Source: Jordan White on Unsplash
In case you missed it, here’s what we covered this week:
Formjacking is the New Card Skimming | January 20th, 2020
Formjacking happens when cybercriminals use malicious code to hack a website and hijack the site's form page to collect sensitive user information. This attack is designed to steal credit card details from the checkout pages of websites. Unfortunately, there is no way for a consumer to detect a formjacking attack while it’s happening, and it’s very difficult for the merchant or payment processor to pick up on. Previous high-profile attacks include British Airways, TicketMaster UK, Newegg, Home Depot, and Target. With just a few lines of code, a hacker can steal hundreds of thousands of credit card details in a matter of days, netting millions of dollars in the process. (7 minute read)
Phishing-As-A-Service: Making Cybercrime Easy to Commit | January 21st, 2020
Historically, a cybercriminal’s level of success depended heavily on his level of technical sophistication. However, when Phishing-as-a-Service (and other Crimeware-as-a-Service) platforms came onto the scene, they removed all of these steps. This included the ones that had previously befuddled and thwarted novice hackers without the proper knowledge, like anonymous web hosting and compromising servers. Thus, with the biggest barrier to entry out of the way, anyone with a bit of cash could deploy their own crimeware campaigns. Welcome to the evolution of the cybercrime economy. (8 minute read)
Faking a Kidnapping | January 22nd, 2020
Law enforcement agencies have been warning the public of virtual kidnapping schemes for years now. Using a combination of Google search and social media, scammers are able to research their victims ahead of time. They can even spoof loved ones’ phone numbers to make it seem as if the call is coming from a person the victim knows. While no one is ever physically kidnapped in these instances, virtual kidnappings are often traumatic for everyone involved. And sadly, families will send thousands of dollars to these “kidnappers,” before reaching out to law enforcement. (6 minute read)
The Sleezy Business of Celebrity Apps | January 23rd, 2020
When Jeremy Renner Official first launched in 2017, it sounded like a pretty good deal. Fans were promised that they would be able to interact directly with the man himself. How? Well, in theory, Renner would be able to see user comments and reply to them. Fans could also use the “FanFeed” option to post their favorite Renner pics, fanfiction, and art pieces — in addition to chatting with one another about the latest Renner news. As for Renner, he would occasionally login and post photos of himself to let users know what he was up to. But what began as a meeting place for superfans — to connect and interact — eventually evolved into a toxic community of wannabe Renners sowing chaos. (5 minute read)
Catching a Thief Who Doesn’t Exist | January 24th, 2020
According to the FTC, synthetic identity fraud is the fastest-growing form of identity theft in the U.S. Synthetic identity fraud occurs when, rather than stealing an identity, a criminal invents one. This is sometimes referred to as “Frankenstein fraud.” The criminal then spends years building up credit under his fake alias. Eventually, once this fake person reaches an 800 credit score, he can use it to fool lenders into giving him multiple high-limit credit cards and unsecured loans. One estimate from Auriemma Insights puts the losses at about $6 billion annually. (6 minute read)
Thanks for reading! If you haven’t already, consider joining our community to receive in-depth exposés on the latest scams, hoaxes, and other forms of fraud.