Blog, Passwords, Phishing and Web Fraud

Blog

Passwords

Phishing

Web Fraud

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing

Phishing Passwords Internet Internet

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Mobile Authentication Banking

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. 2, and Aug.

Mobile

Mobile Phishing Authentication Accountability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

.” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Unfortunately for us, Doug freaked out after deciding he’d been tricked — backing up his important documents, changing his passwords, and then reinstalling macOS on his computer. If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best.

Malware

Malware Cryptocurrency Software Scams

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. 2019 that wasn’t discovered until April 2020. . ” In the early morning hours of Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

But when the interested party inquires about the listing, they are sent a link to a site that looks like Airbnb.com but which is actually a phishing page. The fake site simply forwards all requests on this page to Airbnb.com, and records any usernames and passwords submitted through the site.

Scams

Scams Advertising Accountability Phishing

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. “But it’s clearly still a big problem.” ” Update, 10:38 p.m.:

DNS

DNS Internet Internet Computers and Electronics

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

For the past three years, the source — we’ll call him “Bill” to preserve his requested anonymity — has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world’s major email providers each day. What do you do?

Accountability

Accountability Authentication Passwords Hacking

Cyber Security Informer

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Karma Catches Up to Global Phishing Service 16Shop

Webinars

Trending Sources

The Rise of One-Time Password Interception Bots

Webinars

How 1-Time Passcodes Became a Corporate Liability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Calendar Meeting Links Used to Spread Mac Malware

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

‘Land Lordz’ Service Powers Airbnb Scams

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Stay Connected