2020年3月27日星期五

趁你病,攞你命!


瘟疫蔓延,封關封城,多國進入半停擺的狀態,非必要的商業和娛樂及體育活動也陷於停頓。官府忙於對抗疫症和挽救經濟,老百姓忙於保命或張羅物資。在這種情況之下,依然找到財路的,是頭腦靈活的犯罪份子。具體做法如下:

1. 疫症打擊商業活動,令失業人數急升。有犯罪份子透過刊登(假)招聘廣告,聲稱提供「在家工作」(Work-at-Home) 的機會,而(假)僱主是為對抗疫症而成立的非牟利團體,真正目的是利用受害人的銀行戶口清洗黑錢(英文叫 money mules)。想騙財的話,可以叫受害人捐錢給聲稱由世界衛生組織 (WHO) 或政商娛樂名人牽頭成立的抗疫慈善基金,在網上平台出售防護物資(例如:口罩或防護衣)又得。騙徒會設立(假)網頁,上面的文字或影像資料可以是偷來的,如果受害人不懂得查證很容易中招。如果騙徒來自另一個司法管轄區,就算受害人報警,也不容易追討損失。

2. 另一種以(假)招聘為包裝的行騙手法,是運用手機的視像對話功能,扮面試其實是錄下閣下的面孔和聲音,然後出售給犯罪集團或發展人面識別系統的極權國家,閣下的聲音也可以用來盜取銀行戶口款項(請參考<延伸閱讀>部份所提供的外國真實個案)。香港有學校以疫症蔓延,視像面試比較安全為理由,要求父母替幼兒拍攝錄影片段,然後交給校方參考。萬一那些片段落入壞人的手中,轉售給國產騙徒或跨國犯罪集團,而孩子又不被取錄,即是被佔便宜,明白未?教育界有沒有壞人?自己想。中產家長們,小心!

3. 也有電腦黑客針對最受疫症打擊,被殺個人仰馬翻,高層手忙腳亂的機構或行業發動襲擊,即是:醫療、酒店、旅遊、物流、航空等行業,試圖盜取客戶資料或控制某個(具備戰略價值的)機構或行業的資訊科技系統。廣東話的說法:「趁你病,攞你命!」如果電腦黑客的背後,是某些流氓國家的軍事或情報機關所指使或統籌或訓練,便是發動 Cyber warfare,背後牽涉國家安全。事情的本質:某些流氓國家躲在黑暗的虛擬世界中,對西方國家的民主體制發動網絡游擊戰,或測試新技術或新戰術,或探測對方的反應,也可以是熱身練習。表面上是瘟疫,其實是兩種體制在暗中較量,但無須出動飛機大炮海陸空軍。

結論:保命固然重要,也要保護私隱。正所謂:高手在民間,飯桶在機關。賊公計,狀元才。記住財不入急門,小心駛得萬年船。祝大家身體健康,因為健康就是財富。唉,越寫越似長輩文, Auntie 老了。

插圖來源:互聯網

延伸閱讀/參考資料:

Coronavirus Widens the Money Mule Pool
Riskscreen
By Brian Krebs, Krebs on Security, 17 March 2020
https://www.riskscreen.com/kyc360/news/coronavirus-widens-the-money-mule-pool/
Extract: With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.”

On the surface, the Web site for the Vasty Health Care Foundation certainly looks legitimate. It includes various sections on funding relief efforts around the globe, explaining that it “connects nonprofits, donors, and companies in nearly every country around the world.” The site says it’s a nonprofit with offices based in Nebraska and Quebec, Canada. The “Vasty Health Care Foundation” is one of several fraudulent Web sites that recruit money mules in the name of helping Coronavirus victims. The content on Vasty’s site was lifted almost entirely from globalgiving.org, a legitimate charity that actually is trying to help people affected by the pandemic.

