It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist.
The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.
The FCC has issued a public notice on robocall scammer group ‘Royal Tiger’, the first designated threat actor.
The post FCC Warns of ‘Royal Tiger’ Robocall Scammers appeared first on SecurityWeek.
Ticket scams are very common and apparently hard to stop. When there are not nearly enough tickets for some concerts to accommodate all the fans that desperately want to be there, it makes for ideal hunting grounds for scammers.
With a ticket scam, you pay for a ticket and you either don’t receive anything or what you get doesn’t get you into the venue.
As reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started on Facebook.
Many of these operations work with compromised Facebook accounts and make both the buyer and the owner of the abused account feel bad. These account owners are complaining about the response, or lack thereof, they are getting from Meta (Facebook’s parent company) about their attempts to report the account takeovers.
Victims feel powerless as they see some of their friends and family fall for the ticket scam.
“After I reported it, there were still scams going on for at least two or three weeks afterwards.”
We saw the same last year when “Swifties” from the US filed reports about scammers taking advantage of fans, some of whom lost as much as $2,500 after paying for tickets that didn’t exist or never arrived. The Better Business Bureau reportedly received almost 200 complaints nationally related to the Swift tour, with complaints ranging from refund struggles to outright scams.
Now that the tour has European cities on the schedule the same is happening all over again.
And mind you, it’s not just concerts. Any event that is sold out through the regular, legitimate channels and works with transferable tickets is an opportunity for scammers. Recently we saw a scam working from sponsored search results for the Van Gogh Museum in Amsterdam. People that clicked on the ad were redirected to a fake phishing site where they were asked to fill out their credit card details.
Consider that to be a reminder that it’s easy for scammers to set up a fake website that looks genuine. Some even use a name or website url that is similar to the legitimate website. If you’re unsure or it sounds too good to be true, leave the website immediately.
Equally important to keep in mind is the power of AI which has taken the creation of a photograph of—fake—tickets to a level that it’s child’s play.
No matter how desperate you are to visit a particular event, please be careful. When it’s sold out and someone offers you tickets, there are a few precautions you should take.
“Traditionally, an ICO will build upon transparency and communicate clearly about each team member responsible for it. In this instance, there was a lack of transparency regarding both the team members involved and the algorithm underpinning the cryptocurrency,” said Europol, who coordinated the multi-nation operation.Two months into the scheme, the perpetrators in February 2018 shuttered all their social media accounts and took offline the fake company’s homepage. Following this, it became obvious to the investors that they were defrauded in an exit scam. Not all victims of this crypto scam have been identified yet, but it is estimated that they lost around EUR 6 million, in totality. The law enforcement agencies raided six houses and seized over EUR 500,000 (approximately $537,120) in cryptocurrencies, EUR 250,000 (approximately $268,560) in fiat currency and froze dozens of bank accounts linked to the perpetrators and their fraudulent crypto scams. Two cars and a luxury property worth EUR 1.4 million was also seized.
James Heppel (credit: SWROCU)[/caption]
Jake Lee, aged 38, and James Heppel, aged 42, admitted guilt to three counts of conspiracy to commit fraud. Bristol Crown Court sentenced Lee to four years and Heppel to 15 months on May 3.
[caption id="attachment_67274" align="aligncenter" width="227"] Jake Lee (Credit: SWROCU)[/caption]
The duo conducted the fraud by spoofing the domain of the online cryptocurrency exchange Blockchain[.]com to pilfer victims’ Bitcoin wallets, stealing their money and login credentials.
They together targeted 55 victims across 26 countries, amassing £835,000 in cash, including £551,000 handed over by Lee in January, along with £64,000 in cryptocurrency, a Banksy print valued at £60,000 and three vehicles.
[caption id="attachment_67271" align="aligncenter" width="1024"] £551k in cash voluntarily handed over by Lee (Credit: SWROCU)[/caption]
A confiscation order of nearly £1 million was issued against Lee to compensate the victims.
DS Matt Brain from SWROCU’s Regional Cyber Crime Unit stated, “Our investigation started back in 2018 after colleagues at Avon and Somerset Police arrested Lee on suspicion of money laundering.”
“Officers from the force seized digital devices and three laminated Bitcoin wallet recovery seeds. At the same time, our unit had started an investigation into a cryptocurrency scam reported by a Wiltshire victim who had £11k worth of Bitcoin from his Blockchain wallet.”
