Document and Web Fraud - Cyber Security Informer

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

SWAT apparently kept its books in a publicly accessible Google Sheets document, and that document reveals Fearlless and his business partner each routinely made more than $100,000 every month operating their various reshipping businesses.

Cybercrime

Cybercrime Marketing Scams Retail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Unfortunately for us, Doug freaked out after deciding he’d been tricked — backing up his important documents, changing his passwords, and then reinstalling macOS on his computer. If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best.

Malware

Malware Cryptocurrency Software Scams

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Experian said I had three options for a free credit report at this point: Mail a request along with identity documents, call a phone number for Experian, or upload proof of identity via the website. Your mileage on this front may vary, and you may end up having to send copies of your identity documents through the mail or website.

Identity Theft

Identity Theft Accountability Authentication Web Fraud

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

MARCH 22, 2024

Those include voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, and bankruptcy filings. states exempt so-called “public” or “government” records from consumer privacy laws.

Media

Media Government Data breaches Marketing

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

In this well-documented tactic, known as a DHCP starvation attack , an attacker floods the DHCP server with requests that consume all available IP addresses that can be allocated. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.”

VPN

VPN Wireless Internet Internet

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Phishing

Phishing Scams Computers and Electronics Software

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

31 that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document. Here’s one example from Jan. A recent phishing site that abused LinkedIn’s marketing redirect. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. That vulnerability was documented in more detail at exploit archive Packet Storm Security in March 2020 and indexed by Check Point Software in May 2020, suggesting it still persists in current versions of the product.

Phishing

Phishing Scams Banking Mobile

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Hegel noted that the spike in malicious software-themed ads came not long after Microsoft started blocking by default Office macros in documents downloaded from the Internet. He said the volume of the current malicious ad campaigns from this group appears to be relatively low compared to a year ago.

Software

Software Advertising Malware Accountability

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

MARCH 7, 2023

Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States.

Phishing

Phishing Media Internet Internet

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” If you receive a vishing call, document the phone number of the caller as well as the domain that the actor tried to send you to and relay this information to law enforcement.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Authentication Accountability

How Malicious Android Apps Slip Into Disguise

Krebs on Security

AUGUST 3, 2023

“We are investigating possible fixes for developer tools and plan to update our documentation accordingly,” Google’s statement continued. Image: ThreatFabric.

Mobile

Mobile Malware Banking Cybercrime

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

16Shop documentation instructing operators on how to deploy the kit. .” According to the Indonesian security blog Cyberthreat.id , Saputra admitted being the administrator of 16Shop , but told the publication he handed the project off to others by early 2020. Image: ZeroFox.

Phishing

Phishing Passwords Internet Internet

The Great $50M African IP Address Heist

Krebs on Security

DECEMBER 11, 2019

Guilmette estimates the current market value of the purloined IPs he’s documented in this case exceeds USD $50 million. ” For example, documents obtained from the government of Uganda by Guilmette and others show Byaruhanga registered a private company called ipv4leasing after joining AFRINIC. .

Internet

Internet Internet Marketing Government

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

The service also advertised the ability to extract and filter emails and files based on selected keywords, as well as attach malicious macros to all documents in a user’s Microsoft OneDrive. A cybercriminal service advertising the sale of access to hacked Office365 accounts. Image: Proofpoint.

Accountability

Accountability Passwords Advertising Phishing

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

” This attack comes on the heels of another targeted phishing campaign leveraging Pardot that was documented earlier this month by Netskope , a cloud security firm. “A large number of enterprises provide their vendors and partners access to their CRM for uploading documents such as invoices, purchase orders, etc.

Phishing

Phishing Marketing Accountability DNS

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As documented by Group-IB, the group pivoted from its access to Twilio to attack at least 163 of its customers. 0ktapus often leveraged information or access gained in one breach to perpetrate another.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

The intercepted CLOP communication seen by KrebsOnSecurity shows the group bragged about twice having success infiltrating new victims in the healthcare industry by sending them infected files disguised as ultrasound images or other medical documents for a patient seeking a remote consultation.

Healthcare

Healthcare Backups Ransomware Insurance

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Krebs on Security

DECEMBER 5, 2022

.” While the defendants represented that they had the ability to dismantle the Glupteba botnet, when it came time for discovery — the stage in a lawsuit where both parties can compel the production of documents and other information pertinent to their case — the attorney for the defendants told the court his clients had been fired (..)

Cybercrime

Cybercrime Malware Internet Internet

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Security Boulevard

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia's state security services and the cybercriminal underground. The post ‘Spam Nation’ Villain Vrublevsky Charged With Fraud appeared first on Security Boulevard.

Marketing

Marketing Technology Web Fraud

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

The reader who shared this story (and copious documentation to go with it) asked to have his real name omitted to avoid encouraging further attacks against his identity. One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders. So we’ll just call him “Jim.”

Financial Services

Financial Services Banking Accountability Identity Theft

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

JANUARY 8, 2019

This version of Office prompts the user to sync all data and documents over to a 5TB Microsoft OneDrive account. ” Here’s what the profile looked like when the reader tried to change details tied to the license. What could go wrong?

