Hacking, Information Security and Scams

Nigerian man Sentenced to 26+ years in real estate phishing scams

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S.

Scams

Scams Phishing Identity Theft Accountability

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles.

Scams

Scams Media Cryptocurrency Cybercrime

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Security Affairs

NOVEMBER 27, 2024

“Operation Serengeti (2 September – 31 October) targeted criminals behind ransomware, business email compromise (BEC), digital extortion and online scams – all identified as prominent threats in the 2024 Africa Cyber Threat Assessment Report.” Nigerian authorities arrested a man behind a $300K crypto scam.

Scams

Scams Cybercrime Ransomware Cyber threats

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Cryptocurrency

Cryptocurrency Scams Accountability Hacking

Ukraine President enforces Information Security Strategy

CyberSecurity Insiders

DECEMBER 29, 2021

Amid extreme concerns related to cyber warfare from Russia, Ukraine’s President Volodymyr Zelensky announced a new information security strategy policy was launched and came into effect early this week. The post Ukraine President enforces Information Security Strategy appeared first on Cybersecurity Insiders.

Information Security

Information Security Cryptocurrency Scams Cyber Attacks

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

Security Affairs

MARCH 29, 2025

million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns. in USDT (Tether) linked to a ‘romance baiting’ scam. The scam involves emotional manipulation, leaving victims financially devastated and reluctant to report the fraud.

Scams

Scams Cryptocurrency Media Hacking

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. They impersonated help desk technicians, sent the victims fake VPN deactivation warnings, and used password reset scams to gain access to company systems.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Online job offers, the reshipping and money mule scams

Security Affairs

JUNE 17, 2024

Offers that promise easy earnings can also bring with them a host of scams that deceive those who are genuinely seeking income opportunities. t is into this scenario that illicit practices such as moneny mules and reshipping scams can fit. In practice, packages arrived with prepaid shipping labels with stolen credit cards.

Scams

Scams Marketing Education Banking

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

In one particular case, the report believe that a single individual adopted multiple personas to promote the scam, using a Laptop Farm specifically configured to hide the real geolocation of the various remote workstations. He is also the author of the book La Gestione della Cyber Security nella Pubblica Amministrazione.

Risk

Risk Education Scams VPN

Cyber Scams & Why We Fall for Them

Security Boulevard

OCTOBER 25, 2024

Gary Perkins, Chief Information Security Officer Social engineers rely on two key psychological triggers: urgency and empathy. Attackers don’t just hack systems; they hack people, and they’re exceptionally good at it. The post Cyber Scams & Why We Fall for Them appeared first on Security Boulevard.

Scams

Scams Social Engineering CISO Engineering

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. The authorities have warned of “USDT Token Approval Scam” that allows scammers access to the victims’ cryptocurrency wallets and make unauthorized transactions.

Cryptocurrency

Cryptocurrency Phishing Scams Cybercrime

FBI warns of an increase in online romance scams

Security Affairs

AUGUST 29, 2020

The FBI is warning of online romance scams and related financial losses, overall losses associated with those complaints exceeded $475 million. Crooks behind romance scams use fake online identities to establish a contact with the potential victims and gain their trust. SecurityAffairs – hacking, romance scams).

Scams

Scams Internet Internet Advertising

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

Security Affairs

APRIL 7, 2025

A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims’ digital wallets. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, cybercrime)

Scams

Scams Cryptocurrency Phishing Cybercrime

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Security Affairs

MARCH 24, 2024

During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions.

Scams

Scams Consumer Protection Retail Government

Insurance scams via QR codes: how to recognise and defend yourself

Security Affairs

MARCH 12, 2024

Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert. They are widely used to access information, services, or online payments quickly and conveniently. However, they can also hide scams, as denounced by the Italian Postal Police in its recent alert.

Insurance

Insurance Scams Education Engineering

Unprotected database exposed a scam targeting 100K+ Facebook accounts

Security Affairs

NOVEMBER 16, 2020

The archive was used by crooks as part of a global hacking campaign against users of the social network. “We discovered the scam via an unsecured database used by the fraudsters to store private data belonging to 100,000s of their victims.” SecurityAffairs – hacking, scam). ” concludes the report.

