A week in security (January 22 – January 28)

0
[ad_1]

January 25, 2024 – Chinese speaking users looking for Telegram, or LINE are being targeted with malicious ads. Instead of downloading the legitimate application, they install malware.

January 25, 2024 – ThreatDown has earned 37/37 awards over nine consecutive quarters.

January 24, 2024 – 2023 was the worst ransomware year on record for Education.

January 24, 2024 – Your smart devices may reveal information about you or your location to an ex-partner. Here’s how to lock them out.

January 24, 2024 – Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.


[ad_2]
Source link

Microsoft to add touch controls to its Xbox app for iOS and Android

0
[ad_1]
Microsoft plans to make it easier to remotely control an Xbox console or play games on phone and tablets by adding touch controls to its Xbox mobile apps. This means that users will no longer need Bluetooth controllers attached to their phones while using the Xbox mobile apps.

According to The Verge’s Tom Warren, Microsoft has already started testing the new touch controls, which seem to be similar to those on the company’s Xbox Cloud Gaming service.

Although using a Bluetooth controller with the Xbox mobile app offers a far better experience, there are many users who don’t own one, so adding touch controls provides them with a feature that they would otherwise not be able to use.

Even so, the report claims that the implementation of the touch controls by Microsoft is “surprisingly good,” which makes these a great alternative for those who already own a Bluetooth controller but want more convenience.

There’s no ETA at the moment, but touch controls will eventually be available for all users of Microsoft’s Xbox mobile apps. It’s important to add that the touch controls will work with nearly all games available on the platform, which feels like a great achievement.

[ad_2]
Source link

Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost

0
[ad_1]

Cybersecurity specialists from the Ukrainian HUR (Main Intelligence Directorate of the Ministry of Defense of Ukraine) have claimed a successful cyber attack on IPL Consulting. They reportedly destroyed its entire IT infrastructure, resulting in communication outages across the country.

For your information, IPL Consulting is a Russian company that implements information systems in the local industry. As per HUR’s announcement on Facebook, the company is among the most advanced of all Russian enterprises facilitating information system implementation services to institutions in the automotive, aviation, heavy engineering, and defense sectors. Ukrainian intelligence reports that HUR specialists targeted dozens of its servers and databases.

Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost
The Main Directorate of Intelligence of the Ministry of Defense of Ukraine on Facebook

IPL Consulting’s internal network was breached by hackers, resulting in the deletion of over 60 terabytes of data and the destruction of dozens of servers and databases. The full cost of damages remains unclear. According to HUR, the damage is particularly significant amidst ongoing sanctions pressure and affects numerous Russian companies operating in the defence sector.

Cyberattacks have become a common tool in the Russia-Ukraine war, with a devastating attack on telecom firm Kyivstar on December 12, 2023, resulting in widespread communication outages. The Russian hacker group Solntsepek, linked to Russia’s military intelligence agency, claimed responsibility for this attack. Ukrainian cyber specialists have also been quite aggressive on the digital front lately.

In a separate attack, a Ukrainian hacking group “Blackjack” infiltrated Russia’s Main Military Construction Directorate for Special Projects, downloading 1.2 TB of data, including technical documentation for over 500 military sites, confirmed HUR on its Telegram channel on January 19, 2024. The group also transmitted critical intelligence about Russian facilities to Ukrainian armed forces. The hackers temporarily disrupted the company’s operations. 

Another cyberattack was launched against the Russian Far Eastern Research Center of Space Hydrometeorology “Planeta” in Khabarovsk on January 24, 2024, resulting in the destruction of 280 servers and the loss of 2 petabytes (2 million gigabytes) of data, valued at least $10 million. This attack is attributed to Volunteer Patriots from the BO Team group. Planeta is responsible for receiving/processing military satellite data.

According to HUR’s claim, hackers also managed to destroy weather and satellite data for various Russian agencies, including the Russian Ministry of Emergency Affairs, the Ministry of Defense, and Roscosmos. HUR states that the over $350,000 supercomputer cannot be restored, and given the Western sanctions on Russia, the country cannot obtain this software.