Software

Software Passwords Accountability Web Fraud

Recycle Your Phone, Sure, But Maybe Not Your Number

Security Boulevard

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Wireless

Wireless Mobile Financial Services Passwords

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

That document indicates the Liberty Reserve account claimed by MrMurza/AccessApproved — U1018928 — was assigned in 2011 to a “ Vadim Panov ” who used the email address lesstroy@mgn.ru.

Malware

Malware Passwords Accountability Advertising

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

” Finally, Russian incorporation documents show the company LLC Website (web-site[.]ru)was A cached copy of the contact page for Starovikov[.]com com shows that in 2008 it displayed the personal information for a Dmitry Starovikov , who listed his Skype username as “lycefer.”

Passwords

Passwords Malware Internet Internet

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic , some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes.

Accountability

Accountability Hacking Media Mobile

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Shanon: My partner wants to see the place before we send money over as we done this last time and someone scammed us I ain’t saying your not legit as you have send documents with details on name etc. Here’s one from would-be victim Shanon, on March 28, 2019, to the scammers. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

They’re frequently cheap to buy , stolen in large numbers , and can be bundled with other documents such as passport, driver’s licence, email, and more. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue.

DDOS

DDOS Cryptocurrency Scams Data breaches

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS

DNS Internet Internet Computers and Electronics

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Accountability

Accountability Government Hacking Social Engineering

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

” Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

Validating legal requests by domain name may be fine for data demands that include documents like subpoenas and search warrants, which can be validated with the courts. But not so for EDRs, which largely bypass any official review and do not require the requestor to submit any court-approved documents.

Mobile

Mobile Government Media Technology

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

. “The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. – No video: The scammers will come up with all kinds of excuses not to do a video call.

Scams

Scams Cryptocurrency Marketing Internet

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine ( here’s one video example of a malicious Microsoft Office attachment from the malware sandbox service any.run ).

Cybercrime

Cybercrime VPN Malware Penetration Testing

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

JULY 16, 2019

As part of his application for service, the person using that email address forwarded six documents to ChronoPay managers, including business incorporation and banking records for companies he owned in China, as well as a full scan of his Russian passport. The document shows he was born in Ukraine and is approximately 36 years old.

Cybercrime

Cybercrime Phishing Banking Malware

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

From there, the perpetrators accessed a Google Drive document that Ferri had used to record credentials to other sites, including a cryptocurrency exchange. Soon after, the attackers were able to use their control over his mobile number to reset his Gmail account password.

Mobile

Mobile Cryptocurrency Accountability Passwords

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

In November 2022, Google documented these three same vulnerabilities being used together to compromise Samsung devices. The three Samsung exploits that DarkNavy says were used by the malicious app. DarkNavy likewise did not name the app they said was responsible for the attacks.

Malware

Malware eCommerce Mobile Media

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

NOVEMBER 26, 2019

“Also, it needs to be printed on ‘official letterhead,’ which of course can be easily forged just by Googling a document from said municipality. ” Technically, what my source did was wire fraud (obtaining something of value via the Internet/telephone/fax through false pretenses); had he done it through the U.S.

Government

Government Internet Internet Web Fraud

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

“We’ve seen [videos] of people in nursing homes, where folks off camera are speaking for them and holding up documents.” . “A lot of this is targeting the elderly,” Hall said. ” “We had one video where the person applying said, ‘I’m here for the prize money,'” Hall continued.

Scams

Scams Insurance DDOS Authentication

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Calendar Meeting Links Used to Spread Mac Malware

Webinars

Trending Sources

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Webinars

Identity Thieves Bypassed Experian Security to View Credit Reports

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Why Your VPN May Not Be As Secure As It Claims

Teach a Man to Phish and He’s Set for Life

How Phishers Are Slinking Their Links Into LinkedIn

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Using Google Search to Find Software Can Be Risky

Sued by Meta, Freenom Halts Domain Registrations

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Recycle Your Phone, Sure, But Maybe Not Your Number

How Malicious Android Apps Slip Into Disguise

Karma Catches Up to Global Phishing Service 16Shop

The Great $50M African IP Address Heist

Malicious Office 365 Apps Are the Ultimate Insiders

Phishers are Angling for Your Cloud Providers

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

New Ransom Payment Schemes Target Executives, Telemedicine

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Scary Fraud Ensues When ID Theft & Usury Collide

Dirt-Cheap, Legit, Windows Software: Pick Two

Recycle Your Phone, Sure, But Maybe Not Your Number

Giving a Face to the Malware Proxy Service ‘Faceless’

The Link Between AWM Proxy & the Glupteba Botnet

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

‘Land Lordz’ Service Powers Airbnb Scams

SSNDOB marketplace shut down by global law enforcement operation

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Massive Losses Define Epidemic of ‘Pig Butchering’

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Meet the World’s Biggest ‘Bulletproof’ Hoster

Busting SIM Swappers and SIM Swap Myths

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

It’s Way Too Easy to Get a.gov Domain Name

How $100M in Jobless Claims Went to Inmates

Stay Connected