Scams

Scams Accountability Hacking Passwords

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

Thai authorities uncovered call center gangs using fake “02” numbers to deceive citizens into scams and fraudulent investments, generating over 700 million calls. Thai cyber police uncovered three companies using SIP Trunk technology to operate fake “02” numbers, generating 730 million scam calls.

Mobile

Mobile Scams Technology Telecommunications

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. SecurityAffairs – hacking, WhatsApp).

Scams

Scams Accountability Mobile Hacking

Global Scamdemic: Scams Become Number One Online Crime

Security Affairs

JUNE 10, 2021

Overall, fraud accounts for 73% of all online attacks: 56% are scams (fraud that results in the victim voluntarily disclosing sensitive data) and 17% are phishing attacks (theft of bank card details). In 2020, a multi-stage scam called Rabbit Hole targeted companies’ brands, primarily retail and online services.

Scams

Scams Banking Retail Insurance

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

Similar scams were reported globally. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google Play) Authorities in Peru raided a call center tied to SpyLoan apps that extorted 7,000+ victims in Peru, Mexico, and Chile. ” concludes the report.

Social Engineering

Social Engineering Media Mobile Scams

Experts warn of deliveries scams that use a COVID-19 theme

Security Affairs

APRIL 28, 2020

Kaspersky experts uncovered a new wave of phishing scams that use a COVID-19 theme and impersonate shipping carriers, including FedEx, UPS, and DHL. Kaspersky observed COVID-19-themed phishing scams that impersonate popular shipping carriers such as FedEx, UPS, and DHL. SecurityAffairs – phishing, hacking). Pierluigi Paganini.

Scams

Scams Phishing Advertising Hacking

How to Protect Against COVID-19 Email Scams

Security Affairs

APRIL 21, 2020

However, you can defend against the scams by taking certain protective measures that are listed below: Do not give your personal information: A common theme for most coronavirus phishing emails seems to be the inquiry for personal information such as Social Security Number or login information. Pierluigi Paganini.

Scams

Scams Phishing Artificial Intelligence VPN

Threat actors compromised British Army ’s Twitter, YouTube accounts to promote crypto scams

Security Affairs

JULY 5, 2022

Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. The Army takes information security extremely seriously and is resolving the issue. Pierluigi Paganini.

Scams

Scams Accountability Authentication Cryptocurrency

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Security Affairs

MAY 12, 2025

Fake AI tools spread via social media and scam websites like “Dream Machine” or “CapCut” bait users into uploading media. The report includes Indicators of Compromise (IOCs) for this campaign Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,fake AI tools)

Malware

Malware Media Cybercrime Scams

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. Cybercriminals used the seized domains to run BEC scams, stealing credentials and redirecting payments.

Cybercrime

Cybercrime Advertising Phishing Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

This quirk made the attack look more trustworthy and added a layer of flexibility to these scams. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. The FBI-themed ransomware was one of the most prolific infections at the time.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

The Bohemia marketplace ceased operations in late 2023 due to service disruptions, while its members suspected an exit scams of a rogue developer. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, dark web) ” reads the announcement published by Polite.

Marketing

Marketing Cybercrime DDOS Cryptocurrency

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Security Affairs

JANUARY 21, 2025

CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests under the guise of security audits.

Social Engineering

Social Engineering Scams Engineering Software

Coronavirus: Europol arrests man behind €6M face masks and hand sanitisers scam

Security Affairs

APRIL 7, 2020

While crooks continue to exploit the Coronavirus outbreak, the Europol announced to have arrested a man involved in COVID19 business scams. The Europol announced the arrest of a 39-year old man that is allegedly involved in Business email scam (BEC) connected to the current Coronavirus outbreak. The man has stolen €6.64

Scams

Scams Advertising Banking Information Security

SEC warns of investment scams related to Hurricane Ida

Security Affairs

SEPTEMBER 4, 2021

The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and Exchange Commission (SEC)’s Office of Investor Education and Advocacy is warning investors of potential investment scams related to Hurricane Ida. Pierluigi Paganini.

Scams

Scams Insurance Education Hacking

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. SecurityAffairs – hacking, IRS tax scam). The post Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors appeared first on Security Affairs.

Scams

Scams Phishing Government Passwords

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

“Outside of this campaign, we are aware of scams involving false offers of employment with CrowdStrike. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, newsletter) ” concludes the report.

