भारत और उत्तर अमेरिका को धोखाधड़ी से बचाना

क्या यह स्कैम है?

फोन नंबर, URL, UPI ID और कंपनी का नाम खोजें। देखें कि दूसरों ने इन्हें रिपोर्ट किया है या नहीं।

लोकप्रिय: +91 नंबर, UPI फ्रॉड, फेक वेबसाइट, क्रिप्टो स्कैम

ट्रेंडिंग स्कैम

Digital Arrest Scam: Lucknow Doctor Loses ₹1.55 Crore to Fake Law Enforcement

A retired doctor in Lucknow became a victim of a 'digital arrest' scam, losing ₹1.55 crore (approximately $185,000 USD). This scam is a sophisticated impersonation fraud where criminals pose as law enforcement officials (police, CBI, or immigration authorities) to intimidate victims into transferring large sums of money. **How the Scam Works:** 1. **Initial Contact**: The scammer calls the victim, typically claiming to be from a government agency like CBI, ED (Enforcement Directorate), or immigration authorities. 2. **False Accusation**: The caller informs the victim of alleged illegal activities tied to their name, such as: - Money laundering - Involvement in criminal cases - Visa violations or immigration fraud - Suspicious financial transactions 3. **Creating Urgency and Fear**: The scammer claims that an arrest warrant has been issued and threatens immediate arrest unless the victim cooperates and pays a "verification fee" or "deposit." 4. **Isolation Tactics**: The scammer instructs the victim not to inform family, friends, or real police, claiming this is standard procedure or will complicate the case. 5. **Fake 'Digital Arrest'**: The victim is asked to stay on a video call or use remote access tools while they transfer money through bank transfers, UPI, or other payment methods. The scammer pretends this is an official "digital custody" process. 6. **Repeated Demands**: Even after the first payment, scammers often demand additional funds, creating the false impression that the situation will only be resolved with more money. **Red Flags to Watch For:** - Unsolicited calls from officials claiming you're involved in illegal activities - Pressure to send money immediately to avoid arrest - Instructions not to tell family or contact real authorities - Requests to stay on video calls while money is transferred - Offers to resolve matters "off the record" with payment - Asking for personal details, bank information, or Aadhaar number - Caller ID showing government numbers (easily spoofed) - Threat of freezing bank accounts or passport **What to Do if Targeted:** 1. **Hang up immediately** – Real government agencies do not conduct official business via unsolicited calls. 2. **Contact local police** – File an FIR with your nearest police station and provide all call details. 3. **Verify independently** – Call the official CBI, police, or ED office directly using verified numbers from their official websites. 4. **Preserve evidence** – Save call recordings, messages, and transaction details. 5. **Report to authorities**: - **India**: Call 1930 (cybercrime helpline) or visit cybercrime.gov.in - **File complaint**: Report through your bank's fraud department immediately 6. **Alert your bank** – Block any fraudulent transactions and put fraud alert on accounts. 7. **Inform family members** – Warn them about similar calls. **Why This Scam is Effective:** Scammers exploit the natural fear of legal consequences and government authority. Retired professionals often have substantial savings, making them attractive targets. The caller's knowledge of basic personal information (obtained from data breaches or public records) adds credibility to the threat. Source: The420.in (https://news.google.com/rss/articles/CBMifkFVX3lxTFB1Z1g0QW11UklKZ2dyaEd6enF3ZWxmSVRYcTd2cWl6dGlCVGQ2SFF1TDA0THVRRER2LTRVSFZEX3VybG9oZ19NdV9VYlZfWk9nWVM1d05IWjVqelN1ZFFHVFlnN2FPMjM3UG5ZQmlHemJmWjVmTEFGOXRnVVVHUQ?oc=5)

1 रिपोर्ट

Global

Fake Cryptocurrency Wallet Apps on Apple App Store Stealing Seed Phrases and Private Keys

SCAM OVERVIEW: Cybersecurity researchers at Kaspersky have identified 26 malicious applications on the Apple App Store that impersonate legitimate cryptocurrency wallet services. These fake apps have been active since at least fall 2025 and are specifically designed to steal cryptocurrency recovery phrases (seed phrases) and private keys from unsuspecting users. HOW THE SCAM WORKS: 1. Victims download what appears to be a legitimate cryptocurrency wallet app from the Apple App Store (e.g., MetaMask, Trust Wallet, Coinbase Wallet impersonations). 2. Upon launching the app, users are redirected to fake browser pages that visually mimic the official Apple App Store interface. 3. These fraudulent pages distribute trojanized (malware-infected) versions of well-known legitimate cryptocurrency wallets. 4. When users interact with these trojanized apps, their sensitive information is captured, including seed phrases and private keys. 5. Once attackers obtain these credentials, they gain complete access to the victim's cryptocurrency holdings and can transfer all funds to their own wallets. RED FLAGS TO WATCH FOR: - Apps with similar names to popular wallets but with slight misspellings (e.g., "MetaMask Wallet" vs. "MetaWallet") - Wallet apps requesting unusual permissions beyond what's needed for cryptocurrency management - Being asked to enter your seed phrase or private key immediately after app installation - Browser redirects when opening the app (legitimate wallets don't redirect to browser pages) - Apps showing unusual UI elements or poor design quality - Wallet apps available on the App Store with suspiciously low download counts or few reviews - Apps requesting access to photos, contacts, or location data (unnecessary for wallet functions) - No official developer verification or blue checkmark from known cryptocurrency companies - Offers of free cryptocurrency or airdrop promotions within newly installed apps WHAT VICTIMS SHOULD DO: 1. If you've downloaded a suspicious wallet app: Immediately uninstall it and do NOT enter any seed phrases or private keys 2. Check your cryptocurrency accounts: Log in through a legitimate wallet (on a different device if possible) and verify your funds are still there 3. If funds are missing: Contact your wallet provider immediately and report the incident to law enforcement 4. Report the fake app: Report the malicious app directly to Apple App Store and to Kaspersky at https://securelist.com 5. Change all passwords: Update passwords for email accounts and any cryptocurrency exchange accounts linked to the compromised wallet 6. Monitor accounts: Watch your cryptocurrency accounts for any unauthorized access or transactions for the next several months IMPORTANT SECURITY PRINCIPLES: - Always download cryptocurrency wallets ONLY from official websites or verified app store links - Verify the official website URL before downloading (check for secure HTTPS and proper domain names) - Never share your seed phrase or private keys with anyone, including app developers - Use hardware wallets for long-term storage of significant cryptocurrency holdings - Double-check app developer names and look for official company branding HELP & REPORTING: - Report fraud to FTC: reportfraud.ftc.gov - Report to Apple: apple.com/reportaproblem - Report to Kaspersky: https://securelist.com - Cryptocurrency exchange support teams can assist with account recovery Source: The Hacker News (https://thehackernews.com/2026/04/26-fakewallet-apps-found-on-apple-app.html)

1 रिपोर्ट

Global

Helpdesk Social Engineering Scam: Attackers Bypass Security via Fake Password Reset Requests

## How the Scam Works Attackers are exploiting a commonly trusted business process—password resets—to gain unauthorized access to user accounts and corporate systems. This scam targets the helpdesk or IT support teams within organizations by impersonating legitimate employees requesting password resets. ## Step-by-Step Attack Process 1. **Initial Contact**: The attacker calls or emails the helpdesk/IT support team posing as an employee who has "forgotten their password" or claims they "cannot access their account." 2. **Social Engineering**: The attacker uses publicly available information (names from LinkedIn, company directories, or previous data breaches) to sound credible. They may reference real departments, projects, or colleagues to build trust. 3. **Bypassing Verification**: The attacker attempts to bypass security verification questions by: - Claiming they don't remember answers - Rushing the helpdesk agent ("I'm in a meeting, this is urgent") - Creating urgency around business-critical tasks 4. **Password Reset Execution**: Once the helpdesk agent resets the password without proper verification, the attacker receives a temporary password or reset link. 5. **Full Account Compromise**: The attacker logs in, changes the password permanently, and gains full access to the legitimate user's account, email, and connected systems. 6. **Lateral Movement**: From the compromised account, attackers can access sensitive data, install malware, or pivot to other accounts with higher privileges. ## Red Flags to Watch For - Callers who are vague about why they need a password reset - Requests from people claiming to be employees but with inconsistent information - Callers who pressure helpdesk staff to bypass normal verification procedures - Requests outside normal business hours or from unusual locations - Callers who refuse to use standard verification methods - Generic greetings or difficulty providing employee-specific details - Requests to send temporary passwords via unsecured channels (SMS, email) ## Protection Steps **For Employees:** - Never provide personal details to unsolicited callers claiming to be from helpdesk - Use multi-factor authentication (MFA) on all accounts - Verify password reset requests through alternative communication channels - Report suspicious calls to your IT department immediately **For Organizations:** - Implement strict identity verification protocols for password resets - Require callers to answer security questions only they would know - Use callback verification (call the employee back using verified contact info) - Enforce mandatory multi-factor authentication - Train helpdesk staff on social engineering tactics - Log and audit all password resets - Never send temporary passwords via email or SMS ## Report This Activity If you experience or suspect this scam: - **US**: Report to FBI at ic3.gov or FTC at reportfraud.ftc.gov - **India**: Contact local cybercrime cell or file complaint at cybercrime.gov.in - **Your Organization**: Immediately notify your IT security team Source: BleepingComputer (https://www.bleepingcomputer.com/news/security/regular-password-resets-arent-as-safe-as-you-think/)

1 रिपोर्ट

North America

Phone - 12127489738

Received a text from this person for the 3rd time this month - This is Lesley from Confluent recruiting. Your experience looks like it could match a remote part-time position we’re currently filling. •⁠ ⁠Flexible working hours, with about 1–1.5 hours needed daily •⁠ ⁠Earnings typically range between $200 and $350 per day •⁠ ⁠Training is provided at no cost, along with paid leave •⁠ ⁠Short interview process with minimal steps Tasks involve browsing partner apps and submitting screenshots to confirm completion. We have 20 openings available. Text (12127489738) for details. (Consultations: 9 AM – 9 PM ET | Age 25+)

1 रिपोर्ट

Scams Reported

Lookups Today

Countries Covered