Tag Archives: Fraud

Can SIM Swap Attack Empty Bank Accounts Without Warning?

Can SIM Swap Attack Empty Bank Accounts Without Warning?

Can a SIM swap attack clear out your bank accounts without warning?

Take a look at the viral warning, and find out what the facts really are!

 

Claim : SIM Swap Attack Can Empty Bank Accounts Without Warning!

This message has gone viral on social media and WhatsApp, warning about a new high tech fraud called SIM Swap Fraud that can empty bank accounts without warning.

The message includes a link to a Straits Times report about a young couple who lost $120,000 in a fake text message scam targeting OCBC Bank customers.

Your BANK Account could be Emptied without an Alert!

Dear All, Please let’s be very careful.. There is a new HIGH TECH FRAUD in town called the SIM SWAP FRAUD, and hundreds of persons are already VICTIMS.

 

Truth : SIM Swap Attack Are Real, But Don’t Work Like That

The truth is – SIM swap attacks are real and very dangerous, but they do not work like the viral message claims.

Here is what you need to know about the viral message, and SIM swap attacks.

Fact #1 : SIM Swap Attacks Are Not New

SIM swap attacks are really not that new. They have been around at least since 2015.

Fact #2 : Viral Message Is Partly Fake

The viral message is correct about the risk of SIM swap attacks, but pretty much wrong about everything else.

In fact, the method by which the SIM swap attack works is completely made up. So the viral message is really FAKE NEWS.

Fact #3 : Straits Times Article Was Not About SIM Swap

The fake news creator added a link to a Straits Time article, to mislead you.

That’s because the article isn’t about a SIM swap attack, but a phishing attack, where the victim received an SMS  with a link that took him to a fake website that “looked exactly like the OCBC login page“.

The victim then keyed in his bank login details, thus handing over control of his bank account to the scammers. He also ignored automated messages warning him that his “account was being setup on another phone“.

It had nothing to do with a SIM swap attack. It was an SMS-based phishing attack.

Fact #4 : SIM Swap Attack Generally Does Not Require Any Action

In most SIM swap attacks, scammers use your personal information, either purchased from other criminals or obtained through earlier phishing attacks or social engineering, to request for a SIM card replacement.

All that does not require any action on your part. In most cases, you only realise you’ve been hit when you lose access to your mobile number.

Fact #5 : SIM Swap Attack May Require Action In Some Cases

The Press 1 claim in the viral message is partially correct, but it only happens in a particular circumstance.

In India, scammers have tricked people by offering a free network upgrade, or to help improve signal quality on their phones :

  1. The scammer will call the victim, claiming to be from their mobile service provider.
  2. The scammer will try to get the victim to reveal his/her 20-digit SIM card number.
  3. The scammer will use the 20-digit SIM number to initiate a SIM swap with the mobile service provider.
  4. The mobile service provider will automatically send an SMS to confirm the swap.
  5. Once the victim confirms the swap, his/her SIM card will stop working.
  6. The scammer now has access to the victim’s mobile number.

Fact #6 : SIM Swap Attack Does Not Hack Your Phone

The SIM swap attack does not involve any hacking of your phone.

You only lose access to your mobile number. Your phone is not hacked.

Fact #7 : SIM Swap Attack Does Not Empty Bank Accounts

Once the scammers successfully gain control of your mobile number, they can use it to intercept one-time passwords (OTP) like TAC numbers.

This allows them to change passwords to your bank accounts, social media accounts, etc. which is why SIM swap attacks are so dangerous and damaging.

However, it does not mean your bank accounts are immediately emptied. For one thing – the scammers need to know your bank login.

That’s why SIM swap victims often have had their bank logins and passwords stolen earlier though phishing attacks. The scammers only need their mobile numbers to receive OTP / TAC numbers to authenticate the transfers.

Fact #8 : SIM Swap Attack Can Be Used To Cheat Friends Too!

Stealing money from your bank account requires extra work, so scammers who do not have your bank login details will resort to cheating your friends.

With access to your phone number, they can easily gain access to your social media accounts (Facebook, Twitter, Instagram) as well as instant messaging apps (WhatsApp, Telegram).

Once they have control, they can send messages to your friends, pretending to be you. Naturally, they will concoct some story to ask your friends for money.

The idea is to use your (now) stolen accounts to convince your friends that you genuinely need their help. The money that they transfer goes directly to the scammers, or their mules (people who rent their bank accounts to scammers).

