Online frauds and breached account in 2023

Neerav Noren Amin, Nagpur, Maharashtra (MH)
11/12/2023 11:02 AM

33 billion accounts will be breached in 2023 that converts 2328 per day, 97 cybercrime victims per hour. Cyber attacks of 8,00,000 have been recorded in total, and on average, there is a hacker attack every 39 seconds.

How many cyber attacks in 2023?
According to our research, there were 114 publicly disclosed security incidents in October 2023, accounting for 867,072,315 compromised records, bringing the year's total to over 5 billion.

Types of Online Fraud
This topic explains the following types of online fraud:

Phishing
Vishing
Hijacking
Malware and Botnets
Phishing
“Phishing” (pronounced “fishing”) is when criminals use email to try to lure you to fake websites, where you are asked to disclose confidential, financial, or personal information like passwords, account numbers, or transaction information.

The most common type of phishing is an email threatening some dire consequence if you do not immediately log in and take action.

You should never respond or reply to email that:

Requires you to enter organizational or personal information directly into the email or submit that information some other way

Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company

Solicits your participation in a survey where you are asked to enter personal information

States that your account has been compromised or that there has been third-party activity on your account and requests you to enter or confirm your account information

States that there are unauthorized transactions on your account(s) and requests your account information

Asks you to enter your User ID, password, or account numbers into an email or non-secure website

Asks you to confirm, verify, or refresh your account information

Directs you to a screen that asks you to provide additional data beyond your normal login information

Asks you to validate account information for banking systems you do not use

Vishing
Phishing scams can have a phone connection. First, it was “phishing,” where criminals send email by the thousands in hopes of tricking unsuspecting users into sharing confidential information.

Now, there is “vishing.” In this latest twist, fraudsters use a telephone number in the phishing email instead. If you call, a person or an automated response system will ask for your personal or account information.

Hijacking
Hijacking is a type of network security attack in which the attacker takes control of a communication, just as an airplane hijacker takes control of a flight, between two entities and masquerades as one of them. Hijack attacks may be used simply to gain access to information or the attacker may pose as that user and do anything the user is authorized to do on the network (i.e., move money).

If you are not able to successfully access PaymentNet during normal business hours and you receive one of the responses below, you should immediately contact your program administrator and then call your J.P. Morgan Customer Service representative or Client Application Support:

A message that the system is down for maintenance (especially during normal business hours) that is not consistent with the pre-advised extended outage Alerts

You receive a blank screen, instead of the PaymentNet home screen

The PaymentNet home screen does not look normal (options are missing)

The PaymentNet Log In screen appears repeatedly and requests that you log in again

Malware and Botnets
One of the most common of these attacks injects malicious software, known as “malware” onto a user’s machine. The malware is then able to “enslave” the machine as part of a network of “robot” computers. A network of robot computers is referred to as a “botnet.”

The use of malware distributed via botnet allows fraudsters to override existing security methods as well as harvest highly sensitive data and security credentials and possibly perform fraudulent transactions.

Malware or a Botnet can:

Record all keystrokes entered via the users keyboard, including all passwords, User IDs, account numbers, Social Security Numbers, and so forth. This is called key stroke logging and is a common feature of malware exploits.

Forward this confidential information back to a central fraud database for use immediately, a later time, or to be sold to another fraudster for a profit.

Allow a fraudster to take direct control of a user’s machine and all of the applications without presenting security credentials to gain access.

Enslave the user’s machine within the botnet, allowing the fraudster to launch subsequent security attacks from the machine, which helps the fraudster avoid detection by law enforcement.

10854 views