Document, Phishing, Scams and Web Fraud

Document

Phishing

Scams

Web Fraud

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing

Phishing Scams Computers and Electronics Software

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. 16Shop documentation instructing operators on how to deploy the kit. Image: Akamai.com. Image: Akamai. Image: ZeroFox.

Phishing

Phishing Passwords Internet Internet

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. 31 that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document. Here’s one example from Jan.

Phishing

Phishing Marketing Scams Accountability

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram. If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best. ” Image: SlowMist.

Malware

Malware Cryptocurrency Software Scams

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” ” In the early morning hours of Nov. PST on Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Passwords Advertising Phishing

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

They’re frequently cheap to buy , stolen in large numbers , and can be bundled with other documents such as passport, driver’s licence, email, and more. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021. The threat of stolen PII.

DDOS

DDOS Cryptocurrency Scams Data breaches

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS

DNS Internet Internet Computers and Electronics

Cyber Security Informer

Teach a Man to Phish and He’s Set for Life

Karma Catches Up to Global Phishing Service 16Shop

Webinars

Trending Sources

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Webinars

‘Land Lordz’ Service Powers Airbnb Scams

How Phishers Are Slinking Their Links Into LinkedIn

Calendar Meeting Links Used to Spread Mac Malware

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Malicious Office 365 Apps Are the Ultimate Insiders

SSNDOB marketplace shut down by global law enforcement operation

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Stay Connected