Infosec In Brief: New York Sues Zelle Over Alleged Fraud
Infosec In Brief New York State is taking legal action against the bank-owned peer-to-peer payment platform, Zelle. The lawsuit claims that the banks behind Zelle were aware of widespread fraud on the platform but failed to act, allowing scammers to operate with impunity.
Last week, New York Attorney General Letitia James’ office announced a lawsuit against Early Warning Services, LLC (EWS), the company responsible for Zelle. The lawsuit accuses EWS of fraud and seeks unspecified monetary restitution for New York residents who fell victim to scams on the platform between 2017 and 2023.
EWS’ member banks include major financial institutions such as JPMorgan Chase, Bank of America, and Wells Fargo. These banks commissioned EWS to create a bank-owned alternative to popular P2P platforms like Venmo, PayPal, and Cash App. Zelle, which launched in 2017, was EWS’s solution, but according to James’ office, it was flawed from the start.
Zelle’s Critical Safety Oversights
According to the New York Attorney General’s office, Zelle was designed without essential safety features, making it easy for scammers to target users and steal over $1 billion. The platform reportedly lacked crucial verification steps during registration, allowing users to sign up with accounts that mimicked known brands. Scammers exploited these accounts in schemes that involved convincing users to send delinquent bill payments through Zelle.
Due to Zelle’s design for rapid payments, fraud victims often found themselves with little recourse for restitution. James’ office claimed that banks typically informed victims that retrieving stolen funds was impossible.
“When Zelle launched, EWS did not require participating banks to report scams,” the AG’s office stated. Even when fraud reports were received, the company rarely acted swiftly to remove fraudulent accounts. Additionally, safeguards developed by EWS were not effectively implemented, as noted by James’ office.
Previous Investigations and Future Justice
Elected officials have long voiced concerns about rampant fraud on Zelle. The federal government even launched an investigation during the Biden administration, but it was closed as the administration wound down, leading to the current lawsuit.
“I look forward to getting justice for the New Yorkers who suffered because of Zelle’s security failures,” James said in a statement.
Netflix Job Offer Scam Alert
Antivirus software vendor Malwarebytes recently reported a scam email claiming to be from Netflix, offering a “visionary marketing leader” position. This email was a clear phishing attempt.
Malwarebytes discovered that clicking on the interview scheduling link led to a blocked phishing domain. Bypassing the block revealed a webpage mixing content from the actual Netflix site with the phishing campaign, ultimately aiming to hijack Facebook credentials. Even clicking “Continue with Email” redirected to Facebook, according to Malwarebytes.
If you lack endpoint protection that blocks phishing sites, detecting this scam relies on scrutinizing URLs for suspicious signs, such as missing letters.
Canadian Parliament Breach
Last week, an unknown malicious entity breached the Canadian House of Commons, as reported by CBC News. Details remain scarce, but Canada’s Communications Security Establishment (CSE) confirmed the incident and investigation to the Canadian Broadcasting Corporation.
An internal email revealed that stolen data included employee names, job titles, office locations, email addresses, and government-managed hardware information. While the attacker remains unidentified, a recent CSE bulletin warned that China, Iran, and Russia are increasingly targeting Canadian systems for various reasons.
China is often interested in accessing Canadian intellectual property, while Iran conducts espionage on adversaries. Russia, although not the top threat, targets Canada due to its NATO role and support for Ukraine.
Crypto Scam Victims Targeted by Fake Lawyers
Scammers posing as lawyers are preying on victims of cryptocurrency scams, offering to recover lost funds. The FBI recently warned of this scheme, which combines exploitation tactics targeting vulnerable populations, particularly the elderly.
Red flags include fake lawyers lacking credentials, requesting payment to third parties, or asking for payment in cryptocurrency or gift cards.
Kryptos Solution for Sale
The Kryptos sculpture, created in 1990 by US sculptor Jim Sanborn at CIA headquarters, contains an unsolved encrypted message. In November, coinciding with its 30th anniversary, the secret may be revealed.
Sanborn’s original drafts and proof-of-concept prototype will be auctioned, expected to fetch between $300,000 and $500,000. The package includes the original plaintext of the message, scale models, and coding charts used for encryption.
Crypto enthusiasts have deciphered three of the four panels, uncovering cryptic messages that may hint at a fifth riddle yet to be discovered. Whoever wins the auction is under no obligation to disclose the sculpture’s secrets.
“One bidder will acquire what Sanborn alone has possessed since 1990: the complete solution to Kryptos,” RR Auctions stated. “While the copper sculpture will remain forever at Langley, its greatest secret passes to a new guardian.” ®
For more details, visit the source: The Register
