Accountability, Internet, Mobile and Web Fraud

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. 2, and Aug.

Mobile

Mobile Phishing Authentication Accountability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Both the email and the invoice state that “there is evidence that your PayPal account has been accessed unlawfully.”

Scams

Scams Phishing Accountability Banking

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases.

Hacking

Hacking Government Media Accountability

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. Department of Defense. USDoD’s InfraGard sales thread on Breached.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

” Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia [91.215.85-166] The site would only load in a mobile browser. 166] with nearly two dozen other smishing related domains, including upsdelivery[.]info info , legodelivery[.]info info , adidascanadaltd[.]com

Phishing

Phishing Retail Mobile Scams

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up!

Mobile

Mobile Phishing Authentication Advertising

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Malware

Malware Banking Phishing DDOS

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com found himself on the phone with one of the GoDaddy hackers, after someone who claimed they worked at GoDaddy called and said they needed him to authorize some changes to the account. Thus, the second factor cannot be phished, either over the phone or Internet.

Hacking

Hacking Social Engineering Phishing Scams

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

Cyber intelligence firm Intel 471 reports that obelisk57@gmail.com was used to register an account on the forum Blacksoftware under the nickname “ Kerens.” Those records indicate the user Kerens registered on Verified in March 2009 from an Internet address in Novosibirsk, a city in the southern Siberian region of Russia.

Malware

Malware Antivirus Cybercrime Hacking

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. OG accounts typically can be resold for thousands of dollars. ” FAKE IDs AND PHONY NOTES.

Mobile

Mobile Cryptocurrency Accountability Passwords

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem.

Mobile

Mobile Government Media Technology

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

Krebs on Security

SEPTEMBER 4, 2022

But these more “hands-on” and first person attacks are becoming increasingly common within certain cybercriminal communities, particularly those engaged in SIM swapping , a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.

Government

Government Accountability Cryptocurrency Web Fraud

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Or maybe they’re groomed in order to set up a bank account for their lovers.

Scams

Scams Accountability Media Banking

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

Nolan’s mentor had her create an account website xtb-market[.]com million of her own money over nearly four months, Nolan found her account was suddenly frozen. She was then issued a tax statement saying she owed nearly $500,000 in taxes before she could reactivate her account or access her funds.

Scams

Scams Cryptocurrency Marketing Internet

Cyber Security Informer

Interview With a Crypto Scam Investment Spammer

How 1-Time Passcodes Became a Corporate Liability

Webinars

Trending Sources

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Webinars

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Two U.S. Men Charged in 2022 Hacking of DEA Portal

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Disneyland Malware Team: It’s a Puny World After All

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

When Low-Tech Hacks Cause High-Impact Breaches

Why Malware Crypting Services Deserve More Scrutiny

Busting SIM Swappers and SIM Swap Myths

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Massive Losses Define Epidemic of ‘Pig Butchering’

Stay Connected