Banking and Passwords - Cyber Security Informer

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Image: Hold Security.

Banking

Banking Passwords Risk Accountability

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. for my *online banking*. 6 characters.

Banking

Banking Passwords Accountability Authentication

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. Once a victim types their user ID and password, criminals will receive the data immediately. Passkeys come to mind immediately since they do not involve passwords at all.

Engineering

Engineering Phishing Banking Authentication

Leaking Passwords through the Spellchecker

Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Passwords

Passwords Insurance Banking

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Security Affairs

NOVEMBER 5, 2024

The ToxicPanda Android malware has infected over 1,500 devices, enabling attackers to perform fraudulent banking transactions. Cleafy researchers spotted a new Android banking malware, dubbed ToxicPanda, which already infected over 1,500 Android devices. ” reads the report published by Cleafy.

Banking

Banking Malware Accountability Authentication

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

Passwords

Passwords Phishing Accountability Mobile

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Mobile Authentication Banking

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Change the password to one 1Password automatically generates c. Obviously, he still has a heap of accounts to set decent passwords on, but now he knows the pattern and he can repeat that over and over again.

Passwords

Passwords Password Management Banking Accountability

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

OCTOBER 7, 2022

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. Bank , and Wells Fargo. ” Sen.

Banking

Banking Accountability Scams Passwords

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords

Passwords Media Technology Accountability

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The malware operated as an overlay-based banking Trojan that abused Android’s accessibility service.

Banking

Banking Malware Energy and Utilities Encryption

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US top sperm banks. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Change your password. Watch out for fake vendors.

Banking

Banking Data breaches Computers and Electronics Passwords

Android banking trojans: How they steal passwords and drain bank accounts

Malwarebytes

FEBRUARY 27, 2024

For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. What are Android banking trojans? Take the SharkBot banking trojan, which Malwarebytes detects and stops.

Banking

Banking Passwords Accountability Malware

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Attackers also employ encrypted or password-protected files to evade security detection. The.zip often contains a password-protected, obfuscated VBS script. contaboserver[.]net.

Banking

Banking Phishing Malware Passwords

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. Guilt or Authority Pressure: Messages from “your boss,” “the bank,” or “your child” asking for urgent help or discretion.

Scams

Scams Password Management Passwords Banking

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. ” WHOLESALE PASSWORD THEFT. Multiple personal and business banking portals; -Microsoft Office365 accounts.

Passwords

Passwords Ransomware Password Management Malware

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. The passwords I chose are unlikely to be better than toz*!Iikc@mpP8gD

Banking

Banking Passwords Password Management Authentication

Credit Card Fraud That Bypasses 2FA

Schneier on Security

SEPTEMBER 20, 2022

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud: Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped.

Banking

Banking Accountability Passwords Authentication

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. “Members don’t have to request to use Zelle.

Scams

Scams Banking Passwords Authentication

Weekly Update 397

Troy Hunt

APRIL 28, 2024

They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned.

Banking

Banking Passwords Password Management Data breaches

PIN-Stealing Android Malware

Schneier on Security

JANUARY 9, 2024

The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view.

Malware

Malware Banking Passwords Authentication

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

The malware includes tools for password theft and stealthy access.” ” The malware is designed for password theft and stealthy access, aiming to steal credentials, crypto wallets, and sell system access for financial gain. . ” reads the report published by DomainTools.

Antivirus

Antivirus Malware Banking Passwords

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

Banks in Singapore to phase out one-time passwords in 3 months

Bleeping Computer

JULY 14, 2024

The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. [.]

Banking

Banking Passwords Retail

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Change your email account password. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

Further, the passwords from the malware will shortly be searchable in the Pwned Passwords service which can either be checked online or via the API. Pwned Passwords is presently requested 5 and a half billion times each month to help organisations prevent people from using known compromised passwords.

Malware

Malware Passwords Password Management Antivirus

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections. One bank in the U.S.

Authentication

Authentication Passwords Banking Digital transformation

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed. million IBAN details.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov

Malware

Malware Scams Identity Theft Antivirus

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. The requests are bogus and simply a method for harvesting passwords.

Phishing

Phishing Passwords Mobile Authentication

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

If your bank gives you an unexpected phone call, ring them back on a number you know is theirs. Use a different password for every account. If you get your username and password stolen on one account you dont want scammers to be able to use it on another. Check via another way.

Scams

Scams Passwords Accountability Password Management

Strengthen your digital defenses on World Password Day

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords

Passwords Password Management Malware Accountability

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. Bank customers. Bank customers.

Malware

Malware Banking Phishing DDOS

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

Online food ordering and delivery platform GrubHub discloses a data breach

Security Affairs

FEBRUARY 4, 2025

.” Compromised data include names, emails, phone numbers, partial card info for some campus diners, and hashed passwords from legacy systems. The company reset affected passwords. The data breach did not expose passwords, merchant logins, full card numbers, bank details, or Social Security numbers.

Data breaches

Data breaches Passwords Accountability Hacking

Scammers Target Netflix Users: Expert Issues Urgent Warning

eSecurity Planet

MARCH 31, 2025

If they log in, now their username and password belong to the hacker, Zilberstein explained. Use a strong, unique password for your Netflix account. If you suspect youve already clicked a scam link, change your Netflix password immediately and check your payment details for unauthorized charges.

Scams

Scams Artificial Intelligence Phishing Passwords

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

The Hacker News

JULY 15, 2024

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. Customers who have activated their digital

Banking

Banking Retail Phishing Passwords

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. 21, 2023. .”

Marketing

Marketing Passwords Cybercrime Banking

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). Earlier this year, AT&T reset passwords for millions of customers after the company finally acknowledged a data breach from 2018 involving approximately 7.6

Data breaches

Data breaches Passwords Authentication Accountability

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Krebs on Security

MAY 29, 2025

cloud Internet providers allows cybercriminals to connect to websites from web addresses that are geographically close(r) to their targets and victims (to sidestep location-based security controls by your bank, for example). vulnerability scanning and password brute force attacks) was being bounced through U.S.-based

Scams

Scams Internet Internet Cybercrime

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else.

Data breaches

Data breaches Healthcare Passwords Insurance

The Risk of Weak Online Banking Passwords

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Trending Sources

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Crooks bank on Microsoft’s search engine to phish customers

Leaking Passwords through the Spellchecker

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

How Coinbase Phishers Steal One-Time Passwords

The Rise of One-Time Password Interception Bots

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Zanubis in motion: Tracing the active evolution of the Android banking malware

Sperm bank breach deposits data into hands of cybercriminals

Android banking trojans: How they steal passwords and drain bank accounts

Crooks are reviving the Grandoreiro banking trojan

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

The Hidden Cost of Ransomware: Wholesale Password Theft

Threat Modeling and Logins

Credit Card Fraud That Bypasses 2FA

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Weekly Update 397

PIN-Stealing Android Malware

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Banks in Singapore to phase out one-time passwords in 3 months

International law enforcement operation dismantled RedLine and Meta infostealers

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

France’s second-largest telecoms provider Free suffered a cyber attack

FBI warns of malicious free online document converters spreading malware

Phishing evolves beyond email to become latest Android app threat

Why we’re no longer doing April Fools’ Day

Strengthen your digital defenses on World Password Day

Disneyland Malware Team: It’s a Puny World After All

The Life Cycle of a Breached Database

Online food ordering and delivery platform GrubHub discloses a data breach

Scammers Target Netflix Users: Expert Issues Urgent Warning

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Stay Connected