Krebs on Security

NOVEMBER 4, 2021

Louis Morton , a security professional based in Fort Worth, Texas, forwarded an SMS phishing or “smishing” message sent to his wife’s mobile device that indicated a package couldn’t be delivered. com — from a desktop web browser redirects the visitor to a harmless page with ads for car insurance quotes. .”

Phishing 313

Phishing Scams Mobile DNS 313

Krebs on Security

OCTOBER 13, 2021

In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

Passwords 348

Passwords Phishing Accountability Mobile 348

Krebs on Security

JUNE 22, 2023

Attempts to visit these domains with a web browser failed, but loading them in a mobile device (or in my case, emulating a mobile device using a virtual machine and Developer Tools in Firefox ) revealed the first stage of this smishing attack. The site would only load in a mobile browser.

Phishing 286

Phishing Retail Mobile Scams 286

Krebs on Security

MARCH 14, 2023

That story showed that the previous owner of the Doxbin also was part of a teenage hacking group that specialized in offering fake EDRs as a service on the dark web. KT, the current administrator of Doxbin, declined a request for comment on the charges.

Hacking 257

Hacking Government Media Accountability 257

Krebs on Security

APRIL 12, 2022

One incident described in an affidavit by prosecutors (PDF) appears related to the sale of tens of millions of consumer records stolen last year from T-Mobile , although the government refers to the victim only as a major telecommunications company and wireless network operator in the United States.

Identity Theft 231

Identity Theft Government Mobile Data breaches 231

Krebs on Security

MAY 22, 2023

A residential proxy generally refers to a computer or mobile device running some type of software that enables the system to be used as a pass-through for Internet traffic from others. Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app.

Scams 250

Scams DDOS Cryptocurrency Accountability 250

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing 277

Phishing Scams Banking Mobile 277

Krebs on Security

FEBRUARY 4, 2021

Usually, this is a mobile app that generates a one-time code, but some sites like Twitter and Facebook now support even more robust options — such as physical security keys. SIM swapping involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

Accountability 304

Accountability Hacking Media Mobile 304

Krebs on Security

APRIL 28, 2020

But in a phone interview with KrebsOnSecurity earlier this week, Jim made a call to Citi’s automated system from his mobile phone on file with the bank, and I could hear Citi’s systems asking him to enter the last four digits of his credit card number before he could review recent transactions.

Scams 359

Scams Banking Accountability Financial Services 359

Krebs on Security

AUGUST 25, 2021

In those cases, the plaintiffs have sought to extract compensation for their losses from the mobile phone companies — but so far those lawsuits have largely failed to yield results and are often pushed into arbitration.

Cryptocurrency 341

Cryptocurrency Malware Mobile Accountability 341

Krebs on Security

AUGUST 18, 2022

It’s no accident that one of the most prolific scams going right now — the Zelle Fraud Scam — starts with a text message about an unauthorized payment that appears to come from your bank.

Scams 321

Scams Phishing Accountability Software 321

Krebs on Security

SEPTEMBER 28, 2021

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.

Mobile 326

Mobile Phishing Malware Software 326

Security Boulevard

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Wireless 52

Wireless Mobile Financial Services Passwords 52

Krebs on Security

JUNE 21, 2023

Most of the two-dozen domains registered to pepyak@gmail.com shared a server at one point with a small number of other domains, including mobile-soft[.]su DomainTools found that virtually all of the 15 domain names registered to gumboldt@gmail.com (including the aforementioned mobile-soft[.]su) DomainTools says thelib[.]ru

Malware 226

Malware Antivirus Cybercrime Hacking 226

Krebs on Security

DECEMBER 13, 2022

USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO’s name, and that the application included a contact email address that they controlled — but also the CEO’s real mobile phone number. “I wasn’t expected to be approve[d].”

Hacking 362

Hacking Energy and Utilities Cybercrime Accountability 362

Krebs on Security

JULY 25, 2023

And a great many of these “proxy” networks are marketed primarily to cybercriminals seeking to anonymize their traffic by routing it through an infected PC, router or mobile device. “The best way to secure the transmissions of your mobile device is VPN,” reads HideIPVPN’s description on the Apple Store.

Malware 209

Malware VPN Internet Internet 209

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S.

Government 265

Government Accountability Education Media 265

Krebs on Security

FEBRUARY 26, 2023

Many companies now require employees to supply a one-time password — such as one sent via SMS or produced by a mobile authenticator app — in addition to their username and password when logging in to company assets online.

