top of page

Fraud Tides I, 12 Feb 2023

Updated: Apr 29

Collation by Shreya Sharma, M.Sc.

Concept and design: Amit Sharma, M.Sc.


The ever-increasing reliance on technology has given rise to various cybersecurity threats, with cybercriminals always devising new methods to infiltrate systems and steal sensitive information. In recent times, several high-profile cyber-attacks have occurred, ranging from malware deployment via fraudulent ChatGPT apps to the use of Mortal Kombat-themed ransomware to phish unsuspecting victims.


This article will examine some of the most significant cybersecurity incidents that have occurred recently and how they have affected people and organizations.


The first incident involves threat actors who leveraged the "chat-gpt-pc[.]online" domain to distribute the Redline information-stealing malware. The attackers promised unsuspecting victims a free ChatGPT Windows desktop client, which turned out to be fraudulent. In addition to this, more than 50 fake ChatGPT applications were discovered, including the SMS billing fraud app "chatGPT1" and the "Spynote malware-laced" app. ChatGPT warned users that its official website could only be accessed at "chat.openai.com" and that it did not have any desktop or mobile apps yet.


The second incident is the Mortal Kombat ransomware campaign, which indiscriminately targets individuals, small businesses, and large corporations via phishing. The attackers infect computers with the ransomware and attach a Mortal Kombat 11 wallpaper to a note instructing the victim to contact the attackers via the qTox instant messaging app that can be downloaded from GitHub. The attackers will then negotiate a ransom amount to be paid in Bitcoin.


The third incident involved a phishing fraud ring that stole more than 5 million euros from unsuspecting victims in less than a year. The ring targeted American citizens and companies with social engineering phishing emails and SMS text messages to gather sensitive data. The cybercriminals created over 100 bank accounts to collect stolen money, which they would withdraw at cash machines, transfer abroad, or convert into cryptocurrency.


The fourth incident involved Reddit, which suffered a cyberattack in which hackers gained access to the company's internal business systems and stole confidential documents and source code. The hackers used phishing to target employees, using a fake page impersonating the intranet site. The attackers were able to obtain employees' credentials and two-factor authentication tokens. The stolen data included limited contact information for company contacts and current and former employees, as well as details about the company's advertisers. Credit card information, passwords, and ad performance were not breached.


The fifth incident involves chit fund companies Ambitious Diversified Projects Management and OAK India Multistate Credit Co-operative Society, which illegally collected money by assuring investors of a high rate of interest. The companies closed their offices without paying interest or the principal amount. From 2010 to 2014, the chit fund firm had illegally collected more than INR 2.62 crore from 1,968 investors. The MD of the illegal company was nabbed from Kolkata following an investigation.


The sixth incident involved an international gang of cyber crooks based in China and Dubai, and a mastermind in Georgia, who defrauded 11,000 people on the pretext of providing online work-from-home jobs in Amazon. The Chinese cyber criminals developed a module to cheat people, and the promotions were being done on social media platforms like Instagram, Facebook, and YouTube with posts of handsome earnings to lure aspirants/job seekers. The gang received millions of paid likes and ratings and reviews through digital marketing so that more and more victims could fall prey to this fraud.


The seventh incident involved a couple who sold 250 airline tickets fraudulently at a value of $500,000. The suspects posed as employees of travel agencies based out of the UK to secure access to an online booking portal. The fraudsters were charged with obtaining property by false pretext.


It is essential to be wary of suspicious emails, messages, or links that may contain malware or phishing attempts. Users should ensure that their devices are always up-to-date with the latest security patches, and they should also use reputable antivirus software to protect their devices. Cybercrime In is a rapidly growing threat, and it is crucial for individuals, organizations, and governments to take steps to mitigate these risks. By being vigilant and taking necessary precautions, such as using strong passwords, avoiding suspicious links, and keeping devices up-to-date, we can protect ourselves from falling victim to cybercrime. Additionally, we need to support and fund law enforcement agencies and cybersecurity experts to better equip them to prevent and investigate cybercrime. Ultimately, we must work together to combat cybercrime and create a safer and more secure online environment for all.


References


Windows, Android malware deployed via fraudulent ChatGPT apps


Date: 22 February 2023

Source: Bill Toulas, Bleeping Computer blog


Threat actors were found leveraging the “chat-gpt-pc[.]online” domain promising a download of a free ChatGPT Windows desktop client, to distribute the Redline information-stealing malware. On the other hand, more than 50 fake ChatGPT applications were discovered, including the SMS billing fraud app “chatGPT1,” and the "Spynote malware-laced." Users were advised that ChatGPT could only be accessed at ‘chat.openai.com’ and does not have any desktop or mobile apps yet.


