2021, Scams and Web Fraud - Cyber Security Informer

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. ” One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month. “On Twitter, more spam and crypto scam.”

Scams

Scams DDOS Cryptocurrency Accountability

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

AUGUST 4, 2022

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. But my mom went over to the neighbor’s house and they saw it for what it was — a scam.”

Banking

Banking Scams Accountability Passwords

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

We don’t know much about the source of the November 2021 incident, other than GoDaddy’s statement that it involved a compromised password, and that it took about two months for the company to detect the intrusion. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking

Hacking Social Engineering Phishing Scams

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Krebs on Security

OCTOBER 9, 2023

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. A different domain with that same Google Analytics code that was registered in 2021 is peraltansepeda[.]com Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly.

Phishing

Phishing Scams Passwords Web Fraud

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

Urlscan also found this phishing scam from Jan. More recently in late 2021, Jeremy Fuchs of Avanan wrote that the use of a LinkedIn URL may mean that any profession — the market for LinkedIn — could click. Here’s one example from Jan. A recent phishing site that abused LinkedIn’s marketing redirect.

Phishing

Phishing Marketing Scams Accountability

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. 16Shop documentation instructing operators on how to deploy the kit. Image: ZeroFox.

Phishing

Phishing Passwords Internet Internet

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Scams

Scams Banking Passwords Authentication

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

” The administrator of Breached is “ Pompompurin ,” the same individual who alerted this author in November 2021 to a glaring security hole in a U.S. ” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams.

Data breaches

Data breaches Banking Cybercrime Marketing

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). 2021 post about the change. Image: Cloudflare.com. ”

Mobile

Mobile Phishing Authentication Accountability

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. ” Ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

According to Russian prosecutors, the scam went like this: Consumers would receive an SMS with links to sites that falsely claimed a number of well-known companies were sponsoring drawings and lotteries for people who enrolled or agreed to answer surveys. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

” The service charged 20 percent of all “scam wires,” unauthorized wire transfers resulting from bank account takeovers or scams like CEO impersonation schemes. One ad from this user in 2016 offered a “China wire service” focusing on Western Union payments, where “all transfers are accepted in China.”

VPN

VPN Computers and Electronics Antivirus Software

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Scams Data breaches

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021.

Malware

Malware VPN Internet Internet

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Here’s what part of their current homepage looks like: The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys.

Malware

Malware Cybercrime Internet Internet

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). One of the groups that reliably posted “Tmo up!” ” messages to announce SIM-swap availability against T-Mobile customers also reliably posted “Tmo down!

Mobile

Mobile Phishing Authentication Advertising

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period.

Accountability

Accountability Authentication Passwords Hacking

Cyber Security Informer

Interview With a Crypto Scam Investment Spammer

Scammers Sent Uber to Take Elderly Lady to the Bank

Webinars

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

Phishers Spoof USPS, 12 Other Natl’ Postal Services

How Phishers Are Slinking Their Links Into LinkedIn

Karma Catches Up to Global Phishing Service 16Shop

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

When Efforts to Contain a Data Breach Backfire

How 1-Time Passcodes Became a Corporate Liability

Double-Your-Crypto Scams Share Crypto Scam Host

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

A Deep Dive Into the Residential Proxy Service ‘911’

SSNDOB marketplace shut down by global law enforcement operation

Who and What is Behind the Malware Proxy Service SocksEscort?

No SOCKS, No Shoes, No Malware Proxy Services!

Service Rents Email Addresses for Account Signups

Massive Losses Define Epidemic of ‘Pig Butchering’

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Stay Connected