Strategic Revenue – Domain and Internet News

Tag: Fraud

  • Aflac Hit by Sophisticated Cyberattack: What Victims, Businesses Need to Know

    Aflac Hit by Sophisticated Cyberattack: What Victims, Businesses Need to Know

    Aflac
    If your business works with insurers or handles personal data, a proactive cybersecurity posture – multi-layered defenses, staff training, and incident readiness – is critical. File photo: T. Schneider, licensed.

    COLUMBUS, GA – Aflac Incorporated, a leading supplemental insurance provider, disclosed that its U.S. systems suffered a cyberattack on June 12, 2025, potentially exposing sensitive customer data. The breach was quickly contained, but it may have compromised claims information, health records, Social Security numbers, and other personal identifiers.

    What We Know So Far

    • Aflac identified unauthorized activity on its U.S. network and triggered its incident response protocols, halting the intrusion within hours.
    • The attack did not involve ransomware, and Aflac’s business functions – claims processing, underwriting, customer service – remained fully operational.
    • The intrusion appears to be part of a larger wave of cyberattacks on insurance firms, potentially orchestrated by the Scattered Spider hacking collective, known for deploying advanced social engineering tactics.

    Potential Data Exposure

    • Aflac is reviewing impacted files which may include:
      • Health insurance claims and medical records
      • Social Security numbers
      • Personal and demographic data tied to customers, beneficiaries, employees, and agents.
    • The full scope and number of affected individuals remain unknown due to ongoing investigation

    Aflac’s Response

    • The company immediately engaged third-party cybersecurity experts to assist with investigation and containment efforts.
    • A dedicated support line has been opened (1‑855‑361‑0305), where affected individuals can request 24 months of free credit monitoring, identity theft protection, and Medical Shield coverage.

    Broader Industry Implications

    • Aflac is the latest casualty in a wave of targeted cyberattacks affecting insurers – Philadelphia Insurance Companies and Erie Insurance were similarly breached just days earlier.
    • Experts warn that social engineering – where attackers impersonate legitimate personnel to trick employees into granting network access – is the primary tactic used by groups like Scattered Spider.
    • The Wall Street Journal has described this group’s activity as putting insurers “under siege,” calling for stronger layered cybersecurity defenses and vigilant staff training.

    What Affected Individuals Can Do Now

    1. Contact Aflac’s call center to enroll in the offered protection services.
    2. Freeze your credit with Equifax, TransUnion, and Experian to prevent fraud.
    3. Monitor accounts and statements regularly for unusual activity.
    4. Be alert to phishing attempts, particularly communications masquerading as Aflac or related to this incident.
    5. Enable strong password practices and MFA on all online accounts.

    Why This Matters

    This incident underscores how deeply disruptive – and potentially costly – non-ransomware attacks can be for firms that handle sensitive data. Social engineering attacks, in particular, are stealthy and hard to detect. If your business works with insurers or handles personal data, a proactive cybersecurity posture – multi-layered defenses, staff training, and incident readiness – is critical.

  • Bots, Ad Networks & Fake Lead Form Fills; Phones Don’t Work, Emails Bounce

    Bots, Ad Networks & Fake Lead Form Fills; Phones Don’t Work, Emails Bounce

    Google's Display Network (GDN) and Microsoft's Audience Network (MSAN) both serve ads across a vast number of websites, apps, and video content. While both companies have robust fraud detection systems in place, bot traffic and fraudulent interactions can occur within these networks. File photo: PixieMe, licensed.
    Google’s Display Network (GDN) and Microsoft’s Audience Network (MSAN) both serve ads across a vast number of websites, apps, and video content. While both companies have robust fraud detection systems in place, bot traffic and fraudulent interactions can occur within these networks. File photo: PixieMe, licensed.

    WEST PALM BEACH, FL –  Have you recently noticed your lead forms being filled out with fake information, phone numbers that don’t work and/or email addresses that bounce back? Google’s Display Network (GDN) and Microsoft’s Audience Network (MSAN) both serve ads across a vast number of websites, apps, and video content. While both companies have robust fraud detection systems in place, bot traffic and fraudulent interactions can occur within these networks.

    Here’s how:

    1. Presence of Bots in Ad Networks

    • Automated Clicks & Impressions: Some websites that monetize via Google AdSense or Microsoft’s Ad Monetization program may generate artificial traffic through bots to inflate revenue.
    • Fake Form Submissions: While Google and Microsoft take measures to detect invalid activity, bad actors still deploy click farms and automated bots that interact with ads, sometimes filling out forms.

    2. Why Would Bots Fill Out Forms?

    • Affiliate & Lead Fraud: Some publishers may use bots to fill out forms, generating fake leads that they get paid for.
    • Competitor Sabotage: Competitors may try to exhaust your ad budget by triggering lead form conversions that aren’t genuine.
    • Scraping & Data Collection: Some bots might fill out forms to gain access to gated content or extract information.

