2024, Phishing and Web Fraud - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. million in an elaborate voice phishing attack. The phishing domain used to steal roughly $4.7 The phishing domain used to steal roughly $4.7 “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

GRAND THEFT AUTOMATED Just days after Griffin was robbed, a scammer impersonating Google managed to phish 45 bitcoins — approximately $4,725,000 at today’s value — from Tony , a 42-year-old professional from northern California. I put my seed phrase into a phishing site, and that was it.” My brain went haywire.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

In January 2024, U.S. 0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking

Hacking Cybercrime Phishing Passwords

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. “When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote.

Malware

Malware Cryptocurrency Software Phishing

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. An image from one Chinese phishing group’s Telegram channel shows various toll road phish kits available.

Phishing

Phishing Mobile Scams Banking

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

Cybercrime

Cybercrime Phishing Malware Software

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

Others sell the explicit CSAM content produced by extortion on the dark web.” ” KrebsOnSecurity has learned Holy’s real name is Owen David Flowers , and that he is the previously unnamed 17-year-old who was arrested in July 2024 by the U.K.’s

Cybercrime

Cybercrime Accountability Mobile Hacking

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

The complaint further alleges that these two entities were the beneficiaries of a business that sold hacked and phished Facebook advertising accounts, and bribed Facebook employees to unblock ads that violated its terms of service. Au was featured on the July 2024 cover of “Womenpreneur Middle East.” Meanwhile, the U.K.

Cryptocurrency

Cryptocurrency Government Internet Internet

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Data collection

Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Booking.com Phishers May Leave You With Reservations

Trending Sources

How to Lose a Fortune with Just One Bad Click

Fake Lawsuit Threat Exposes Privnote Phishing Sites

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Calendar Meeting Links Used to Spread Mac Malware

How Phished Data Turns into Apple & Google Wallets

The Stark Truth Behind the Resurgence of Russia’s Fin7

The Dark Nexus Between Harm Groups and ‘The Com’

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Infrastructure Laundering: Blending in with the Cloud

Stay Connected