2024, Accountability and Web Fraud - Cyber Security Informer

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

.” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. Snowflake responded by making 2FA mandatory for all new customers.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards. work and kopeechka[.]store store ; -anonymity or “proxy” providers like crazyrdp[.]com

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. 19, 2024) of more than 200 domains at the Internet address 93.190.143[.]252 “We’ve reviewed the ads in question, removed those that violated our policies, and suspended the associated accounts.

Software

Software Advertising Malware Accountability

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. In January 2024, U.S.

Hacking

Hacking Cybercrime Phishing Passwords

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

The profile also linked to Mr. Lee’s Twitter/X account , which features the same profile image. Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link.

Malware

Malware Cryptocurrency Software Phishing

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. 14, 2024, KrebsOnSecurity heard from the same bluebtcus@gmail.com address, apropos of nothing. Why you destroy our lifes? Please remove it.”

Phishing

Phishing Cybercrime Malware Advertising

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

For example, this account at Medium has authored more than a dozen blog posts in the past year singing the praises of Tornote as a secure, self-destructing messaging service. com is currently selling security cameras made by the Chinese manufacturer Hikvision , via an Internet address based in Hong Kong. io seem like a legitimate website.

Phishing

Phishing Cryptocurrency DDOS Internet

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

In 2019, someone hacked BriansClub and relieved the fraud shop of more than 26 million stolen payment cards — an estimated one-third of the 87 million payment card accounts that were on sale across all underground shops at that time.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

Merrill has been studying the evolution of several China-based smishing gangs, and found that most of them feature helpful and informative video tutorials in their sales accounts on Telegram. ” The rise of so-called “ghost tap” mobile software was first documented in November 2024 by security experts at ThreatFabric.

Phishing

Phishing Mobile Scams Banking

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account. Others sell the explicit CSAM content produced by extortion on the dark web.”

Cybercrime

Cybercrime Accountability Mobile Hacking

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

One of many self portraits published on the Instagram account of Enzo Zelocchi. The government alleges Iza and Au paid the LASD officers using Zelle transfers from accounts tied to two different entities incorporated by one or both of them: Dream Agency and Rise Agency. Meanwhile, the U.K.

Cryptocurrency

Cryptocurrency Government Internet Internet

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

25, 2024 in Danbury, Ct., ” Swag was reportedly involved in executing the early stages of the crypto heist — gaining access to the victim’s Gmail and iCloud accounts. Image: ABC7NY. youtube.com/watch?v=xoiaGzwrunY v=xoiaGzwrunY Late in the afternoon of Aug. charging two of the men he named as involved in the heist.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Krebs on Security

OCTOBER 3, 2024

Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. In June 2024, security experts at Sysdig documented a new attack that leveraged stolen cloud credentials to target ten cloud-hosted LLMs.

Accountability

Accountability Artificial Intelligence Web Fraud Cryptocurrency

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Data collection

Cyber Security Informer

How to Lose a Fortune with Just One Bad Click

A Day in the Life of a Prolific Voice Phishing Crew

Trending Sources

Booking.com Phishers May Leave You With Reservations

How Cryptocurrency Turns to Cash in Russian Banks

Using Google Search to Find Software Can Be Risky

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Calendar Meeting Links Used to Spread Mac Malware

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Fake Lawsuit Threat Exposes Privnote Phishing Sites

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

How Phished Data Turns into Apple & Google Wallets

The Dark Nexus Between Harm Groups and ‘The Com’

Interview With a Crypto Scam Investment Spammer

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Lamborghini Carjackers Lured by $243M Cyberheist

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Infrastructure Laundering: Blending in with the Cloud

Stay Connected