    3. Google & Microsoft’s Fraud Prevention Efforts

    Both platforms use machine learning, IP tracking, and behavioral analysis to block bot traffic. However:

    4. How to Minimize Bot Traffic in Your Campaigns

    • Use reCAPTCHA or hCaptcha on lead forms.
    • Track Traffic Sources via UTM parameters and analytics tools.
    • Enable Conversion Tracking that verifies real user behavior (e.g., email confirmation).
    • Exclude Suspicious Placements (websites with extremely high CTRs but no real engagement).
    • Use IP Blocking to stop repeated form submissions from the same source.

    Bots can interact with ad-driven forms on both Google and Microsoft’s networks, but both companies work actively to reduce this fraud. To further protect your campaigns, implementing additional verification steps is recommended.

    Would it minimize fake leads to opt out of display traffic and only enable search ads?

    The altrnative would be to opt-out of display traffic and running only search ads which can significantly reduce fake leads, but it doesn’t eliminate the risk entirely.

    Here’s why:

    Why Search Ads Have Less Bot Traffic than Display Ads

    1. User Intent:
      • Search ads target users who are actively searching for keywords related to your business, making them more likely to be real people.
      • Display ads appear on a wide range of websites, many of which rely on ad revenue—some sites use bots to generate artificial clicks and engagements.
    2. Less Exposure to Fraudulent Sites:
      • Display ads are placed across millions of websites, including low-quality sites where bot traffic is more common.
      • Search ads only appear on search engine results pages (SERPs), where bot interactions are much rarer.
    3. Better Audience Targeting:
      • With search ads, you’re reaching users based on what they are actively looking for.
      • Display ads often rely on interest-based targeting, which can expose them to fraud-prone networks.

    Will Search Ads Eliminate Fake Leads?

    While search ads minimize bot activity, they do not eliminate fake leads completely because:

    • Competitors or bad actors can still click your ads and fill out forms.
    • Some automated lead-gen bots scrape search results and submit fake forms.
    • Click farms (used for click fraud) can still interact with search ads, although they are more common on display.

    How to Further Reduce Fake Leads in Search Ads

    If you switch to search-only campaigns, here are additional ways to filter out low-quality leads:

    1. Enable Manual Bidding or Enhanced CPC
      • Automated bidding strategies like Maximize Conversions can sometimes favor volume over quality.
    2. Use Negative Keywords
      • Filter out terms like “free,” “cheap,” or unrelated searches that attract unqualified users.
    3. Set Up Conversion Tracking
      • Ensure you track meaningful actions like verified email sign-ups or phone calls instead of just form fills.
    4. Use Lead Verification Services
      • Services like Clearbit, NeverBounce, or EmailListVerify help detect fake emails.
    5. Implement reCAPTCHA
      • Add Google reCAPTCHA v3 to your forms to block bots.

    Final Recommendation

    ✔ Disable display ads and focusing on search ads will likely reduce fake leads.
    ✔ However, to maximize quality, use additional verification measures to further protect your campaign from bad leads.

  • FEDs Seize 17 Domains Suspected of Being Used for Fraud in U.S. by North Korea

    FEDs Seize 17 Domains Suspected of Being Used for Fraud in U.S. by North Korea

    Message shown on some of the websites seized.
    Message shown on some of the websites seized.

    WASHINGTON, D.C. – On Wednesday, the United States Justice Department announced it has seized 17 website domains utilized by North Korean information technology (IT) workers to purportedly evade government sanctions, conduct cyberattacks and defraud U.S. businesses, with the millions of dollars in illicit proceeds generated from such activities being used to fund North Korea’s weapon development program. 

    The Justice Department confirmed in a statement that the website domains in question were seized on Tuesday via a federal court order issued in Missouri. 

    The reason the Justice Department cited for seizing the 17 domains stems from an allegation that the Democratic People’s Republic of Korea has a network of thousands of IT workers across the globe, many of them situated in China and Russia. Their goal, the Justice Department alleges, was to fraudulently present themselves as legitimate freelance IT workers to businesses in the United States and elsewhere by using false identities. Once hired, those workers’ revenue would end up contributing millions of dollars to directly fund North Korea’s weapons of mass destruction and ballistic missiles programs. 

    It is alleged that these workers, once firmly entrenched in their new jobs, would engage in intellectual property theft and cyberattacks upon the systems of the companies they worked for; in addition, many would also create fake websites for phishing campaigns and other illicit cyber activities. 

    An affidavit to support the seizure listed the domains as TWELVE (12) “.COM”; ONE (1) “.CLOUD”; ONE (1) “.INFO”; ONE (1) “.ASIA”; ONE (1) “.SERVICES”; and ONE (1) “.TECH”

    Companies listed in the affidavit are: Yanbian Silverstar, Eden Programming, Xinlu Science and Technology Co. Ltd and FoxySun Studios.

    The .com domains involved are: silverstarchina.com, edenprogram.com, xinlusoft.com, softdevsun.com, foxysun.com, foxysunstudios.com, foxysunstudio.com, thefoxesgroup.com, thefoxcloud.com, cloudfoxhub.com, mycloudfox.com, and cloudbluefox.com

    The alternative domains are danielliu.info, jinyang.asia, jinyang.services, ktsolution.tech, cloudfox.cloud.