Another Kind of Outbreak: COVID-19 as Financial Crime Threat
Riskscreen
By Dev Odedra, an independent anti-money laundering and financial crime expert.
18 Mar 2020
https://www.riskscreen.com/kyc360/news/another-kind-of-outbreak-covid-19-as-financial-crime-threat/
Extract: When the World Health Organization (WHO) designated COVID-19 a ‘pandemic’ earlier this month, it understandably left out another concern linked to the outbreak: how financial crooks might exploit it. Whether it is this virus or another in the future, the significant attention and panic that comes with such outbreaks can provide unscrupulous individuals with a new means to exploit others. Currently, statistics on criminality related to the outbreak are limited. Aside from criticising the UK’s response to the viral outbreak, Action Fraud disclosed that it had received 21 reports of fraud linked to the virus last month, with victims’ losses totalling over £800,000. Ten of the reports involved the purchase of face masks from fraudulent sellers. One victim paid £15,000 for the (obviously non-existent) face masks, which never arrived.

The Action Fraud information also highlighted a common scheme that involved fraudsters emailing potential victims and pretending to be from organisations working with the WHO and CDC (Centers for Disease Control and Prevention). The fraudsters claimed to be able to provide a list of infected people in the victim’s area. The victims were then asked to click on links to malicious websites in order to obtain the lists and were at times asked to make payments in Bitcoin. Recorded Future, the cybersecurity and threat intelligence company, released a report that found cybercriminals had been using phishing and malware to target victims in Italy, the United States, Ukraine and particularly Iran. The findings by Recorded Future also detail that, in line with the increase in the spread of the virus, there was an increase in newly registered domain names related to the Coronavirus as cybercriminals potentially realised the use of the “COVID-19 as a cyberattack vector”.

INTERPOL warns of financial fraud linked to COVID-19
13 March 2020
https://www.interpol.int/News-and-Events/News/2020/INTERPOL-warns-of-financial-fraud-linked-to-COVID-19
Extract: Scams linked to the virus include: Telephone fraud – criminals call victims pretending to be clinic or hospital officials, who claim that a relative of the victim has fallen sick with the virus and request payments for medical treatment; Phishing – emails claiming to be from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware. In many cases, the fraudsters impersonate legitimate companies, using similar names, websites and email addresses in their attempt to trick unsuspecting members of the public, even reaching out proactively via emails and messages on social media platforms.

Monetary loses reported to INTERPOL have been as high as hundreds of thousands of dollars in a single case, and these crimes are crossing international borders. INTERPOL’s Financial Crimes Unit is receiving information from member countries on a near-daily basis regarding fraud cases and requests to assist with stopping fraudulent payments. Targeted victims have primarily been located in Asia, but the criminals have used bank accounts located in other regions such as Europe, to appear as legitimate accounts linked to the company which is being impersonated. To date, INTERPOL has assisted with some 30 COVID-19 related fraud scam cases with links to Asia and Europe, leading to the blocking of 18 bank accounts and freezing of more than USD 730,000 in suspected fraudulent transactions.

Top Cybersecurity Recommendations Amid COVID-19
BDO United States
March 2020
https://www.bdo.com/insights/business-financial-advisory/cybersecurity/top-cybersecurity-recommendations-amid-covid-19
Extract: Globally industry has seen a sharp rise in cyber-attacks since the Chinese government disclosed the spread of the coronavirus or COVID-19 within China and internationally. Especially, cyber-attacks focused on health-care systems using spear-phishing and ransomware, impersonation attacks combined with business email compromise (BEC) targeting financial systems, supply-chain cyber-attacks focused on re-directed manufacturing operations outside of China, and distributed denial of service (DDoS) cyber-attacks on the energy, hospitality, and travel industries.

With the spread of COVID-19, increased demands for information technology (IT) support services are occurring across nearly all industries, as worldwide employees, students, university faculty, and others are being asked or required to work or study remotely from their homes to reduce the spread of the virus. As a result, nation-state cyber-attack groups and criminal cyber-attack groups are taking maximum advantage to target cyber vulnerabilities in select industries, especially those most impacted by the current crisis.

