Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. On the left is the (test) data entered at the phishing site. On the left is the (test) data entered at the phishing site. Image: Ford Merrill. Image: SilentPush.

Banking 246

Banking Phishing Mobile Retail 246

Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. ” Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia [91.215.85-166]

Phishing 327

Phishing Retail Mobile Scams 327

Krebs on Security

JULY 29, 2021

TARGETED PHISHING. But the more insidious threat with hacked databases comes not from password re-use but from targeted phishing activity in the early days of a breach, when relatively few ne’er-do-wells have got their hands on a hot new hacked database. The targeted phishing message that went out to classicfootballshirts.co.uk

Passwords 363

Passwords Password Management Phishing Scams 363

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. An image from one Chinese phishing group’s Telegram channel shows various toll road phish kits available.

Phishing 300

Phishing Mobile Scams Banking 300

Krebs on Security

NOVEMBER 6, 2018

In this case, the victim didn’t download malware or fall for some stupid phishing email. It’s not like the person who leaves a laptop in plain view in the car, and when the laptop gets stolen you say well someone just encouraged the thief in that case. ” Lt. But Detective Tuttle said Terpin’s example is an outlier.

Mobile 275

Mobile Cryptocurrency Accountability Passwords 275

Krebs on Security

JULY 16, 2019

For at least the past decade, a computer crook variously known as “ Yalishanda ,” “ Downlow ” and “ Stas_vl ” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers.

Cybercrime 232

Cybercrime Phishing Banking Malware 232

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability 255

Accountability Scams Passwords Data collection 255