lazarus_from_the_dead

X-IO: Reports of our demise have been greatly exaggerated

Updated X-IO Technologies chairman and CEO Bill Miller has called in to say: "I was very surprised and disappointed to read our name in the 'Deaths' section of your 2016 year in review article. "As Mark Twain might have said, 'the reports of my death are greatly exaggerated'." Bill tells us: "We have undergone a somewhat miraculous …
Chris Mellor, 09 Jan 2017

CIA director AOL email hacker coughs to crime

Justin Liverman, arrested by the FBI for breaking into the AOL email account of CIA director John Brennan, has today signed a guilty plea deal in the face of what his lawyers described as "draconian penalties." Brennan's webmail inbox was hijacked in 2015 and his emails were subsequently published by WikiLeaks. Liverman is …
Ransomware, photo via Shutterstock

Ransomware sleazeballs target UK schools

Cybercrooks are targeting UK schools, demanding payments of up to £8,000 to unlock data they have encrypted with malware. Action Fraud warns that fraudsters are cold-calling schools claiming to be from the Department of Education and asking for the head teachers’ email addresses. Crooks then send booby-trapped emails with …
John Leyden, 06 Jan 2017
Poster for the movie Cable Guy. Copyright:  Columbia Pictures Corporation,

Routes taken by UK prosecutors over supply of modified TV set-top boxes

Analysis Prosecutors are turning to fraud charges in cases against people supplying set top boxes that can be used to access copyrighted material without paying for it because it makes cases easier for juries to understand. But a barrister who acted in one recent such case has told Out-Law.com that those conspiracy to defraud charges …
OUT-LAW.COM, 06 Jan 2017

Google nukes ad-blocker AdNauseam, sweeps remains out of Chrome Web Store

Google has removed ad blocking and privacy extension AdNauseam from its Chrome Web Store, and has taken the unusual step of flagging the extension as malware, thereby preventing AdNauseam from being used by those who have installed the software via Chrome's developer mode. Chrome users who put their browser into developer mode …
Thomas Claburn, 05 Jan 2017
fail

Florida Man sues Verizon for $72m – for letting him commit identity theft

A Florida inmate is suing Verizon Wireless after he used one of the telco's stores to commit identity theft. James Leslie Kelly, who is serving a prison term in the US state for grand theft and criminal use of personal information, is seeking $72m in damages from the telecom giant. He claims a Verizon shop in Highlands County …
Shaun Nichols, 04 Jan 2017
FACEPALM

Kaspersky fixing serious certificate slip

Updated Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. Since it has to decrypt traffic before inspection, Kaspersky presents its certificates as a trusted …

Those online ads driving you bonkers are virtually 'worthless for brands'

One dollar of online display advertising will buy you approximately $0.03 worth of actual ads seen by real people, according to Bob Hoffman, a partner in media consultancy Type A Group. Hoffman, who used to run the Hoffman/Lewis Advertising agency, is well known for his skepticism of online ads, a view that has found some …
Thomas Claburn, 03 Jan 2017
NYC

Trio charged with $4m insider trading by hacking merger lawyers

US prosecutors have charged three Chinese men with making more than $4m (£3.2m) by allegedly trading on information obtained from hacking top merger and acquisition law firms. The defendants are charged with targeting at least seven top international law firms with offices in New York, which advised companies on corporate …
Kat Hall, 28 Dec 2016

Groupon frauds blamed on third-party password breaches

Groupon has blamed fraudulent purchases from some UK customers' accounts on password leaks from other sites. UK consumer website MoneySavingExpert reports that “a number of Groupon users have seen £100s siphoned from their banks in recent weeks after fraudsters commandeered their accounts to make unauthorised purchases.” The …
John Leyden, 22 Dec 2016

White House report cautiously optimistic about job-killing AI

In a followup to its smash hit, Preparing for the Future of Artificial Intelligence, the White House on Tuesday released Artificial Intelligence, Automation, and the Economy, a report that attempts to outline the economic consequences of expected advances in automation and machine learning without actually risking a prediction …
Thomas Claburn, 22 Dec 2016

