DoJ Busts Up Another Multinational DPRK IT Worker Scam
A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.
Scams use deception to steal money, credentials, or sensitive data, making them a cybersecurity risk for individuals and organizations.
Search across headline titles and summaries.
Background for this topic.
Scams are deceptive schemes intended to make people surrender money, credentials, sensitive information, or access. In information security, they commonly use phishing messages, impersonation, fraudulent websites, business-email compromise, fake technical support, or malicious attachments. Their defining feature is manipulation: the attacker creates a credible pretext and pressures the target to act before verifying the request.
Security teams should treat scams as an attack surface spanning email, messaging, telephone calls, social media, and payment workflows. Material risks include account takeover through stolen credentials, unauthorized payments, disclosure of personal or company data, and malware execution from deceptive content. Useful controls include phishing-resistant authentication, secure payment-change procedures with independent verification, filtering and domain protections, user training focused on reporting, and rapid review of suspicious messages or transactions. Incident handling may require revoking sessions, resetting credentials, contacting financial institutions, preserving evidence, and notifying affected parties where applicable.
A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.
Fraud Expert Ken Westbrook on Successful Ways to Stop Fake Investment SitesAccording to the FBI, losses from investment scams surged 38% between 2022 and 2023. Fraudsters are using highly effective tactics, including sending text messages to lure victims to fake cryptocurrency platforms, said Ken Westbrook, founder and CEO of Stop Scams Alliance.
Paint a target on Myanmar, pledge more info-sharing to get the job done A group established by six Asian nations to fight criminal cyber-scam slave camps that infest the region claims it’s made good progress dismantling the operations.…
Also: US Prosecutors Charge Suspected North Korean IT Worker CollaboratorsThis week, researchers spied Palo Alto firewall flaws, a North Korean IT worker conspiracy, ChatGPT as DDoS vector. Chinese hackers targeted a VPN maker, a fake PyPi package and a Russian threat actor shifted tactics. BreachForums admin faces prison and scammers used the release of Ross Ulbricht.
Arbitrage betting fraud rises, forcing bookmakers to adopt stricter measures against automated scams
Criminals Listed 269 Million Stolen Payment Card For Sale in 2024, Researchers FindIt's an old story: Criminals rake in profits by using digital "e-skimming" software, running scam e-commerce sites and selling stolen payment card data. Unfortunately, it's made continually new thanks to adaptability of cybercriminals, who keep their tool set relevant and ever more lucrative.
A CloudSEK report revealed Zendesk's platform can be exploited for phishing and investment scams
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests