Blog, Scams and Web Fraud - Cyber Security Informer

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Krebs on Security

MAY 29, 2025

a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as pig butchering.” ” The Treasury Department said Funnull’s operations are linked to the majority of virtual currency investment scam websites reported to the FBI.

Scams

Scams Internet Internet Cybercrime

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Before we get to the Apple scam in detail, we need to revisit Tony’s case. The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls. The image that Lookout used in its blog post for Crypto Chameleon can be seen in the lower right hooded figure. com and lookoutsucks[.]com.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

political campaigns, cities and towns had paid a shady company called Web Listings Inc. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. In December 2018, KrebsOnSecurity looked at how dozens of U.S.

Scams

Scams Marketing Internet Internet

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In August 2020, KrebsOnSecurity warned about a marked increase in large corporations being targeted in sophisticated voice phishing or “vishing” scams. and 11:00 p.m.

Cryptocurrency

Cryptocurrency Scams Social Engineering VPN

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

Urlscan also found this phishing scam from Jan. Way back in 2016, security firm Fortinet blogged about LinkedIn’s redirect being used to promote phishing sites and online pharmacies. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing

Phishing Scams Marketing Accountability

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. 2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. The U-Admin phishing panel interface.

Phishing

Phishing Scams Banking Mobile

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram. “Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion,” the blog post explains.

Malware

Malware Cryptocurrency Software Scams

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). Image: Cloudflare.com. ” On July 28 and again on Aug. According to an Aug. In an Aug.

Phishing

Phishing Mobile Authentication Accountability

Feds Bust Up Dark Web Hub Wall Street Market

Krebs on Security

MAY 3, 2019

The complaint alleges that for nearly three years, WSM was operated on the dark web by three men who engineered an “exit scam” last month, absconding with all of the virtual currency held in marketplace escrow and user accounts. The seizure message that replaced the homepage of the Wall Street Market on on May 2.

Marketing

Marketing Scams Accountability Engineering

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

biz , which frequently blogs about security weaknesses in popular malware tools. “Possible options include, for example, bot admin panels, code injection panels, shell control panels, payment card sniffers, traffic direction services, exchange services, spamming software, doorway generators, and scam pages, etc.”

Malware

Malware Cybercrime Ransomware Marketing

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

Three years before that, the same pervasive weakness was described in a blog post by security researcher Matthew Bryant , who showed how one could commandeer at least 120,000 domains via DNS weaknesses at some of the world’s largest hosting providers.

DNS

DNS Internet Internet Phishing

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. 16Shop documentation instructing operators on how to deploy the kit.

Phishing

Phishing Passwords Hacking Insurance

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. According to an Aug.

Social Engineering

Social Engineering Cybercrime Mobile Identity Theft

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period.

Accountability

Accountability Authentication Passwords Hacking

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

” Bryant said after he published his initial research in 2016, a number of managed DNS providers mentioned in his blog posts said they’d taken steps to blunt the threat, including Amazon Web Services (AWS), hosting provider Digital Ocean , and Google Cloud. “But it’s clearly still a big problem.”

DNS

DNS Internet Internet Computers and Electronics

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. ” Ark-x2[.]org

Scams

Scams Cryptocurrency Hacking Media

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups. Mazidul Islam’s LinkedIn page says he is the organizer of a now defunct IT blog called gadgetsbiz[.]com, xyz , a domain registered in November 2023.

Scams

Scams DNS Internet Internet

Cyber Security Informer

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

A Day in the Life of a Prolific Voice Phishing Crew

Trending Sources

‘Land Lordz’ Service Powers Airbnb Scams

The Fake Browser Update Scam Gets a Makeover

Who’s Behind the ‘Web Listings’ Mail Scam?

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

How Phishers Are Slinking Their Links Into LinkedIn

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Calendar Meeting Links Used to Spread Mac Malware

How 1-Time Passcodes Became a Corporate Liability

Feds Bust Up Dark Web Hub Wall Street Market

This Service Helps Malware Authors Fix Flaws in their Code

Don’t Let Your Domain Name Become a “Sitting Duck”

Karma Catches Up to Global Phishing Service 16Shop

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Double-Your-Crypto Scams Share Crypto Scam Host

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Stay Connected