Kingpin in $1m global bank malware ring gets five years in chokey

A villain at the heart of an organized crime network that stole £840k ($1m) from victims' online bank accounts has been jailed. Tomasz Skowron, 29, of Meredith Road, Worthing, England, was sent down for five years and three months on Monday at Croydon Crown Court, after pleading guilty to conspiracy to defraud, fraud, and …

Evolved DNSChanger malware slings evil ads at PCs, hijacks routers

Malware that spreads via evil web ads and menaces broadband routers has been discovered – and it's going to be particularly horrible for small business and home internet users, which it targets. This latest variant of the years-old DNSChanger nasty, just spotted by Californian infosec biz Proofpoint, works like this: some …
Iain Thomson, 20 Dec 2016
Auctioneer with hammer

Bayrob: Romanian auction fraud suspects extradited to the US

Three suspected cybercriminals have been arrested and extradited from Romania to the US over a multi-million dollar malware-facilitated scams. The suspects are believed to be members of a gang, nicknamed Bayrob by Symantec researchers, which allegedly earned a living from online fraud for nearly a decade. The indictment claims …
John Leyden, 19 Dec 2016

Crim charges slapped on copyright trolls who filmed porn, torrented it then sued downloaders

More than a dozen criminal charges have been filed against Prenda Law lawyers, who are accused of using porno movies to extort millions of dollars from victims. Attorneys Paul Hansmeier and John Steele have each been charged in a US federal indictment with ten counts of wire fraud, five counts of mail fraud, and one count each …
Shaun Nichols, 16 Dec 2016
Vodafone adds payment cards to mobile wallet

Banks 'not doing enough' to protect against bank-transfer scams

UK banks have been told they needed to go further protecting consumers against money transfer scams - a growing form of fraud. The Payment Systems Regulator said institutions must improve the way they respond to bank transfer scams and do more to identify fraudulent payments without advocating changes in liability for …
John Leyden, 16 Dec 2016

National Lottery whacked with £3m fine for suspect ticket win

The National Lottery has been whacked with a £3m fine by the Gambling Commission over its failure to have proper controls in place to prevent a fraudulent ticket winning. It followed a probe by the regulator into allegations that a £2.5m fraudulent National Lottery prize had been paid in 2009, but which only came to light last …
Kat Hall, 16 Dec 2016
AVSWinvote box

US voting machine certification agency probes potential hack

The US agency charged with ensuring that voting machines meet security standards may have been compromised, according to evidence uncovered by cyber security firm Recorded Future. In a statement, the EAC confirmed it was investigating a potential breach. EAC has become aware of a potential intrusion into an EAC web-facing …
John Leyden, 16 Dec 2016
fraud

'Public Wi-Fi' gang fail in cunning plan to hide £10m cigarette tax fraud

A gang of five men who met at roadside cafes and used free public Wi-Fi to try to hide their £10m cigarette smuggling ring, have been jailed for 16-and-a-half years. The men attempted to evade £10,199,650m in excise duty by smuggling large freight consignments of illegal cigarettes from Europe and China into the UK. The items …
Kat Hall, 15 Dec 2016

Beancounter nicks $5m from bosses, blows $1m on fantasy babe Kate Upton's mobe game

A California chap says he blew $1m in money stolen from his employer on Game of War, a freemium phone game fronted by swimsuit model Kate Upton. Kevin Lee Co, of Rocklin, has pleaded guilty [PDF] to one count each of wire fraud and money laundering, and admitted to stealing roughly $4.8m from his employer through charges to …
Shaun Nichols, 12 Dec 2016
flaw

