Articles about Fraud

Victims stranded as ID thieves raid Aussie driver licences

AusCERT One in five Australian identity theft victims reporting to a government-backed crime monitor ID-Care have had drivers licences stolen, according to Dr David Lacey of national ID theft support service ID Care. ID Care was founded in 2014 with a budget of AUD$800,000 (£515,402, US$575,452) and receives cybercrime victim …
Darren Pauli, 27 May 2016
Night scene of bank station in central london

Bank in the UK? Plans afoot to make YOU liable for bank fraud

Bank customers may be obliged to bear the bill for fraud against their accounts, under proposed changes mulled by banks, the UK government and GCHQ. Under the plans, individuals or companies with poor online security could be “frozen out of banking services or even excluded from the system whereby banks compensate customers …
John Leyden, 26 May 2016

Lost your shirt in the MtGox Bitcoin mess? Release the Kraken!

The operators of the Kraken alt-coin exchange will distribute $91m in Bitcoins to people left out of pocket by the 2014 MtGox collapse. Kraken, appointed to oversee what remains of the MtGox estate, says it has reviewed thousands of claims by MtGox's customers, who want their BTC back. Kraken will now hand out millions of …
Shaun Nichols, 25 May 2016
Hillary Clinton

Guccifer fesses up to Clinton hacks

The US Virginia Eastern District Court has posted a notice for a change of plea hearing set for Wednesday in the case of Marcel Lehel Lazar. Two additional documents were also filed with the court under seal. It is not yet known which of the nine counts Lazar, aka "Guccifer," will be pleading to, or what the terms of the deal …
Shaun Nichols, 23 May 2016
Image by Dr Flash http://www.shutterstock.com/gallery-182053p1.html

Malaysians using South African cards pinch US$12.7m in Japan

Carders have made off with US$12.7 million (£8.7 million, A$17.5 million) ripping through 1400 ATMs in a mere two hours last week. The attackers netted ¥1.4 billion in cash from ATMs located in convenience stores across the country using counterfeit credit cards. Sources told local media the 1600 credit cards used in the …
Darren Pauli, 23 May 2016

A UK digital driving licence: What could possibly go wrong?

Security vendors have welcomed plans to trial digital versions of the UK’s driving licence. The DVLA (Driver and Vehicle Licensing Agency) is working on a digital version of its driving license for smartphones, to serve as an "add-on" to the existing plastic card. DVLA chief Oliver Morley tweeted a snapshot of the prototype …
John Leyden, 20 May 2016

Hacker rescues Hollywood house from URL scam squatters

WhiteHat Security founder Jeremiah Grossman has published details that could help victims of domain hijacking. The penetration tester writes how he helped an unnamed video production house to fight a scammer who had opened a mimic website to defraud customers. He says the company had more than a dozen published TV shows under …
Darren Pauli, 19 May 2016
Her Majesty Queen Elizabeth II, aged 81, of the United Kingdom. Photo taken during a visit in NASA’s Goddard Space Flight Center. Greenbelt, Maryland, USA

Queen's Speech: Ministers, release the spaceplanes!*

Promises on broadband make up the mainstay of a new Digital Bill, first revealed at The Register back in January and formally revealed in the Queen’s Speech today. It’s one of 21 new legislative proposals. The speech reiterated plans to create the right for every household to access high speed broadband. The plans for a …
Team Register, 18 May 2016

Queen’s Speech: Digital Bill to tackle radicalisation, pirates

Exclusive A new Digital Bill due to be announced in the Queen’s Speech tomorrow will contain a new 10-year maximum sentencing guideline for online copyright infringement, The Register has learned. Plans for a portmanteau bill were first revealed here back in January. The Bill gathers together a range of unrelated provisions on spectrum …
Andrew Orlowski, 17 May 2016

It's all very well hacking ISIS, Barry, but what about your ISA?

Credit card fraud is in decline while ad fraud is poised for growth, according to a new study on the business of cybercrime out Tuesday. Hewlett Packard Enterprise’s (HPE) study provides a detailed look into the inner workings of cybercriminal organisations, their business functions, motivations, and more. The IT giant posits …
John Leyden, 17 May 2016
Vikings. Credit: History Channel.

