Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. Urlscan also found this phishing scam from Jan. Here’s one example from Jan. A recent phishing site that abused LinkedIn’s marketing redirect.

Phishing 326

Phishing Marketing Scams Accountability 326

Krebs on Security

NOVEMBER 2, 2023

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market.

Cybercrime 271

Cybercrime Marketing Scams Retail 271

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. “We’ve reviewed the ads in question, removed those that violated our policies, and suspended the associated accounts. million advertiser accounts. Google says it removed 5.2

Software 260

Software Advertising Malware Accountability 260

Krebs on Security

MARCH 17, 2020

But KrebsOnSecurity received copious amounts of information about this scam from Milwaukee, Wisc. ” What happens next is the employee then receives an electronic transfer of money into his bank account, is asked to withdraw the cash, and to keep 150 Canadian dollars for himself. The funds will be sent to you.

Banking 337

Banking Scams Accountability Healthcare 337

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 327

Accountability Passwords Advertising Phishing 327

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Krebs on Security

FEBRUARY 24, 2023

Last year, researchers at Minerva Labs spotted the botnet being used to blast out sextortion scams. The account didn’t resume posting on the forum until April 2014. Reached via LinkedIn, Mr. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. Hope you are doing well.

Accountability 229

Accountability Advertising Marketing Malware 229

Krebs on Security

AUGUST 9, 2021

That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. The hacked BriansClub database had an estimated collective street value of $566 million , and that data was subsequently shared with thousands of financial institutions.

Phishing 355

Phishing Cybercrime Accountability Advertising 355

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. The various “iboss” email accounts appear to have been shared by multiple parties.

Malware 256

Malware Cybercrime Internet Internet 256

Krebs on Security

JULY 18, 2022

net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. A cached copy of flashupdate[.]net su between 2016 and 2019. ”

VPN 304

VPN Computers and Electronics Antivirus Software 304

Krebs on Security

AUGUST 16, 2022

This identity has been highly active on Breached and its predecessor RaidForums for more than two years, mostly selling databases from hacked Mexican entities. ” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. “Who does it?

Data breaches 261

Data breaches Banking Cybercrime Marketing 261

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers.

Scams 273

Scams Wireless Phishing Banking 273

Krebs on Security

APRIL 30, 2020

These restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe — derisively referred to as “ reshipping mules ” — to receive and relay high-dollar stolen goods to crooks living in the embargoed areas.

Cybercrime 308

Cybercrime Computers and Electronics Marketing Scams 308

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems.

Malware 314

Malware Cybercrime Ransomware Marketing 314

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. ” Ark-x2[.]org

Scams 192

Scams Cryptocurrency Media Hacking 192

Krebs on Security

JANUARY 22, 2019

Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains. Guilmette told KrebsOnSecurity he initially considered the possibility that GoDaddy had been hacked, or that thousands of the registrar’s customers perhaps had their GoDaddy usernames and passwords stolen.

DNS 235

DNS Internet Internet Computers and Electronics 235

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. So hopefully by this point it should be clear why re-using passwords is generally a bad idea.

Passwords 356

Passwords Password Management Phishing Scams 356

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Why go after hotel or airline rewards?

Accountability 292

Accountability Authentication Passwords Hacking 292

Krebs on Security

FEBRUARY 28, 2023

This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number. One of the groups that reliably posted “Tmo up!”

Mobile 312

Mobile Phishing Authentication Advertising 312