MORTAL KOMBAT ransomware


Date: 17 February 2023

Source: Christopher Boyd, Malwarebytes


A new ransomware campaign has been tracked that uses images from Mortal Kombat in its ransom notes. The attacks indiscriminately target individuals, small businesses, and large corporations by Phishing. Once infected, the affected computer displays a Mortal Kombat 11 wallpaper attached to a note instructing the victim to contact the attackers via an instant messaging app called qTox that can be downloaded from GitHub. The attackers will then negotiate a price to be paid in Bitcoin.


5 million euro phishing fraud ring


Date: 14 February 2023

Place: USA

Source: Dark reading staff


Nine suspects were arrested for their suspected participation in a cybercriminal organization accused of stealing more than 5 million euros from unsuspecting victims in less than a year. The joint operation between the Spanish National Police and the US Secret Service traced the group’s activities to more than 100 bank accounts created to collect stolen money, which they would then withdraw at cash machines, transfer abroad, or convert into cryptocurrency. The ring targeted American citizens and companies with social engineering phishing emails and SMS text messages to gather sensitive data.


Reddit faced data breach


Date: 9 February 2023

Place: New York

Source: Bleeping Computer


Reddit suffered a cyberattack in which hackers managed access to the internal business systems and stole internal confidential documents and source code. The company informed that the hackers used phishing to target the employees using a fake page impersonating as intranet site. This site attempted to steal employees credentials and two-factor authentication tokens. After successfully obtaining a single employee’s credentials, the attacker gained access to internal documents, code, as well as some internal dashboards and business systems. As per the investigation, the stolen data included limited contact information for company contacts and current and former employees. The data also included details about the company’s advertisers. Credit card information, passwords, and ad performance was not breached.


The chit fund fraud


Date: 06 February 2023

Place: Raipur, Chhattisgarh

Source: The Indian Express


Chit fund companies Ambitious Diversified Projects Management and OAK India Multistate Credit Co-operative Society had illegally collected money by assuring investors of a high rate of interest. Subsequently, the accused closed the offices without paying the interest as well as the principal amount. From 2010 to 2014, the chit fund firm had illegally collected more than INR 2.62 crore from 1,968 investors. However post investigation of the case, MD of this illegal company was nabbed from Kolkata.


Job frauds


Date: 28 January 2023

Place: Delhi

Source: Business Insider


The police unearthed an international gang of cyber crooks based in China, and Dubai, and a mastermind in Georgia, who have defrauded 11,000 people on the pretext of providing online work from home jobs in Amazon.The gang duped people of crores of rupees on the pretext of providing online jobs. Investigation revealed that the Chinese cyber criminals developed a module to cheat people. The promotions were being done on social media platforms like Instagram, Facebook, YouTube with posts of handsome earnings to lure aspirants/job seekers. The gang received millions of paid likes and ratings and reviews through digital marketing so that more and more victims could fell prey to this fraud.


Air ticket selling fraud


Date: 26 January 2023

Place: Canada

Source: Sian Davidson


A 32-year-old man was charged and a 44-year-old woman is sought for a scam that saw 250 airline tickets sold fraudulently at a value of $500,000. Most of the customers who purchased the tickets were from the Calgary area and the flights were primarily to Africa. The suspects posed as employees of travel agencies based out of UK to secure access to an online booking portal. The fraudsters were arrested on the charges- obtained by false pretense, unlawful use of a computer, possession of property obtained by crime, conspiracy to commit an indictable offence and fraud under $5,000.


ICC loses $2.5 million to phishing scam


Date: 22 January 2023

Place: USA

Source: Hindustan Times (HT Tech)


The International Cricket Council (ICC) became a victim of an online fraud and is believed to have been duped to the tune of over $2.5 million through deception. It is reported that the scamster from the USA acted as a vendor of the ICC and emailed the cricket body’s CFO for a payment from an email ID that was apparently similar to the ICC.


