Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords 319

Passwords Mobile Authentication Banking 319

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. A U2F device made by Yubikey.

Mobile 310

Mobile Phishing Authentication Advertising 310

Krebs on Security

JULY 29, 2021

The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. From there, the attackers can reset the password for any online account that allows password resets via SMS. Earlier this month, customers of the soccer jersey retailer classicfootballshirts.co.uk customers this month.

Passwords 355

Passwords Password Management Phishing Scams 355