Advertising, Phishing and Web Fraud - Cyber Security Informer

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. The payment message displayed by the carding site phishing domain BriansClub[.]com. Shortly after it came online as a phishing site last year, BriansClub[.]com

Phishing

Phishing Cybercrime Accountability Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing

Phishing Scams Mobile DNS

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Passwords Advertising Phishing

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. ” or “ Tmo up!

Mobile

Mobile Phishing Authentication Advertising

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals. Stamford, Ct.

Phishing

Phishing Marketing Accountability DNS

Be Very Sparing in Allowing Site Notifications

Krebs on Security

NOVEMBER 17, 2020

This is evident by the apparent scale of the infrastructure behind a relatively new company based in Montenegro called PushWelcome , which advertises the ability for site owners to monetize traffic from their visitors. An ad from PushWelcome touting the money that websites can make for embedding their dodgy push notifications scripts.

Antivirus

Antivirus Advertising Internet Internet

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.

Scams

Scams Advertising Accountability Phishing

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords

Passwords Mobile Authentication Banking

Sipping from the Coronavirus Domain Firehose

Krebs on Security

APRIL 16, 2020

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities.

Cyber threats

Cyber threats Phishing Data collection Government

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple reason that there are tons of completely fake e-commerce sites out there looking to separate the unwary from their credit card details. CHCEK THE SHIPPING.

Scams

Scams Wireless Phishing Banking

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

JULY 16, 2019

For at least the past decade, a computer crook variously known as “ Yalishanda ,” “ Downlow ” and “ Stas_vl ” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers.

Cybercrime

Cybercrime Phishing Banking Malware

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

SSNDOB advertised its services on dark web forums and offered customer support for buyers. You run the risk of being targeted for spear phishing, or having your personal information used for fraudulent applications. DDoS attacks from rivals are common, so several domains working together keeps things ticking over.

DDOS

DDOS Cryptocurrency Scams Data breaches

Cyber Security Informer

Fake Lawsuit Threat Exposes Privnote Phishing Sites

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Webinars

Trending Sources

Phishing Sites Targeting Scammers and Thieves

Webinars

‘Tis the Season for the Wayward Package Phish

Malicious Office 365 Apps Are the Ultimate Insiders

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Phishers are Angling for Your Cloud Providers

Be Very Sparing in Allowing Site Notifications

‘Land Lordz’ Service Powers Airbnb Scams

The Rise of One-Time Password Interception Bots

Sipping from the Coronavirus Domain Firehose

How to Shop Online Like a Security Pro

Meet the World’s Biggest ‘Bulletproof’ Hoster

SSNDOB marketplace shut down by global law enforcement operation

Stay Connected