“We took on the investigation into Lee and when we analyzed his devices, we established he was a central figure involved in a sophisticated domain spoofing fraud and worked to identify numerous victims.”Brain added that the fact they both pleaded guilty to all counts also showed the strength of evidence that the police secured against them.” Pamela Jain, a prosecutor with the Crown Prosecution Service, noted, “Jake Lee and James Heppel defrauded people in 26 countries, including 11 victims in the UK, by diverting Bitcoin into wallets over which they had control. This was a complex and time-consuming prosecution which involved enquiries with numerous victims and prosecuting authorities all over the world.” Lee has already been served a confiscation order but “confiscation proceedings against James Heppel are ongoing,” Jain said. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Enlarge (credit: Boris Zhitkov | Moment)
As the US moves toward criminalizing deepfakes—deceptive AI-generated audio, images, and videos that are increasingly hard to discern from authentic content online—tech companies have rushed to roll out tools to help everyone better detect AI content.
But efforts so far have been imperfect, and experts fear that social media platforms may not be ready to handle the ensuing AI chaos during major global elections in 2024—despite tech giants committing to making tools specifically to combat AI-fueled election disinformation. The best AI detection remains observant humans, who, by paying close attention to deepfakes, can pick up on flaws like AI-generated people with extra fingers or AI voices that speak without pausing for a breath.
Among the splashiest tools announced this week, OpenAI shared details today about a new AI image detection classifier that it claims can detect about 98 percent of AI outputs from its own sophisticated image generator, DALL-E 3. It also "currently flags approximately 5 to 10 percent of images generated by other AI models," OpenAI's blog said.
Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.
An extortion message currently on the Incognito Market homepage.
In the past 24 hours, the homepage for the Incognito Market was updated to include a blackmail message from its owners, saying they will soon release purchase records of vendors who refuse to pay to keep the records confidential.
“We got one final little nasty surprise for y’all,” reads the message to Incognito Market users. “We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. And by the way, your messages and transaction IDs were never actually deleted after the ‘expiry’….SURPRISE SURPRISE!!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up.”
Incognito Market says it plans to publish the entire dump of 557,000 orders and 862,000 cryptocurrency transaction IDs at the end of May.
“Whether or not you and your customers’ info is on that list is totally up to you,” the Incognito administrators advised. “And yes, this is an extortion!!!!”
The extortion message includes a “Payment Status” page that lists the darknet market’s top vendors by their handles, saying at the top that “you can see which vendors care about their customers below.” The names in green supposedly correspond to users who have already opted to pay.
The “Payment Status” page set up by the Incognito Market extortionists.
We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers’ info is on that list is totally up to you. And yes, this is an extortion!!!!
Incognito Market said it plans to open up a “whitelist portal” for buyers to remove their transaction records “in a few weeks.”
The mass-extortion of Incognito Market users comes just days after a large number of users reported they were no longer able to withdraw funds from their buyer or seller accounts. The cryptocurrency-focused publication Cointelegraph.com reported Mar. 6 that Incognito was exit-scamming its users out of their bitcoins and Monero deposits.
CoinTelegraph notes that Incognito Market administrators initially lied about the situation, and blamed users’ difficulties in withdrawing funds on recent changes to Incognito’s withdrawal systems.
Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers. Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450.
New Incognito Market users are treated to an ad for $450 worth of heroin.
The double whammy now hitting Incognito Market users is somewhat akin to the double extortion techniques employed by many modern ransomware groups, wherein victim organizations are hacked, relieved of sensitive information and then presented with two separate ransom demands: One in exchange for a digital key needed to unlock infected systems, and another to secure a promise that any stolen data will not be published or sold, and will be destroyed.
Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace. Level 1 vendors can supposedly have their information removed by paying a $100 fee. However, larger “Level 5” vendors are asked to cough up $20,000 payments.
The past is replete with examples of similar darknet market exit scams, which tend to happen eventually to all darknet markets that aren’t seized and shut down by federal investigators, said Brett Johnson, a convicted and reformed cybercriminal who built the organized cybercrime community Shadowcrew many years ago.
“Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said. “The Truth of Darknet Markets? ALL of them are Exit Scams. The only question is whether law enforcement can shut down the market and arrest its operators before the exit scam takes place.”
For the second time in only four months, all is not well on the ALPHV (aka BlackCat) ransomware gang’s dark web site. Gone are the lists of compromised victims. In their place, a veritable garden of law enforcement badges has sprouted beneath the ominous message “THIS WEBSITE HAS BEEN SEIZED.”
So far, so FBI, but all is not what it seems.
ALPHV is arguably the second most dangerous ransomware group in the world. It sells Ransomware-as-a-Service (RaaS) to criminal affiliates who pay for its ransomware with a share of the ransoms they extract.
When a task force of international law enforcement agencies score a hit on a target this big, they tend to make a bit of a song and dance about it. At a minimum, there are announcements. Last time the FBI disrupted ALPHV with an unscheduled home page redecoration in December, the law enforcement agency was very happy to tell everyone.
