It’s safe to assume that pretty much everyone is ready to move on from 2020. Between the COVID-19 pandemic, political battles, and social unrest, this has been a stressful year in so many ways. It has also been a very active year for cybercriminals and fraudsters who have preyed on people’s fears and vulnerabilities to push new scams. They’ve spoofed government health sites to trick people into clicking on malware links. They’ve targeted food delivery … More
The post 2020 set the stage for cybersecurity priorities in 2021 appeared first on Help Net Security.
The internet is full of fraud and theft and cybercriminals are operating in the open with impunity, misrepresenting brands and advocating deceit overtly.
Bolster found these criminals are using mainstream ISPs, hosting companies and free internet services – the same that are used by legitimate businesses every day.
Phishing and online fraud scams accelerate
In Q2, there was an alarming, rapid increase of new phishing and fraudulent sites being created, detecting 1.7 million phishing and scam websites – a 13.3% increase from Q1 2020.
Phishing and scam websites continued to increase in Q2 and peaked in June 2020 with a total of 745,000 sites detected. On average, there were more than 18,000 fraudulent sites created each day.
Cybercriminals use common, free email services to execute phishing attacks
The most active phishing scammers are using free emails accounts from trusted providers including Google and Yahoo!. Gmail was the most popular with over 45% of email addresses.
Russian Yandex was the second most popular email service with 7.3%, followed by Yahoo! with 4.0%.
Brand impersonation continues to escalate
Data reveals that the top 10 brands are responsible for nearly 44,000 new phishing and fraudulent websites from January to September 2020. Each month there are approximately 4,000 new phishing and fraudulent websites created from these 10 brands alone.
September saw a near tripling in volume with more than 15,000 new phishing and fraudulent websites being created for these top brands, with Microsoft, Apple and PayPal topping the list.
COVID-19 is still a target, but less so
Approximately 30% of confirmed phishing and counterfeit pagers were related to COVID-19, equaling over a quarter of a million malicious websites.
Compared to Q1, these scams increased by 22%, following dynamic news headlines – N95 masks, face coronavirus drugs and government stimulus checks. However, the good news is that these scams are declining month-over-month.
Cybercriminals will continue to utilize natural news drivers
Though phishing and fraudulent campaigns outside of extraordinary events are on the rise, cybercriminals continue to demonstrate their agility from major events. In Q3, Bolster discovered scams connected to Amazon Prime Day and the presidential election.
There was a 2.5X increase of fraudulent websites using the Amazon brand logo in September, focusing on payment confirmation, returns and cancellations and surveys for free merchandise. Where the presidential campaigns were fraught with counterfeiting and internet trolling.
“With the holiday shopping season kicking off, the results of the presidential election and the New Year approaching, we anticipate the number of phishing and fraudulent activity to continue to rise,” said Shashi Prakash, CTO of Bolster.
“In anticipation of these events, criminals are sharpening their knives of deception, planning new and creative ways to take advantage of businesses and consumers. Companies must be vigilant, arming their teams with the technology needed to continuously discover and take down these fraudulent sites before an attack takes place.”
Popular mobile messengers expose personal data via discovery services that allow users to find contacts based on phone numbers from their address book, according to researchers.
When installing a mobile messenger like WhatsApp, new users can instantly start texting existing contacts based on the phone numbers stored on their device. For this to happen, users must grant the app permission to access and regularly upload their address book to company servers in a process called mobile contact discovery.
A recent study by a team of researchers from the Secure Software Systems Group at the University of Würzburg and the Cryptography and Privacy Engineering Group at TU Darmstadt shows that currently deployed contact discovery services severely threaten the privacy of billions of users.
Utilizing very few resources, the researchers were able to perform practical crawling attacks on the popular messengers WhatsApp, Signal, and Telegram. The results of the experiments demonstrate that malicious users or hackers can collect sensitive data at a large scale and without noteworthy restrictions by querying contact discovery services for random phone numbers.
