Remove Banking Remove Passwords Remove Phishing Remove Web Fraud
article thumbnail

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com. The Coinbase phishing panel.

Passwords 344
article thumbnail

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords 319
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. Bank customers. Bank customers.

Malware 273
article thumbnail

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. KrebsOnSecurity profiled OTP Agency in a February 2021 story about arrests tied to another phishing-related service based in the U.K.

article thumbnail

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account. ” Beige members were implicated in two stories published here in 2020.

article thumbnail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

Unfortunately for us, Doug freaked out after deciding he’d been tricked — backing up his important documents, changing his passwords, and then reinstalling macOS on his computer. While this a perfectly sane response, it means we don’t have the actual malware that was pushed to his Mac by the script. ” Image: SlowMist.

Malware 269
article thumbnail

How to Shop Online Like a Security Pro

Krebs on Security

Sure, the card associations and your bank are quick to point out that you’re not liable for fraudulent charges that you report in a timely manner, whether it’s debit or a credit card. Does the bank reimburse you when your credit score takes a ding because your mortgage or car payment was late? Don’t hold your breath.

Scams 274