Moreover, they disrupted air conditioning, humidification systems, and emergency power supply regulations. The HUR also stated that the attack disconnected a Russian station in the Arctic, affecting strategic companies vital to defence and supporting Russian occupation forces. 

The incident follows a previous incident in which the HUR collected 100 gigabytes of confidential, intelligence data valued at $1.5 billion, and belonging to Special Technology Center LLC, operating in Russia’s military-industrial complex.

  1. Ukraine’s Cyberattack Cripples Russia’s Tax System
  2. Ukrainian Hackers Trick Russian Military Wives for Personal Info
  3. UAC-0099 Using Old WinRAR Flaw in New Cyberattack on Ukraine
  4. Protestware Uses npm Packages to Call for Peace in Gaza, Ukraine
  5. Ukraine Hacks Russia’s Aviation Agency, Claims “Aviation Cannibalism”

[ad_2]
Source link

Apple’s new App Store fee in the EU will financially damage some app developers

0
[ad_1]
When iOS 17.4 is released in March, the version of the update heading to eligible iPhone units in the EU will result in some major changes to iOS, Safari, and the App Store. Some of these changes can potentially cost Apple in the pocketbook. For example, Apple will allow third-party app stores and third-party in-app payment platforms to be available on the iPhone after years of fighting for its walled gardens. And the “Apple Tax” that Apple takes in from developers will have a lower 10%-17% range compared with the current 15%-30%.
On the face of it, it would seem that Apple’s Services unit, the second largest business segment at Apple after the iPhone, would suffer a decline in revenue. But that might not be the case after all. First, the EU is responsible for only 6% of global App Store revenue, and Apple is creating new fees that will make up for the reduction in others. For example, in addition to the 10% to 17% commission that Apple will earn from developers using its in-app payment platform, Apple will charge a 3% in-app purchase billing fee. If a developer chooses to use a third-party in-app payment platform, Apple gets no commission and doesn’t earn the 3% fee.

Apple’s core technology fee in the EU will change the dynamics of the App Store for

Apple will also get a “core technology” fee of 50 Euro (.54 U.S. cents) for each time an app is installed over one million times from the App Store, third-party stores, the web, or the TestFlight testing service. According to Bloomberg’s Mark Gurman, Apple believes that 99% of developers impacted by the changes in the EU will see the amount they pay Apple stay the same or decline.
But thanks to the “core technology” fee, Apple is actually going to collect revenue from apps that they never got a dime from before. Gurman uses Instagram as an example. If Meta gets 50 million installs a year in the EU, Meta will have to pay $2.2 million a month to Apple which is a check it never had to write to Apple before. And this upset Spotify CEO Daniel Ek who wrote in a tweet, “Spotify itself faces an untenable situation.”

The executive added, “With our EU Apple install base in the 100 million range, this new tax on downloads and updates could skyrocket our customer acquisition costs, potentially increasing them tenfold. This as we have to pay on every install or update to our free or paid app, even for those who no longer use the service. So where does that leave us? Under the new terms, we cannot afford these fees if we want to be a profitable company, so our only option is to stick with the status quo. The very thing we’ve been fighting against for five years.”

The “core technology fee” will negatively impact developers of free or freemium apps

Ek, who has been fighting against the Apple Tax for years, sums up Apple’s actions by writing, “By inventing a new tax system to replace the old, Apple mocks the spirit of the law and the lawmakers who wrote it. I sincerely hope the EU recognizes this for exactly what it is and stands firm, and doesn’t let their work over the years all be for nothing. The world is watching.”

But the new “core technology” fee is going to hurt smaller developers the most. Developer Steven Troughton-Smith notes that a free app that gets 2 million installs will have to pay $500,000 to Apple every year leading him to write on Mastodan, “I don’t think any app developer with free or freemium apps in their portfolio can accept Apple’s new business terms without the risk of being bankrupted. And as a result, that makes this specific implementation of the core technology fee unworkable.”

