2020, Scams and Web Fraud - Cyber Security Informer

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. ” One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. ” The incident Jim described happened in late January 2020, and Citi may have changed its procedures since then. “I was appalled that Citi would do that.

Scams

Scams Banking Accountability Financial Services

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking

Hacking Social Engineering Phishing Scams

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

AUGUST 4, 2022

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. But my mom went over to the neighbor’s house and they saw it for what it was — a scam.”

Banking

Banking Scams Accountability Passwords

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Krebs on Security

JANUARY 29, 2022

The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. But by the spring of 2020, it was clear that Devos and others involved in the shipping project had been tricked, and that all the money which had been paid to Bernard — an estimated NOK 15 million (~USD $1.67

Scams

Scams Technology Web Fraud

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. 2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. The U-Admin phishing panel interface.

Phishing

Phishing Scams Banking Mobile

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. 16Shop documentation instructing operators on how to deploy the kit. Image: ZeroFox.

Phishing

Phishing Passwords Internet Internet

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability

Accountability Passwords Advertising Phishing

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. . “Is there one person from our community that think sending cease and desist letter to a hackers forum operator is a good idea?,” “Who does it?

Data breaches

Data breaches Banking Cybercrime Marketing

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). Image: Cloudflare.com. 2021 post about the change. 2021 post about the change. ”

Mobile

Mobile Phishing Authentication Accountability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software. As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

Most online retailers years ago stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. For example, reshipping scams have over the years become easier for both reshipping mule operators and the mules themselves.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

In 2018, KrebsOnSecurity examined a huge network of phishing sites masquerading as the top carding stores which all traced back to a web development group in Pakistan that’s apparently been stealing from thieves for years. After all, nobody who gets phished or scammed is going to report the crime to the authorities.

Phishing

Phishing Cybercrime Accountability Advertising

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

Last year, researchers at Minerva Labs spotted the botnet being used to blast out sextortion scams. Before that, the resume says he was operations manager of TikTok’s Middle East and North Africa region for approximately seven months ending in April 2020. million from private investors.

Accountability

Accountability Advertising Marketing Malware

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period.

Accountability

Accountability Authentication Passwords Hacking

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. A new report (PDF) from the Labor Department’s Office of Inspector General (OIG) found that from March through October of 2020, some $3.5

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

Interview With a Crypto Scam Investment Spammer

Would You Have Fallen for This Phone Scam?

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

Scammers Sent Uber to Take Elderly Lady to the Bank

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Karma Catches Up to Global Phishing Service 16Shop

Malicious Office 365 Apps Are the Ultimate Insiders

When Efforts to Contain a Data Breach Backfire

How 1-Time Passcodes Became a Corporate Liability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Double-Your-Crypto Scams Share Crypto Scam Host

How Cybercriminals are Weathering COVID-19

Phishing Sites Targeting Scammers and Thieves

Who’s Behind the Botnet-Based Service BHProxies?

Service Rents Email Addresses for Account Signups

The Life Cycle of a Breached Database

Gift Card Gang Extracts Cash From 100k Inboxes Daily

How $100M in Jobless Claims Went to Inmates

Stay Connected