Malicious Android apps slip into Google Play, top third party charts

Malicious Android applications have bypassed Google's Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets. The apps are legitimate games that in some stores outside of Google Play have made it to highly-contested top free games charts. …
Darren Pauli, 17 May 2016
Image by 9 George http://www.shutterstock.com/gallery-607441p1.html

A million machines enslaved by MitM Google ad fraud botnet

About a million computers have been enslaved into a newly-identified botnet that is plundering Google advertising revenues, a security trio says. The redirector.paco botnet steals advertising revenue by replacing a website's Google AdSense for search results on infected machines with their own. Bitdefender security …
Darren Pauli, 17 May 2016
Prison

Insider trading hacker pleads guilty to p0wning press releases

A Ukrainian ne'er-do-well who broke into market computers for an insider trading scheme has entered a guilty plea in the US. The 28-year-old, Vadym Iermolovych, has put his hands up to three charges – conspiracy to commit wire fraud, conspiracy to commit computer hacking, and aggravated identity theft. The US Department of …
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

Bitcoin-ransoming Romney tax 'hacker' faces 25 years inside

A self-confessed hacker who sought a million-dollar Bitcoin payment in exchange for then-US Presidential candidate Mitt Romney's tax records has been found guilty of extortion and fraud. In August 2012 Michael Mancil Brown, 37, sent a letter to one of Romney's accountants, PricewaterhouseCoopers (PwC), claiming to have hacked …
Iain Thomson, 17 May 2016
Taylor Swift

Inter-bank system SWIFT on security? User manual needs 'revamp’

Updated Inter-banking messaging systems SWIFT’s security guidelines are "outdated and incomplete". The criticism from security vendor Skyport Systems comes days after SWIFT revealed that a second bank had fallen victim to credential theft fraud, creating yet further concern already fuelled by February’s $81m Bangladesh reserve bank …
John Leyden, 16 May 2016

YouTube skiddie busted for hacking Country Liberal Party

A man from the Australian state of Victoria has been charged after stealing, using, and publishing credit cards of political party members using basic tricks he learned from YouTube. Aaron Warren Camm, 20, of Kangaroo Flat, learnt how to use the skiddie tool Havij to launch SQL injection attacks and applied the lessons in …
Darren Pauli, 16 May 2016
broken hard drive

Microsoft boots fake fix-it search ads

Microsoft has laid out new rules for its Bing search engine designed to crack down on tech support scams. Redmond said that it will no longer allow advertisers to pitch their third-party support and repair products as "official" or branded tech support. Under the new rules, Bing search ads will have to present themselves …
Shaun Nichols, 13 May 2016
Afraid of the dark, image via Shutterstock

Americans cutting back on online activity over security and privacy fears

Nearly half of all Americans have not carried out a normal online task because of security and privacy fears, according to a new survey by the US government. Forty-five per cent of the 41,000 households contacted said they had decided not to do online banking, or buy goods online, or post on social networks because they were …
Kieren McCarthy, 13 May 2016
Bank vault

Yet another SE Asia bank hit by a SWIFT credentials hack

Cybercrooks have once again broken into the SWIFT financial transaction network and stolen money from another bank. The breach – victim and amount looted undisclosed – comes as the fallout from February’s $81m Bangladesh reserve bank cyber-heist continues to spread. The second robbery was uncovered by investigators looking …
John Leyden, 13 May 2016
management regulation2

Quadsys Five: Judge dismisses abuse of process application

A Crown court judge has dismissed an abuse of process application made by three former directors of reseller Quadsys, who are facing trial over allegations of hacking into a rival’s database to steal customer and pricing info. In August, Thames Valley Police charged five men at the reseller including owner Paul Streeter, MD …
Paul Kunert, 13 May 2016

UK.gov is about to fling your data at anyone who wants it. How? Why? Shut up, pleb

Analysis The government is poised to legislate on how it intends to use your data for public services – but its woefully worded “data sharing” consultation suggests it hasn't learnt much from the ongoing controversies of Care.data. Whitehall is due to publish a response to the consultation, set out in Better Use of Data - Consultation …
Kat Hall, 13 May 2016

Walmart sues Visa for being too lax with protecting chip cards

Retail giant Walmart has filed suit against Visa over the ability to force chip and PIN authorization for card purchases. In a suit filed to the New York State Court (PDF), Walmart claims that Visa is forcing it to accept customer signatures as authorization for payments when it wishes to mandate the use of PIN codes instead …
Shaun Nichols, 11 May 2016

Malware on Google Play

More apps with malware have been found in Google's app store. Several applications are infected with the "Viking Horde" malware, including Viking Jump, Wi-Fi Plus, Memory Booster, Parrot Copter, and Simple 2048, security firm Check Point warns. The Viking Horde malware creates a mobile botnet for ad-click fraud and scamming …
John Leyden, 11 May 2016

Popular UK mobile tech firm 51Degrees hacked

British mobile device detection company 51Degrees used by the likes of Unilever, T-Mobile, IBM, and Microsoft, has been hacked. The Reading-based company sells device detection allowing customers such as Hyundai, Deloitte, and Heineken to identify quickly a web site visitor's device. Founder James Rosewell says in a letter to …
Darren Pauli, 11 May 2016