Now that you know the facts behind the SIM swap attack or scam, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Hackers Use Good Morning Greetings To Hack You?

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?

Find out what is happening, and what the FACTS really are!

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read it all !!! Send this message urgently to as many friends as you can to stop the invasion.

Olga Nikolaevna Lawyer: Caution:

ATTENTION

For those who like to send Good Morning pictures! Good day! Good evening!

Do not send these “good” messages.

Today, Shanghai China International News sent SOS to all subscribers (this is the third reminder) that experts recommend: please do not send good morning, good night, pictures and videos,.

 

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Fact Check : Does The LPG Gas Tank Pressure Test Work?

Can we determine which brands are cheating their customers using the LPG gas tank pressure test?

A viral video shows how LPG gas tanks from various brands have different pressures, suggesting gas fraud.

Take a look at the video for yourself, and find out if that LPG gas tank pressure test actually works!

 

LPG Gas Tank Pressure Test Proves Fraud?

In the viral video, a man lined up gas tanks from six different brands – MyGaz, Mira Gas, Petron, Petronas, BHP and Solar Gas.

He then tears off their cap seals and checks their pressure with a pressure gauge, noting how different LPG gas tanks have different tank pressures.

Although he does not directly claim there was gas fraud, it’s implied in the video.

 

The LPG Gas Tank Pressure Test : It Works But There’s No Fraud

While we do not believe the video is fraudulent, it is nevertheless MISLEADING.

The amount of LPG in each gas tank is determined by WEIGHT, not pressure. So the video itself, while interesting, is of no consequence.

The LPG gas tank pressure test may be accurate, but it’s NOT an indicator of how much gas is inside each tank.

And here are the reasons why…

Reason #1 : LPG Gas Is Sold By Weight, NOT Pressure

LPG (Liquefied Petroleum Gas) all around the world is sold by weight, and not by pressure. That’s why the tanks are labelled and sold in different sizes based on WEIGHT :

Naturally, the weight listed above is the weight of the LPG , and not the tank itself which is considerably heavier.

For example, a 45 kg LPG gas tank weighs 78 kg fully loaded, while a 90 kg tank weighs 155 kg.

This infographic by The Hindu is useful in demonstrating how to determine how much LPG gas is in each tank.

Reason #2 : LPG Gas Pressure Varies A Lot

LPG gas pressure varies according to the gas mixture, temperature and even motion.

LPG is not one type of gas, but a mixture of mainly propane and butane. Here in Malaysia, it’s about 70% propane and 30% butane.

Propane vaporises much easier and at a lower temperature than butane, so the more propane in the LPG mix = the higher the pressure inside the tank.

A higher tank temperature (leaving it in the sun) or even shaking the tank will increase the pressure in the tank because more propane will vaporise.

Assuming they were not shaken or placed in the sun before the video was shot, the LPG gas tanks in the video have different pressures because they have different LPG gas mixes.

Reason #3 : LPG Gas Regulators Keep The Pressure Low

Irrespective of the pressure in the LPG gas tank, the gas regulator you hook up to it will maintain a constant, low pressure of just 2.75 kPA (0.4 psi or 0.0275 bar)

So it really doesn’t matter if the gas tank from your favourite LPG brand can deliver 100 psi or just a pitiful 55 psi. It’s going to get down-regulated to just 0.4 psi.

Reason #4 : High Pressure = Dangerous + Incomplete Combustion

The reason why gas regulators keep pressure so low is because stoves are designed to work properly and efficiently with such low pressures.

If you bypass the gas regulator, the 150X to 250X higher gas pressure will create extremely large flames that are dangerous, if not impossible, to cook with.

The high pressure will also prevent the gas from mixing properly with the air, resulting in complete combustion of the gas, wasting your money.

 

Recommended Reading

Go Back To > Fact Check | Home Tech | ScienceHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


INTERPOL : Alarming Rate Of COVID-19 Cyberattacks!

According to INTERPOL, cybercriminals are taking advantage of the COVID-19 pandemic, boosting cyberattacks at an alarming pace.

Learn more about their key findings, and what they are projecting will happen in the near future!

 

COVID-19 Pandemic : New Opportunities For Cyberattacks!

The COVID-19 pandemic has forced organisations and businesses to rapidly deploy remote work systems and networks to support staff working from home

Cybercriminals are taking advantage of these new COVID-19 work-from-home normals, targeting staff of major corporations, governments and critical infrastructure to steal data and generate profits.

Online Scams + Phishing

 Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.