Phishing

Phishing Scams Malware Authentication

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 17, 2024

Agency Warns Employees About Phone Use Amid Ongoing China Hack APT Actors Embed Malware within macOS Flutter Applications The Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat Iranian “Dream Job” Campaign 11.24

Cryptocurrency

Cryptocurrency Malware Hacking Ransomware

ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

Security Affairs

FEBRUARY 17, 2021

Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The malvertising campaign was first spotted in June 2020 and is still ongoing despite the flaw has been addressed with the release of security updates early this month.

Scams

Scams Engineering Hacking Information Security

Everest ransomware group’s Tor leak site offline after a defacement

Security Affairs

APRIL 8, 2025

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gangs darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. We cannot exclude the fact that the incident is an exit scam of the group.

Ransomware

Ransomware Healthcare Hacking Scams

Finnish Customs dismantled the dark web drugs market Sipulitie

Security Affairs

OCTOBER 16, 2024

The Bohemia marketplace ceased operations in late 2023 due to service disruptions, while its members suspected an exit scams of a rogue developer. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Sipulitie)

Marketing

Marketing Cybercrime Scams Hacking

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

Security Affairs

APRIL 10, 2025

Their TrustPilot pages show many 5-star reviews with similar, likely AI-generated content, and occasional 1-star reviews calling them scams or spammy. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,spam)

eCommerce

eCommerce Technology DNS Business Services

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. ” the company said on X.

Accountability

Accountability Hacking Cryptocurrency Cybersecurity

Threat actors claim the hack of Sony, and the company investigates

Security Affairs

SEPTEMBER 26, 2023

Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the RansomedVC extortion group claimed to have hacked the company and added the company to its Tor leak site. “We Enjoy the leak.”

Hacking

Hacking Data breaches Ransomware Scams

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Scams Phishing Encryption

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

In 2020, researchers from Athens University School of Information Sciences and Technology in Greece showed (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., As Gizmodo first reported on Nov.

Ransomware

Ransomware Cryptocurrency DDOS Scams

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Security Affairs

APRIL 28, 2025

In the aftermath, several alternative forums emerged, some demanded entry fees, fueling confusion and raising the risk of scams or government-run honeypots. It served as a marketplace for threat actors to buy and sell stolen data, hacking tools, and compromised credentials.

Risk

Risk Hacking Cybercrime Scams

Easyjet hacked: 9 million customer’s data exposed along with 2,200+ credit card details

Security Affairs

MAY 19, 2020

“Since we became aware of the incident, it has become clear that owing to COVID-19, there is heightened concern about personal data being used for online scams. ” @easyJet please can someone DM regarding me cancelling my holiday and this security breach, not leaving this another seven days with no response? .”

Hacking

Hacking Cyber Attacks Advertising Scams

Nigerian man Sentenced to 26+ years in real estate phishing scams

Crazy Evil gang runs over 10 highly specialized social media scams

Trending Sources

FBI warns of malicious free online document converters spreading malware

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Crooks hacked Mandiant X account to push cryptocurrency scam

Ukraine President enforces Information Security Strategy

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Online job offers, the reshipping and money mule scams

Digital nomads and risk associated with the threat of infiltred employees

Cyber Scams & Why We Fall for Them

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

FBI warns of an increase in online romance scams

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Insurance scams via QR codes: how to recognise and defend yourself

Unprotected database exposed a scam targeting 100K+ Facebook accounts

Thai police arrested Chinese hackers involved in SMS blaster attacks

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Global Scamdemic: Scams Become Number One Online Crime

15 SpyLoan Android apps found on Google Play had over 8 million installs

Experts warn of deliveries scams that use a COVID-19 theme

How to Protect Against COVID-19 Email Scams

Threat actors compromised British Army ’s Twitter, YouTube accounts to promote crypto scams

Threat actors use fake AI tools to deliver the information stealer Noodlophile

Law enforcement seized the domains of HeartSender cybercrime marketplaces

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Coronavirus: Europol arrests man behind €6M face masks and hand sanitisers scam

SEC warns of investment scams related to Hurricane Ida

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams

Everest ransomware group’s Tor leak site offline after a defacement

Finnish Customs dismantled the dark web drugs market Sipulitie

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Threat actors claim the hack of Sony, and the company investigates

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28

Conti Ransomware Group Diaries, Part IV: Cryptocrime

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Easyjet hacked: 9 million customer’s data exposed along with 2,200+ credit card details

Stay Connected