One developer who had a few hundred thousand installs last year told Gurman’s Power On newsletter that with the new fees, there is no incentive to make an app for the iPhone. However, developers can decide to stick with the current 15%-30% “Apple Tax” range if they promise not to use third-party payment platforms or get listed in third-party app stores. We’re pretty sure that Spotify’s Ek is thinking that the more things change, the more they stay the same, or get worse.


[ad_2]
Source link

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

0
[ad_1]

FortiGuard Labs’ latest research report reveals a concerning trend: threat actors are leveraging the Python Package Index (PyPI), an open repository for Python-developed software packages, to upload malware-infected packages. This exploitation of PyPI’s infrastructure poses significant risks to users.

FortiGuard Labs team recently identified a PyPI malware author, “WS,” uploading malicious packages to PyPI, estimating over 2000 potential victims. The identified packages, including nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111, show attack methodologies that resemble the attacks identified by Checkmarx in 2023.

These packages contain base64-encoded Python scripts, which are executed depending on the victim’s operating system. The packages deploy Whitesnake PE malware on Windows devices or a Python script to steal information from Linux devices.

What’s interesting in this scheme is that Python scripts are using a new method to transmit stolen data, using a range of IP addresses as the destination instead of a single fixed URL. This helps ensure successful data transmission even when one server fails.

Recently identified packages primarily target Windows users, whereas previous ones targeted both Linux and Windows users. The objective is to exfiltrate sensitive information from victims.

The Whitesnake PE payload is a Python-compiled executable created using the PyInstaller tool, displaying an incomplete script file ‘main.pyc’ and another file ‘addresses.py.’ This is rather suspicious. ‘Main.pyc’ is clandestine code that copies itself to the Windows startup folder for autorun, probes logical drives, and monitors the count of running instances.

It also retrieves clipboard contents and compares them against predefined cryptocurrency address patterns, prompting it to overwrite the clipboard with corresponding addresses from ‘addresses.py’, potentially deceiving victims into directing cryptocurrency transactions to an unexpected destination.

The payload, an encrypted.NET executable launches an invisible window right after its installation and adds itself to Windows Defender‘s exclusion list. It then creates a scheduled task to run every hour on the compromised device. The task connects a malicious IP to a client using “socket.io” and collects sensitive user data, including IP address and host credentials.

The payload captures wallet and browser data and sends it to a suspicious IP address via a remote server as a.zip file with multiple encryption layers, which the attacker extracts and exfiltrates. Debugging revealed strings that indicated information stolen from a wide range of devices, such as cryptocurrency services, applications, and browsers.

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users
Timeline of the malicious PyPI packages published by “WS” (Screenshot: Fortinet Labs)

The research reveals how easily a single malware author can distribute multiple info-stealing packages into the PyPI library, highlighting the need for vigilance when using open-source packages.

“Information-stealing malware is an increasingly pertinent and pressing subject. Safeguarding against such persistent adversaries demands a strategic and forward-thinking approach to fortify your defences,” FortiGuard Labs researchers concluded.

  1. Luna Grabber Malware Hits Roblox Devs Through npm Packages
  2. 6 official Python repositories plagued with cryptomining malware
  3. GitHub Abused to Spread Malicious Packages on PyPI in Image Files
  4. NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package
  5. FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data

[ad_2]
Source link

New Soap2day Domains Emerge Despite Legal Challenges

0
[ad_1]

Soap2day permanently shut down in June 2023 – While the official site and its major mirror sites closed down, it seems like some copycats or imitators have emerged using new domains to offer similar illegal streaming services.

Soap2day, the once-infamous haven for free movie and TV show streaming, met its apparent demise in June 2023. Legal pressure and a barrage of copyright infringement takedowns seemingly snuffed out the life of this unauthorized streaming giant. But just like a phoenix rising from the ashes, Soap2day has begun to flicker back to life under new guises, leaving users and authorities alike scratching their heads.

The original Soap2day was a hydra of sorts, with countless mirror sites popping up as fast as the old ones were shut down. This online game of whack-a-mole frustrated content creators and copyright holders for years. However, a coordinated takedown effort in mid-2023 seemed to deal a decisive blow, leaving behind a digital graveyard of dormant URLs.

