This is a clever attack.
After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.
So far it hasn’t been very profitable, but it — or some later version — eventually will be.
Powered by WPeMatico
infossl
January 23, 2018
botnets, cryptocurrency, hacking, malware, scams, Security technology
Read more >
A comprehensive list. Most are old and obvious, but there are some clever variants.
Powered by WPeMatico
infossl
January 8, 2018
egypt, france, italy, scams, Security technology, spain
Read more >
This article feels like hyperbole:
The scam has arrived in Australia after being used in the United States and Britain.
The scammer may ask several times “can you hear me?”, to which people would usually reply “yes.”
The scammer is then believed to record the “yes” response and end the call.
That recording of the victim’s voice can then be used to authorise payments or charges in the victim’s name through voice recognition.
Are there really banking systems that use voice recognition of the word “yes” to authenticate? I have never heard of that.
Powered by WPeMatico
infossl
May 12, 2017
scams, Security technology, socialengineering, voicerecognition
Read more >
Interesting paper: “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams“:
Abstract: In technical support scams, cybercriminals attempt to convince users that their machines are infected with malware and are in need of their technical support. In this process, the victims are asked to provide scammers with remote access to their machines, who will then “diagnose the problem”, before offering their support services which typically cost hundreds of dollars. Despite their conceptual simplicity, technical support scams are responsible for yearly losses of tens of millions of dollars from everyday users of the web.
In this paper, we report on the first systematic study of technical support scams and the call centers hidden behind them. We identify malvertising as a major culprit for exposing users to technical support scams and use it to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. Finally, by setting up a controlled, IRB-approved, experiment where we interact with 60 different scammers, we experience first-hand their social engineering tactics, while collecting detailed statistics of the entire process. We explain how our findings can be used by law-enforcing agencies and propose technical and educational countermeasures for helping users avoid being victimized by
technical support scams.
BoingBoing post.
Powered by WPeMatico
infossl
April 12, 2017
academicpapers, malware, scams, Security technology
Read more >
This is a harrowing story of a scam artist that convinced a mother that her daughter had been kidnapped. More stories are here. It’s unclear if these virtual kidnappers use data about their victims, or just call people at random and hope to get lucky. Still, it’s a new criminal use of smartphones and ubiquitous information.
Reminds me of the scammers who call low-wage workers at retail establishments late at night and convince them to do outlandish and occasionally dangerous things.
Powered by WPeMatico
infossl
October 17, 2016
cellphones, extortion, kidnapping, scams, Security technology
Read more >
Interesting paper: “There’s No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams,” by Marie Vasek and Tyler Moore.
Abstract: We present the first empirical analysis of Bitcoin-based scams: operations established with fraudulent intent. By amalgamating reports gathered by
voluntary vigilantes and tracked in online forums, we identify 192 scams and categorize them into four groups: Ponzi schemes, mining scams, scam wallets and fraudulent exchanges. In 21% of the cases, we also found the associated Bitcoin addresses, which enables us to track payments into and out of the scams. We find that at least $11 million has been contributed to the scams from 13 000 distinct victims. Furthermore, we present evidence that the most successful scams depend on large contributions from a very small number of victims. Finally, we discuss ways in which the scams could be countered.
News article.
Powered by WPeMatico
infossl
February 4, 2015
academicpapers, bitcoin, scams, Security technology
Read more >
Here’s a story of a fake bank in China — a real bank, not an online bank — that stole $32m from depositors over a year. Pro tip: real banks never offer 2%/week interest.
Powered by WPeMatico
infossl
January 30, 2015
banking, china, cons, scams, Security technology, theft
Read more >