Paycheck protection program fraud


Date: 19 January 2023

Place: Georgia, US

Source: U.S. Attorney’s Public Affairs Office Website


Nearly two dozen Texans were slapped with federal charges related to an alleged defrauding of the Paycheck Protection Program (PPP). Prosecutors claimed that the 23 people were charged in a conspiracy to launder money fraudulently obtained from the PPP. The accused conspirators allegedly opened bank accounts under assumed business names to transfer, withdraw, and move the money for their own gain. According to the indictment, the defendants illegally obtained $3.5 million through several different types of fraud. These included business email compromises, romance scams, unemployment insurance fraud, and PPP fraud.


Electricity bill phishing fraud


Date: 17 January 2023

Place: Mumbai

Source: Indian Express News Service


The victim, who’s 57-year-old businessman fell prey to an alleged cyber fraud when he acknowledged a ‘non-payment of bill’ message on his phone purportedly sent by the electricity department. The victim was tricked into revealing his Paytm and Google Pay details on a dubious app a fraudster had told him to download. The fraudster then proceeded to siphon off INR 3.47 lakh from his bank account. In this case, the fraudster, claimed to speak from Adani Electricity, told the victim that his payment for the said last month was pending. He then asked him to download the ‘QR App’ and make a nominal payment of INR 1. Victim proceeded to do as the accused asked and tried paying the amount on the app almost four times with two of his UPI apps. Eventually, the fraudster withdrew INR 3,47,803 from the victim’s account.


Fraud by a hotel guest


Date: 17 January 2023

Place: Delhi

Source: Financial Express Blog


A prominent hotel in southwest Delhi’s Sarojini Nagar was duped of more than INR 23 lakh by a man who posed as a key functionary of the UAE government. Investigation revealed that the accused stayed in the hotel for more than three months before fleeing with valuable items. At the time of the booking, he had submitted fake identity cards, attesting to his stature as a “senior official of the UAE government”. Although, the accused made a few part settlements worth 11.5 lakh in August and September 2022 for room charges, but the total outstanding still stood at more than 23 lakh. The investigation further showed that he had issued a post-dated cheque worth 20 lakh, which bounced due to insufficient funds. Later, the hotel staff also found valuables missing from the room he had stayed in.


Alluring profit of doubling the investment through Ponzi scheme


Date: 14 January 2023

Place: Delhi

Source: The India Today


A group of 3 accused were arrested in the charges of allegedly floating of shell companies and duping investors to the tune of around INR 30 Cr. The criminals used to invite people and lure them with a promise of double their invested amount in 18 months. They also assured high profits like fund sharing, royalty and bonus in other schemes. A formal agreement was used to gain confidence and trust of the victims.


300 Cr scam, 15 fake Chinese apps


Date: 11 January 2023

Place: New Delhi

Source: Neeta Sharma, India News


A fraud of INR 300 crore through 15 fake Chinese applications came to light after the Uttarakhand police, India busted a syndicate of cyber criminals where callers were offered low-interest rate loans. The “cyber thugs” would also blackmail victims by sending obscene pictures to their families which they would download by remotely accessing their phones. The criminal started a shell company, ‘Hector LendKaro Private Limited’, which offered loans at low-interest rates through Chinese loan apps; RupeeGo, Rupee Here, LoanU, QuickRupee, Punch Money, Grand Loan, DreamLoan, CashMO, Rupee MO, CreditLoan, Lendkar, RockOn, HopeLoan, Lend Now and Cashfull.


Confidential information from Schools leaked on Dark web


Date: 6 January 2023

Place: England, UK

Source: Jonathan Holmes, BBC


Pates Grammar School in Gloucestershire, was one of the many schools that was targeted by a hacking group called Vice Society. The leaked documents, included children’s information, passport scans, staff pay and contract details. Vice Society allegedly stole 500 gigabytes of data from the entire Los Angeles Unified School District. Vice Society demanded money for not leaking the sensitive data.


As we bring the Part I to a close, we are proud to have fulfilled our core objective of collating, interpreting, analyzing, and disseminating fraudulent tendencies all over the world. In this Part, we have delved into various fraudulent activities ranging from cybercrime to financial fraud and provided insightful analyses on how to prevent and combat these activities. We are committed to providing readers with credible and up-to-date information on fraudulent activities, and we urge everyone to stay vigilant and report any suspicious activities to the appropriate authorities.


Standby for our next blog by .....


Meanwhile, you can log in to the blog page to offer your comments.


For more details regarding updates on the new products, please visit


https://www.drasintrisk.com/shop


Book for free Consultation with our experts today.

Mobile Number:+918290439442, Email-forensic@drasintrisk.com