環看天下:網絡安全專家聯手對付與疫情相關黑客活動
RTHK 2020-03-27
https://news.rthk.hk/rthk/ch/component/k2/1517131-20200327.htm
節錄:在新型肺炎疫情下,不少人在家工作,電腦和互聯網成為重要溝通工具。全球加緊抗疫之際,亦要防範針對醫療衛生機構的黑客攻擊活動。最近幾百名在網路安全領域的高手結成聯盟,合力對抗與疫情相關的黑客活動。這批人當中,包括在微軟和亞馬遜等大型企業身居要職的專業人員。另外,英國近日一款追蹤病人徵狀的手機應用程式大受歡迎,不過有專家關注涉及的私隱問題。

Your voice can be Stolen
Simone Caron, IFPC
International Fraud Prevention Conference
Feb 14 2020
https://www.internationalfraudprevention.com/news/your-voice-can-be-stolen
Extract: The worlds first recorded case of an artificial intelligence-generated voice used to commit CEO fraud. Yes, you read that correctly. Scammers can now steal your voice to instruct people to transfer money into their bank accounts...... It’s the world’s first reported case of an artificial intelligence-generated voice used to steal €220,000.

The Wall Street Journal reported that the CEO of an energy company in the UK (preferred to remain anonymous) was scammed into thinking he was on the phone to his boss who heads the German parent company, asking him to transfer €220,000 to, who the fraudster claimed was a Hungarian supplier. After the third phone call regarding the payment, the CEO began to suspect something was off. After obediently making the first transfer of cash, his “Boss” claimed the money had bounced, asking him to make another payment of the same amount.

The CEO realized it was an imposter when he received notification that the payment had in fact gone through and that the call he was receiving, came from an Austrian number. The company’s insurance company, “Rüdiger Kirsch of Euler Hermes Group SA” said that the investigation revealed that the criminals had used AI voice technology to mimick the voice - even copying his slight German accent and “melody” with which his boss spoke. Although the CEO had realised he had fallen victim to a scam before he made the second payment, the first payment had already been moved from the original Hungarian bank account to a Mexican account and consequently split the payment into accounts in various locations. However, investigators and police are still unable to find any suspects.

20 Fraud Trends for 2020
https://secure.efraudprevention.com/predictions.html
Extract: Fraud makes its way into pop culture and social networks: Popular culture and social media are making fraudulent methods more common and easier to access, leading to more fraud attacks against banks, lenders and finance companies. Fake check scams: Fake check scams are up 65 percent since 2015 and this trend will continue to rise. Most fake check scams involve a job offer, an income opportunity of some kind or involve selling items online. Ransomware attacks: Ransomware developers will make their code more evasive so that they can establish a foothold in a system, encrypt more data without being noticed, and possibly scale operations to other networks.

How North Korean Hackers Rob Banks Around the World
Excerpted from The Hacker and the State, by Ben Buchanan.
Buy on Amazon.
COURTESY OF HARVARD UNIVERSITY PRESS
https://www.wired.com/story/how-north-korea-robs-banks-around-world/
Extract: During the first decade of the 2000s, the US made great progress in thwarting North Korea’s illicit behavior, especially its counterfeiting operation. A law enforcement campaign stretching to 130 countries infiltrated the secret trafficking circles and turned up millions of dollars in bogus bills. In one dramatic scene, authorities staged a wedding off the coast of Atlantic City, New Jersey, to lure suspects and arrest them when they showed up. The US Treasury Department also deployed its expanded Patriot Act powers, levying financial sanctions on the suspect bank in Macau and freezing $25 million in assets.

It should be no surprise that hacking would be one of these. As The New York Times has reported, North Korean leadership has taken care to identify promising young people and get them computer science training in China or even — undercover as diplomats to the United Nations — in the States. Once trained, the North Koreans often live abroad, frequently in China, as they carry out their cyber operations. This gives them better internet connectivity and more plausible deniability of North Korean government ties, while still keeping them out of the reach of US law enforcement. These North Korean hackers have carried out a systematic effort to target financial institutions all over the world. Their methods are bold, though not always successful. In their most profitable operations, they have manipulated how major financial institutions connect to the international banking system. By duping components of this system into thinking their hackers are legitimate users, they have enabled the transfer of tens of millions of dollars into accounts they control. (Auntie 的推介:中國和澳門協助北韓打劫銀行。)

Cyber Warfare: Modern Front-lines
Caleb Townsend (Staff Writer)
United States Cybersecurity Magazine
https://www.uscybersecurity.net/cyber-warfare/
Extract: Cyber Warfare is a broad term that defines a nation state sanctioned attack on a computer system of another country. One accomplishes this by means of hacking, computer viruses, and the like. CYBER WARFARE: FIRST AS A TERM, THEN AS A THREAT. However, in some respects, cyber warfare is a hard term to fully define. Many often view the term itself is as a misnomer, due to the fact that a full out cyber war has not happened before. In fact, offensive cyber actions committed in history have been rejected and disavowed by those involved. Additionally, many experts question what full out cyber warfare would even look like. However, despite these misgivings, a wide range of states, including the United States, Russia, China, Iran, and Vietnam have offensive and defensive cybersecurity operations and capabilities. Actors will often leverage these threats that, in the very least, support more traditional means of warfare.

