Accountability, Authentication, Scams and Web Fraud

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.

Scams

Scams Advertising Accountability Phishing

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. “After we figured out what was going on, we were left asking ourselves how the crooks had obtained her last three transactions without breaking into her account online. .

Scams

Scams Banking Accountability Financial Services

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com found himself on the phone with one of the GoDaddy hackers, after someone who claimed they worked at GoDaddy called and said they needed him to authorize some changes to the account. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking

Hacking Social Engineering Phishing Scams

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

The unsuspecting Discord members click the link provided by the compromised administrator account, and are asked to connect their crypto wallet to the scammer’s site, where it asks for unlimited spend approvals on their tokens, and subsequently drains the balance of any valuable accounts.

Hacking

Hacking Scams Accountability Cryptocurrency

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Rather, the bad guys understood that any attempts to sign up using an email address tied to an existing Coinbase account would fail.

Passwords

Passwords Phishing Accountability Mobile

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com. Image: Cloudflare.com. 2, and Aug. According to an Aug.

Mobile

Mobile Phishing Authentication Accountability

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Passwords Advertising Phishing

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug. On July 28 and again on Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. Perhaps the biggest selling point for U-Admin is a module that helps phishers intercept multi-factor authentication codes. Image: fr3d.hk/blog.

Phishing

Phishing Scams Banking Mobile

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. The service in question — kopeechka[.]store ” “Are you working on large volumes and are costs constantly growing? The service in question — kopeechka[.]store

Accountability

Accountability Scams Cryptocurrency Advertising

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. What’s your username?”

Scams

Scams Banking Passwords Authentication

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers.

Scams

Scams Wireless Phishing Banking

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

The crux of Bryant’s discovery was that the spammers in those 2016 campaigns learned that countless hosting firms and registrars would allow anyone to add a domain to their account without ever validating that the person requesting the change actually owned the domain. domaincontrol.com and ns18.domaincontrol.com). domaincontrol.com).

DNS

DNS Internet Internet Computers and Electronics

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). ” TMO UP!

Mobile

Mobile Phishing Authentication Advertising

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. mail server responds “OK” = successful access).

Accountability

Accountability Authentication Passwords Hacking

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. Earlier this month, customers of the soccer jersey retailer classicfootballshirts.co.uk

Passwords

Passwords Password Management Phishing Scams

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. Many states also lacked the ability to tell when multiple payments were going to the same bank accounts. are using it.

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

‘Land Lordz’ Service Powers Airbnb Scams

Would You Have Fallen for This Phone Scam?

Webinars

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Discord Admins Hacked by Malicious Bookmarks

How Coinbase Phishers Steal One-Time Passwords

How 1-Time Passcodes Became a Corporate Liability

Malicious Office 365 Apps Are the Ultimate Insiders

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Service Rents Email Addresses for Account Signups

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

How to Shop Online Like a Security Pro

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Gift Card Gang Extracts Cash From 100k Inboxes Daily

The Life Cycle of a Breached Database

How $100M in Jobless Claims Went to Inmates

Stay Connected