A warning has been issued by UK watchdogs of a rise in clone company scams targeting those looking for investment opportunities to recover financially from COVID-19.

On Wednesday, the UK’s National Crime Agency (NCA) and Financial Conduct Authority (FCA) issued an alert to the public concerning “clone company” scams which appear to be claiming not only novice investors but also veteran players in the market.
The FCA says that these forms of scams are on rise, with increased rates reported since the UK went into its first lockdown during March 2020. 
In total, investors have lost over £78 million ($107m), a figure which is likely to continue to rise. Average losses are reported as £45,242 per victim, according to Action Fraud research.
Clone company investment scams go beyond typical phishing emails or dubious social media links promising an immediate return on your cash. Fraudsters use the same name, address, and Firm Reference Number (FRN) issued to authorized investment companies by the FCA and then during phishing, social media, and cold-call messages they send sales materials containing links to legitimate company websites. 
However, the masquerade only goes so far: once trust is established, investors are hoodwinked into parting with funds intended for the legitimate company, only for their money to go straight into the coffers of scam artists. 
It may not seem all that different from typical phishing campaigns, but this form of investment fraud technique is not as well-known as it should be. In an FCA survey, 75% of investors said they felt confident enough to spot a scam — but 77% did not know or were unsure of what a clone investment company was. 

“A clone firm scam can target anyone, they are usually smart fraudsters who often present opportunities which look very tempting indeed,” commented Watchdog presenter Matt Allwright. “When considering your next investment, make sure you only ever use the details listed on the FCA Register, and think about getting impartial advice before going ahead.”
The NCA recommends that traders reject all unsolicited investment offers whether made online, through social media, or through the phone, and to check both the FCA Register and warning list — as well as any telephone numbers associated with entities — before signing up for financial products. It is also worth seeking independent advice before taking the plunge in a new investment opportunity. 
Clone company scams that dupe even seasoned investors can be difficult to detect, but this is not the only form of financial fraud that has exploded online since the start of the pandemic. 
Earlier this month, Interpol warned of a flurry of investment scams taking over dating applications. “Matches” work to obtain a potential victim’s trust and then begin to peddle a fake investment opportunity, encouraging them to join and promising to help them on their way to make a fortune. 
Once the victim has parted with their cash, the match vanishes and they are locked out of their fake ‘investment’ account. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Kerry Wan/ZDNETUsually, whenever a new feature comes out for Windows, Microsoft advertises it widely in a blog post to let everyone know. Or if they don’t, people discover the feature soon after an update. However, a helpful feature sometimes slips through the cracks, only to be unearthed years later.Also: Hate Windows 11? Here’s how you can make it work more like Windows 10That was my reaction when I found this obscure Emergency Restart method for Windows 11 after stumbling across a post on the Sysadmin subreddit. Reddit user ‘-Steets-‘ shared the information in 2022, although other commenters claim the method was present on Windows XP, which came out over 20 years ago.To access Emergency Restart, press the CTRL + ALT + DEL keys on your Windows PC — a pretty normal action. However, this time, hold down the CTRL key and click the power button in the bottom-right corner of the screen. More

Image via Iconfinder
Cyber-criminals have created a new type of web malware that hides inside images used for social media sharing buttons in order to steal credit card information entered in payment forms on online stores.
The malware, known as a web skimmer, or Magecart script, was spotted on online stores in June and September this year by Dutch security firm Sanguine Security (SangSec).
While this particular form isn’t widely deployed, its discovery suggests that Magecart gangs are constantly evolving their bag of tricks.
Steganography and malware attacks
At the technical level, this particular script uses a technique known as steganography. Steganography refers to hiding information inside another format (i.e., text inside images, images inside videos, etc.).
In the world of malware attacks, steganography is typically employed as a way to sneak malicious code past security scanners by placing the bad code inside seemingly innocent files.
Over the past years, the most common form of steganography attacks has been to hide malicious payloads inside image files, usually stored in PNG or JPG formats.
Malware gangs would add the malicious code inside the image, the image would be downloaded on a host system, extracted by another of the malware gang’s components, and then executed.

In the world of web-based skimmers (Magecart scripts), steganography works because most web skimmers are typically hidden in JavaScript code and not inside image files.
However, the technique has slowly been seeing some adoption among web skimmer gangs, with past steganographic attacks using site logos, product images, or favicons to hide payloads.
Malicious code hidden in SVG images
But as steganography use grew, security firms also started looking and analyzing image files as a place they could find irregularities or hidden web skimmer payloads.
The interesting detail in these recent attacks is that the malicious code wasn’t hidden inside PNG or JPG files but in SVG files, a type of image file for loading vector-based images.
Vector images load and drawn grahics with the help of coordinates and mathematical functions, and they’re a text-based format, rather than a binary format, which, in theory, would make the detection of malicious payloads even easier than with PNG and JPG files.
However, SangSec says the threat actors were very clever when they designed their payload.
“The malicious payload assumes the form of an HTML < svg > element, using the < path > element as a container for the payload. The payload itself is concealed utilizing syntax that strongly resembles correct use of the < svg > element,” SangSec said in a report last week.
“While skimmers have added their malicious payload to benign files like images in the past, this is the first time that malicious code has been constructed as a perfectly valid image. The result is that security scanners can no longer find malware just by testing for valid syntax,” the company added.
SangSec said it found malware gangs testing this technique in June, and on live e-commerce sites in September, with the malicious payload hidden inside social media sharing icons for sites like Google, Facebook, Twitter, Instagram, YouTube, and Pinterest.
On infected stores, once users accessed the checkout page, a secondary component (called a decoder) would read the malicious code hidden inside the social sharing icons and then load a keylogger that recorded and exfiltrated card details entered in the payment form.
User protections
End users have very few options available at their disposal when it comes to web skimmer attacks, as this type of code is usually invisible to them and extremely hard to detect, even for professionals.
Furthermore, users shopping on a site have no way at their disposal to know how secure a site really is, and if the store owner invests in security at all.
The simplest way shoppers can protect themselves from web skimmer attacks is to use virtual cards designed for one-time payments.
These cards are currently provided by some banks or payment apps, and they’re currently the best way to deal with web-based skimming as even if attackers manage to record transaction details, the card data is useless as it was generated for one transaction only. More

<!–> Weiquan Lin/Getty Images For the most part, ordinary Linux users don’t know what curl is. Programmers and system administrators know the utility well, though.  This shell command and its associated library, libcurl, is used to transfer data over every network protocol you’ve ever heard of, and it’s used in desktops, servers, clouds, cars, television […] More

Image: Hinterhaus Productions/ GETTY Google says it uses Linux in “almost everything” from Chromebooks to the cloud. Now it is increasing its rewards for security researchers who can spot flaws in the open-source operating system. Since 2020, Google has run an open-source Kubernetes-based Capture-the-Flag (CTF) project called kCTF which allows researchers to connect to its […] More