Around two-thirds of member countries which responded to the global cybercrime survey reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.

Ransomware + DDoS

Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.

In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.

Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organisations.

Data Harvesting Malware

Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as “coronavirus” or “COVID”. These fraudulent websites underpin a wide variety of malicious activities including C2 servers, malware deployment and phishing.

From February to March 2020, a 569 per cent growth in malicious registrations, including malware and phishing and a 788 per cent growth in high-risk registrations were detected and reported to INTERPOL by a private sector partner.

Misinformation

An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

Nearly 30 per cent of countries which responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware. There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities.

Other cases of misinformation involved scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets. 

 

INTERPOL : Projection Of Future COVID-19 Cyberattacks

Here are INTERPOL’s projection of future COVID-19 cyberattacks :

  • A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
  • Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
  • Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
  • When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

 

Recommended Reading

Go Back To > CybersecurityEnterprise + Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kaspersky Lab Launches The Goondus Awards!

Petaling Jaya, 18 August 2017Kaspersky Lab just launched a campaign in Asia Pacific to educate the public and spread awareness on Internet safety. Known as the Goondus Awards, the campaign is inviting submissions from the public on Internet mistakes and faux pas that have led to reputational, financial or property damage or loss for individuals.

 

The Goodus Awards

The Goondus Awards website which features the submissions anonymously, highlights real life incidents where a naïve or ill-informed Internet practice led to some form of misfortune.

“We want to educate people about safer Internet behaviours and to showcase real world examples of missteps leading to some form of loss or damage. While some stories may be humorous and even incredulous, the repercussions and damage were real and in some cases severe,” explained Sylvia Ng, General Manager, South East Asia. “As our entries are entirely anonymous, we’re encouraging a community led campaign to drive home the message that only safe practices will make the Internet safer for users.”

The Goondus Awards showcases a wide array of stories ranging from humorous occurrences to unintelligent acts and sad episodes involving monetary or reputational loss. The campaign acts as an initiative to raise cyber security awareness in an engaging form through the sharing of personal stories. It also serves to help web visitors foster positive and pleasant online experiences.

With the ease of access to the Internet, users have developed a sense of complacency or even a mild form of naivety in their daily digital lives, potentially lending themselves to becoming victims of cybercrime.

The Goondus Awards aim to remind users that they are not completely safe from cybercriminals and that they need to be vigilant, practice and maintain Internet etiquette to protect themselves.

Malaysians, including millennials and Gen Y professionals have also been burnt by the infamous love scams. According to a report by the Federal Commercial Crime Investigation Department (CCID) in 2016, a total of 2,497 love scam cases were reported with losses close to RM100 million. It proves that Goondus are fools for love.

The fact that identity theft can happen so close to home and lead to financial loss was very disturbing and shocking to the individuals in this example.

 

Goondus Awards Submission & Contest Details

The criteria for the story entries are that they must be based on actual events leading to tangible or intangible losses concerning Internet use. The winning stories will be selected by a panel of judges where participants stand a chance of winning an iPad Mini or a Tablet and even monthly prizes like a Kaspersky Lab premiums hamper.

The website also includes tips and advice from cyber security experts and elaborations on the different types of scams such as Internet love sex scams, credit for sex scams and phishing scams, to further inform users.

To submit a story, fill in the requested information such as your name, email address and contact number, along with the type of scam, story title and the full story in the website. The “Tips” section of the website features articles from the Kaspersky Lab blog and are categorised based on the various issues and forms of scams highlighted in the website. This educational content serves to advise users on how to prevent such incidents from occurring.

 

Cybersecurity Incidents In Malaysia

[adrotate group=”2″]

In 2016 alone, CyberSecurity Malaysia received 8,334 reports related to cyber security incidents. Between 2012 to 2016, CyberSecurity Malaysia received a total of 50,789 cyber security incidents. Of the figure, fraud contributes to almost 40 per cent or 20,141 followed by hacktivism (9,918), spam (9,210) and cyber threats (2,333).

More than 70 per cent of the incidents reported involved financial implications, including phishing, online banking fraud, credit card fraud and online scams among others. Statistics from The Royal Malaysian Police recorded 113 phishing cases resulting in total losses of RM1.91.

Comparing last year’s May and 2017’s May result in terms of cybercrime rate, is it evident that the figure has grown and especially cyber harassment case has rose over 50% according to CyberSecurity Malaysia. It is also evident that, statistics in May shows cases such as frauds, spams and malicious codes rose compared to last year.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!