Event, Phishing and Web Fraud - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. million in an elaborate voice phishing attack. The phishing domain used to steal roughly $4.7 Image: Shutterstock, iHaMoo. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking

Hacking Cybercrime Phishing Passwords

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Krebs on Security

MAY 7, 2025

million through the “extortion of international clients in the name of up-selling, the sale of fake/fabricated USPTO certificates, and the maintaining of phishing websites.” The following mind map was helpful in piecing together key events, individuals and connections mentioned above. ” Reached via LinkedIn, Mr. .

Scams

Scams Marketing Advertising Technology

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware

Malware Banking Phishing DDOS

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. “When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote.

Malware

Malware Cryptocurrency Software Phishing

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

The attacker then loads the stolen token into their own browser session and (usually late at night after the admins are asleep) posts an announcement in the targeted Discord about an exclusive “airdrop,” “NFT mint event” or some other potential money making opportunity for the Discord members.

Hacking

Hacking Accountability Scams Cryptocurrency

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

Rather, he said, this explanation of events was a misunderstanding at best, and more likely a cover-up at some level. In this case, the victim didn’t download malware or fall for some stupid phishing email. They just end up getting compromised because they followed the industry standard.” ” Lt.

Mobile

Mobile Cryptocurrency Accountability Passwords

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. ” message announcement.

Mobile

Mobile Phishing Authentication Advertising

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

Phishing

Phishing Cybercrime Malware Software

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

According to the feds, Iza paid the associate $50,000 to craft the event to his liking, but on the day of the party Iza allegedly told R.C. he was unhappy with the event and demanded half of his money back. .” — who was hired to throw a party at Iza’s home. had some personal problems and checked himself into rehab.

Cryptocurrency

Cryptocurrency Government Internet Internet

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Data collection

Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Trending Sources

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Disneyland Malware Team: It’s a Puny World After All

Calendar Meeting Links Used to Spread Mac Malware

Discord Admins Hacked by Malicious Bookmarks

Busting SIM Swappers and SIM Swap Myths

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

The Stark Truth Behind the Resurgence of Russia’s Fin7

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Infrastructure Laundering: Blending in with the Cloud

Stay Connected