Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams 335

Scams Malware Cryptocurrency Hacking 335

The Last Watchdog

AUGUST 21, 2023

Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique. Victims of the Bank of America scam have shared their experiences, shedding light on the deceptive tactics employed by these fraudsters.

Scams 189

Scams Banking Accountability Authentication 189

Malwarebytes

DECEMBER 28, 2023

In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. Topical scams, on the other hand, are simpler. OBN Brandon’s trick is almost always the same.

Scams 111

Scams Accountability Social Engineering Small Business 111

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Retail 273

Retail Advertising Cryptocurrency Marketing 273

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million in 2023.

Phishing 81

Phishing Banking Scams Mobile 81

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Deepfake scams will escalate, with threat actors using AI to create convincing impersonations of executives, risking personal and corporate brands. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Troy Hunt

SEPTEMBER 10, 2023

After recording this video, someone also pointed out that the data is already being abused in a pretty traceable fashion: @troyhunt not sure if this is particularly useful but I just received this scam attempt.

Data breaches 300

Data breaches Scams Accountability 300

Malwarebytes

SEPTEMBER 25, 2024

Romance scams continue to plague users, but their costs have risen to staggering heights, according to a Malwarebytes survey carried out last month via our weekly newsletter. However, with the return to in-person gatherings, our survey results show romance scams have hardly petered out. They conduct research, and follow a playbook.

Scams 142

Scams Media Cryptocurrency Internet 142

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ. In January 2024, U.S.

Cybercrime 108

Cybercrime Identity Theft Cryptocurrency Phishing 108

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 86

Small Business Cybersecurity Passwords Scams 86

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. million detections compared to 5.04

Phishing 132

Phishing Banking Mobile Scams 132

Krebs on Security

MARCH 28, 2024

They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information.

Phishing 314

Phishing Scams Accountability Passwords 314

Security Affairs

NOVEMBER 25, 2024

Thai authorities uncovered call center gangs using fake “02” numbers to deceive citizens into scams and fraudulent investments, generating over 700 million calls. Thai cyber police uncovered three companies using SIP Trunk technology to operate fake “02” numbers, generating 730 million scam calls.

Mobile 121

Mobile Scams Technology Telecommunications 121

SecureList

NOVEMBER 28, 2022

Although the main types of threats (phishing, scams, malware, etc.) Below, we present a number of key ideas about what the consumer-oriented threat landscape will look like in 2023, and describe how users could be lured into cybertraps with fake content and third-party apps. 2023 promises a wealth of new releases.

Education 135

Education Phishing Scams Social Engineering 135

SecureWorld News

MAY 14, 2025

billion in reported losses, a 33% increase from 2023, underscoring the escalating threat landscape faced by individuals and organizations alike. This demographic was frequently targeted by tech support scams, romance scams, and crypto investment frauds. The report highlights a staggering $16.6 billion in losses.

Cybercrime 72

Cybercrime Scams Internet Internet 72

Malwarebytes

DECEMBER 4, 2024

billion in 2023. Here’s what to look out for: Pig butchering scams. We have discussed the workings of pig butchering scams several times. Once the conversation starts, the scammer will slowly move to the subject of interesting “investments” with the goal of cleaning out your accounts. Advance fee scams.

Scams 115

Scams Cryptocurrency Accountability Password Management 115

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. For example, when it was registered through NameSilo in July 2023, the domain 1ox[.]us US phishing domains.

Phishing 335

Phishing Telecommunications Malware Scams 335

Krebs on Security

APRIL 10, 2025

The moniker “Smishing Triad” comes from Resecurity , which was among the first to report in August 2023 on the emergence of three distinct mobile phishing groups based in China that appeared to share some infrastructure and innovative phishing techniques. Image: Ford Merrill. Image: Prodaft.

Phishing 245

Phishing Banking Mobile Retail 245

The Hacker News

MAY 29, 2024

million through business email compromise (BEC) schemes and romance scams. Malachi Mullings, 31, of Sandy Springs, Georgia pleaded guilty to the money laundering offenses in January 2023. According to court documents, Mullings is said to have opened 20 bank accounts in the name of

Scams 124

Scams Banking Accountability 124

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. ” In February 2023, Hegel co-authored a report on this same network, which Sentinel One has dubbed MalVirt (a play on “malvertising”). million advertiser accounts.

Software 325

Software Advertising Malware Accountability 325

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. emphasized collective action and individual accountability. Protect IT."