Soap2day Shuts Down Permanently – Free Legal and Paid Alternatives
This was the goodbye message from Soap2day (Screenshot credit: Hackread.com)

But death, it seems, can be temporary in the ever-evolving web. New domains bearing the Soap2day name have started surfacing, offering the same illicit library of movies and TV shows.

These digital doppelgangers appear disconnected from the original operators, possibly opportunistic copycats eager to fill the void left in the streaming underworld. Some of these new domains, like Soap2day.rs, Soap2day.day, and Soap2day.store, are easily accessible through Google. They offer access to thousands of recently released content for free.

New Soap2day Domains Emerge Despite Legal Challenges
The screenshot shows 2 of the new Soap2day domains currently online (Screenshot credit: Hackread.com)

However, there is no such thing as a free lunch. Online streaming services are infamous for phishing users or even dropping malware through pop-up bombardment. The risks are far greater than the potential benefits, making it not worth it. Therefore, engaging with these copycat sites exposes users to a plethora of dangers, including:

  • Privacy violations: Dodgy data practices are often rampant on such sites, putting your online privacy at risk.
  • Malware and phishing attacks: Disguised software installs and fraudulent links can lurk within these illegal platforms, jeopardizing your device and personal information.
  • Legal repercussions: Accessing copyrighted content illegally can lead to hefty fines and legal consequences in many countries.

So, why take the risk when a plethora of legal alternatives exist? Streaming platforms like Netflix, Hulu, and Disney+ offer vast libraries of content for a reasonable price. Additionally, numerous free, legal options like Tubi TV and Crackle provide access to movies and TV shows without compromising your security or wallet.

Here is a detailed list of legal and free online streaming services for movies and TV shows. Remember, using legal platforms not only ensures a safer and more reliable experience but also supports the entertainment industry and content creators.

    The Soap2day saga highlights the ephemeral nature of illegal streaming sites. Their days are numbered, yet copycats will always appear, and the risks associated with them far outweigh the fleeting satisfaction of pirated content. Choose legal and safe alternatives, and enjoy your favourite shows and movies with peace of mind.

    1. Streaming site 123movies has been shut down
    2. Fake streaming sites using Star Wars as bait to spread malware
    3. Poker player jailed for illegal video streaming, downloading sites
    4. Adult streaming site CAM4 leaks 7 TB of data with 11 billion records
    5. Police shut down illegal video streaming app Mobdro with 100M users
    6. US COVID-19 relief bill to make copyrighted content streaming a felony

[ad_2]
Source link

Following Apple’s DMA announcement, Opera is launching an AI-powered iOS browser

0
[ad_1]

Major players in various fields have been waiting for Apple to make changes to how it operates in the EU to comply with the new Digital Markets Act (DMA). Spotify has already revealed plans to introduce in-app payment functionality within its app, while full versions of Chrome and Firefox browser have been allowed to run on the iPhone.Over the weekend, Opera announced that it too plans to launch its own AI-powered browser for iOS, which will probably only work in the EU. The company says that the new browser will be introduced in the months to come, which makes sense considering that the DMA enters into force in March 2024.

As the leading European browser developer, we embrace the changes introduced through the DMA, aimed at fostering competition and offering users a more diverse selection of browsers on iOS. We intend to deliver on this with the AI-centric Opera One for iOS. Furthermore, we are excited to see the confirmation that Apple will also implement a browser choice screen for iOS, making it easier for users to choose their favorite browser as default also on their mobile devices,” said Jørgen Arnesen, EVP Mobile at Opera.

It’s hard to believe that Apple will implement these changes in regions around the globe other than the EU, but we’re allowed to dream. If you’re an iOS user and live in the EU, good things are headed your way. March can’t come soon enough.