Hacking 275

Hacking Social Engineering Phishing Scams 275

Security Boulevard

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S.

Mobile 52

Mobile Media Government Accountability 52

Krebs on Security

NOVEMBER 16, 2022

Look carefully, and you’ll notice small dots beneath the “a” and the second “e” You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.

Malware 279

Malware Banking Phishing DDOS 279

Krebs on Security

NOVEMBER 17, 2020

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device.

Antivirus 343

Antivirus Advertising Internet Internet 343

Krebs on Security

JANUARY 13, 2020

Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.

Phishing 212

Phishing Scams Mobile Encryption 212

Security Boulevard

SEPTEMBER 28, 2021

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the Airtag has been set to lost mode.

Mobile 52

Mobile Phishing Web Fraud 52

Krebs on Security

AUGUST 9, 2021

This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hacker slang to refer to a “carder,” or a person who regularly engages in street-level credit card fraud. Like Mitch.

Phishing 355

Phishing Cybercrime Accountability Advertising 355

Krebs on Security

JANUARY 9, 2023

The bureaus pitch these credit lock services as a way for consumers to easily toggle their credit file availability with push of a button on a mobile app, but they do little to prevent the bureaus from continuing to sell your information to others. My advice: Ignore the lock services, and just freeze your credit files already.

Identity Theft 334

Identity Theft Accountability Authentication Web Fraud 334

Krebs on Security

MARCH 17, 2020

He’s then instructed to take the remainder of the funds to a Bitcoin ATM and scan an emailed QR code with his mobile phone. .” What happens next is the employee then receives an electronic transfer of money into his bank account, is asked to withdraw the cash, and to keep 150 Canadian dollars for himself.

Banking 342

Banking Scams Accountability Healthcare 342

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. That’s just too risky for the attackers, he said.

Mobile 241

Mobile Cryptocurrency Accountability Passwords 241

Krebs on Security

APRIL 27, 2022

For example, in its latest transparency report mobile giant Verizon reported receiving 114,000 data requests of all types from U.S. The most recent transparency report published by T-Mobile says the company received more than 164,000 “emergency/911” requests in 2020 — but it does not specifically call out EDRs.

Mobile 191

Mobile Government Media Technology 191

Krebs on Security

SEPTEMBER 5, 2023

Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts. Monahan said virtually all of the victims she has assisted were longtime cryptocurrency investors, and security-minded individuals.

Cryptocurrency 351

Cryptocurrency Passwords Encryption Accountability 351

Krebs on Security

SEPTEMBER 4, 2022

But these more “hands-on” and first person attacks are becoming increasingly common within certain cybercriminal communities, particularly those engaged in SIM swapping , a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.

Government 57

Government Accountability Cryptocurrency Web Fraud 57

Security Boulevard

APRIL 12, 2022

The DOJ also charged the alleged administrator of RaidForums -- 21-year-old Diogo Santos Coelho, of Portugal -- with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.

Identity Theft 52

Identity Theft Data breaches Cybercrime Web Fraud 52

Krebs on Security

APRIL 16, 2020

Subdomains can not only make phishing domains appear more legitimate , but they also tend to lengthen the domain so that key parts of it get pushed off the URL bar in mobile browsers.

Cyber threats 291

Cyber threats Phishing Data collection Government 291

Krebs on Security

JULY 21, 2022

“It’s important to be able to mobilize quickly and know how to freeze and seize crypto and get it back to its rightful owner,” West said. “We definitely have made seizures in cases involving pig butchering, but we haven’t gotten that back to the rightful owners yet.”

Scams 306

Scams Cryptocurrency Marketing Internet 306

Krebs on Security

OCTOBER 25, 2018

Earlier this month, Tokazowski was given the JD Falk award by the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) for his efforts in building and growing the BEC List (loyal readers here may recognize the M3AAWG name: KrebsOnSecurity received a different award from M3AAWG in 2014 ).

Scams 190

Scams Accountability Media Banking 190

Krebs on Security

MARCH 22, 2023

In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device. . However, Google Play is not available to consumers in China.

Malware 270

Malware eCommerce Mobile Media 270

Krebs on Security

FEBRUARY 25, 2021

requires applicants to supply a great deal more information than previously requested by the states, such as images of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service. To screen out fraudsters, ID.me

Scams 314

Scams Insurance DDOS Authentication 314