fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Scammers Drain Bank Accounts Using AnyDesk and SIM-Swapping

Scammers Drain Bank Accounts Using AnyDesk and SIM-Swapping

Scammers mixed together a malicious cocktail of social engineering, SIM-swapping, and remote desktop software to empty the bank accounts of at least three victims.

In total, victims lost more than $350,000. They were likely swindled by the same individuals since the modus operandi and some details were the same in all three cases.

Remote access to sensitive info

The scams happened over the summer in Budapest and started with the ruse of a well-located apartment offered for sale below the market value.

Enticed by the offer, the victims showed their interest and responded to the ad, learning that the lower price was because the owner, who was living abroad, needed money urgently.

A “relative” of the owner acted as an intermediary for the transaction and promised potential victims more pictures of the property than shown in the original online ad, along with a video.

Also Read: How Bank Disclosure Of Customer Information Work For Security

In two cases, the scammer convinced the victims to install AnyDesk remote desktop application to transfer the pictures and videos, Hungarian publication 24 reports.

Since AnyDesk is legitimate software, and the victims downloaded it directly from the developer’s website, there was no reason to suspect foul play.

The fraudster maintained access to the victim computer even after transferring the files and could search for sensitive info (documents, passwords, personal details) that would help them further in their scheme.

The goal was to log into the victim’s bank account and steal available funds; but with two-factor authentication (2FA) turned on, they also needed access to incoming messages on the mobile phone.

Connection lost

So they ran a SIM-swap scam, essentially tricking mobile service provider employees into activating a new SIM card with the victim’s phone number. At this point, the original SIM card becomes inactive and loses connection to the network.

At the same time, the fraudster’s new SIM gets all the victim’s calls and messages, including the 2FA code for logging into the bank account.

In at least one instance, the scammers converted the money to cryptocurrency, to make it more difficult to track.

With access to the victim’s SMS and with online banking credentials in hand, the scammer could access the victim’s bank account and drain it as if they were the legitimate owner.

Another way would be to log into the banking account using the remote connection to the victim’s computer, provided it’s turned on.

The SIM-swap scam has been rampant over the past years, causing victims across the world and millions of US dollars in losses. If fraudsters can’t bypass the security implemented by the mobile service provider, they often pay employees to replace the cards.

With so many services, banks included, still checking the authenticity of a login through SMS verification, it is easy to see why SIM-swapping wreaked havoc lately.

Also Read: What is Pentest Report? Here’s A Walk-through

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us