[ad_2]
Source link

American Pie? For over an hour on Friday, it was the day Apple Music (and other services) died

0
[ad_1]
Several Apple Services were down on Friday according to the company’s System Status support page (via Bloomberg). The latter shows that from 6:29 pm-7:42 pm EST, “Users may have been unable to make purchases in the iTunes Store, Mac App Store, and App Store.” The System Status support page says that the App Store outage has been resolved. The page also shows that starting today at 1 am EST, scheduled maintenance is taking place for Apple Cash and that “Some users may experience issues with this service.”
Apple Cash allows you to send a fellow iPhone user cash or request cash via the iMessage platform. Go to iMessage and open the last chat you had with the person you want to send or receive money from. Hit the “+” button to the left of the text field and then tap on Apple Cash. You can send funds from the card that is activated in the Wallet app by arranging the dollar amount you want to send and tapping on “Send.” Again, you might experience an issue with this service right now since it is under scheduled maintenance.
The System Status support page notes that from 6:29 pm to 7:42 pm EST on Friday, Apple Music was down, and “Users may have experienced intermittent issues with this service.” Apple says that the Apple Music outage was resolved. AppleCare on Device was out on Friday from 6:30 pm to 8:00 pm EST stopping Apple device owners from buying AppleCare protection directly from their devices. This is also an outage that has been resolved.

And Apple’s subscription purchase feature also suffered from an outage Friday evening between 6:29 pm-7:42 pm EST. In this case, Apple noted that “Users may have experienced intermittent issues with this service.” The System Status support page says that Apple was able to resolve the outage.

If something doesn’t appear to be working correctly on your Apple device, it is always a good idea to check out the company’s System Status support page. And it will give you a heads-up when scheduled maintenance is expected. For example, Apple Pay & the Wallet app will be going through scheduled maintenance on Sunday between 6:30 am-2:00 pm EST. Apple says, “Some Georgia Users may have issues during maintenance activities.”
All of the mentioned Apple Services have a green dot next to their names which means that they are currently available to use.

[ad_2]
Source link

Thief steals iPhone and texts the victim trying to trick him into disabling the Find My app

0
[ad_1]
It really sucks when your phone is stolen. And when it’s the iPhone 15 Pro Max that has been swiped, that’s a pretty pricey bit of kit that you’ll probably never see again. While this story has nothing to do with AppleCare+, we just wanted to point out that if you have AppleCare+ Theft and Loss coverage, you are covered for two incidents of loss or theft every 12 months as long as you have the Find My app enabled.

Rule number one: if your iPhone is stolen or lost, never disable the Find My app

The price for AppleCare+ Theft and Loss coverage for the iPhone 15 Pro and iPhone 15 Pro Max is $13.49 a month for 24 months or a one-time $269 payment which will cover two years. The price for the iPhone 15 Plus and iPhone 14 Plus is 24 monthly payments of $12.49 or a one-time $249 payment which will cover two years. The price for the iPhone 15, iPhone 14, and iPhone 13 is 24 monthly payments of $11.49 or a one-time $219 payment for two years of coverage.
But we digress. A Reddit subscriber with the username “Commercial_Big_4378” had his iPhone 15 Pro Max stolen and the victim received a text message allegedly from someone who bought the phone from the thief, or it might have been the thief himself pretending to have purchased the device. The text starts by saying (excuse the spelling and grammatical errors which are part of the message), “I’ve bought an iPhone 15 Pro Max I’m using. It have your messages, email, cards, bank, notes, and personal information on it even your SIM# that you transferred.”

Go to your iPhone now, install iOS 17.3, and enable the Stolen Device Protection feature

The text continues with a request that the victim disable the Find My app on the stolen phone. That’s the one thing that you should never do if your phone is lost or stolen. Once that is done, the thief  can change the Apple ID password, create a new passcode, reset Face ID, and get access to the passwords on all of your apps. The victim contacted Apple and the device was locked and wiped. The phone is now located somewhere in China but can only be sold to an unsuspecting person in the country.

More sensitive requests, such as disabling the Find My app, changing the Apple ID password, or resetting Face ID or Touch ID will require a one-hour pause so that the device owner can determine if his device has been stolen or is lost, and if it is, contact Apple to have the device locked. Even after the one-hour passes, Face ID or Touch ID must verify the ID of the device owner.