相關的文章:

「進階版」求職須知 (Part 5)
2019 年 1 月 10 日
https://xiaoshousha.blogspot.com/2019/01/part-5.html
節錄:無良僱主或中間人收集求職者的個人資料,然後轉售圖利,是常見的港式求職騙局。常見的做法:填完申請表格,叫你回家等通知,之後音訊全無。也許會約你去面試,但是感覺很假,因為對方的表情和語氣似背對白,是有劇本的。對方也許會在面試過程中耍手段,真正目的是趕你走(因為收集個人資料的任務已經完成),把放棄的責任推卸到閣下身上。

教育騙局(二)
2017 年 5 月 8 日
http://xiaoshousha.blogspot.hk/2017/05/blog-post.html
節錄:如果私營的教育機構也不過是一盤生意,香港的國際學校是一個疑似投資騙局。國際學校要求學生家長購買指定金額的債券,而那些債券是沒有二手市場的。如果孩子要退學或被開除,家長會無法脫手(除非找到另一位家長接手而又取得學校的同意),被迫繼續持貨直至到期為止(據說個別的國際學校會向退學的學生家長提供 Refund, in full or in part)。某程度上,是家長打本給學校做生意,而顧客是自己的孩子。

打機兼洗錢
2019 年 11 月 16 日
https://xiaoshousha.blogspot.com/2019/11/blog-post_16.html
節錄:網絡遊戲容許參與者開設戶口,然後用真金白銀(或信用卡)購買虛擬武器,或累積了虛擬貨幣 (Virtual currencies) 或虛擬資產 (Virtual assets),提供了儲存價值 (Store value) 的功能,作用等同現實世界中的貨幣,但沒有官方認證也不受監管。參與者可以透過交出戶口,或透過(由第三者提供的)網上交易平台或(虛假的)社交媒體帳戶買賣虛擬貨幣或虛擬資產或虛擬武器,從而達到轉移犯罪收入的真正目的。

The Frontman of Rocket Man
2017 年 9 月 28 日
http://xiaoshousha.blogspot.hk/2017/09/the-frontman-of-rocket-man.html
節錄:中國四大國有銀行在美國有分行,如果任何一間被美國的金融監管機構抓到替北韓提供服務的把柄,又或者是替金家成員清洗黑錢的證據,後果可以很嚴重(例如:被美國凍結資產、被迫切斷跟美國金融系統的聯繫、客戶逃亡引發擠提、在香港的股價立即下跌),澳門滙業銀行的擠提風波(2005 年 9 月中)是好例子,請參考<延伸閱讀>部份所提供的資料。

巫婆發功
2020 年 3 月 17 日
https://xiaoshousha.blogspot.com/2020/03/blog-post.html
節錄:歷史重演,鐮刀幫再次扮演奸角,美國佬再次扮演世界警察,叫人想起占士邦 (James Bond) 電影的劇情。所不同者,今日玩的是一種新模式的冷戰 (New Cold War),透過經濟或科技手段進行,無須下下出動飛機大炮海陸空軍,而香港一如以往是兩個世界的邊緣或磨心。

瘟疫蔓延時
2020 年 1 月 29 日
https://xiaoshousha.blogspot.com/2020/01/blog-post_29.html
節錄:武漢新型肺炎是天災也是人禍,以及毫不溫馨的提示。它提醒港人,不可以放棄抗爭。一日沒有民選的政府,閣下的生命安全都不受保障。就算過去七個月內你沒有被警暴所傷,也會死於無聲無息的國產瘟疫。當特區政府和中央政府都不可信,港人還可以怎樣?答案:官府無能,民間自救。

27/03/2020

沒有留言: