Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Krebs on Security

DECEMBER 29, 2024

Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today!

Scams

Malwarebytes

JUNE 9, 2025

If you’ve been scammed it’s really important to report it, if you can, in order to help prevent others falling for the same scam, and give authorities a chance to catch the criminal who did it. Notify your bank or credit card company: Inform them about the fraud in order to freeze accounts or reverse charges where possible.

Scams

Security Affairs

FEBRUARY 2, 2025

and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools.

Cybercrime

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles.

Scams

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Those accounts state that the intruders assaulted Tylerb’s mother in the home invasion, and that they threatened to burn him with a blowtorch if he didn’t give up the keys to his cryptocurrency wallets.

Identity Theft

Krebs on Security

MAY 28, 2025

This wasnt just a scam operation – it was essentially a cybercrime university that empowered fraudsters globally, NCCIA Director Abdul Ghaffar said at a press briefing. Prior to folding their operations behind WeCodeSolutions, Shahzad and others arrested this month operated as a web hosting group calling itself The Manipulaters.

Malware

Malwarebytes

OCTOBER 15, 2024

Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.” 52% are “very concerned” or “concerned” about “falling prey to a scam when interacting with political messages.” The reasons could be obvious.

Scams

SecureWorld News

FEBRUARY 3, 2025

In a significant victory against cybercrime, U.S. Department of Justice (DOJ) , the seized domains were actively facilitating the sale of phishing kits, scam pages, and other fraud tools, which were then used by transnational organized crime groups to conduct business email compromise (BEC) schemes. According to the U.S.

Phishing

Security Affairs

JULY 1, 2025

Europol busted a crypto scam ring that laundered €460M from 5,000+ victims. Europol has taken down a massive cryptocurrency fraud ring that scammed over 5,000 people worldwide, laundering around €460 million ($540 million). Operation Borrelli involved Spain, the U.S., France, and Estonia. The investigation is ongoing.”

Scams

SecureWorld News

MAY 14, 2025

The FBI's Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report, marking a record-breaking year in cybercrime. This demographic was frequently targeted by tech support scams, romance scams, and crypto investment frauds. The report highlights a staggering $16.6 billion in losses. billion in losses.

Cybercrime

We Live Security

JULY 4, 2025

Here’s how to avoid getting played by gamified job scams. In 2024 alone, employment scams reported to the FBI made fraudsters over $264 million. Many of these are so-called “task scams,” where victims are actually tricked into paying a “deposit” in order to get paid. It might sound unbelievable.

Scams

SecureWorld News

FEBRUARY 14, 2025

Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day. Be wary of romance scams "People can be vulnerable on February 14th," said Dave Machin , Partner at The Berkeley Partnership. "If Verify charities before donating Scam emails and messages impersonating charities are common.

Scams

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. “The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter tools, and we want to encourage victims to report instances of this scam.”

Malware

Security Affairs

APRIL 7, 2025

A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims’ digital wallets. ” The PoisonSeed campaign targets both crypto and non-crypto entities, exploiting compromised CRM and bulk email accounts. ” reads the report published by Silent Push.

Scams

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. ” Source News4Jax The charges relate to his alleged role in the Scattered Spider cybercrime group (also known as UNC3944 , 0ktapus ). .” ” reported News4Jax. In January 2024, U.S.

Cybercrime

Security Affairs

AUGUST 6, 2025

accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. million accounts tied to criminal scam centers, mainly in Cambodia, in a joint effort with OpenAI. Scam centers run multiple schemes, often requiring upfront payment for fake returns. WhatsApp removed 6.8M

Scams

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. The authorities have warned of “USDT Token Approval Scam” that allows scammers access to the victims’ cryptocurrency wallets and make unauthorized transactions.

Cryptocurrency

Google Security

MAY 8, 2025

Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. But why on-device? This information is then sent to Safe Browsing for a final verdict.

Scams

Malwarebytes

AUGUST 7, 2025

The attacks underscore the vulnerability that all businesses face—large or small—in preventing cyberattacks that begin through basic social engineering scams. But once ensnared in the phone scam, employees are tricked into entering an 8-digit code that will connect to a data exfiltration program owned and operated entirely by the hackers.

Scams

Krebs on Security

APRIL 10, 2025

But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. Phishers using multiple virtualized Android devices to orchestrate and distribute RCS-based scam campaigns. Image: Prodaft. Image: Prodaft.

Banking

Krebs on Security

NOVEMBER 14, 2024

That investigation detailed how the 38-year-old Shefel adopted the nickname Rescator while working as vice president of payments at ChronoPay , a Russian financial company that paid spammers to advertise fake antivirus scams, male enhancement drugs and knockoff pharmaceuticals. “I’m also godfather of his second son.”

Advertising

eSecurity Planet

JULY 14, 2025

Airlines become top targets Airlines are now a prime focus for cybercrime groups. According to TechRepublic, the FBI said these hackers have been “convincing help desk staff to bypass multi-factor authentication (MFA) protections by registering rogue MFA devices on compromised accounts.”

Insurance

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business

Security Affairs

NOVEMBER 25, 2024

Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. Thai authorities uncovered call center gangs using fake “02” numbers to deceive citizens into scams and fraudulent investments, generating over 700 million calls.

Mobile

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes. Awareness and vigilance.

Scams

SecureWorld News

MARCH 27, 2025

In today's digital world, cybercrime is a threat to our private data and security. And with Americans owning an average of 24 electronic items in their homes , neglecting to dispose of these items correctly is putting individuals at significant risk of cybercrime. What is cybercrime? It's time to change it.

Cybercrime

Malwarebytes

MARCH 20, 2025

In particular, we have previously detailed how Google advertiser accounts can be hijacked to create new malicious ads and perpetuate a vicious cycle leading to more compromised accounts. Each ad uses a unique domain name which does a redirect to more static domains dedicated to the fake Semrush and Google account login pages.

Scams

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. This month, take advantage of all that NCPW offers, including access to free tools and information that can help you identify and prevent online scams, fraud, and identity theft.

Consumer Protection

Security Affairs

DECEMBER 1, 2024

For example, these campaigns leverage fake social media accounts to post questions and comments about divisive internal issues in the U.S. For a monthly fee, attackers can access sophisticated services that automate the creation of fraudulent emails, increasing the efficiency of their scams.

Artificial Intelligence

Security Affairs

MARCH 29, 2025

million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns. in USDT (Tether) linked to a ‘romance baiting’ scam. After convincing them with small returns, the scammer eventually locks accounts and disappears with the funds.

Scams

Krebs on Security

JULY 3, 2025

government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook , Github , PayPal and Twitter/X.

Scams

eSecurity Planet

MAY 11, 2025

How the scam works: Free AI tools that cost you everything The trap begins on Facebook, where well-designed posts and pages promote fake AI services. One post alone racked up over 62,000 views, showing how wide the scam has spread. It often comes bundled with tools labeled Get Cookie + Pass, used for hijacking user accounts.

Malware

Security Affairs

MAY 17, 2025

officials to build trust and access personal accounts. Threat actors send malicious links posing as messaging platform invites to access officials’ accounts, then exploit contacts to impersonate and extract data or funds. ” reads the alert issued by the FBI.

Government

Hacker's King

JANUARY 5, 2025

With this accessibility comes the critical issue of fake account detection. As our digital interactions grow, effective measures for fake account detection become essential to protect our online presence and maintain a safer environment. However, the reality is that fake Snapchat accounts do exist, posing threats to user privacy.

Accountability

Security Affairs

MAY 15, 2025

Exposed data included contact details, partial SSNs and bank info, ID images, account history, and limited internal documents. Compromised data includes: Name, address, phone, and email; Masked Social Security (last 4 digits only); Masked bank-account numbers and some bank account identifiers; GovernmentID images (e.g.,

Data breaches

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. Importantly, the attack methods here are not new.

Artificial Intelligence