Document and Web Fraud - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. “Unlimited Emergency Data Requests. . Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

But when the thieves tried to move $100,000 worth of cryptocurrency out of his account, Coinbase sent an email stating that the account had been locked, and that he would have to submit additional verification documents before he could do anything with it.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

This address was the subject of an investigation published in July by CTV National News and the Investigative Journalism Foundation (IJF) , which documented dozens of cases across Canada where multiple MSBs are incorporated at the same address, often without the knowledge or consent of the location’s actual occupant. in Vancouver, BC.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Krebs on Security

MAY 7, 2025

” Riley’s well-documented lawsuit (not linked here because it features a great deal of personal information) includes screenshots of conversations with the ghostwriting team, which was constantly assigning her to new writers and editors, and ghosting her on scheduled conference calls about progress on the project.

Scams

Scams Marketing Advertising Technology

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. That vulnerability was documented in more detail at exploit archive Packet Storm Security in March 2020 and indexed by Check Point Software in May 2020, suggesting it still persists in current versions of the product.

Phishing

Phishing Scams Banking Mobile

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” If you receive a vishing call, document the phone number of the caller as well as the domain that the actor tried to send you to and relay this information to law enforcement.

Cryptocurrency

Cryptocurrency Scams VPN Social Engineering

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

31 that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document. Here’s one example from Jan. A recent phishing site that abused LinkedIn’s marketing redirect. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Experian said I had three options for a free credit report at this point: Mail a request along with identity documents, call a phone number for Experian, or upload proof of identity via the website. Your mileage on this front may vary, and you may end up having to send copies of your identity documents through the mail or website.

Identity Theft

Identity Theft Accountability Authentication Web Fraud

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Accountability Authentication

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

“If you bought Google Workspace via Google Domains, Squarespace is now your authorized reseller,” the help document explains. .” The guide also recommends removing unnecessary Squarespace user accounts, and disabling reseller access in Google Workspace.

Accountability

Accountability Cryptocurrency Passwords DNS

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Unfortunately for us, Doug freaked out after deciding he’d been tricked — backing up his important documents, changing his passwords, and then reinstalling macOS on his computer. If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best.

Malware

Malware Cryptocurrency Software Phishing

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

The service also advertised the ability to extract and filter emails and files based on selected keywords, as well as attach malicious macros to all documents in a user’s Microsoft OneDrive. A cybercriminal service advertising the sale of access to hacked Office365 accounts. Image: Proofpoint.

Accountability

Accountability Passwords Advertising Phishing

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

” This attack comes on the heels of another targeted phishing campaign leveraging Pardot that was documented earlier this month by Netskope , a cloud security firm. “A large number of enterprises provide their vendors and partners access to their CRM for uploading documents such as invoices, purchase orders, etc.

Phishing

Phishing Marketing Accountability DNS

The Great $50M African IP Address Heist

Krebs on Security

DECEMBER 11, 2019

Guilmette estimates the current market value of the purloined IPs he’s documented in this case exceeds USD $50 million. ” For example, documents obtained from the government of Uganda by Guilmette and others show Byaruhanga registered a private company called ipv4leasing after joining AFRINIC. .

Internet

Internet Internet Marketing Government

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

MARCH 7, 2023

Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States.

Phishing

Phishing Media Internet Internet

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine ( here’s one video example of a malicious Microsoft Office attachment from the malware sandbox service any.run ).

Cybercrime

Cybercrime Malware Ransomware VPN

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

JANUARY 8, 2019

This version of Office prompts the user to sync all data and documents over to a 5TB Microsoft OneDrive account. ” Here’s what the profile looked like when the reader tried to change details tied to the license. What could go wrong?

Software

Software Passwords Accountability Web Fraud

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

The intercepted CLOP communication seen by KrebsOnSecurity shows the group bragged about twice having success infiltrating new victims in the healthcare industry by sending them infected files disguised as ultrasound images or other medical documents for a patient seeking a remote consultation.

Healthcare

Healthcare Backups Ransomware Insurance

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

NOVEMBER 26, 2019

“Also, it needs to be printed on ‘official letterhead,’ which of course can be easily forged just by Googling a document from said municipality. ” Technically, what my source did was wire fraud (obtaining something of value via the Internet/telephone/fax through false pretenses); had he done it through the U.S.

Government

Government Internet Internet Web Fraud

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Hegel noted that the spike in malicious software-themed ads came not long after Microsoft started blocking by default Office macros in documents downloaded from the Internet. He said the volume of the current malicious ad campaigns from this group appears to be relatively low compared to a year ago.

Software

Software Advertising Malware Accountability

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

. “The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. – No video: The scammers will come up with all kinds of excuses not to do a video call.

Scams

Scams Cryptocurrency Marketing Internet

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Krebs on Security

DECEMBER 5, 2022

.” While the defendants represented that they had the ability to dismantle the Glupteba botnet, when it came time for discovery — the stage in a lawsuit where both parties can compel the production of documents and other information pertinent to their case — the attorney for the defendants told the court his clients had been fired (..)

Cybercrime

Cybercrime Malware Internet Internet

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

There is a frequently updated list published on GitHub called “ Can I take over DNS ,” which has been documenting exploitability by DNS provider over the past several years. How does one know whether a DNS provider is exploitable? The list includes examples for each of the named DNS providers.

DNS

DNS Internet Internet Phishing

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Shanon: My partner wants to see the place before we send money over as we done this last time and someone scammed us I ain’t saying your not legit as you have send documents with details on name etc. Here’s one from would-be victim Shanon, on March 28, 2019, to the scammers. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

In this well-documented tactic, known as a DHCP starvation attack , an attacker floods the DHCP server with requests that consume all available IP addresses that can be allocated. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.”

VPN

VPN Wireless Internet Internet

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Phishing

Phishing Scams Computers and Electronics Software

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic , some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes.

Accountability

Accountability Hacking Media Mobile

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS

DNS Internet Internet Computers and Electronics

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

“We’ve seen [videos] of people in nursing homes, where folks off camera are speaking for them and holding up documents.” . “A lot of this is targeting the elderly,” Hall said. ” “We had one video where the person applying said, ‘I’m here for the prize money,'” Hall continued.

Scams

Scams Insurance DDOS Authentication

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As documented by Group-IB, the group pivoted from its access to Twilio to attack at least 163 of its customers. 0ktapus often leveraged information or access gained in one breach to perpetrate another.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

How Malicious Android Apps Slip Into Disguise

Krebs on Security

AUGUST 3, 2023

“We are investigating possible fixes for developer tools and plan to update our documentation accordingly,” Google’s statement continued. Image: ThreatFabric.

Mobile

Mobile Malware Banking Cybercrime

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

16Shop documentation instructing operators on how to deploy the kit. .” According to the Indonesian security blog Cyberthreat.id , Saputra admitted being the administrator of 16Shop , but told the publication he handed the project off to others by early 2020. Image: ZeroFox.

Phishing

Phishing Passwords Hacking Internet

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

” Finally, Russian incorporation documents show the company LLC Website (web-site[.]ru)was A cached copy of the contact page for Starovikov[.]com com shows that in 2008 it displayed the personal information for a Dmitry Starovikov , who listed his Skype username as “lycefer.”

Passwords

Passwords Malware Internet Internet

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The government believes the brains behind Joker’s Stash is Timur Kamilevich Shakhmametov , an individual who is listed in Russian incorporation documents as the owner of Arpa Plus , a Novosibirsk company that makes mobile games. Joker’s sold cards stolen in a steady drip of breaches at U.S.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

” Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

That document indicates the Liberty Reserve account claimed by MrMurza/AccessApproved — U1018928 — was assigned in 2011 to a “ Vadim Panov ” who used the email address lesstroy@mgn.ru.

Malware

Malware Passwords Accountability Advertising

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

From there, the perpetrators accessed a Google Drive document that Ferri had used to record credentials to other sites, including a cryptocurrency exchange. Soon after, the attackers were able to use their control over his mobile number to reset his Gmail account password.

Mobile

Mobile Cryptocurrency Accountability Passwords

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

They’re frequently cheap to buy , stolen in large numbers , and can be bundled with other documents such as passport, driver’s licence, email, and more. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue.

DDOS

DDOS Cryptocurrency Data breaches Scams

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Security Boulevard

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia's state security services and the cybercriminal underground. The post ‘Spam Nation’ Villain Vrublevsky Charged With Fraud appeared first on Security Boulevard.

Marketing

Marketing Technology Web Fraud

Recycle Your Phone, Sure, But Maybe Not Your Number

Security Boulevard

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Financial Services Passwords

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

” The rise of so-called “ghost tap” mobile software was first documented in November 2024 by security experts at ThreatFabric. . “These guys provide the software for $500 a month, and it can relay both NFC enabled tap-to-pay as well as any digital wallet. The even have 24-hour support.”

Phishing

Phishing Mobile Scams Banking

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

SWAT apparently kept its books in a publicly accessible Google Sheets document, and that document reveals Fearlless and his business partner each routinely made more than $100,000 every month operating their various reshipping businesses.

Cybercrime

Cybercrime Marketing Scams Retail

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

In November 2022, Google documented these three same vulnerabilities being used together to compromise Samsung devices. The three Samsung exploits that DarkNavy says were used by the malicious app. DarkNavy likewise did not name the app they said was responsible for the attacks.

Malware

Malware eCommerce Mobile Marketing

FBI: Spike in Hacked Police Emails, Fake Subpoenas

How to Lose a Fortune with Just One Bad Click

Trending Sources

How Cryptocurrency Turns to Cash in Russian Banks

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

How Phishers Are Slinking Their Links Into LinkedIn

Identity Thieves Bypassed Experian Security to View Credit Reports

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Recycle Your Phone, Sure, But Maybe Not Your Number

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Calendar Meeting Links Used to Spread Mac Malware

Malicious Office 365 Apps Are the Ultimate Insiders

Phishers are Angling for Your Cloud Providers

The Great $50M African IP Address Heist

Sued by Meta, Freenom Halts Domain Registrations

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Dirt-Cheap, Legit, Windows Software: Pick Two

New Ransom Payment Schemes Target Executives, Telemedicine

It’s Way Too Easy to Get a.gov Domain Name

Using Google Search to Find Software Can Be Risky

Massive Losses Define Epidemic of ‘Pig Butchering’

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Don’t Let Your Domain Name Become a “Sitting Duck”

‘Land Lordz’ Service Powers Airbnb Scams

Why Your VPN May Not Be As Secure As It Claims

Teach a Man to Phish and He’s Set for Life

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

How $100M in Jobless Claims Went to Inmates

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

How Malicious Android Apps Slip Into Disguise

Karma Catches Up to Global Phishing Service 16Shop

The Link Between AWM Proxy & the Glupteba Botnet

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Giving a Face to the Malware Proxy Service ‘Faceless’

Busting SIM Swappers and SIM Swap Myths

SSNDOB marketplace shut down by global law enforcement operation

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Recycle Your Phone, Sure, But Maybe Not Your Number

How Phished Data Turns into Apple & Google Wallets

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Stay Connected