Blog

FraudCast Blog

rss

Pondera FraudCast

Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.

How Fraudsters Stole Money from Venmo Users

How Fraudsters Stole Money from Venmo Users

In yet another example of the creativity of fraudsters exploiting security flaws in commonly used services, the Federal Trade Commission recently announced a settlement with Venmo, the popular money exchange service. The charges, filed in 2016, include some surprisingly basic security flaws in Venmo, which boasts of “bank-grade security”.

One major problem was found in Venmo’s cash reconciliation process. It would notify users that money had been deposited in their accounts when, in reality, many of the transactions were still under review. This allowed fraudsters to “purchase” and receive products before their payments were validated. Sellers, assuming that cash had been received, would ship the product and then find themselves without an actual payment. One scammer used this technique over several years to steal over $125,000 before being discovered.

In addition to this security flaw, federal regulators also noted that Venmo neglected to notify users of username and password changes or when new devices were added to their accounts. This allowed hackers to hijack accounts without any warnings to the actual account owners.

While the FTC’s settlement does not include any cash damages, it is likely that Venmo will face a slew of upcoming lawsuits. Beyond this, Venmo’s issues are particularly concerning to consumers. We often assume a certain level of security and common-sense practices when we use well-known applications and services. Clearly, we should all be concerned about trusting our money and identities with any company—regardless of how safe it appears to be.
City of Atlanta Victimized by Ransomware

City of Atlanta Victimized by Ransomware

Imagine walking in to work and being handed a printed out note instructing you to not turn on your computer because of a ransomware attack. Then imagine that you are instructed to monitor your personal bank accounts because your employer is unsure exactly what information has been compromised. For city employees in Atlanta, they don’t have to imagine. They are living this nightmare after the city was hit last week by SamSam Ransomware.

The city is working with federal law enforcement after the hackers demanded a $51,000 payment to turn control of the computers back to the city. And Hartsfield-Jackson Airport, one of the busiest airports in the world, turned off their WiFi out of “an abundance of caution”.

Ransomware, which is malicious computer code that often enters networks after users click on a link in a phishing email, is the most “popular” form of malware. In effect, it renders your data unusable until you pay a ransom to reclaim it. In 2017, a business was attacked every 40 seconds and individuals were attacked every 10 seconds by ransomware, according to Kapersky Security. A recent IBM study concluded that 70% of businesses have been hit by ransomware with half paying more than $10,000 to regain their data.

Despite recent prosecutions (for example, a Russian judge sentenced the criminals behind the Blackhole malware to up to eight years in prison), it is still extremely difficult to locate and prosecute the hackers because many of them operate from overseas. And now, even novice computer users can get in on the scam via Ransomware as a Service sites on the dark web. These sites allow you to configure and run your own ransomware campaigns without having to be an expert coder.

This combination of high success rates, easy access to ransomware code, and difficulty with prosecutions means that ransomware attacks are only going to increase. As employers and as individuals, it’s critical that we remain vigilant or we’re all going to end up victims.

Newsletter

Interested in viewing a live demonstration? Enter your email below and a member of our Sales Team will contact you to schedule a demo.

Email:

About Our Company

Pondera leverages advanced prediction algorithms and the power of cloud computing to combat fraud, waste, and abuse in government programs.



Get in touch

  • Sacramento Address: 80 Blue Ravine Road, Suite 250, Folsom, CA 95630

  • Phone: (916) 389-7800

  • Email: info@ponderasolutions.com