If you’ve installed iOS 17.3, you’ll need to enable Stolen Device Protection by going to Settings > Face ID & Passcode. After typing in your passcode, go to Stolen Device Protection and press on “Turn On Protection.” And keep in mind that even if you’re sent a threatening text, if your iPhone is stolen, do not disable the Find My app. Doing so could result in your bank account getting drained, and credit cards used for unauthorized purchases.

[ad_2]
Source link

Tools and Tactics to Combat Cyber Threats

0
[ad_1]

It is a well-known fact that cybercriminals have evolved over the years. The emergence of AI-powered malicious chatbots, such as WormGPT and FraudGPT, has enabled malicious threat actors to not only refine their skills but also consolidate all their malicious activities and tools into one, like a toolbox. Understanding these tools is the first step towards safeguarding yourself against their scams.

While cybercriminals create their toolbox, as a user you should also keep yourself ready for unsuspecting cyberattacks and keep a safety toolbox for your defence.

One major part of that toolbox should be a Virtual Private Network or VPN. Why? because this tool hides your real-time IP address and protects your online privacy from cyber criminals and state-backed threat actors. VPNs, like CyberGhost, encrypt your internet connection, shielding your online activities from prying eyes.

Additionally, employing two-factor authentication (2FA), such as Google Authenticator, Microsoft Authenticator, Okta, and Authy, adds an extra security layer, making it harder for fraudsters to gain unauthorized access to your accounts, even if they have your passwords. These tools, combined with regular updates and vigilance, are crucial in safeguarding against sophisticated scams.

Let’s dive into the tools commonly used by fraudsters, followed by the countermeasures you can employ to protect yourself.

Common Fraud Tactics

Spoofing

Spoofing is a deceptive practice where fraudsters falsify information to appear as a legitimate entity. This can involve altering caller IDs or email addresses to mimic those of trusted organizations or individuals. The primary goal is to gain the victim’s trust, making them more susceptible to divulging sensitive information or granting access to their accounts.

Phishing

Phishing is a widespread technique that involves sending fraudulent communications that appear to come from a reputable source. Typically executed through email, these messages aim to steal sensitive data such as login credentials, credit card numbers, or personal identification information. Phishers often use urgency or fear to bypass rational judgment.

Fake Profiles

Creating fake profiles on social media, dating websites, and other platforms is a common tool in a fraudster’s arsenal. These profiles are carefully crafted to appear genuine, often mimicking the identities of real individuals or organizations. The objective is to build trust with potential victims, eventually manipulating them into financial transactions or sharing confidential information.

Fake Photos and Entities

Fraudsters frequently utilize stolen or altered images to bolster the credibility of their fake profiles or websites. Additionally, they might establish counterfeit entities, such as businesses or charities, to appear legitimate. These entities are used to facilitate various scams, including fraudulent sales, charity fraud, and investment scams.

The latest and ongoing incident involving deepfake images of Taylor Swift is just one example of the nightmarish scenarios that cybercriminals can create in your life.

Fake Claims

Scammers use persuasive narratives and false claims to trick their victims. These may include threats of legal action, false claims of lottery winnings, or other deceptive propositions that require the victim to make payments or provide personal information.

Misrepresentation

Fraudsters often impersonate authority figures or institutions using fake names, credentials, and badge numbers. This tactic is designed to intimidate or convince the victim of the legitimacy of their requests, thereby facilitating the extraction of sensitive information or money.

Computer Pop-ups

The prevalence of unwanted pop-ups bombarding your screen is a key reason why adblockers have gained immense popularity. Pop-up warnings on computers are commonly used to spread malware or obtain personal information.

These pop-ups often carry false alerts about viruses or security breaches, prompting the user to take immediate action, which usually involves downloading harmful software or calling a fraudulent support number.

Robocalls

Automated calls, or robocalls, are used extensively by scammers to reach many potential victims efficiently. These calls might contain deceptive messages about unpaid taxes or lottery winnings or offer fake services, aiming to extract personal information or direct payments.

Lead Lists

Lead lists are databases of individuals who have previously fallen for scams. Fraudsters trade and sell these lists, knowing that individuals scammed once are more likely to be targeted and tricked again.