    The use of false identities, according to Assistant Attorney General Matthew Olsen of the DOJ’s National Security Division, was a way to work around sanctions that had been put into place against known North Korean operatives. 

    The seizures announced today protect U.S. companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime’s weapons program,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The Department of Justice is committed to working with private sector partners to protect U.S. business from this kind of fraud, to enhance our collective cybersecurity and to disrupt the funds fueling North Korean missiles.”

    Today’s seizures exemplify our commitment to working with our federal and international partners to recognize and disrupt the threat from illicit actors working on behalf of the Democratic People’s Republic of Korea,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “These takedowns also serve as reminders to ensure that our private sector partners are equipped and prepared with due diligence measures to prevent the inadvertent hiring of these bad actors across American businesses. The FBI encourages U.S. companies to report suspicious activities, including any suspected DPRK IT worker activities, to your local FBI field office.”

    Employers need to be cautious about who they are hiring and who they are allowing to access their IT systems,” said U.S. Attorney Sayler A. Fleming for the Eastern District of Missouri. “You may be helping to fund North Korea’s weapons program or allowing hackers to steal your data or extort you down the line.”

    The Democratic People’s Republic of Korea has flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program. The seizing of these fraudulent domains helps protect companies from unknowingly hiring these bad actors and potentially damaging their business,” said Special Agent in Charge Jay Greenberg of the FBI St. Louis Division. “This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems.”

    The seized domains contained advertisements for internet and mobile development services and other IT services; many would list false locations in other countries like the U.S. and featured fake photos of employees. 

  • Lawyer Says, “Shadow Group” Setup Website Proposing Assassinations

    Lawyer Says, “Shadow Group” Setup Website Proposing Assassinations

    WASHINGTON, D.C. – A website that was online only a few days published the identities, including email and home addresses of various Republican and Democratic leaders as well as related employees of people the site claimed are responsible for “aiding and abetting the fraudulent election” against President Trump.

    The site, which has now disappeared, listed the personal details, including maps to the homes as well as headshots of the individuals inside crosshairs with an accompanying description of their alleged involvement in what remains a fictitious scheme to defraud Americans through voter fraud.

    https://web.archive.org/web/20201208164137/http://enemiesofthepeople.org/

    Included in the list, along with a contact form to provide information on any “new targets” were Gretchen Whitmer, Governor of Michigan, Gabriel Sterling, Voting Implementation Manager in Georgia, Stephen Sisolak, Governor of Nevada, Chris Krebs, Former Director CISA, Douglas Ducey Jr., Governor of Arizona, Geoffrey Duncan, Lieutenant Governor of Georgia, Nick Mantzios, Dominion employee, Nicole Nollette, customer service manager for Dominion, Stephen Owens, Managing Director, Staple Street Capital, Christopher Wray, Director, FBI, Douglas La Follette, Wisconsin Secretary of State, Kathleen Hobbs, Secretary of State of Arizona, Brian Kemp, Governor of Georgia, and Brad Raffensperger, Georgia Secretary of State.

    According to a spokesperson for the Federal Bureau of Investigation who spoke with The Daily Beast, the FBI is aware of the matter, but declined to comment further.

    Joe Slowik, a senior security researcher at DomainTools, a domain name data company, believes the now defunct site “enemiesofthepeople.org” was registered by individuals using the Russian email service Yandex, and the website’s IP servers were hosted in Russia, however, a threat intelligence researcher at ThreatConnect said that “publicly available information was insufficient to attribute the website to any foreign actor.”

    The site stated that its enemies would likely cause the site to go down and to follow updates on social media but those profiles are also wiped clean.

  • Feds Take Down First Coronavirus Scam Site

    Feds Take Down First Coronavirus Scam Site

    WASHINGTON, D.C. – The world’s first web site taken down of a fraudulent Coronavirus scam has taken place – and in record time. On Sunday, the US Department of Justice announced it had shut down a website in connection with COVID-19, the disease caused by 2019 Novel Coronavirus.

    The site, CoronavirusMedicalKit.com, promised visitors a free vaccine from the World Health Organization (WHO) and shoppers needed only to pay shipping costs of $4.95 to receive their cure, however, while drug trials will begin in New York state Tuesday, no known cure currently exists.

    The feds said this was the first website to be taken offline due to a Corona virus scam:

    The Department of Justice announced today that it has taken its first action in federal court to combat fraud related to the coronavirus (COVID-19) pandemic.  The enforcement action filed today in Austin against operators of a fraudulent website follows Attorney General William Barr’s recent direction for the department to prioritize the detection, investigation, and prosecution of illegal conduct related to the pandemic.

    The filing was also unique as it was able to shut down the website immediately while an investigation takes place.

    “In so doing, the government is employing a federal statute that permits federal courts to issue injunctions to prevent harm to potential victims of fraudulent schemes.”

    For the most up-to-date information on COVID-19, consumers should be visiting the Centers for Disease Control and Prevention (CDC) and WHO websites. The federal government has also launched its own Coronavirus site.