Criminal hackers are always looking for different ways to achieve their goals; whether that be money, data and information or to advocate for a political agenda. Many frauds begin the same way, by gathering information; cyber criminals use social engineering techniques to trick individuals and organisations into parting with their money and/or valuable information. 

Despite the overall increase in security investments over the past decade, organisations are still plagued by breaches. Sadly, most successful cases take advantage of human error—for instance, by tricking someone into clicking or downloading a malicious file.  

Human error is one of the common causes of data breaches, according to CybSafe analysis of data. Specifically, human error was the cause of 90% of data breaches in 2019, up from 61% and 87% for the previous two years. 

Cybercriminal scams take advantage of people’s emotions and/or societal conditioning, and in this article we’ll be sharing a collection of mind-blowing cybercriminal scam cases from over  recent years. 

“Hi, Mum and Dad” text message scam. 

In this case, the scammers are now using either a direct or a third-party text messages app to trick their victims into giving them money by impersonating family members. This impersonator comes at a time when people are already aware that loved ones may need help paying bills. The following image shows how cyber criminals scam their victims. According to Which media, the following cyber criminal targets its victims through both direct messaging and Whatsapp messaging. 

Action Fraud issued a warning in early 2022 about criminals posing as ‘loved ones in need’ on WhatsApp, saying it had received 1,235 reports of the scam from 3 February to 21 June 2022. The fraud resulted in a total financial loss of GBP £1,5 million.  

If you suspect that you have been the victim of a scam, contact your bank immediately. You can report scam messages on WhatsApp by opening up the WhatsApp chat with the unknown number and selecting Block and Report. Addtionally, be sure to block any suspicious numbers you recieve texts or calls from. 

“Request money” PayPal spoofing email 

Beginning in April 2022, Avanan researchers observed an increase in phishing attacks that mimic popular brands like PayPal. These attacks utilise an order confirmation letter to lure end users into calling a support number, where banking information can be stolen and the phone number harvested for future plot attacks.  

In this scam, hackers send an email that looks like a PayPal order confirmation. They tell recipients that they have purchased over $504,49 worth of DogeCoin and that the only way to cancel the order is to call a support number. 

Avanan researchers have shown that scammers use what’s known as “phone number harvesting” for the attacks. Instead of harvesting logins for online accounts, this attack easily obtains target phone numbers through the caller ID feature. The scammers then carry out a series of attacks through other third-party such as phone calls, direct messages or WhatsApp apps. One successful attack can lead to dozens more. 

This attack works because there are none of the usual phishing ticks to check, such as hovernig over the Url links in email. Additionally, When there is a link, the security solutions on you device can check it and determine if it’s malicious or not. Without any links, it becomes much harder to detect. 

Gym locker thieves 

Thieves have been targeting the lockers of gym customers and making purchases on their credit cards. Several victims have testified that they left belongings in a locker at a gym and discovered that the thief had taken their phones and cards upon returning to retrieve them.  

Bank cards can indeed be stopped, and phone devices can be made inaccessible with the help of security protocols such as; passwords and face or fingerprint unlocking. However, in this scam the thieves in question devised a method to bypass these basic security protocols. 

Once a thief has acquired the victim’s phone and credit card, they then register the card on an online banking app. The app requires a one-time security passcode when registering a new device since it is the first time that card will be used. This verification passcode sent by the bank to the stolen phone displays as a notification on the locked screen, enabling the thief to type it into their device. Once accepted, they have complete control of the bank account. 

According to Journalist Shari Vahl, One victim, Alina, had her items stolen from a gym located in Finchley Road-UK. The thief spent about £10,000 in the Covent Garden Apple store and Harrods. After the victim blocked her cards, the thief attempted to spend another £10,000 but failed. 

To prevent this type of theft, change your phone’s settings so that the thief cannot read the verification code sent by the bank. Here are the steps to do it; 

For iOS: 

  • Go to “Settings” 
  • Scroll down to “Messages” 
  • Scroll to “Notifications” 

  • Scroll to Show Previews where there are three choices: Always / When Unlocked / Never 
  • Tap either “When Unlocked” or “Never”  

For Android: 

  • Go to “Settings” 

  • Tap “Lock Screen” 
  • Tap “Notifications” 
  • Tap “Don’t Show Notifications.”  

Your notifications and messages will no longer appear on your locked screen. 

Massive Data Leak 

Indonesia first learned of the hackers known as Bjorka when news broke in September 2022, that a massive data leak had occurred. The stolen information included 1.3 billion SIM card driver’s registration details and 3,2 billion PeduliLindungi covid vaccine data registration details.  

The Bjorka hackers were able to gain access to this data partly because, in 2017, the Indonesian government began requiring that both PeduliLindungi and SIM card users must first register their identity cards (NIK) and family cards (KK). Currently, this case is still ongoing for further investigation.  

Be cyber protected by building a strong human firewall 

With cyber attacks on the rise, it is crucial to take cyber security measures seriously. Technical measures, such as software security and hardware security, are one component of an effective cyber security “shield”, but human firewalls are also needed to protect against cybercrime and reduce the occurrence of human error in regards to cybersecurity.  

Make every effort to avoid security lapses by reading overt’s non-technical suggestions. Overt’s tips on non-technical security measures will help you reduce the likelihood of errors and protect your organisation, its employees, and its network. Read the full article by pressing the orange button below.  


You may also like

Overt Monthly Newsletter: June 2024

Overt Monthly Newsletter: June 2024