UAE InvestBank 'hack' looks like stale, recycled data from last year

Hackers linked to the Qatar National Bank (QNB) breach have leaked data siphoned from the UAE’s InvestBank. A database containing credit card details and passport scans has leaked online by the same Turkish hacker crew – Bozkurt Hackers – who were also blamed for the QNB breach. However, early reports suggest that the latest …
John Leyden, 10 May 2016
Lauri Love. Pic: Courage Foundation

Lauri Love: 'Britain's FBI' loses court attempt to evade decryption laws

The National Crime Agency's (NCA) application to force alleged hacktivist Lauri Love to decrypt computer equipment seized from him two years ago has been declined by a Westminster judge. At a hearing this morning in Court Seven at Westminster Magistrates' Court, the NCA's application to make Love disclose his passwords was …
shutterstock_192561857-cat-

Firms that make 'questionable use' of your data will pay... with their reputations

There is a reputational risk to firms if they make "questionable use" of consumer data, the European Banking Authority (EBA) has warned. The regulator highlighted the risk in a new discussion paper on the innovative uses of consumer data by financial institutions (29-page/292KB PDF). "Financial institutions might use data in …
OUT-LAW.COM, 10 May 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers

Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram. Security researchers at Positive Technologies found they can intercept messages and respond as if they were the intended recipient in services such as WhatsApp or Telegram. This is not a man in the middle attack: …
John Leyden, 10 May 2016
Collage of neon lights, street signs and advertisements at Times Square in New York City on June 23, 2013. Times Square holds the annual New Year's Eve ball drop. Photo by Allen G/Shutterstock for editorial use only

Can ad biz’s LEAN avert ADPOCALYPSE?

Do you trust the ad industry to clean up its act? It certain has an incentive to do so, with adblocking on the rise. Six months ago the ad biz trade association the IAB launched the LEAN initiative to define a basemark “acceptable ad”. The IAB's LEAN principles are “Light, Encrypted, AdChoices-supporting, and Non-invasive”. …
Andrew Orlowski, 09 May 2016

Woman charged with blowing AU$4.6m overdraft on 'a lot of handbags'

A 21-year-old woman has appeared in court in Sydney accused of taking advantage of a Westpac Bank glitch which saw her accidentally granted an unlimited overdraft against which she allegedly withdrew AU$4.6m, "part of which she spent on luxury handbags", as news.com.au puts it. Chemical engineering student Christine Jiaxin Lee …
Lester Haines, 05 May 2016

Tax fraud wave swells after criminals pop ADP payroll data forms

An unknown number of staff at US corporations are at high risk of having their tax returns plundered after criminals siphoned their publicly-disclosed personal details and a unique company URL to obtain their records from payroll provider ADP. The breach disclosed by Krebsonsecurity does not appear to be a direct breach of ADP …
Team Register, 05 May 2016
A man talks angrily into his mobile. Photo via Shutterstock

Did your UK biz just pay £1,500 to stop a DDoS? You've been had

What kind of a grifter pretends he's going to DDoS you? The kind that easily makes off with a lot of cash, it seems. "Hackers" who have been making empty DDoS threats while posing as the Armada Collective appear to have have moved on. No, they didn't stop scamming people, they just changed their modus operandi: they're now …
John Leyden, 04 May 2016

Gozi trojan mastermind sentenced by US court to time served

The self-confessed creator of the infamous Gozi trojan was sentenced to time served and ordered to pay $6.9m in restitution by a New York court on Monday. Nikita Kuzmin, a 28-year-old Russian citizen, pleaded guilty to computer hacking and fraud charges in May 2011. He was released after 37 months served on remand, as part of …
John Leyden, 04 May 2016

UK.gov wasted £20m telling you to 'be safe online, mmkay'

The UK wasted £20m on raising awareness about cybercrime, a study has shown, as the public still knows almost nothing about protecting itself online. Research published by YouGov and CSID has shown that in spite of the National Audit Office reporting that £20m had been allocated by government in financial year 2014/15 "to …

Paying a PoS*, USA? Your chip-and-PIN means your money's safer...

The value of online fraudulent transactions is expected to reach $25.6bn by 2020, up from $10.7bn last year, according to a new study from industry analysts Juniper Research. The researchers predict that by the end of the decade, $4 in every $1,000 of online payments will be fraudulent. Juniper’s study, Online Payment Fraud: …
John Leyden, 03 May 2016
atm_teaser_648

Bali banking bandits foiled by probing penetration tester

US penetration tester Matt South has ripped off and reverse-engineered an automated teller machine skimmer, finding videos of entered PINs stored within. The TrustFoundry consultant found the surreptitious skimmer on an ATM in Bali, Indonesia, after he jiggled the cover protecting the PIN entry bank and discovered it could be …
Darren Pauli, 03 May 2016
Perth bus. Image Nim https://commons.wikimedia.org/wiki/User:EurovisionNim

