Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. “And I just am not seeing anything this egregious in terms of viruses and spams from the other email service providers.”

Accountability 361

Accountability Hacking Authentication Marketing 361

Joseph Steinberg

JANUARY 26, 2022

The FBI recently warned the public that many people are still falling prey to a Google Voice scam that the FTC warned about months ago. Here is what you need to know to keep yourself safe: What is the common Google Voice scam about which the FBI warned?

Scams 321

Scams Authentication Accountability Artificial Intelligence 321

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. These groups are considered sub-teams of larger cryptocurrency scam networks, highlighting the organized and systematic nature of these phishing attacks.

Scams 123

Scams Malware Phishing Social Engineering 123

SecureWorld News

DECEMBER 4, 2024

Brands, particularly major retailers like those analyzed, invest significantly in protecting themselves and their customers from scams and cyberattacks, and often step up those measures for the holiday period. This makes it easier to spot and shut down fake accounts and copycat websites.

Retail 116

Retail Scams Phishing Cyber threats 116

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings.

Scams 277

Scams Advertising Accountability Phishing 277

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. “After we figured out what was going on, we were left asking ourselves how the crooks had obtained her last three transactions without breaking into her account online. .

Scams 363

Scams Banking Accountability Financial Services 363

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. The service in question — kopeechka[.]store ” “Are you working on large volumes and are costs constantly growing? The service in question — kopeechka[.]store

Accountability 262

Accountability Scams Cryptocurrency Advertising 262

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. .”

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Krebs on Security

MARCH 10, 2020

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. also is a favored marketplace for people involved in selling phony social media accounts.

Accountability 355

Accountability Advertising Hacking Cybercrime 355

Malwarebytes

MARCH 31, 2025

Were forever investigating new scams here at Malwarebytes, and so we get how hard it is to know whator whoto trust online. Theres the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream. How to protect yourself from scams Watch out for a false sense of urgency. No exceptions.

Scams 139

Scams Passwords Accountability Password Management 139

Malwarebytes

APRIL 22, 2025

Cybercriminals are abusing Googles infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. The difference is that anyone with a Google account can create a website on sites.google.com. Instead create an account on the service itself.

Risk 145

Risk Scams Accountability Phishing 145

Malwarebytes

JUNE 10, 2025

According to new research conducted by Malwarebytes, 44% of people encounter a mobile scam every single day, while 78% encounter scams at least weekly. As Malwarebytes learned, 25% of scam victims were harassed or blackmailed, 19% had private info exposed, and 15% permanently lost their money. You can read the full report below.

Scams 86

Scams Mobile Identity Theft Social Engineering 86

Malwarebytes

JUNE 23, 2025

Russian hackers have bypassed Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group (GTIG). Normally, when you sign in to your Google account, you use your regular password plus a second verification step like a code sent to your phone.

68

68

Webroot

MAY 9, 2025

Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Text scams, also known as smishing (SMS + phishing ), are on the rise. Task scams Task scams are fake job opportunities.

Scams 72

Scams Mobile Banking VPN 72

Adam Levin

OCTOBER 8, 2019

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.”

Authentication 210

Authentication Cyber Attacks Social Engineering Phishing 210

Malwarebytes

JUNE 9, 2025

Unfortunately, people getting scammed online is a frequent event. Scammers are getting better at social engineering and are using Artificial Intelligence (AI) to sound more authentic and eliminate any spelling errors. It really can happen to anyone, so there’s no need to feel embarrassed if you have been scammed.

Scams 68

Scams Banking Artificial Intelligence Accountability 68

Krebs on Security

AUGUST 1, 2018

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION. “We point this out to encourage everyone here to move to token-based 2FA.”

Authentication 228

Authentication Mobile Passwords Accountability 228

Malwarebytes

OCTOBER 15, 2024

Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.” 52% are “very concerned” or “concerned” about “falling prey to a scam when interacting with political messages.” The reasons could be obvious.

Scams 137

Scams Identity Theft Cybercrime Accountability 137

Krebs on Security

JANUARY 31, 2025

“The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations,” the DOJ explained. “Presumably, these buyers also include Dutch nationals.