When the UK’s National Crime Agency (NCA) took a slice out of the LockBit gang last month it didn’t just tell everyone in a press release, it celebrated with a week-long fiesta of premium-grade trolling on LockBit’s own website.
They have every reason to celebrate their success, but this takedown—if that’s what it really is—has been greeted with nothing but silence from law enforcement.
In fact, ransomware experts have weighed in with an alternative explanation: ALPHV has recycled the takedown banner provided by law enforcement in December, and staged a fake takedown to cover its tracks while it runs off with its affiliates’ money.
The story starts on February 21, 2024, when an ALPHV affiliate attacked Change Healthcare, one of the largest healthcare technology companies in the USA. The attack has caused enormous disruption and been described by the American Hospital Association (AHA) President and CEO Rick Pollack as “the most significant and consequential incident of its kind against the US health care system in history.”
On March 3, a user on the RAMP dark web forum claimed they were the affiliate behind the Change Healthcare attack. They alleged that two days earlier Change Healthcare had paid ALPHV $22 million—backing up their claim with a link to a Bitcoin wallet that shows a 350 bitcoin transfer on March 1—and that ALPHV then suspended their account.
VX Underground reported that a day later, other ALPHV affiliates were also locked out of their accounts, while ALPHV issued an “ambiguous” message seemingly pointing the finger at the FBI for…something, before putting the source code to its ransomware up for sale for $5 million.
The final act in this entirely unconvincing drama was the appearance of a “THIS WEBSITE HAS BEEN SEIZED” banner on the ALPHV dark web site. Not only was the banner identical to the one used by law enforcement in December, it appeared to have been lazily copied from the compromised site.
The giveaway, spotted by ransomware researcher Fabian Wosar, was the URL of the takedown image, which was being kept in a directory called THIS WEBSITE HAS BEEN SEIZED_files.
“An image URL like this is what Firefox and the Tor Browser create when you use the ‘Save page as’ function to save a copy of a website to disk,” he pointed out.
Of course, it’s not impossible that law enforcement would do this, but it’s a far cry from the no-stone-left-unturned effort of the recent LockBit takedown. Unconvinced, Wosar took to X (formerly Twitter) to say he’d reached out to contacts at Europol and the NCA, and they declined “any sort of involvement”.
It’s the second reminder in under a month, following revelations that the LockBit gang didn’t delete its victims’ stolen data when they were paid a ransom, that you just can’t trust criminals.
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Pig butchering scams are big business. There are hundreds of millions of dollars involved every year. The numbers are not very precise because some see them as a special kind of romance scam, while others classify them as investment fraud.
The victims in Pig Butchering schemes are referred to as pigs by the scammers, who use elaborate storylines to fatten up victims into believing they are in a romantic or otherwise close personal relationship. Once the victim places enough trust in the scammer, they bring the victim into a cryptocurrency investment scheme. Then comes the butchering–meaning they’ll be bled dry of their money.
And they usually start by someone sending you a message that looks like it’s intended for someone else.
The accounts sending the messages often use stock photographs of models for their profile pictures. But even though you won’t know these people, a simple reply of “I’m not Steve, but…” is almost exactly what the scammers want—an initial foothold to talk to you a bit more.
After some small talk, the scammer will ask if you’re familiar with investments, or cryptocurrency. They’ll then do one of two things:
Once you are satisfied with the profit on your investment and decide to cash out, the problems come at you from different directions. A hefty withdrawal fee, a huge tax to be paid, will need to be paid to get your money back. Which you won’t, but this is the last drop the scammers will try to wring out of you.
John Oliver talked at length about Pig Butchering scams in the latest episode of Last Week Tonight with John Oliver (HBO), lifting the lid on some shocking examples of people who got scammed, and the role that organized crime plays behind the scenes. (Note that you’ll need to be in the USA to watch it, or have a good VPN
As John Oliver put it:
“You may have an image of a person who might fall for pig butchering, but unless you are looking in a mirror, you might be wrong.”
So here are some pointers.
The good thing about pig butchery scams is that they mostly follow a narrow pattern, with few variations. If you recognize the signs, you stand a very good chance of going about your day with a distinct lack of pig-related issues. The signs are:
As you can see, there is a very specific goal in mind for the pig butcher scammers, and if you find yourself drawn down this path, the alarm bells should be ringing by step 4 or 5. This is definitely one of those “If it’s too good to be true” moments, and the part where you make your excuses and leave (but not before hitting block and reporting them).
If you want to find out how much of your own data is currently exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.
Login