Social Engineering and Web Fraud - Cyber Security Informer

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Sosa also was active in a particularly destructive group of accomplished criminal SIM-swappers known as “ Star Fraud.”

Social Engineering

Social Engineering Mobile Cybercrime Passwords

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Does Your Domain Have a Registry Lock?

Krebs on Security

JANUARY 24, 2020

In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain. ” REGISTRY LOCK.

DNS

DNS Social Engineering Engineering Accountability

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. On that last date, Twilio disclosed that on Aug.

Mobile

Mobile Phishing Authentication Accountability

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

. “One Russian-speaking actor running a fraud network complained about their subordinates (“money mules”) in Italy, Spain and other countries being unable to withdraw funds, since they currently were afraid to leave their homes,” Intel 471 observed. ” Alex Holden , founder and CTO of Hold Security , agreed.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

In a blog post about their recent hack, Microsoft said LAPSUS$ succeeded against its targets through a combination of low-tech attacks, mostly involving old-fashioned social engineering — such as bribing employees at or contractors for the target organization.

Accountability

Accountability Government Hacking Social Engineering

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Peppered throughout the daily chit-chat on their Telegram channels are solicitations for people urgently needed to serve as “callers,” or those who can be hired to social engineer employees over the phone into navigating to a phishing website and entering their employee credentials.

Mobile

Mobile Phishing Authentication Advertising

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

“Usually, once a SIM swap is done they’ve already done enough research and social engineering on victims to know what accounts the victim has — whether it’s Gmail or Dropbox or whatever,” Tuttle said.

Mobile

Mobile Cryptocurrency Accountability Passwords

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

RT: We wanted to start a collaboration group to fight BEC, and really a big part of that involved just trying to social engineer the actors and get them to click on links that we could use to find out more about them and where they’re coming from. BK: And where are they coming from?

Scams

Scams Accountability Media Banking

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

. “It’s like the D-Day of fraud, this is Omaha Beach we’re on right now. The amount of fraud we are fighting is truly staggering.” “A lot of this is targeting the elderly,” Hall said.

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

When Low-Tech Hacks Cause High-Impact Breaches

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Trending Sources

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Does Your Domain Have a Registry Lock?

How 1-Time Passcodes Became a Corporate Liability

How Cybercriminals are Weathering COVID-19

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Busting SIM Swappers and SIM Swap Myths

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

How $100M in Jobless Claims Went to Inmates

Stay Connected