Media, Social Engineering and Web Fraud

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. A review of EDR vendors across many cybercrime forums shows that some fake EDR vendors sell the ability to send phony police requests to specific social media platforms, including forged court-approved documents.

Hacking

Hacking Accountability Government Social Engineering

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. Verify web links do not have misspellings or contain the wrong domain. and 11:00 p.m.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Sosa also was active in a particularly destructive group of accomplished criminal SIM-swappers known as “ Star Fraud.”

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against an engineer who was one of only four LastPass employees with access to the corporate vault. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.

Hacking

Hacking Cybercrime Phishing Passwords

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

RT: We wanted to start a collaboration group to fight BEC, and really a big part of that involved just trying to social engineer the actors and get them to click on links that we could use to find out more about them and where they’re coming from. How does online dating fraud fit into the BEC scam?

Scams

Scams Accountability Media Banking

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

This includes people who run or work at cryptocurrency-focused companies; those who participate as speakers at public conferences centered around Blockchain and cryptocurrency technologies; and those who like to talk openly on social media about their crypto investments.

Mobile

Mobile Cryptocurrency Accountability Passwords

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.

Mobile

Mobile Phishing Authentication Advertising

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

19, a group of cybercriminals that allegedly included the couple’s son executed a sophisticated phone-based social engineering attack in which they stole $243 million worth of cryptocurrency from a victim in Washington, D.C. .’s son was loaded with cryptocurrency? Approximately one week earlier, on Aug.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

While MGM was still trying to evict the intruders from its systems, an individual who claimed to have firsthand knowledge of the hack contacted multiple media outlets to offer interviews about how it all went down. A source close to the investigation said @Holy also was a moderator on “ Harm Nation ,” an offshoot of 764.

Cybercrime

Cybercrime Accountability Mobile Hacking

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. The document requested the Internet address history of Discord accounts tied to a specific phone number used by the target.

Accountability

Accountability Government Hacking Social Engineering

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

“No one gets arrested,” Daniel enthused to Junseth in the May 7 podcast, which quickly went viral on social media. This process, he explained, essentially self-selects people who are more likely to be susceptible to their social engineering schemes. [It

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

When Low-Tech Hacks Cause High-Impact Breaches

Trending Sources

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Busting SIM Swappers and SIM Swap Myths

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Lamborghini Carjackers Lured by $243M Cyberheist

The Dark Nexus Between Harm Groups and ‘The Com’

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

How to Lose a Fortune with Just One Bad Click

Stay Connected