Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S.

Scams 127

Scams Phishing Identity Theft Accountability 127

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The text has been machine-translated from Russian.

Phishing 227

Phishing Government Engineering Internet 227

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile 116

Mobile Scams Phishing Social Engineering 116

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Some of those lures worked, and allowed thieves to gain control over booking.com accounts.

Phishing 285

Phishing Scams Malware Passwords 285

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. The entirety of the scam takes place over the phone.

Banking 363

Banking Phishing Scams Accountability 363

Malwarebytes

APRIL 7, 2025

Back in August 2024, we warned about a relatively new type of SMS phishing (or smishing ) scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. The phishing sites are typically out to steal personal information and/or payment details. E.g. e-zpass.com- roadioe[.]cc.

Scams 115

Scams Phishing Mobile Internet 115

Malwarebytes

JUNE 18, 2025

They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites. Capturing just how aggravating today’s online world is, a full 78% of people said they encountered or received a scam on their smartphone at least once a week.

Scams 103

Scams Social Engineering Media Engineering 103

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. com — stopped resolving. com — stopped resolving.

Phishing 337

Phishing Scams Mobile DNS 337

Krebs on Security

DECEMBER 18, 2024

The message included a “Google Support Case ID number” and information about the Google representative supposedly talking to him on the phone, stating the rep’s name as “Ashton” — the same name given by the caller. I put my seed phrase into a phishing site, and that was it.”

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

eSecurity Planet

JUNE 9, 2025

According to HMRC, criminals used stolen personal data, likely obtained through phishing emails or from third-party sources, to either access or create fake PAYE (Pay As You Earn) tax accounts. HMRC has already locked down affected accounts, removed incorrect information, and reset login details.

Scams 85

Scams Phishing Password Management Accountability 85

Jane Frankland

MAY 16, 2025

After joining Vanessa Feltz on Channel 5 to talk all things scams, I wanted to follow up with a clear guide for anyone whos ever been targeted or worries they might be next. Scams today arent just dodgy emails or shady phone calls. billion is lost to scams every year in the UK, with an average loss of 1,443 per person.

Scams 130

Scams Password Management Passwords Banking 130

eSecurity Planet

MAY 28, 2025

Adam Mosseri, the head of Instagram, revealed that he nearly fell for a highly convincing phishing attack that appeared to come from Google. The scam, which combined a phone call and a cleverly disguised email, highlights just how advanced phishing methods are becoming, even fooling seasoned tech leaders.

Scams 72

Scams Phishing Passwords Media 72

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 337

Phishing DNS Scams Technology 337

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Schneier on Security

NOVEMBER 6, 2020

Research paper: Rick Wash, “ How Experts Detect Phishing Scam Emails “: Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not.

Phishing 264

Phishing Scams Technology Risk 264

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 341

Phishing Scams Banking Mobile 341

Malwarebytes

MAY 28, 2025

Over a year ago the FBI warned about what was then a new form of smishing (phishing via SMS) scam: text messages that demanded payment for toll fees. Then, in April another wave of toll fee scams began doing the rounds. How to avoid falling for toll fee scams Check the phone number that the text message comes from.

Scams 101

Scams Mobile Phishing Internet 101

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 128

Engineering Phishing Banking Authentication 128

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Phishing 327

Phishing Scams Malware Passwords 327

Krebs on Security

MARCH 28, 2024

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information.

Phishing 315

Phishing Scams Accountability Passwords 315

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. The information requested from people who visited votewin.org via the SMS campaign. Image: WDIV Detroit on Youtube. Red flag #1.

Phishing 316

Phishing Scams Mobile Advertising 316

Security Boulevard

MAY 28, 2025

Online threats have become increasingly sophisticated, and phishing attacks are no exception. The post The latest in phishing scams: stealing your information through fake online forms appeared first on Security Boulevard.

Scams 59

Scams Phishing Threat Reports Technology 59

eSecurity Planet

MARCH 11, 2025

cities are alerting residents to a widespread phishing scam involving fraudulent text messages about unpaid parking violations. These deceptive messages aim to steal personal and financial information from unsuspecting motorists. A growing number of U.S. Is your city affected?

Scams 67

Scams Phishing Consumer Protection Authentication 67

Krebs on Security

AUGUST 9, 2021

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. com, vclub[.]cards,

Phishing 362

Phishing Cybercrime Accountability Advertising 362

eSecurity Planet

MARCH 31, 2025

Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. They can now access the account, which contains financial information.

Scams 107

Scams Artificial Intelligence Phishing Passwords 107

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. Protect yourand your family’spersonal information by using identity protection.

Phishing 108

Phishing Identity Theft Artificial Intelligence Accountability 108

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams 356

Scams Wireless Identity Theft Mobile 356

Malwarebytes

APRIL 18, 2025

Text scams alone cost US citizens at least $470 million in 2024, according to new data from the US Federal Trade Commission (FTC). Because many scams go unreported, though, this dollar amount might be considerably more. Top 5 text scams While scams reach us in many ways, the FTC focused on text scams in their report.

Scams 103

Scams Mobile Wireless Phishing 103

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US US phishing domains.US is overseen by the U.S.

Phishing 311

Phishing Telecommunications Government DNS 311

Malwarebytes

APRIL 8, 2025

By purchasing prominent Google Ads, they are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even one-time passcodes (OTPs) the keys to someone’s financial data needed for tax compliance. Malicious QuickBooks domains quicckboocks-accounting[.]com

Phishing 82

Phishing Scams Accountability Authentication 82

Webroot

MAY 9, 2025

Text scams, also known as smishing (SMS + phishing ), are on the rise. The Federal Trade Commission reports that in 2024, consumers lost $470 million to scams that started with text messages. Watch out for these common scams Package delivery alerts Package delivery alerts are the most common text scam.

Scams 72

Scams Mobile Banking VPN 72

Malwarebytes

JUNE 10, 2025

Malicious texts pose as package delivery notifications, phishing emails impersonate trusted brands, and unknown calls hide extortion attempts, virtual kidnapping schemes, or AI threats. According to new research conducted by Malwarebytes, 44% of people encounter a mobile scam every single day, while 78% encounter scams at least weekly.

Scams 90

Scams Mobile Identity Theft Social Engineering 90

Joseph Steinberg

JUNE 1, 2021

Cybercriminals Are Impersonating Meal-Kit Services In Order To Steal Money And Personal Information. The post Cybercriminals Are Impersonating Meal-Kit Services In Order To Steal Money And Personal Information appeared first on Joseph Steinberg: CyberSecurity, Privacy, & Artificial Intelligence (AI) Advisor.

Artificial Intelligence 294

Artificial Intelligence Scams Retail Phishing 294

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 245

Phishing Scams Computers and Electronics Software 245

Krebs on Security

DECEMBER 29, 2024

In January, KrebsOnSecurity told the story of a Canadian man who was falsely charged with larceny and lost his job after becoming the victim of a complex e-commerce scam known as triangulation fraud. In this scam, you receive what you ordered, and the only party left to dispute the transaction is the owner of the stolen payment card.

Scams 241

Scams Cybercrime Cryptocurrency Social Engineering 241