Secrecy and Persuasion

A common tactic used by scammers is to demand secrecy from their victims. By insisting that the dealings remain confidential, fraudsters aim to isolate the victim and prevent them from seeking advice or help from others. They often employ a mix of charm, flattery, and threats to manipulate and control their targets.

Emotional Manipulation

Emotional manipulation involves fraudsters playing on the victim’s emotions to extract money or personal information. They may pretend to be in a romantic relationship, a distressed family member, or a charity representative. The fabricated scenarios often evoke strong emotional responses, compelling the victim to act impulsively.

Fraudsters often use search engine optimization techniques (SEO Poisoning) to promote their scam websites, making them appear legitimate and trustworthy in online searches. They also distribute malicious links through emails or messages, which lead to fraudulent websites or directly install malware when clicked.

Protective Measures Against Fraud

Caller Verification

Always verify the identity of callers, especially when they request personal information. If someone claims to be from a legitimate organization, hang up and contact the organization directly using a verified phone number to confirm their authenticity.

Email Caution

Exercise caution with email links and attachments, especially from unknown senders. Hover over email addresses and links to verify their authenticity. Be cautious of emails that use urgency or pressure tactics to gather personal information or payments.

Continuous Education

Staying informed about common scam tactics and trends is essential. Regularly educating oneself and others about the latest fraud methods can significantly reduce the risk of falling victim to these scams. In simple terms, having cybersecurity knowledge for yourself and your employees is the master key to protecting against every known cyberattack to date.

Anti-Virus Software

Ensure your devices are protected with reliable and updated anti-virus software. This software is capable of detecting and preventing malware attacks, which are commonly used in various scams.

Pop-Up Blockers

Pop-up or ad blockers can prevent malicious ads and links from appearing on your devices. These pop-ups often contain false claims or threats designed to trick users into downloading malware or revealing personal information.

If you are on Chrome browser, you can disable pop-ups from settings. > Chrome > Settings > Privacy and security > Site Settings > Pop-ups and redirects.

Secure Network Usage

Avoid conducting sensitive transactions over public wi-fi networks. Always use secure, private networks for online banking, shopping, and other activities that require personal information.

Businesses should employ a variety of fraud detection tools to safeguard their operations. These include:

  • Geolocation and Proxy Piercing: Identifying the physical location of transaction attempts can flag suspicious activities, especially if the location mismatches the user’s typical pattern.
  • Device Fingerprinting: This tool helps recognize devices used in previous fraudulent activities, enabling businesses to block transactions from these devices.
  • Address Verification (AVS): AVS checks if the billing address provided by the customer matches the address on file with the card issuer.
  • Velocity Checks: Monitoring the frequency and volume of transactions from a single user can help detect and prevent fraud.
  • Biometric Verification: Using biometrics in payment processes adds an extra layer of security.
  • Blacklists and Whitelists: These lists allow businesses to control traffic based on known fraudulent sources or trusted entities.
  • Machine Learning: AI models can detect patterns indicative of fraud, improving over time as they process more data.
  • 3-D Secure Technology: This adds authentication steps for online credit and debit card transactions, reducing the risk of card-not-present fraud.
  • Fraud Scoring: Analyzing transactions based on various risk factors helps identify potentially fraudulent activities.

Regular Updates and Vigilance

Keeping software and fraud detection tools up to date is crucial. Regularly updating your knowledge about new fraud tactics and protective measures can help you stay ahead of scammers.

Conclusion

Fraudsters are always changing their tactics, which makes it crucial for individuals and businesses to stay informed and alert. Understanding the tools used by fraudsters and implementing strong protective measures can significantly reduce the risk of falling victim to these sophisticated scams. Regular updates, continuous education, and employing advanced fraud detection tools are key to safeguarding against these threats.

  1. What is an OSINT Tool – Best OSINT Tools
  2. McAfee’s Mockingbird AI Tool Detects Deepfake Audio
  3. Temporary Phone Number: An Essential Tool for Privacy Protection
  4. Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices
  5. Understanding Reverse Email Lookup: A Tool to Strengthen Cybersecurity

[ad_2]
Source link