Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 293

Phishing Cryptocurrency DDOS Internet 293

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. capital).

Malware 334

Malware Cryptocurrency Software Phishing 334

Krebs on Security

JUNE 15, 2024

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Krebs on Security

OCTOBER 20, 2022

In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. . “That’s definitely the first huge drop that happened throughout the time we’ve collected the profiles,” she said.

Accountability 324

Accountability Cryptocurrency Scams CISO 324

Krebs on Security

OCTOBER 13, 2021

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app. org) for a checkup.

Passwords 363

Passwords Phishing Accountability Scams 363

Krebs on Security

JULY 21, 2022

“The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. Many of these platforms include extensive study materials and tutorials on cryptocurrency investing.

Scams 330

Scams Cryptocurrency Marketing Internet 330

Krebs on Security

OCTOBER 18, 2023

New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams 337

Scams Malware Cryptocurrency Hacking 337

Krebs on Security

AUGUST 30, 2022

The phishers behind this scheme used newly-registered domains that often included the name of the target company, and sent text messages urging employees to click on links to these domains to view information about a pending change in their work schedule. 2, and Aug. On that last date, Twilio disclosed that on Aug. According to an Aug.

Mobile 342

Mobile Phishing Authentication Accountability 342

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 275

Mobile Cryptocurrency Accountability Passwords 275

Krebs on Security

JULY 29, 2021

But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. When a website’s user database gets compromised, that information invariably turns up on hacker forums. customers this month.

Passwords 363

Passwords Password Management Phishing Scams 363

Krebs on Security

AUGUST 16, 2022

Last month, they sold customer information on 36 million customers of the Mexican phone company Telcel ; in March, they sold 33,000 images of Mexican IDs — with the front picture and a selfie of each citizen. “The set of information referred to is inaccurate and outdated, and does not put our users and customers at risk.”

Data breaches 328

Data breaches Banking Cybercrime Marketing 328

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 0ktapus often leveraged information or access gained in one breach to perpetrate another. 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Krebs on Security

OCTOBER 5, 2022

Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen , Chevron , ExxonMobil , and Hewlett Packard. “We’ll see 20-30 requests come in with the same type of information in the profiles.”

Accountability 316

Accountability Scams Cryptocurrency Artificial Intelligence 316

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams 356

Scams Wireless Identity Theft Mobile 356

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. If you were confused at this point, you might ask Google who it thinks is the current Chief Information Security Officer of Chevron. of spam and scam.”

CISO 343

CISO Cybercrime Accountability Information Security 343

Krebs on Security

JANUARY 17, 2024

The 24-year-old rapper told reporters he wasn’t instructing people how to conduct wire fraud, but instead informing his fans on how to avoid being victims of wire fraud. However, this is difficult to discern from listening to the song, which sounds very much like a step-by-step tutorial on how to commit wire fraud.

Cybercrime 332

Cybercrime Media Banking Accountability 332

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com said he suspected the call was a scam, but decided to play along for about an hour — all the while recording the call and coaxing information out of the scammer. “He was literally reading off the tickets to the notes of the admin panel inside GoDaddy.”

Hacking 332

Hacking Social Engineering Phishing Scams 332

Krebs on Security

JULY 29, 2022

Then on July 28, the 911 website began redirecting to a notice saying, “We regret to inform you that we permanently shut down 911 and all its services on July 28th.” ” According to 911, the service was hacked in early July, and it was discovered that someone manipulated the balances of a large number of user accounts.

Cybercrime 325

Cybercrime Software Backups VPN 325

Krebs on Security

DECEMBER 5, 2022

Collectively, the tens of thousands of systems infected with Glupteba on any given day feed into a number of major cybercriminal businesses: The botnet’s proprietors sell the credential data they steal, use the botnet to place disruptive ads on the infected computers, and mine cryptocurrencies.

Cybercrime 308

Cybercrime Malware Internet Internet 308

Krebs on Security

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground. Inferno Pay, a cryptocurrency and payment API allegedly operated by the ChronoPay CEO.

Banking 243

Banking Marketing DDOS Risk 243

Malwarebytes

JUNE 8, 2022

The United States Department of Justice has announced a major takedow n of a criminal marketplace that traded Personally Identifiable Information (PII). The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue.

DDOS 125

DDOS Cryptocurrency Data breaches Scams 125

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. cryptocurrency holdings online. which shows an LASD deputy unlawfully added E.Z.’s

Cryptocurrency 325

Cryptocurrency Government Internet Internet 325

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency 301

Cryptocurrency Social Engineering Accountability Mobile 301

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org

Scams 245

Scams Cryptocurrency Media Hacking 245

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. “On Twitter, more spam and crypto scam.”

Scams 310

Scams DDOS Cryptocurrency Accountability 310

Krebs on Security

MARCH 14, 2023

.” The Justice Department says Singh and Ceraolo belong to a group of cybercriminals known to its members as “ ViLE ,” who specialize in obtaining personal information about third-party victims, which they then use to harass, threaten or extort the victims, a practice known as “doxing.”

Hacking 304

Hacking Government Media Accountability 304

Krebs on Security

NOVEMBER 2, 2023

The contact information for Kareem , a young man from Maryland, was listed as an active drop. Anyone can sign up at this website as a potential reshipping mule, although doing so requires applicants to share a great deal of personal and financial information, as well as copies of an ID or passport matching the supplied name.

Cybercrime 334

Cybercrime Marketing Scams Retail 334

Krebs on Security

SEPTEMBER 13, 2024

Among those that had data exposed in Snowflake was AT&T , which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people — nearly all its customers. million customers. Binns is currently in custody in a Turkish prison and fighting his extradition.

Cybercrime 330

Cybercrime Accountability Mobile Hacking 330

Krebs on Security

APRIL 27, 2022

Donahue is co-founder of Kodex , a company formed in February 2021 that builds security portals designed to help tech companies “manage information requests from government agencies who contact them, and to securely transfer data & collaborate against abuses on their platform.” A sample Kodex dashboard. Image: Kodex.us.

Mobile 239

Mobile Government Media Technology 239