Attackers are enabled to build accurate behavior models
For the extensive study, the researchers queried 10% of all US mobile phone numbers for WhatsApp and 100% for Signal. Thereby, they were able to gather personal (meta) data commonly stored in the messengers’ user profiles, including profile pictures, nicknames, status texts and the “last online” time.
The analyzed data also reveals interesting statistics about user behavior. For example, very few users change the default privacy settings, which for most messengers are not privacy-friendly at all.
The researchers found that about 50% of WhatsApp users in the US have a public profile picture and 90% a public “About” text. Interestingly, 40% of Signal users, which can be assumed to be more privacy concerned in general, are also using WhatsApp, and every other of those Signal users has a public profile picture on WhatsApp.
Tracking such data over time enables attackers to build accurate behavior models. When the data is matched across social networks and public data sources, third parties can also build detailed profiles, for example to scam users.
For Telegram, the researchers found that its contact discovery service exposes sensitive information even about owners of phone numbers who are not registered with the service.
Which information is revealed during contact discovery and can be collected via crawling attacks depends on the service provider and the privacy settings of the user. WhatsApp and Telegram, for example, transmit the user’s entire address book to their servers.
More privacy-concerned messengers like Signal transfer only short cryptographic hash values of phone numbers or rely on trusted hardware. However, the research team shows that with new and optimized attack strategies, the low entropy of phone numbers enables attackers to deduce corresponding phone numbers from cryptographic hashes within milliseconds.
Moreover, since there are no noteworthy restrictions for signing up with messaging services, any third party can create a large number of accounts to crawl the user database of a messenger for information by requesting data for random phone numbers.
“We strongly advise all users of messenger apps to revisit their privacy settings. This is currently the most effective protection against our investigated crawling attacks,” agree Prof. Alexandra Dmitrienko (University of Würzburg) and Prof. Thomas Schneider (TU Darmstadt).
Impact of research results: Service providers improve their security measures
The research team reported their findings to the respective service providers. As a result, WhatsApp has improved their protection mechanisms such that large-scale attacks can be detected, and Signal has reduced the number of possible queries to complicate crawling.
The researchers also proposed many other mitigation techniques, including a new contact discovery method that could be adopted to further reduce the efficiency of attacks without negatively impacting usability.
Employees find significant value in having access to an identity compromise solution, having an available remediation solution creates a better mindset for those that use it, and there are halo results that benefit others (especially employers), an Identity Theft Resource Center (ITRC) and Aura Identity Guard survey reveals.
More reports of identity theft than any other category
In 2019, the Federal Trade Commission (FTC) received over 3.2 million reports of fraud with more reports of identity theft than any other category. There is an opportunity to provide the needed support employees are asking for by giving them access to an identity compromise solution as a component of the benefits suite.
“Cybersecurity is not only in the hands of an IT or security department. Every employee plays a crucial role in its company’s security network. That is why it is so critical employees are educated on cybersecurity and have the proper cyber-hygiene tools.”
The impact of COVID-19
In some cases, the COVID-19 pandemic has highlighted the importance of offering an identity compromise solution as an employee benefit. COVID-19 forced many employers to rethink how to conduct business when federal and state governments, under the guidance of the Centers for Disease Control (CDC), issued stay-at-home orders for all nonessential businesses.
Many employers were put in an unfamiliar situation of ensuring that their employee’s home environment could sustain their work requirements. Employees had to ensure that their home computing networks, including home routers and modems, had the appropriate security settings in place.
Tessian’s report found nearly half of the people surveyed said they are forced to find workarounds for security policies while working from home to do the work required.
“The results of this study clearly indicate the value employees place on having their personal information protected – especially during this pandemic. Additionally, the results illustrate something we’ve known to be true: by protecting employees, employers are also able to protect themselves from digital malice by instilling a culture of cybersecurity across the enterprise,” said Hamed Saeed, General Manager of Aura Identity Guard.