Cybersecurity 149

Cybersecurity Cyber threats Authentication Phishing 149

SecureList

MAY 27, 2024

Ways to deceive message board users There are two main types of message board scams. This type of fraud is known as scam 1.0 or a buyer scam , because the attacker poses as the seller to deceive the buyer. This is known as scam 2.0 or a seller scam , because the attacker deceives the seller posing as the buyer.

Scams 126

Scams Phishing Accountability Banking 126

SecureList

NOVEMBER 6, 2023

The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 In this report, we provide our insights into the gaming-related threat landscape in 2023. Introduction and trends The gaming industry continues growing. percent more than last year.

Mobile 141

Mobile Phishing Accountability Scams 141

SecureList

MARCH 3, 2025

Adware, the most common mobile threat, accounted for 35% of total detections. In August 2024, researchers at ESET described a new NFC banking scam discovered in the Czech Republic. This was below the 2023 figure, but the difference was smaller than the year before. Verdict %* 2023 %* 2024 Difference in p.p. A total of 1.1

Mobile 114

Mobile Malware Adware Banking 114

SecureList

JULY 5, 2023

A typical phishing scam aimed at a hot wallet user works as follows: hackers send email messages addressed as coming from a well-known crypto exchange and requesting the user to confirm a transaction or verify their wallet again. Connection to the WebSocket address Next, the user is offered to enter the address of their XRP account.

Scams 129

Scams Phishing Cryptocurrency Social Engineering 129

SecureList

FEBRUARY 26, 2024

The data for years preceding 2023 may differ from that published previously, as the calculation methodology was refined, and the data was retrospectively revised in 2023. The year in figures According to Kaspersky Security Network, in 2023: Our solutions blocked almost 33.8 million malware, adware, and riskware attacks.

Mobile 135

Mobile Malware Adware Banking 135

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability 134

Accountability Hacking Cryptocurrency Cybersecurity 134

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. In September, they had a staggering 53 victims.

Ransomware 136

Ransomware Social Engineering Backups Engineering 136

Krebs on Security

FEBRUARY 28, 2024

The profile also linked to Mr. Lee’s Twitter/X account , which features the same profile image. Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link. ” Image: SlowMist.

Malware 332

Malware Cryptocurrency Software Phishing 332

Krebs on Security

AUGUST 4, 2023

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing 245

Phishing Scams Computers and Electronics Software 245

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. Importantly, the attack methods here are not new. But sometimes the AI pushes back.

Artificial Intelligence 143

Artificial Intelligence Small Business Malware Technology 143

Malwarebytes

SEPTEMBER 13, 2023

They can do this becasue alongside the password vaults that were stolen, criminals also made off with customers' email addresses, as well as " basic customer account information", company names, end-user names, billing addresses, telephone numbers, and IP addresses. For us, data security is paramount.

Phishing 143

Phishing Accountability Passwords Password Management 143

SecureList

JUNE 26, 2023

In this report, we have analyzed the key threats to small and medium-sized companies in 2022 and 2023, and provided advice on how to stay safe. Malware attacks Between January 1 and May 18, 2023, 2,392 SMB employees encountered malware or unwanted software disguised as business applications, with 2,478 unique files distributed this way.

Cybercrime 120

Cybercrime Phishing Banking Malware 120

Identity IQ

SEPTEMBER 3, 2024

Major Banks Under Fire for Refusing Reimbursements to Victims of Online Payment Scams IdentityIQ Major U.S. banks, including JPMorgan Chase, Wells Fargo, and Bank of America, have come under intense scrutiny for their response to online payment scams. Key Takeaways Major U.S.

Scams 96

Scams Banking Identity Theft Insurance 96

Security Affairs

FEBRUARY 2, 2025

Cybercriminals used the seized domains to run BEC scams, stealing credentials and redirecting payments. Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims.” The cybercrime group also offered training to its customers on how to use the tools.

Cybercrime 108

Cybercrime Advertising Phishing Hacking 108

BH Consulting

NOVEMBER 22, 2024

Microsoft moves to lock down admin accounts against exploits Microsoft is introducing a new security feature for Windows 11 called Admin Protection, designed to make admin accounts more secure during privileged or sensitive actions. There were 721 confirmed security incidents following 5,276 reports received.

Accountability 72

Accountability Data privacy Scams Cybersecurity 72

Krebs on Security

JUNE 22, 2023

.” The written notice goes on to say UPS believes the data exposure “affected packages for a small group of shippers and some of their customers from February 1, 2022 to April 24, 2023.” The message included his full name, phone number, and postal code, and urged him to click a link to mydeliveryfee-ups[.]info

Phishing 326

Phishing Retail Mobile Scams 326