Fatal flaw found in PricewaterhouseCoopers SAP security software

A security tool built for SAP systems by PricewaterhouseCoopers has turned out to have worrying security holes of its own. German security research firm ESNC has been analyzing the Automated Controls Evaluator (ACE), which extracts relevant security and configuration data from an SAP system, analyzes it, and generates …
Iain Thomson, 09 Dec 2016
Swamp alligators crowd near muddy water pool. Photo by Shutterstock

Fancy that! Google was keen on 'draining the swamp' in 2013

Faced with a report showing Google’s advertising network allowed big brands' ad money to be spent funding criminal operations, Google welcomed initiatives to “drain the swamp” in 2013 - three and a half years ago. But guess what? The swamp’s still here. And it's feeding a different sort of creature now. Today the Wall Street …
Andrew Orlowski, 09 Dec 2016

Expedia support tech raided his CFO to rack up insider trades

Former Expedia worker Jonathan Ly has admitted to hacking his own chief financial officer and investor relations head to commit US$331,000 in insider stock-trading. Ly, 28, of San Francisco, pleaded guilty to securities fraud in a Seattle District Court and faces up to 25 years prison and a US$375,907 settlement including some …
Team Register, 09 Dec 2016
WDC new products Dec 2016

WDC loads its belt-fed drive cannon, blasts out disks 'n' cards galore

Western Digital Corp wowed analysts with exec spiel and five – or was it six? – product announcements. We have helium gas-filled drives, a 3D TLC NAND microSD card, two SSDs and a promised furiously fast flash platform array overflowing with IOPS. We'll start with the rotating rust and an Ultrastar He12, 12TB helium-filled …
Chris Mellor, 08 Dec 2016

Uber is watching your smartphone's battery charge

Browser authors are abandoning the invasive Battery API W3C specification, but not everybody's got the memo: Uber, for example, still watches battery status. The not-an-employer, not-a-taxi-company's app checks battery status and remaining battery, with the explanation that the feature is used for fraud detection. The …
fraud

Bloke sold cash register code to restaurants that deliberately hid sales from taxmen

A salesman sold cash register software that allowed business bosses to cheat on their taxes. John Yin, 66, appeared before the US district court in Seattle to plead guilty to wire fraud and conspiracy to defraud Uncle Sam. He faces up to 25 years behind bars and must cough up $3,445,589 to the authorities. Yin, of Everett, …
Iain Thomson, 05 Dec 2016

Guessing valid credit card numbers in six seconds? Priceless

Fraudsters can guess credit card numbers in as little as six seconds per attempt thanks to security gaps in Visa's network, academics say. The brute force attacks allow criminals to bombard Visa with card payment requests across multiple sites with each attempt narrowing the possible combinations until a valid card number and …
Darren Pauli, 05 Dec 2016
lottery

UK National Lottery data breach: Fingers crossed – it might not be you

Cyber criminals appear to be using passwords and email addresses from previous breaches to gain access to 26,000 online UK National Lottery accounts. Camelot, the company behind the National Lottery, detected the scam and subsequent attempted frauds and responded by locking down accounts, triggering compulsory password resets …
John Leyden, 30 Nov 2016
Bank vault

'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee

A former techie at the UK's Tesco Bank reckons the recent high-profile breach may be down to security shortcomings at the bank's parent supermarket. Earlier this month Tesco Bank admitted that an estimated £2.5m had been stolen from 9,000 customer accounts in the biggest cyber-heist of its kind to affect a UK bank. The …
John Leyden, 30 Nov 2016
Sheaf of £50 notes poised on the rim of a toilet bowl as toilet is flushed. Collage of two photos sourced from Shutterstock

Ransomware scams cost Brits £4.5m per year

More than 4,000 Brits have had their computers infected with ransomware this year, with over £4.5m paid out to cyber criminals, according to Action Fraud. Ransomware is a type of malware that encrypts files of infected PCs before demanding an extortionate payment for the encryption key needed to recover data. The malware …
John Leyden, 28 Nov 2016
Election hacking

CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

Donald Trump's surprise win in the United States' presidential election could conceivably be attributed to illegal hacking and needs to be investigated, according to a security expert. A statistical analysis by J Alex Halderman, professor of computer science at the University of Michigan's Center for Computer Security and …
Iain Thomson, 24 Nov 2016

Men overboard! US Navy spills data on 134k sailors

The United States Navy has revealed that the names and social security numbers on 134,386 current and former employees has leaked, thanks to the compromise of a laptop used by a Hewlett Packard Enterprise Services staffer. The IT contractor and the Naval Criminal Investigative Service probed the data loss finding that "unknown …
Team Register, 24 Nov 2016
Mobile banking, image via Shutterstock

Visa cries foul over Euro regulator's stronger authentication demands

The EU banking regulator’s plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry. Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online …
John Leyden, 23 Nov 2016

Sorry, iPhone fans – only Fandroids get Barclays' tap-to-withdraw

Barclays is trialling smartphone cash withdrawals. The UK's first contactless mobile cash service will allow the bank's customers to withdraw up to £100 in-branch, with just a tap of their Android smartphone or contactless debit card. The technology offers an alternative to traditional cash withdrawals from specially outfitted …
John Leyden, 23 Nov 2016

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

Customers of online takeaway firm Deliveroo are getting their accounts hijacked and charged for food they never ordered, according to an investigation by BBC One's Watchdog. Investigators from the campaigning TV consumer affairs programme uncovered evidence that scores of customers of the newly be-logo-ed Deliveroo are being …
John Leyden, 23 Nov 2016
image by Alexander_P http://www.shutterstock.com/gallery-493324p1.html

Credit cards ripped from Madison Square Garden venues in year-long op

Carders have spent a year stealing an unknown number of credit card numbers from iconic New York City entertainment venue operator Madison Square Garden, after breaching payment card processing systems. Madison Square Garden disclosed the breach and said it only impacted customers who paid for food, drink or merchandise in …
Darren Pauli, 23 Nov 2016
letters stuffed in a mailbox. Photo by SHutterstock

Snail mail thieves feed international identity theft rings say Oz cops

You may run security software, encrypt everything, protect your very complex passwords and use two-factor authentication for everything, but the humble mailbox and the snail mail it contains can still see your identity stolen. So say Police in the Australian State of New South Wales, where Fraud and Cybercrime Squad detectives …
Simon Sharwood, 23 Nov 2016
Screenshot of fake news item falsely claiming that the Pope had endorsed Donald Trump for the US presidency. SOURCE: screengrab from Pinterest

Facebook Fake News won it for Trump? That's a Zombie theory

Comment Facts all come with points of view Facts don't do what I want them to Talking Heads The internet is filled with things that aren’t true, the world discovered this week. Gosh. Who would have thought it? The platforms’ propagation of bogus “news” is the latest "blame anyone except us" theory to account for the election of …
Andrew Orlowski, 18 Nov 2016

Three to appear in court over TalkTalk hack

Three men are due to appear at the Old Bailey charged with various offences linked to an investigation into the mega TalkTalk hack a year ago. The investigation was launched in October 2015 by the Met's Falcon Cyber Crime Unit following the hack in which 157,000 of its customers' personal details were accessed. On Tuesday, 15 …
Kat Hall, 18 Nov 2016

IBM offers Trump its ideas to Make America Great Again

Big Blue's big boss, Ginni Rometty, is hoping to dance on the tightrope that Big Orange has brought to the White House. Trump's unexpected election puts the technology industry in a tight spot, because many associate it with the economic conditions Trump exploited throughout his campaign. Globalisation demonised as a destroyer …

'Ultimate Team' scheme: EA hackers charged for stealing in-game coins

A US man is facing felony wire fraud charges for allegedly stealing and reselling in-game currency for EA Sports' FIFA console games. Anthony Clark has been charged by the Northern Texas District Court with a count of Conspiracy to Commit Wire Fraud for his role in a scheme to automatically generate and then re-sell the …
Shaun Nichols, 14 Nov 2016