Articles about Fraud

shutterstock_192561857-cat-

Firms that make 'questionable use' of your data will pay... with their reputations

There is a reputational risk to firms if they make "questionable use" of consumer data, the European Banking Authority (EBA) has warned. The regulator highlighted the risk in a new discussion paper on the innovative uses of consumer data by financial institutions (29-page/292KB PDF). "Financial institutions might use data in …
OUT-LAW.COM, 10 May 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers

Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram. Security researchers at Positive Technologies found they can intercept messages and respond as if they were the intended recipient in services such as WhatsApp or Telegram. This is not a man in the middle attack: …
John Leyden, 10 May 2016
Collage of neon lights, street signs and advertisements at Times Square in New York City on June 23, 2013. Times Square holds the annual New Year's Eve ball drop. Photo by Allen G/Shutterstock for editorial use only

Can ad biz’s LEAN avert ADPOCALYPSE?

Do you trust the ad industry to clean up its act? It certain has an incentive to do so, with adblocking on the rise. Six months ago the ad biz trade association the IAB launched the LEAN initiative to define a basemark “acceptable ad”. The IAB's LEAN principles are “Light, Encrypted, AdChoices-supporting, and Non-invasive”. …
Andrew Orlowski, 09 May 2016

Woman charged with blowing AU$4.6m overdraft on 'a lot of handbags'

A 21-year-old woman has appeared in court in Sydney accused of taking advantage of a Westpac Bank glitch which saw her accidentally granted an unlimited overdraft against which she allegedly withdrew AU$4.6m, "part of which she spent on luxury handbags", as news.com.au puts it. Chemical engineering student Christine Jiaxin Lee …
Lester Haines, 05 May 2016

Tax fraud wave swells after criminals pop ADP payroll data forms

An unknown number of staff at US corporations are at high risk of having their tax returns plundered after criminals siphoned their publicly-disclosed personal details and a unique company URL to obtain their records from payroll provider ADP. The breach disclosed by Krebsonsecurity does not appear to be a direct breach of ADP …
Team Register, 05 May 2016
A man talks angrily into his mobile. Photo via Shutterstock

Did your UK biz just pay £1,500 to stop a DDoS? You've been had

What kind of a grifter pretends he's going to DDoS you? The kind that easily makes off with a lot of cash, it seems. "Hackers" who have been making empty DDoS threats while posing as the Armada Collective appear to have have moved on. No, they didn't stop scamming people, they just changed their modus operandi: they're now …
John Leyden, 04 May 2016

Gozi trojan mastermind sentenced by US court to time served

The self-confessed creator of the infamous Gozi trojan was sentenced to time served and ordered to pay $6.9m in restitution by a New York court on Monday. Nikita Kuzmin, a 28-year-old Russian citizen, pleaded guilty to computer hacking and fraud charges in May 2011. He was released after 37 months served on remand, as part of …
John Leyden, 04 May 2016

UK.gov wasted £20m telling you to 'be safe online, mmkay'

The UK wasted £20m on raising awareness about cybercrime, a study has shown, as the public still knows almost nothing about protecting itself online. Research published by YouGov and CSID has shown that in spite of the National Audit Office reporting that £20m had been allocated by government in financial year 2014/15 "to …

Paying a PoS*, USA? Your chip-and-PIN means your money's safer...

The value of online fraudulent transactions is expected to reach $25.6bn by 2020, up from $10.7bn last year, according to a new study from industry analysts Juniper Research. The researchers predict that by the end of the decade, $4 in every $1,000 of online payments will be fraudulent. Juniper’s study, Online Payment Fraud: …
John Leyden, 03 May 2016
atm_teaser_648

Bali banking bandits foiled by probing penetration tester

US penetration tester Matt South has ripped off and reverse-engineered an automated teller machine skimmer, finding videos of entered PINs stored within. The TrustFoundry consultant found the surreptitious skimmer on an ATM in Bali, Indonesia, after he jiggled the cover protecting the PIN entry bank and discovered it could be …
Darren Pauli, 03 May 2016
Perth bus. Image Nim https://commons.wikimedia.org/wiki/User:EurovisionNim

Perth SmartRider public transport cards popped by student researchers

WAHckon University students in the Australian city of Perth have landed in hot water, with one charged by Police, after finding and exploiting severe holes to rewind travel charges incurred using the city's SmartRider public transport smart card. The Murdoch University students reported the flaws to SmartRider operator TransPerth and …
Darren Pauli, 02 May 2016

Engineer uses binary on voting bumpf to flag up Cali election flaws

In the race for one of California's two Senate seats, one candidate has hit on a novel way to draw attention to himself and his platform: binary. The official voter information guide, delivered to all homes across the state, includes details of all of the 34 candidates standing, most including a paragraph of introductory text …
Kieren McCarthy, 02 May 2016

