Authentication, Mobile and Web Fraud - Cyber Security Informer

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Countless websites and online services use SMS text messages for both password resets and multi-factor authentication.

Mobile

Mobile Phishing Authentication Advertising

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Authentication Accountability

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile

Mobile Phishing Authentication Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens. Image: Intel 471.

Passwords

Passwords Mobile Authentication Banking

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla.,

Social Engineering

Social Engineering Mobile Cybercrime Passwords

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

Passwords

Passwords Phishing Accountability Mobile

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Many companies now require employees to supply a one-time password — such as one sent via SMS or produced by a mobile authenticator app — in addition to their username and password when logging in to company assets online. The key works without the need for any special software drivers.

Hacking

Hacking Social Engineering Phishing Scams

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. That’s just too risky for the attackers, he said.

Mobile

Mobile Cryptocurrency Accountability Passwords

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Any accounts that you value should be secured with a unique and strong password, as well the most robust form of multi-factor authentication available. Usually, this is a mobile app that generates a one-time code, but some sites like Twitter and Facebook now support even more robust options — such as physical security keys.

Accountability

Accountability Hacking Media Mobile

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

For example, in its latest transparency report mobile giant Verizon reported receiving 114,000 data requests of all types from U.S. The most recent transparency report published by T-Mobile says the company received more than 164,000 “emergency/911” requests in 2020 — but it does not specifically call out EDRs.

Mobile

Mobile Government Media Technology

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Clearly, Experian found it simpler to respond this way, rather than acknowledging the problem and addressing the root causes (lazy authentication and abhorrent account recovery practices). It’s also worth mentioning that reports of hijacked Experian.com accounts persisted into late 2022. One final note.

Identity Theft

Identity Theft Accountability Authentication Web Fraud

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

As it turned out, calling the phone number on the back of the credit card from the phone number linked with the card provided the most recent transactions without providing any form of authentication.” “I was appalled that Citi would do that. The company has not yet responded to requests for comment.

Scams

Scams Banking Accountability Financial Services

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

Look carefully, and you’ll notice small dots beneath the “a” and the second “e” You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.

Malware

Malware Banking Phishing DDOS

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO’s name, and that the application included a contact email address that they controlled — but also the CEO’s real mobile phone number. “I wasn’t expected to be approve[d].”

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts. To automatically populate the appropriate credentials at any website going forward, you simply authenticate to LastPass using your master password.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S.

Government

Government Accountability Education Media

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. to shore up their authentication efforts, with six more states under contract to use the service in the coming months.

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Recycle Your Phone, Sure, But Maybe Not Your Number

Webinars

Trending Sources

How 1-Time Passcodes Became a Corporate Liability

Webinars

The Rise of One-Time Password Interception Bots

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

How Coinbase Phishers Steal One-Time Passwords

When Low-Tech Hacks Cause High-Impact Breaches

Busting SIM Swappers and SIM Swap Myths

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Identity Thieves Bypassed Experian Security to View Credit Reports

Would You Have Fallen for This Phone Scam?

Disneyland Malware Team: It’s a Puny World After All

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

How $100M in Jobless Claims Went to Inmates

Stay Connected