Phishing 272

Phishing Cybercrime Advertising Malware 272

Adam Levin

NOVEMBER 17, 2020

Here are 50 ways to avoid getting scammed on Black Friday — and beyond. Credit cards offer markedly better fraud protections than debit cards , which connect directly to your bank account. Virtual credit cards similarly allow online shoppers to mask their financial accounts. Vary login credentials across accounts.

Scams 243

Scams Retail Banking Passwords 243

eSecurity Planet

MAY 28, 2025

The scam, which combined a phone call and a cleverly disguised email, highlights just how advanced phishing methods are becoming, even fooling seasoned tech leaders. They said my Google account was compromised and they sent me an email to confirm my identity. As a reminder: Google will never call you about your account.”

Scams 71

Scams Phishing Passwords Media 71

Malwarebytes

JUNE 19, 2025

Take the 184 million logins for social media accounts we reported about recently. But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for: Account takeovers : Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.

Identity Theft 136

Identity Theft Passwords Phishing Accountability 136

Krebs on Security

MAY 29, 2021

Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data. Image: chrome-stats.com.

Accountability 361

Accountability Authentication Scams Software 361

The Last Watchdog

AUGUST 21, 2023

Phone number spoofing involves manipulating caller ID displays to mimic legitimate phone numbers, giving scammers a deceptive veil of authenticity. Related: The rise of ‘SMS toll fraud’ The Bank of America scam serves as a prime example of how criminals exploit this technique.

Scams 189

Scams Banking Accountability Authentication 189

SecureWorld News

FEBRUARY 3, 2025

Department of Justice (DOJ) , the seized domains were actively facilitating the sale of phishing kits, scam pages, and other fraud tools, which were then used by transnational organized crime groups to conduct business email compromise (BEC) schemes. According to the U.S.

Phishing 112

Phishing Cybercrime Scams Authentication 112

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency 364

Cryptocurrency Scams VPN Social Engineering 364

Security Affairs

JUNE 9, 2025

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware, social media abuse, and U.S. OpenAI banned ChatGPT accounts that were used by Russian-speaking threat actors and two Chinese nation-state actors. We banned the OpenAI accounts used by this adversary.” satellite tech research.

Accountability 73

Accountability Social Engineering Media Penetration Testing 73

Adam Levin

SEPTEMBER 5, 2019

Some of the information out there was granular enough to allow a variety of scams, but the most serious is SIM-card swapping scams, where a criminal, armed with enough information about you, and most crucially your phone number, arranges to have your number moved to a phone in the criminal’s possession. . Monitor your accounts.

Scams 197

Scams Accountability Financial Services Insurance 197

Security Affairs

MAY 17, 2025

officials to build trust and access personal accounts. Threat actors send malicious links posing as messaging platform invites to access officials’ accounts, then exploit contacts to impersonate and extract data or funds. Always confirm authenticity before responding, and contact security officials or the FBI if uncertain.

Government 122

Government Social Engineering Authentication Accountability 122

Malwarebytes

APRIL 8, 2025

Brand impersonation: from Google ad to phishing page Accounting and tax preparation software has traditionally been a common lure for scammers, particularly those related to online support operating out of large call centres in India and surrounding areas. Malicious QuickBooks domains quicckboocks-accounting[.]com

Phishing 79

Phishing Scams Accountability Authentication 79

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 359

Phishing Authentication Passwords Accountability 359

Krebs on Security

OCTOBER 13, 2021

It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail.

Passwords 363

Passwords Phishing Accountability Scams 363

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. These often start with a call to users, claiming their Gmail account has been compromised. Monitor your accounts for signs of unauthorized access or data leaks.

Phishing 107

Phishing Artificial Intelligence Identity Theft Accountability 107

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com found himself on the phone with one of the GoDaddy hackers, after someone who claimed they worked at GoDaddy called and said they needed him to authorize some changes to the account. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Malwarebytes

JUNE 18, 2025

Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal.

Banking 104

Banking Scams Accountability Media 104

Krebs on Security

OCTOBER 1, 2021

Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity.

Wireless 352

Wireless Mobile Passwords Authentication 352