Google Play infested with cash-stealing web apps

Security researcher Joshua Shilko says phishing apps targeting some of the world's biggest payment services have slipped past screening and landed on Google Play. Shilko says he's aware of 11 well-designed fraud apps that have slipped into the official Play store, often by mimicking mobile payment sites. Shilko did not name …
Darren Pauli, 29 Apr 2016

Screen overlay malware on the rise as bot scum battle for dominance

IBM malware murderer Limor Kessem says Android VXers are using legitimate screen overlay features to hose handsets. Screen overlays do what it says on the can: applications with appropriate permission can monitor other apps and then overlay to allow entry or retrieval of data. The technique is legitimately used by popular …
Darren Pauli, 29 Apr 2016

Neo4j CEO: We're at 'a huge inflection point for graph databases'

Interview Emil Eifrem, CEO and co-founder of Neo Technology, says the world is at “a huge inflection point for graph databases” as his company, which supports the open source Neo4j graph database management system, releases v3.0 of the software. Ahead of releasing an architecturally overhauled v3.0 of the data management system, the …
Facepalm by https://www.flickr.com/photos/the-magic-tuba-pixie/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Oz gummint seeks public input on 'site block' guidelines

The Australian government has decided it could do with some public input regarding the use of a controversial site-blocking law. No, it's not the “block the pirates” law that came into force last year. Rather, it's Section 313 of the Telecommunications Act, a provision that received little attention until the Australian …

Panama Papers graph database cracked open for world+dog

Interview The International Consortium of Investigative Journalists has announced it will be releasing the structured data from the leaked Mossack Fonseca database on May 9. The searchable database is not intended to be a "data dump", but will include curated information "about companies, trusts, foundations and funds incorporated in 21 …
Lady looking at phone with the world map in the background connecting with the phone

Mitsubishi fraud shock

Mitsubishi Motors Corp (MMC) has admitted it fudged fuel statistics for 25 years. Last week, the company admitted to cheating on fuel efficiency tests for the 657cc mini-cars it makes and sells in Japan, and which Nissan resells. Now it says the testing regimen has been falsified since 1991, and more vehicles may be involved …
Iain Thomson, 26 Apr 2016

Google can't hold back this malware running riot in its Play store

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps. The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware …
John Leyden, 26 Apr 2016

Meet the malware that screwed a Bangladeshi bank out of $81m

February's hack against Bangladesh's central bank that netted $81m in diverted funds is one of the biggest cyber heists of all time. Now researchers think they've found the malware that did it. A sample of the software nasty was obtained by researchers at defense contractors BAE Systems. The malware appears to have been custom …
Iain Thomson, 25 Apr 2016

Ten years in the clink, file-sharing monsters! (If UK govt gets its way)

Analysis The UK government will insist on jail sentences of up to 10 years for illegal file sharing, despite its own public consultation saying the opposite. In an act of almost unparalleled Whitehall hubris, the decision was announced in the foreword to a report [PDF] that revealed only two per cent of respondents agreed with the …
Kieren McCarthy, 22 Apr 2016

Win XP, Flash, Java... healthcare makes easy pickings for hackers

The healthcare industry is a long way behind the financial sector in basic security practices, according to a study by two factor authentication firm Duo Security. Duo found that healthcare devices were significantly more out of date and less secure than ones from finance, after comparing its healthcare customers' devices to …
John Leyden, 22 Apr 2016

Cybercrooks turn away from banks. Your health records are far juicier

Cybercrooks are switching up targets moving away from retail and financial services onto healthcare and government last year, according to figures from IBM’s security business. Retail drops out of top five most attacked sector while financial targets dropped from #1 to #3 in IBM X-Force’s 2016 Cyber Security Intelligence Index …
John Leyden, 20 Apr 2016

Tech support becomes Australia's number one scam

New data from the Australian Bureau of Statistics (ABS) asserts that tech support scams have become the most prevalent way to defraud the nation's residents, 113,000 of whom responded to such scams over a year. The Bureau's data is derived from interviews conducted for its 2014-15 Multipurpose Household Survey, so the figure …
Simon Sharwood, 20 Apr 2016
Ultron

MIT boffins build AI bot that spots '85 per cent' of hacker invasions

Eggheads at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) claim they have trained a machine-learning system to detect 85 per cent of network attacks. To reach that level, the software, dubbed AI2 [PDF], parsed billions of lines of log files, looking for behaviors that indicate either a malware infection …
Iain Thomson, 18 Apr 2016

