Accountability, Marketing, Scams and Web Fraud

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

political campaigns, cities and towns had paid a shady company called Web Listings Inc. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. A Twitter account for Web Listings Inc.

Scams

Scams Marketing Internet Internet

Feds Bust Up Dark Web Hub Wall Street Market

Krebs on Security

MAY 3, 2019

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware.

Marketing

Marketing Scams Accountability Engineering

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

At issue is a “redirect” feature available to businesses that chose to market through LinkedIn.com. Here’s the very first Slink created: [link] which redirects to the homepage for LinkedIn Marketing Solutions. A recent phishing site that abused LinkedIn’s marketing redirect. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Most reshipping scams promise employees a monthly salary and even cash bonuses. Services like SWAT are known as “Drops for stuff” on cybercrime forums.

Cybercrime

Cybercrime Marketing Scams Retail

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing

Phishing Scams Computers and Electronics Software

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

Last year, researchers at Minerva Labs spotted the botnet being used to blast out sextortion scams. The account didn’t resume posting on the forum until April 2014. Reached via LinkedIn, Mr. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014.

Accountability

Accountability Advertising Marketing Malware

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

But new research shows the proxy service has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which 911 operated on its own. 911 says its network is made up entirely of users who voluntarily install its “free VPN” software. in the British Virgin Islands.

VPN

VPN Computers and Electronics Antivirus Software

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). Image: Cloudflare.com. 2, and Aug. On that last date, Twilio disclosed that on Aug.

Mobile

Mobile Phishing Authentication Accountability

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because.US is overseen by the U.S. government, which is frequently the target of phishing domains ending in.US. “Even very large ccTLDs, like.de

Phishing

Phishing Telecommunications Government DNS

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. A screen shot from a user account at “Snowden,” a long-running reshipping mule service. . Here’s a look at how they’re adjusting to these new realities.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. . “Is there one person from our community that think sending cease and desist letter to a hackers forum operator is a good idea?,” “Who does it?

Data breaches

Data breaches Banking Cybercrime Marketing

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. com, and was wondering when the funds would be reflected in the balance of his account on the shop. Caveat Emptor!

Phishing

Phishing Cybercrime Accountability Advertising

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Here’s what part of their current homepage looks like: The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys. is no longer active.

Malware

Malware Cybercrime Internet Internet

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

RedBear’s service is marketed not only to malware creators, but to people who rent or buy malicious software and services from other cybercriminals. 2016 and July 2017 that sought to corner the increasingly lucrative and competitive market for ransomware-as-a-service offerings. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Scams Data breaches

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. ” Ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Why go after hotel or airline rewards?

Accountability

Accountability Authentication Passwords Hacking

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. Many states also lacked the ability to tell when multiple payments were going to the same bank accounts.

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

Who’s Behind the ‘Web Listings’ Mail Scam?

Feds Bust Up Dark Web Hub Wall Street Market

Webinars

Trending Sources

How Phishers Are Slinking Their Links Into LinkedIn

Webinars

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Teach a Man to Phish and He’s Set for Life

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Who’s Behind the Botnet-Based Service BHProxies?

A Deep Dive Into the Residential Proxy Service ‘911’

How 1-Time Passcodes Became a Corporate Liability

Why is.US Being Used to Phish So Many of Us?

How Cybercriminals are Weathering COVID-19

When Efforts to Contain a Data Breach Backfire

Phishing Sites Targeting Scammers and Thieves

No SOCKS, No Shoes, No Malware Proxy Services!

This Service Helps Malware Authors Fix Flaws in their Code

SSNDOB marketplace shut down by global law enforcement operation

Double-Your-Crypto Scams Share Crypto Scam Host

Massive Losses Define Epidemic of ‘Pig Butchering’

Gift Card Gang Extracts Cash From 100k Inboxes Daily

How $100M in Jobless Claims Went to Inmates

Stay Connected