The need for an identity compromise solution
The findings support that many employees want an identity compromise solution in some manner – from a referral to a free non-profit service, all the way to an employer-paid solution. Over 82 percent of employers surveyed said that offering access to an identity compromise solution did, indeed, provide value to their staff.
In early 2020 Aftermath survey results, 24.6 percent of victims have had issues with their employer as a result of their personal identity compromise and 27.3 percent have had challenges with their boss or coworkers.
The Twittersphere went into overdrive on Wednesday as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam.
The attackers simultaneously compromised Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Jeff Bezos, Joe Biden, Mike Bloomberg, Apple, Uber, as well as those of cryptocurrency exchanges Binance, Coinbase, KuCoin and Gemini, the CoinDesk news site and other top crypto accounts.
Twitter reacted by locking down the affected accounts, removing Tweets posted by the attackers, and limiting functionality for all verified accounts, but not quickly enough to prevent many gullible users falling for the scam and sending money to the attackers.
“The accounts tweeted that they ‘partnered with’ a company called CryptoForHealth. The domain for this website was registered on July 15. The website itself claims that, to help with the hard times endured by COVID-19, they’re partnering with several exchanges to provide a ‘5000 Bitcoin (BTC) giveaway’ which is a ruse for advanced free fraud,” Satnam Narang, Staff Research Engineer at Tenable, explained.
This type of scam is common, but what makes this incident notable is that the scammers have managed to legitimate Twitter accounts to launch it, he notes. Because of this, users were more likely to place their trust in the CryptoForHealth website or the provided Bitcoin address.
Before Twitter locked the hijacked accounts and deleted the scammy tweets, the attackers apparently received nearly $118,000 in Bitcoin.
How have the Twitter accounts been hijacked?
As the compromised accounts began tweeting the scam in a coordinated manner, many speculated on how they attackers pulled off the massive compromise.
It soon became quite obvious that the attackers must have compromised them all from one central place.
Some users noticed that some of the hijacked accounts had been associated with one specific email address:
Yep! Crazy – looks like a full takeover/hijack pic.twitter.com/toug6PYnYr
— harrydenley.eth ◊ (@sniko_) July 15, 2020
Motherboard’s sources said that a Twitter insider (admin) was bribed or coerced to use an internal user management tool to reset the email address and password on the affected accounts. Others speculated that the attackers managed to compromise the corporate account of a Twitter employee.
Earlier today, Twitter confirmed that last speculation.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company explained.
“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
The attack points to a greater poblem
According to the BBC, the same email address that was used to register the CryptoForHealth domain was used to register an Instagram account with the same name. On it, the attackers posted a message that said: “It was a charity attack. Your money will find its way to the right place.”
Many have pointed out that, given how much US politicians depend on Twitter to keep the citizenry informed about their thoughts and actions, the attackers could have used the access to those accounts to do much more damage.
Others have posited that the Bitcoin scam was perhaps just a smokescreen:
Stage 1: Throw up simple bitcoin scam for some nice walkin-around money.
Stage 2: Exfiltrate DMs for later use in blackmail, etc. If you’re already sitting on data like OPM, etc., you have a nice amount of kompromat for leverage/profit.
— Jim Wagner (@jimwagmn) July 15, 2020
US Senator Josh Hawley demanded from Twitter more information about the hack, including and answer to the question of whether the attack threatened the security of US President Donald Trump’s account (which has not be made to tweet out the scammy message).
“The Twitter hack highlights how bad actors are using highly trafficked social media channels to wreak havoc,” noted Richard Bird, Chief Customer Information Officer, Ping Identity.
“The news of this exploit is extremely concerning as it really focuses attention on the inherent weaknesses in Big Tech security, which has been a point of focus across the country as we head into a presidential election and as we navigate the challenges driven by the pandemic. Disinformation and exploitation of supposedly trusted social media channels only amplifies the anxieties and concerns that consumers and citizens are already dealing with in this country and others.”
