Houston man sentenced to 7 years for attempted $2 million romance scam

A U.S. federal judge sentenced a Nigerian national to 87 months in prison for his role in trying to steal more than $2 million from victims via romance scams and spoofed email requests for wire transfer payments. The judge on Wednesday also ordered Akhabue Ehis Onoimoimilin, who lives in Houston, to pay back nearly $900,000 to victims of the money laundering scheme to which he pleaded guilty. The indictment in the case indicates that Onoimoimilin and a co-defendant, whose name is redacted, caused $1.7 million in actual losses from the scheme. Onoimoimilin’s role involved opening bank accounts in the name of “David Harrison” to launder money for co-conspirators. Law enforcement identified more than $400,000 in attempted losses in the accounts, for which Onoimoimilin received 10 to 15% of the funds. Onoimoimilin opened the accounts in 2015, according to prosecutors. The indictment offers few details on the romance and business email […]

The post Houston man sentenced to 7 years for attempted $2 million romance scam appeared first on CyberScoop.

Continue reading Houston man sentenced to 7 years for attempted $2 million romance scam

Is Multifactor Authentication Changing the Threat Landscape?

Changes to the cybersecurity threat landscape are constant and dynamic: threat actor groups come and go, alter tactics, techniques and procedures (TTPs) and adjust to new defensive mechanisms. Over time, both cyber criminal gangs and nation-state actors endure arrests and swap individuals in what can appear to be an ongoing arms race between good and […]

The post Is Multifactor Authentication Changing the Threat Landscape? appeared first on Security Intelligence.

Continue reading Is Multifactor Authentication Changing the Threat Landscape?

Wine scams spiked during COVID-19 lockdown

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […]

The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop.

Continue reading Wine scams spiked during COVID-19 lockdown

BEC scammer infects own device, giving researchers a front-row seat to operations

In some media portrayals, criminal and state-backed hackers are invariably depicted as cunning and sophisticated, gliding inexorably toward their latest data heist. Reality is murkier. These digital operatives are, of course, human and prone to mistakes that expose their activity. A North Korean man accused of hacking Sony Pictures Entertainment in 2014, for example, mixed his real identity with his alias in registering online accounts, making it easier for U.S. investigators to track him. The most recent example of bumbling digital behavior occurred when a scammer infected their own device, offering researchers a front-row seat to the attacker’s scheme and lessons  in how to defend against it. “This is a big failure in their operational security as it gives us direct insight into some of the attacker’s tactics and operation,” said Luke Leal, a researcher at web security firm Sucuri, which made the discovery. The attacker was trying to carry […]

The post BEC scammer infects own device, giving researchers a front-row seat to operations appeared first on CyberScoop.

Continue reading BEC scammer infects own device, giving researchers a front-row seat to operations

Nigerian man sentenced 10 years for $11 million phishing scam

A Nigerian national, Obinwanne Okeke, has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses. The scheme, which lasted from 2015 to 2019, targeted Unatrac Holding Limited, a British firm that acted as the export sales office for Caterpillar, with fake invoices and wire transfer requests. The FBI opened an investigation into the alleged scam in 2018 after Unatrac raised alarm about an email compromise operation that had targeted the firm, according to court documents. The scheme collected the credentials of hundreds of victims over the course of the operation, according to the FBI press release on the matter. It’s the kind of business email compromise scam that plagues businesses around the world. There were $1.7 billion worth of losses caused by BEC scams in 2019 alone, the most recent year the FBI has published data […]

The post Nigerian man sentenced 10 years for $11 million phishing scam appeared first on CyberScoop.

Continue reading Nigerian man sentenced 10 years for $11 million phishing scam

Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims

An Interpol-helmed operation led to the arrest of three suspected cybercriminal gang members in Nigeria whose outfit has allegedly targeted victims in more than 150 countries, including schemes that involved offering COVID-19 aid. The sting, announced Wednesday, was part of Operation Falcon, a year-long investigation that teamed with cybersecurity company Group-IB and the Nigeria Police Force. “This group was running a well-established criminal business model,” said Craig Jones, Interpol’s cybercrime director. “From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits.” The gang, dubbed TMT, is divided into numerous subgroups, according to Vesta Matveeva, head of Group-IB’s APAC Cyber Investigations Team. The three suspects arrested in Lagos tallied 50,000 victims in government and industry, the company said. Matveeva said via email that TMT overall might have compromised more than 500,000 victims since 2017. TMT’s speciality is business email compromise (BEC), where the attackers pose […]

The post Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims appeared first on CyberScoop.

Continue reading Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims

State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends

Phishing has long been an infection vector of choice for threat actors, and for good reason — it is relatively easy, inexpensive and consistently successful.

The post State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends appeared first on Security Intelligence.

Continue reading State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends

Spear Phishing Gets Us Nearly Every Time: Lessons From Europol’s Report

Just how susceptible are people to phishing and spear phishing? Recent reports show an increase in phishing activity and sophistication as well as greater negative impacts.

The post Spear Phishing Gets Us Nearly Every Time: Lessons From Europol’s Report appeared first on Security Intelligence.

Continue reading Spear Phishing Gets Us Nearly Every Time: Lessons From Europol’s Report

How Can Financial Services Stem the Tide of Mobile Phishing Attacks?

Reading Time: 4 minutes What can financial services organizations do to protect their highly sensitive information from mobile phishing attacks?

The post How Can Financial Services Stem the Tide of Mobile Phishing Attacks? appeared first on Security Intelligence.

Continue reading How Can Financial Services Stem the Tide of Mobile Phishing Attacks?

HawkEye Malware Operators Renew Attacks on Business Users

IBM X-Force researchers report an increase in HawkEye v9 keylogger infection campaigns targeting businesses around the world.

The post HawkEye Malware Operators Renew Attacks on Business Users appeared first on Security Intelligence.

Continue reading HawkEye Malware Operators Renew Attacks on Business Users