Scammers are finding new ways to exploit unsuspecting individuals through scam websites, fraudulent calls, and mobile trojan campaigns. In Hong Kong, scam websites disguised as WhatsApp login pages continue to top Google search results, despite efforts to remove them [2345603b]. These fake login pages trick users into scanning a QR code, giving fraudsters access to their WhatsApp accounts. To combat this, experts are calling for enhanced security measures, including stricter verification processes and stronger encryption protocols [2345603b]. Similarly, in Palghar, a man fell victim to a power bill fraud scam after receiving a deceptive phone call [8b35ef59]. The scammer sent a malicious file via WhatsApp and coerced the victim into making a transaction and sharing personal details, resulting in the loss of ā¹3.50 lakh from the victim's bank account [8b35ef59]. These incidents highlight the need for individuals to be cautious and vigilant when interacting with unfamiliar websites and phone calls. It is important to verify the authenticity of websites and refrain from sharing personal information or making transactions without proper verification [2345603b] [8b35ef59].
An alarming surge in mobile banking trojan campaigns has put Indian users at risk, with cybercriminals leveraging popular social media platforms like WhatsApp and Telegram to launch deceptive schemes [2eb16c6d]. These campaigns aim to deceive unsuspecting users into installing malicious applications masquerading as legitimate services offered by banks and government entities. The malicious apps harvest sensitive data, including personal information, banking credentials, and payment card details. Microsoft advises users to download and install applications only from authorized stores or official bank websites and to disable the 'Install Unknown Apps' feature on Android devices. Microsoft is notifying affected organizations and providing support to counter these fraudulent endeavors [2eb16c6d].
In Thailand, Wise, a financial institution, is demanding detailed banking and personal information from its customers, including bank statements from the past 3 months and a detailed explanation of how the money was earned [46121241]. Failure to comply may result in account closure. This request is believed to be related to a recent data breach and income tax changes in Thailand. Some users are concerned that this information could be copied by scammers. Wise has implemented upgraded login authentication processes following the data breach [46121241].
In Thailand, the Ministry of Digital Economy and Society (DES) has taken action against phone scams after 80,000 individuals reported falling victim to such scams within the past month [4e3f9270]. The ministry has suspended over 12,500 phone numbers that exhibited an unusually high daily call volume. The DES minister has also highlighted the issue of illegal registration of phone numbers and urged action against those with unlawfully registered numbers. Scammers have been exploiting foreigners' IDs to register for SIM cards and perpetrate phone scams. The Thai National Broadcasting and Telecommunications Commission (NBTC) is set to investigate 40,000 numbers suspected to be involved in SMS and phone scams. The ministry aims to tighten regulations and work with cellular service providers to combat scams and protect the public [4e3f9270].
Meanwhile, in Hong Kong, authorities have deactivated over 1 million SIM cards in the past year due to owners failing to complete real-name registration [8aed8768]. The Commerce and Economic Development Bureau reported that telecoms companies cancelled about 1.18 million SIM cards in the 12 months leading up to January, while an additional 1.33 million cards were rejected for registration due to incomplete applications. The regulation, which took effect in September 2021, requires all SIM card users in Hong Kong to register their personal information before February 2023. The measure has been effective in reducing the number of scams in Hong Kong, with a 38.1% decrease in telephone fraud cases in the fourth quarter of 2023 compared to the same period in 2022. The real-name registration system helps law enforcement agencies investigate and prevent crimes, including telephone fraud, conducted using prepaid SIM cards. As of February, approximately 14 million SIM cards have completed real-name registration [8aed8768].
In Italy, a company that manages two telephone shops has been fined 150 thousand euros by the Privacy Guarantor for illegally activating SIM cards and subscriptions [d296db63]. The company activated 1,300 telephone cards using data and identity documents obtained from the systems of the telephone operator. The company also activated unsolicited services without clarifying the consequences to customers and sold mobile phones that were not requested by customers. The company evaded controls and provisions regarding the processing of user data and acted as an independent owner. The company achieved a turnover of over 80 thousand euros through these illegal activities. The Privacy Guarantor has applied a fine of 150 thousand euros and ordered a ban on further processing of customer data [d296db63].
Telegram Wallet, a popular cryptocurrency wallet, is implementing stricter Know Your Customer (KYC) rules, requiring users to provide personal information such as name, phone number, and date of birth for most features, except withdrawals. The wallet is introducing a tiered KYC system with different transaction limits based on the level of identification provided by the user. Additionally, Telegram Wallet is changing its service provider to WOT Global Solution, and all user data will be transferred to the new company. Users who do not agree with the changes must stop using the wallet, withdraw their balance, and delete their accounts by May 20. Reactions to the new KYC requirements are mixed, with some users expressing concerns about privacy and centralization, while others see it as necessary for mass adoption and security [b409238f].
Netcraft, a cybersecurity company, has introduced an AI-powered platform to interact with cybercriminals and gain insights into their operations [d0d65ab8]. The platform has collected thousands of money mule bank accounts spanning 73 countries and more than 600 financial institutions. The top four cryptocurrency wallets identified have received over $45 million. Conversational scams can take various forms, such as investment scams and pig-butchering schemes, and typically involve cybercriminals contacting targets online and gaining their trust over time. The scams can last over 47 days on average. Losses connected to such fraud reached $5.47 billion in 2023, with scams referencing cryptocurrency accounting for $3.96 billion. Netcraft's platform has engaged in conversations with cybercriminals, uncovering details of their operations and gathering intelligence on bank accounts, crypto wallets, and money remittance services. The platform has also revealed the use of WhatsApp accounts, Western Union remittance details, emails, and multiple phone numbers in some attacks. Scammers can get frustrated as the schemes progress, and victims can include individuals who are forced to participate in scams by criminal gangs [d0d65ab8].
In Singapore, two men have been arrested in Malaysia and charged with operating malware to scam Singaporeans [8da6555e]. At least 1,899 people in Singapore reported downloading malware into their phones in 2023, resulting in losses of S$34.1 million. The men allegedly operated servers that infected Android mobile phones with a malicious app, allowing a syndicate to control victims' phones and manipulate their bank accounts. The joint investigation team, led by the Singapore Police Force (SPF) and including the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP), identified the suspects and made the arrests. The men have been charged with unauthorized modification of computer material and may face up to seven years in prison and/or a fine of up to S$50,000 if convicted. The older suspect has also been charged with acquiring benefits from criminal conduct, which carries a potential sentence of up to 10 years in jail and/or a fine of up to S$500,000. The investigation has also led to arrests in Hong Kong and Taiwan, and the seizure of assets worth about US$1.33 million. The SPF will continue to work with foreign partners to combat scams [8da6555e].
The Nigerian Communications Commission (NCC) has issued a warning to mobile phone subscribers against purchasing pre-registered SIM cards. The NCC highlighted the risks posed by these cards, including fraud, regulatory non-compliance, lack of accountability, reputational damage, service disruptions, increased operational costs, trust issues, and unwanted surveillance. Pre-registered SIM cards are fraudulently activated using stolen or fake identity information, bypassing the mandatory registration process. The NCC urged subscribers to personally register their SIM cards, remain cautious of dubious offers, and report any suspicious activity. Non-compliance with telecommunications regulations can lead to fines or penalties. Organizations using pre-registered SIM cards for official purposes face operational risks and harm to their reputation. The NCC emphasized the importance of responsible registration practices for a secure digital future. [f7f39e44]
The National Identity Management Commission (NIMC) has identified and listed five websites allegedly fraudulently harvesting and selling Nigeriansā data. The websites include idfinder.com.ng, Verify.Ng/sign in, championtech.com.ng, trustyonline.com, and anyverify.com. NIMC urges the public to disregard these websites and not provide their data as they are potentially fraudulent. NIMC assures that no sensitive data belonging to Nigerians has been compromised and that it has taken measures to protect its database. Paradigm Initiative has raised an alarm about these websites selling Nigerians' National Identification Numbers (NINs), Bank Verification Numbers (BVNs), and passport data. The organization claims that one of the websites, AnyVerify, is involved in the commercial distribution and sale of personal and private data for as low as N100. NIMC is working with security operatives to arrest the fraudsters and warns Nigerians to avoid unauthorized and phishing sites. Nigerian banks have also notified their customers to update their bank account information with their BVN and NIN. [b77dfe5e]
A security firm has issued a warning about a new SMS phishing campaign targeting Apple IDs on iPhones in the United States. Attackers are sending SMS messages to iPhone users with a link to a fake iCloud login page, where users are encouraged to enter their credentials. Apple ID credentials are highly valued by attackers as they provide access to personal and financial information. The attackers use fear-factor wording in the SMS messages to increase the chances of users falling for the scam. Users are advised to be cautious of any communication claiming to be from Apple, enable multi-factor authentication, and only visit iCloud login pages from trusted sources [58ef733c].
Banking Trojan Medusa is back and more dangerous than ever. It is tough to detect and is wreaking havoc on phones across the US and Europe. The Trojan, which first affected Turkish business establishments in 2020, has now expanded to other countries in Europe as well as the US. Since July 2023, Medusa attacks have resurfaced with a new version. Cybersecurity experts have noted a record number of downloads of the ā4Kā Sports application, which is being used to install the malware on people's phones. The updated Trojan has 17 fewer commands but includes five new ones, such as taking permission to take screenshots. Hackers are also using legitimate apps, including Google, to hack into devices using this malware. The hackers continuously update the malware to avoid detection and increase its ability to infect a greater number of devices. It is crucial for individuals to take cybersecurity measures such as upgrading antivirus software, downloading software from trusted sources, staying vigilant against phishing attempts, and setting up two-factor authentication [fb8a6315].