“Given the accounts’ relatively high profile, including that of a former US President, it’s likely that federal law enforcement and intelligence assets from both the public and private sector will be brought to bear on this very problem,” noted Kevin O’Brien, Co-Founder and CEO, GreatHorn.
“It’s highly likely that this will result in attribution, although I suspect we’ll find that this occurred from a non-US location, increasing the difficulty of apprehending the responsible parties.”
Twitter accounts of the rich and famous—including Elon Musk, Bill Gates, Jeff Bezos, and Joe Biden—were simultaneously hijacked on Wednesday and used to push cryptocurrency scams.
As of 3:58pm California time, one wallet address used to receive victim’s digital coin had received more than $118,000, though it wasn’t clear all of it came from people who fell for the scam. The bitcoin came from 356 transactions that all occurred over about a four-hour span on Tuesday. The wallet address appeared in tweets from at least 15 accounts—some with tens of millions of followers—that promoted fraudulent incentives to transfer money. At least one other Bitcoin wallet was used in the mass scam.
“I’m giving back to all my followers,” one now-deleted tweet from Musk’s account said. “I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!” A tweet from the Bezos account said the same thing. “Everyone is asking me to give back, and now is the time,” a Gates tweet said. “I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000.”
Another variation of the scam promoted a partnered initiative that pledged to donate 5,000 BTC to the community and included a domain link to send money. The domain was quickly suspended. This variation came early in the hijacking spree and appeared to affect only cryptocurrency-related businesses, including Binance and Gemini.
Other hijacked accounts belonged to Barack Obama, Mike Bloomberg, Apple, Kanye West, Kim Kardashian West, Wiz Khalifa, Warren Buffett, YouTube personality MrBeast, Wendy’s, Uber, CashApp, and a raft of cryptocurrency entrepreneurs. Here’s a sampling of some of the scammy tweets:
At 2:58 PM California time, Musk’s account continued to pump out fraudulent tweets, despite the mass account hijackings being two hours old. What’s more, a screenshot tweeted by a security researcher showed that attackers have changed associated email addresses of some of the hijacked accounts.
That so many social media accounts were taken over in such a short time and remained hijacked for so long is extraordinary if not unprecedented. Previous hijackings that happened to one or two high-profile accounts to promote scams were the result of phishing attacks or the accounts being protected by weak passwords. And in almost all cases, the rightful account holders quickly regained control.
The ability of the attackers to regain control of accounts was also highly unusual. The compromise of so many accounts—many belonging to people who are seasoned in the importance of having good security hygiene—raised serious questions that the compromises were the result of a breach of Twitter’s infrastructure.
A Twitter spokeswoman said company personnel are looking into the cause and would respond soon.
A statement Binance issued said its personnel “confirmed that this Twitter breach was not caused by a vulnerability of Binance’s platform or team members.” The statement didn’t provide any other details about the cause of the hijacking. Binance went on to say: “Our security team has verified that there are zero Binance accounts/users who have sent funds to the hacker’s wallet addresses. The hacker’s wallets are not associated with Binance, and we have prevented all Binance wallet addresses from depositing assets into the hacker’s addresses.”
Emails to some of the other affected account holders weren’t immediately returned.
A spokeswoman for security firm RiskIQ said company researchers were able to track the infrastructure belonging to the party behind Wednesday’s large-scale hack. So far, they have compiled a list of more than 400 associated domains that included cryptoforhealth.com. the site included in the fraudulent tweet from Binance and other cryptocurrency businesses. Many of the domains didn’t respond, while others led to browser warnings like the one below.
As the hijackings continued, Twitter said that while it investigated, it was suspending the ability of many but not all Twitter users to tweet or respond to tweets. Accounts belonging to verified users were unable to tweet or reply to other tweets. Instead they got a message that said: “This request looks like it might be automated. To protect our users from spam and other malicious activity, we can’t complete this action right now. Please try again later.” The suspension didn’t apply to retweets or direct messages. Unverified accounts worked normally.
This is a developing story. This post will be updated as more details become available.
Attackers are trying to trick web administrators into sharing their admin account login credentials by urging them to activate DNSSEC for their domain.
Scam emails lead to fake login pages
The scam was spotted by Sophos researchers, when the admin(s) of their own security marketing blog received an email impersonating WordPress and urging them to click on a link to perform the activation (see screenshot above).
The link took them to a “surprisingly believable” phishing page with logos and icons that matched their service provider (WordPress VIP), and instructed them to enter their WordPress account username and password to start the update.
“The scam then shows you some fake but believable progress messages to make you think that a genuine ‘site upgrade’ has kicked off, including pretending to perform some sort of digital ‘file signing’ at the end,” Sophos’s security proselytiser Paul Ducklin explained.
Finally, either intentionally or by mistake, the victim is redirected to a 404 error page.
Customized phishing pages
The malicious link in the email contained encoded banner and URL information that allowed researchers (and attackers) to customize the scam phishing page with different logos, to impersonate numerous different hosting providers.
“We didn’t even need to guess at the banner names that we could use, because the crooks had left the image directory browsable on their phishing site. In total, the crooks had 98 different ripped-off brand images ready to go, all the way from Akamai to Zen Cart,” Ducklin noted.
The attackers check HTTP headers for information about the target’s hosting provider and customize the scam email and the phishing site accordingly:
Users who fall for the scam, enter their login credentials into the phishing site and don’t have 2-factor authentication turned on are effectively handing control of their site to the scammers.
Ducklin advises admins never to log in anywhere through links sent via email, to urn on 2FA whenever they can, and to use a password manager.
“Password managers not only pick strong and random passwords automatically, but also associate each password with a specific URL. That makes it much harder to put the right password into the wrong site, because the password manager simply won’t know which account to use when faced with an unknown phishing site,” he noted.
Cyber scammers are starting to use legitimate reCAPTCHA walls to disguise malicious content from email security systems, Barracuda Networks has observed. The reCAPTCHA walls prevent email security systems from blocking phishing attacks and make the phishing site more believable in the eyes of the user.
reCAPTCHA walls are typically used to verify human users before allowing access to web content, thus sophisticated scammers are starting to use the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages.
Researchers observed that one email credential phishing campaign had sent out more than 128,000 emails to various organizations and employees using reCAPTCHA walls to conceal fake Microsoft login pages. The phishing emails used in this campaign claim that the user has received a voicemail message.
Once the user solves the reCAPTCHA in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. Unsuspecting users will be unaware that any login information they enter will be sent straight to the cyber scammers, who will likely use this information to hack into the real Microsoft account.
Steve Peake, UK Systems Engineer Manager, Barracuda Networks comments: “In this difficult time, it is no surprise to see that cyber scammers are seeking increasingly sophisticated methods of stealing log-in credentials and data from unsuspecting, remote workers.
“Fortunately, there are a number of proactive measures employers and business owners can take to prevent a security breach. Most importantly, users must be educated about the threat so they know to be cautious instead of assuming a reCAPTCHA is a sign that a page is safe.
“Furthermore, whilst reCAPTCHA based scams make it harder for automated URL analysis to be conducted, sophisticated email security solutions can still detect these phishing attacks using AI-based email protection solutions. Ultimately, however, no security solution will catch everything, and the ability of the users to spot suspicious emails and websites is key.”
As US citizens wait for President Trump’s final decision about whether quarantine will be over by Easter, malware peddlers have already “decided”: quarantine will be prolonged until August 2020.
Phishing emails point to malware
Researchers with anti-phishing startup Inky have spotted two phishing emails purportedly coming from the White House, “signed” by President Trump.
Both include a link to a compromised website that served a nearly perfect replica of the real White House Coronavirus informational site:
The victims are urged to download and peruse the document. Unfortunately for those who do it, they will be likely infected with a dropper Trojan (file hashes).
This particular page, located on a compromised Russian site, has been taken down, but it’s easy for criminals to set up new ones and change links in the phishing emails.
An email from Mike Pence?
In addition to these emails, Inky has also detected an email purportedly coming from Vice President Mike Pence.
This one is not COVID-19-themed and does not contain a link. It sound a bit like the beginning of an extortion attempt, though it’s likely to be an advance-fee scam:
The email will not fool the majority of recipients, but there is always a small subset of gullible users that will not find anything suspicious in the atrocious grammar, spelling and wording used, and will self-select to be scammed.
The coronavirus crisis is forcing people to distance themselves from others, work remotely, and spend time indoors and online. While social distancing is a good health practice to reduce the spread of the coronavirus, it may be helping scammers.
Research from the Better Business Bureau (BBB), the FINRA Investor Education Foundation, and the Stanford Center on Longevity found that people are more likely to lose money to a scam when they are socially or physically isolated from others, if they are actively engaging online, and if they are financially vulnerable.
“According to our research, social isolation is a key risk factor for susceptibility to scams, as is financial vulnerability,” said Melissa Lanning Trumpower, executive director of the BBB Institute for Marketplace Trust, BBB’s foundation that conducted the research.
“Add increased time spent online and coronavirus creates the ‘perfect storm’ for scammers, because all three of these factors have increased dramatically.”
As bricks-and-mortar businesses close or curtail services and the financial markets experience a high level of volatility, many consumers are left to wonder if they will have a job or an immediate way to provide for their loved ones. As people turn to the Internet seeking new or temporary employment, they are also at increased risk of employment scams.
Employment scams are deemed the riskiest scams of 2019, making up 9.3 percent of all scams reported and a median dollar loss of $1,500.
Despite these factors, there are steps everyone can take to protect themselves and their family from losing money and compromising personal information.
Contact someone you trust
Don’t be afraid to contact a friend, or a company or organization you trust for advice. Isolation is a risk factor for scams. Feelings of loneliness were associated with being more likely to engage with and lose money to scammers. This was especially true when the individual felt he or she lacked companionship and was isolated from loved ones.
Fact: Scammers will try to isolate their victims.
Don’t click on a link before you do your research
Before clicking a link or sharing personal information online, stop, pause, and research the company or person. People are more likely to lose money to scams perpetrated online.
Consumers who are approached online (email, website, social media, internet messaging, and online classifieds) are significantly more likely to report losing money.
Fact: A staggering 81.2 percent of consumers lost money to online purchase scams in 2019.
Beware of job offers that sound too good to be true
Employment scams were the No. 1 riskiest two years in a row. As traditional jobs are cut and workers begin to seek new roles or remote opportunities to fill the void, they must be wary of job offers that sound too good to be true.
Fact: Scammers prey on jobseekers, particularly those seeking remote jobs.
Learn about cyber risk and scams
Learn about scammer tactics to help avoid falling prey to scams and be wary of any offer to “get ahead” that seem too good to be true. Those who are financially vulnerable are more susceptible to scams.
Individuals under financial strain and those with lower levels of financial literacy may be more susceptible to scammers. Specific risk-factors include:
- Household income of $50,000 per year and below.
- Spending more per month than one’s earnings, not saving money, and having significant amounts of debt.
- Feeling compelled to “catch up” or “get ahead” financially.
Fact: According to the Exposed to Scams report, those who heard about the scam before they were targeted were significantly less likely to lose money (9 percent vs 34 percent).
Scam robocalls and phishing emails disguised as banks continue to trick consumers to put their personal information at risk, and tax season is no exception.
