Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. And all of them operate via Telegram , a cloud-based instant messaging system.

Passwords 311

Passwords Mobile Authentication Banking 311

Krebs on Security

APRIL 12, 2022

Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015.

Identity Theft 216

Identity Theft Government Mobile Data breaches 216

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. A U2F device made by Yubikey.

Mobile 301

Mobile Phishing Authentication Advertising 301

Krebs on Security

JULY 29, 2021

Nixon said she and her colleagues noticed in the preceding months a huge uptick in SIM-swapping attacks , a scheme in which fraudsters trick or bribe employees at wireless phone companies into redirecting the target’s text messages and phone calls to a device they control.

Passwords 351

Passwords Password Management Phishing Scams 351