Perth SmartRider public transport cards popped by student researchers

WAHckon University students in the Australian city of Perth have landed in hot water, with one charged by Police, after finding and exploiting severe holes to rewind travel charges incurred using the city's SmartRider public transport smart card. The Murdoch University students reported the flaws to SmartRider operator TransPerth and …
Darren Pauli, 02 May 2016

Engineer uses binary on voting bumpf to flag up Cali election flaws

In the race for one of California's two Senate seats, one candidate has hit on a novel way to draw attention to himself and his platform: binary. The official voter information guide, delivered to all homes across the state, includes details of all of the 34 candidates standing, most including a paragraph of introductory text …
Kieren McCarthy, 02 May 2016

Google Play infested with cash-stealing web apps

Security researcher Joshua Shilko says phishing apps targeting some of the world's biggest payment services have slipped past screening and landed on Google Play. Shilko says he's aware of 11 well-designed fraud apps that have slipped into the official Play store, often by mimicking mobile payment sites. Shilko did not name …
Darren Pauli, 29 Apr 2016

Screen overlay malware on the rise as bot scum battle for dominance

IBM malware murderer Limor Kessem says Android VXers are using legitimate screen overlay features to hose handsets. Screen overlays do what it says on the can: applications with appropriate permission can monitor other apps and then overlay to allow entry or retrieval of data. The technique is legitimately used by popular …
Darren Pauli, 29 Apr 2016

Neo4j CEO: We're at 'a huge inflection point for graph databases'

Interview Emil Eifrem, CEO and co-founder of Neo Technology, says the world is at “a huge inflection point for graph databases” as his company, which supports the open source Neo4j graph database management system, releases v3.0 of the software. Ahead of releasing an architecturally overhauled v3.0 of the data management system, the …
Facepalm by https://www.flickr.com/photos/the-magic-tuba-pixie/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Oz gummint seeks public input on 'site block' guidelines

The Australian government has decided it could do with some public input regarding the use of a controversial site-blocking law. No, it's not the “block the pirates” law that came into force last year. Rather, it's Section 313 of the Telecommunications Act, a provision that received little attention until the Australian …

Panama Papers graph database cracked open for world+dog

Interview The International Consortium of Investigative Journalists has announced it will be releasing the structured data from the leaked Mossack Fonseca database on May 9. The searchable database is not intended to be a "data dump", but will include curated information "about companies, trusts, foundations and funds incorporated in 21 …
Lady looking at phone with the world map in the background connecting with the phone

Mitsubishi fraud shock

Mitsubishi Motors Corp (MMC) has admitted it fudged fuel statistics for 25 years. Last week, the company admitted to cheating on fuel efficiency tests for the 657cc mini-cars it makes and sells in Japan, and which Nissan resells. Now it says the testing regimen has been falsified since 1991, and more vehicles may be involved …
Iain Thomson, 26 Apr 2016

Google can't hold back this malware running riot in its Play store

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps. The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware …
John Leyden, 26 Apr 2016

Meet the malware that screwed a Bangladeshi bank out of $81m

February's hack against Bangladesh's central bank that netted $81m in diverted funds is one of the biggest cyber heists of all time. Now researchers think they've found the malware that did it. A sample of the software nasty was obtained by researchers at defense contractors BAE Systems. The malware appears to have been custom …
Iain Thomson, 25 Apr 2016

Ten years in the clink, file-sharing monsters! (If UK govt gets its way)

Analysis The UK government will insist on jail sentences of up to 10 years for illegal file sharing, despite its own public consultation saying the opposite. In an act of almost unparalleled Whitehall hubris, the decision was announced in the foreword to a report [PDF] that revealed only two per cent of respondents agreed with the …
Kieren McCarthy, 22 Apr 2016

Win XP, Flash, Java... healthcare makes easy pickings for hackers

The healthcare industry is a long way behind the financial sector in basic security practices, according to a study by two factor authentication firm Duo Security. Duo found that healthcare devices were significantly more out of date and less secure than ones from finance, after comparing its healthcare customers' devices to …
John Leyden, 22 Apr 2016

Cybercrooks turn away from banks. Your health records are far juicier

Cybercrooks are switching up targets moving away from retail and financial services onto healthcare and government last year, according to figures from IBM’s security business. Retail drops out of top five most attacked sector while financial targets dropped from #1 to #3 in IBM X-Force’s 2016 Cyber Security Intelligence Index …
John Leyden, 20 Apr 2016

Tech support becomes Australia's number one scam

New data from the Australian Bureau of Statistics (ABS) asserts that tech support scams have become the most prevalent way to defraud the nation's residents, 113,000 of whom responded to such scams over a year. The Bureau's data is derived from interviews conducted for its 2014-15 Multipurpose Household Survey, so the figure …
Simon Sharwood, 20 Apr 2016