Increase in potential threats
During this time of the year consumers need to be aware of the increase in potential threats as hackers pose as collectors from the IRS, tax preparers or government bureaus.
These tactics are particularly effective due to tax payers concerns of misfiling their taxes or accidentally running into trouble with groups like the IRS.
McAfee researchers recently uncovered an example of an illegitimate IRS site created to scam unsuspecting consumers. If you look closely, you will notice a non-IRS domain and not a secure connection, these are key things to look out for when seeking online resources.
Fake sites such as this pose particular risk to consumers when combined with phishing email campaigns. In fact, 41% of Americans admitted to falling victim to email phishing scams in 2019, serving as another reminder to be vigilant during the stressful tax season.
File before a scammer does it for you
The easiest defense you can take against IRS scams is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a fraudster.
Beware of phishing attempts
Phishing is a common tactic crooks leverage during tax season, so stay vigilant around your inbox and double-check legitimacy of any unfamiliar or remotely suspicious emails. Be wary of strange file attachment names such as “virus-for-you.doc” and remember that the Office of Social Security or IRS do not call or email tax payers.
IRS scams: Watch out for spoofed websites
Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search.
Consider an identity theft protection solution
If your data does become compromised, be sure to use an identity theft solution, allowing users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
Cryptocurrency users, exchanges and investors suffered $4.5 billion in crypto-related losses resulting from thefts, hacks, and fraud, a CipherTrace report reveals.
Cryptocurrency crime losses
The lion’s share of those losses stem from the staggering growth of Ponzi schemes, exit scams, and misappropriation of funds crimes, the value of which rose 533 percent year over year.
Also, traditional financial services have become increasingly infused with crypto assets. For instance, results of an extensive analysis of the blockchain found almost all U.S. banks harbor illicit virtual asset related money service businesses (MSBs), including cryptocurrency exchanges.
Of additional concern for banks, 66 percent of dark market vendors sell stolen financial products and compromised accounts for cryptocurrency. And virtually all (97 percent) of ransomware attacks use bitcoin as the payment rail.
“Our research revealed some surprising trends in 2019,” said David Jevans, CEO of CipherTrace. “First, there was a dramatic shift away from outright thefts and exchange hacks and toward Ponzi schemes, exit scams, and other con games.
“Second, like them or not, banks have a lot more virtual assets lurking in their accounts and payment networks than most in the industry had previously thought. Banks need new capabilities to ferret out illicit MSBs, terrorist financing, and other major sources of risk.”
The report also provides an overview of regulatory moves throughout the world. This includes a comprehensive chart of anti-money laundering (AML) regulations by country, an update on the respective blockchain-related enforcement authority of the SEC, FinCEN, and the CFTC, and detailed reports on major regulatory and eCrime developments in various countries.
Trends in theft, fraud, hacks and misappropriation of funds
Cryptocriminals had a banner year in 2019. Total cryptocurrency crime increased 160 percent from 2018. However, as the report suggests, if 2019 had a Person of the Year, it would have been The Malicious Insider.
The culprits behind most of the losses were fraudsters operating inside everything from seemingly legitimate blockchain projects that were actually exit scams to crypto Ponzi and pyramid schemes. Ultimately, all that $4.5B worth of illicit cryptocurrency needs to be laundered.
Crypto-asset blind spots expose banks to risk
The typical top 10 U.S. bank unknowingly facilitates approximately $2 billion in illicit cryptocurrency transactions each year. Stealth MSBs using accounts and payment networks expose financial institutions to significant AML and counter terrorism financing (CTF) compliance risk.
Further research revealed banks paid record AML fines globally in 2019—more than $6.2 billion. This number could increase in 2020 as crypto-related money laundering and sanction evasion enforcement ramps up.
“As crypto-assets become increasingly entangled in traditional financial services, AML and CTF compliance risks are on the rise,” said Stephen Ryan, COO of CipherTrace.