Halfbreed trojan targets US banks

A new piece of malware has been linked to thefts of $4m from more than 24 American and Canadian banks in just a few days. Researchers at IBM reckon that hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a persistent and powerful trojan. Customers of numerous credit unions and popular e- …
John Leyden, 15 Apr 2016

Russia sends exploit kit author to the GULAG for seven years

The author of the infamous "Blackhole" exploit kit has been sentenced to seven years in a Russian penal colony, local media report. Dmitry Fedotov, 29, also known as Paunch, was sentenced 12 April along with six other hackers who received between five-and-a-half and eight years for fraud offences, TASS news reported. Fedotov …
Team Register, 15 Apr 2016
Bank vault

Aussie banks stage secret secret intel sharing meetings

ACSC2016 Carders targeting Australian banks may have a tough time re-using attacks thanks to a regular invite-only gathering of anti-fraud boffins. Adam Cartwright. Image: Darren Pauli, The Register. The information-sharing meetups known as "Interbank" have taken place for about six years. The meetings first included representatives …
Darren Pauli, 14 Apr 2016

R+SQL tutorials released

Microsoft's GitHubbed tutorials to teach R to SQL Server 2016 Services users. Posted in Redmond's GitHub channel here, the training docs are designed to help devs build analytics based on the language Microsoft bought last year. There's docs and examples for building models in the R IDE, but getting SQL Server to do the …
Abstract newspaper letters

Hack hack jailed 2 years

A journalist has been sentenced to 24 months in prison in the US for knowingly handing his work login details to hackers. Matthew Keys was sentenced Wednesday for violating the Computer Fraud and Abuse Act (CFAA) by giving his username and password to his news organization's content management system out in an IRC channel of …
Shaun Nichols, 13 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016
Iain Duncan Smith. Pic: Foreign & Commonwealth Office

Universal Credit at high risk of cyber-attack, fraud from the outset

Documents released after a four-year legal battle reveal the extent of the UK government's blithe disregard for the risks faced by Universal Credit. This week, internal reviews of the enormous project in 2011 and 2012 were published by the Department of Work and Pensions under Freedom of Information laws. The dossiers reveal …
Kat Hall, 13 Apr 2016
Selection of Australian banknotes

Retirement funds breached as crims target brokers' un-patched Windows machines

ACSC 2016 Australians are having their retirement savings accounts drained as hackers move to breach broker platforms rather than the tougher target that is banking infrastructure. The Australian Federal Police AFP are investigating a spike in breaches against devices used by brokers who administer boutique, "self-managed" …
Darren Pauli, 13 Apr 2016
London - Iconic Red telephone box with Big Ben at the background and blue sky - UK, England. Photo by Shutterstock

Spear phishers target gullible Brits more than anyone else – survey

There’s been a sharp (35 per cent) increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware. The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's …
John Leyden, 12 Apr 2016

Texas Attorney General charged in 32-bit 'eco-friendly server scam'

The US Securities and Exchange Commission (SEC) has charged the CEO of Texas server manufacturer Servergy, one of its board members, and the state's Attorney General with fraud over claims of revolutionary low-powered computer hardware. The SEC alleges that between 2009 and 2013 Servergy's then-CEO William Mapp misled …
Iain Thomson, 11 Apr 2016
money_currencies_648

Baddies' brilliant plan to get mobile malware whitelisted: Bribery

Criminals have resorted to bribes in order to smuggle malware into the source code of mobile gaming apps. The scam, in which malware authors bribed the employees of a legitimate mobile games company in China to embed malware into mobile apps, was uncovered by security researchers from Check Point. The bribe ensured that …
John Leyden, 11 Apr 2016
Large leaver switch on a board of push button switches

Lotto 'jackpot fix' code

The Multi-State Lottery's former IT security boss Eddie Tipton smuggled code onto lotto machines that allowed him to predict the numbers drawn on certain days of the month. That's according to investigators in Iowa this week. In July, Tipton was found guilty of fraud in the US state, and was sent down for ten years, for …
Chris Williams, 08 Apr 2016

Fake CEOs pilfer $2.3bn from US biz pockets in three years – Feds

Scammers have bilked American companies out of $2.3bn from 17,642 victims since 2013, the FBI has warned, and the problem is going to get worse before it gets better. Basically, the hustle works like this: miscreants pretending to be top bosses send emails to employees, particularly those handling sensitive financial …
Iain Thomson, 07 Apr 2016
Katipunan, Quezon City, Philippines. Photo by Chris Villarin, CC 3.0

Megabreach: 55 MILLION voters' details leaked in Philippines

A massive data breach appears to have left 55 million Philippine voters at much greater risk of identity fraud and more. Security researchers warn that the entire database of the Philippines’ Commission on Elections (COMELEC) has been exposed in what appears to be the biggest government related data breach in history. The …
John Leyden, 07 Apr 2016
glow in the dark cat could cure aids

Illegal drugs and dodgy pics? Nah. Half the dark web is perfectly legal

Despite its reputation, less than half of the sites on the dark web are illegal, according to a new study by security intelligence outfit Intelliagg. On the 48 per cent of the dark web which crosses the line, the unlawful content is mostly related to financial crime rather than drugs or sexual perversion, contrary to tabloid …
John Leyden, 07 Apr 2016

Apple faces €48.5m fine from furious French

Apple is reportedly facing a €48.5m (US$55.3m) suit claiming it violated anti-trust rules in France. A report from the local BFM Business [in French] claims that the Cupertino electronics giant leveraged French mobile phone carriers into deals that were unfairly weighted in Apple's favor. The report claims the nation's …
Shaun Nichols, 06 Apr 2016
Steam screenshot

Congressman called out for $1,300 video game binge

A member of US Congress is facing scrutiny after he logged more than $1,300 worth of video game purchases as campaign expenses. The Federal Election Commission (FEC) has sent a letter [PDF] to House Representative Duncan Hunter (R-CA) asking the lawmaker and vaping enthusiast to explain why more than four dozen charges from …
Shaun Nichols, 06 Apr 2016
barbie

Barbie-brained Mattel exec phell for phishing, sent $3m to China

Toy maker Mattel has recovered some US$3 million it shipped off to Chinese hackers who sent a well-crafted phishing email to a finance executive. The recovery was mostly down to luck: the cash was wired on a Chinese bank holiday which meant the funds were held up and returned by fast-acting authorities. Sources told …
Darren Pauli, 06 Apr 2016
Bitcoin is the future of money CC 2.0 by Jonathan Waller https://www.flickr.com/photos/whitez/

Not Bitcoin, but close: Red Hat and Microsoft bite into blockchain tech

Red Hat is offering upstart financial types the opportunity to play with blockchain tech on its OpenShift platform. The news comes a day after Microsoft struck a deal to investigate blockchain tech in partnership with major financial institutions. In a blog post, Redmond exec veep of business development, Peggy Johnson, wrote …
Joe Fay, 05 Apr 2016

Trump carded again: Hotel security aced

Prez hopeful Donald Trump is probably on the phone right now asking Bill Gates how to close down the Internet, following another breach of security in his hotel chain's credit card systems. If the latest KrebsOnSecurity report is accurate, it would be the second breach of the presidential candidate's hotel chain systems in …
Paintings by George W Bush

George Bush naked selfie hacker Guccifer gets his day in US court

Marcel Lehel Lazăr, 44, who as the hacker Guccifer published the email account contents of senior US political figures, has appeared for the first time in a US court. The indictment claims that between December 2012 and January 2014, Lazăr used publicly available information and guesswork to get into email accounts via …
Iain Thomson, 05 Apr 2016

SEC chair blasts Silicon Valley for its hokey valuations

The chair of the US Securities and Exchange Commission (SEC) has given Silicon Valley a poke in the eye concerning its over-valuation of tech stocks. Speaking at Stanford University in the heart of Silicon Valley, Mary Jo White warned that the federal regulator did not look kindly on the wild – and wildly inaccurate – self- …
Kieren McCarthy, 01 Apr 2016
Elastic bands multi-coloured. Photo by Shutterstock

Confused about relationships? Elasticsearch gets graphic

Graph-database-style relationship mapping has been added to an offspring of the Elasticsearch open-source search engine. Elasticsearch startup Elastic has added Graph capabilities to both the search engine and to the data visualisation plug-in Kibana. Founded in 2012 to make a business from Elasticsearch, Elastic reckoned …
Gavin Clarke, 30 Mar 2016
Suitcase full of money

Learn how to prepare for the multichannel retailing future

PROMO Need to keep abreast of the latest developments in ecommerce and multichannel retailing? Then check-in at Internet Retailing Expo 2016 (IRX) for two days of conferences, clinics, workshops and exhibitions at the NEC in Birmingham (27-28 April 2016). And it’s all free. You can get more info and registration details at IRX. In …
David Gordon, 30 Mar 2016
SAP Match Insights

Some old SAP systems have default kernel user accounts. Guess what happened next?

Security researchers were able to access default SAP accounts on enterprise systems worldwide by using default passwords. The security snafu meant that SAP systems worldwide were potentially vulnerable to data theft, business process disruption and fraud, specialist security outfit ERP-SEC warned. Joris van de Vis, researcher …
John Leyden, 29 Mar 2016