“Virtual assets are now pervasive in bank accounts and payment networks, and banks must find ways to deal with the risks. Effectively mitigating cryptocurrency risks requires equipping compliance officers with the best tools and intelligence to gain visibility into this new asset class.”
The report also outlined a multi-year research project into darknet markets and other illicit vendors, which revealed that of dark market vendors:
- 40 percent hawked compromised bank account or credit card credentials for as little as 1 percent of face value
- 24 percent offered compromised payment services accounts
- 2 percent sold stolen cryptocurrency private keys
These findings further highlighted the issues banks and financial institutions face with regards to payment fraud and virtual asset laundering risks.
The research also showed that bitcoin is the payment of choice for cyber extortionists. During the last year, they demanded BTC as payment in 97 percent of ransomware attacks. All of this extorted bitcoin will need to be laundered before criminals can use the funds.
2020 will be a year of intense regulatory changes
The research team identified varying levels of maturity and sophistication in AML/CTF regimes around the globe. For instance, AMLD5 went into effect across the European Union early January regulating crypto-fiat exchanges for the first time in most EU countries.
Additionally, CipherTrace described urgency among its customers and industry players around pending FATF Travel Rule legislation.
Exchanges and financial institutions in the G20 have less than six months to find a solution for dealing with this major compliance conundrum—how to comply with the requirement to share sender and receiver information before executing cryptocurrency transactions, while protecting confidentiality.
In the US, financial institutions including virtual asset service providers (VASPs) have been reminded by FinCEN that they must meet their funds Travel Rule obligations under the BSA or face enforcement actions.
Of today’s main communications mediums – text, phone calls and email – consumers get the most spam over phone and email: 70% said they receive spam often over email and 51% said the same for phone calls, a Zipwhip survey reveals.
Fifty-four percent of people even use a separate email address to avoid getting spam in their main account. Comparably, consumers report receiving much less spam over text: 41% reported rarely receiving text spam, and only 18% reported getting text spam often.
Given the high spam figures for phone and email, it’s no surprise that 92% of survey respondents said they ignore phone calls from unknown numbers. With texting, however, a person or business can identify themselves immediately without the consumer needing to engage.
This could be part of the reason texts have better response rates than phone calls; in a separate survey, Zipwhip found that 83% of consumers respond to a text message within 30 minutes or less.
Low scam attempts via text
Consumers also reported low volumes of scam attempts via text, with only 17% reporting they receive them often, versus 43% who report scam by phone and 46% who report scams by email often.
“Texting continues to be consumers’ most preferred medium, and that’s increasingly the case as spam and scam attempts infect other methods of communication like phone and email,” said John Lauer, CEO of Zipwhip. “Legitimate businesses with a real need to reach their customers have an obvious choice, and that’s to text.”
The survey also found that a large majority of consumers have been affected by the surge in robocalls – 83% of respondents said they’ve noticed an increase in the last year.
Consumers inundated with spam and scam phone calls, as well as robocalls, can report them to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) or their network carrier. In Zipwhip’s survey, 35% of consumers report already having done so.
Once downloaded, the fake apps hide themselves on the victim’s device and continue to show a full-screen ad every 15 minutes.
Scam Hits Facebook And Google
- Google and Facebook have confirmed that they fell victim to an alleged $100m (£77m) scam
- In March, it was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies” that were not named at the time. They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank
- On 27 April, Fortune reported that the two victims were Facebook and Google. The man accused of being behind the scam, Evaldas Rimasauskas, 48, allegedly posed as an Asia-based manufacturer and deceived the companies from at least 2013 until
- “Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company,” the US Department of Justice (DOJ) said in March.
- These emails purported to be from employees of the Asia-based firm, the DOJ alleged, and were sent from email accounts designed to look like they had come from the company, but in fact had not.
- The DOJ also accused Mr Rimasauskas of forging invoices, contracts and letters “that falsely appeared to have been executed and signed by executives and agents of the victim companies”.