Web Fraud - Cyber Security Informer

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.

Hacking

Hacking Scams Cryptocurrency Accountability

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms.

Scams

Scams DDOS Cryptocurrency Cybercrime

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests.

Mobile

Mobile Phishing Cybercrime Authentication

Webinars

The Power of Storytelling in Risk Management

ERM Program Fundamentals for Success in the Banking Industry

MORE WEBINARS

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

Identity Theft

Identity Theft Authentication Cybersecurity Accountability

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.

Hacking

Hacking Cybercrime Data breaches Energy and Utilities

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service.

Malware

Malware Passwords Cybercrime IoT

UK Sets Up Fake Booter Sites To Muddy DDoS Market

Krebs on Security

MARCH 28, 2023

The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

DDOS

DDOS Computers and Electronics Marketing Risk

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites.

Hacking

Hacking Phishing Scams Passwords

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

JANUARY 25, 2023

23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number.

Cybercrime

Cybercrime Web Fraud Data breaches

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

MARCH 7, 2023

The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations.

Phishing

Phishing Internet Internet Media

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases.

Hacking

Hacking Government Cybercrime Accountability

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

MARCH 22, 2023

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software.

Malware

Malware Cyber threats eCommerce Cybercrime

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be.

CISO

CISO Cybercrime Information Security Scams

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars.

Scams

Scams Phishing Accountability Software

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies , which offers paying customers the ability to route their web traffic anonymously through compromised computers.

Malware

Malware Accountability Passwords DNS

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.”

Ransomware

Ransomware Backups Healthcare Malware

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Malware

Malware Phishing DDOS Banking

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Passwords

Passwords Authentication Accountability Password Management

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms.

Phishing

Phishing Authentication Passwords Mobile

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees.

Scams

Scams Cryptocurrency Accountability CISO

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

The 911 service as it exists today. For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States.

VPN

VPN Antivirus Computers and Electronics Cybercrime

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed.

Accountability

Accountability Cryptocurrency Scams CISO

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

AUGUST 4, 2022

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.

Banking

Banking Scams Passwords Accountability

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Krebs on Security

DECEMBER 5, 2022

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba , one of the Internet’s largest and oldest botnets.

Malware

Malware Cybercrime Cryptocurrency IoT

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

Scams

Scams Passwords Phishing Banking

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Hacking

Hacking Cybercrime Internet Internet

KrebsOnSecurity in New Netflix Series on Cybercrime

Krebs on Security

JUNE 7, 2022

Netflix has a new documentary series airing next week — “ Web of Make Believe: Death, Lies & the Internet ” — in which Yours Truly apparently has a decent amount of screen time.

Cybercrime

Cybercrime Internet Internet Web Fraud

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation.

Data breaches

Data breaches Cybercrime Banking Cybersecurity

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”

Phishing

Phishing Cybercrime Hacking Accountability

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

re is was one of the original “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for his/her Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web. The 911 service as it existed until July 28, 2022.

Cybercrime

Cybercrime VPN Data breaches Backups

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet.

Malware

Malware Cybercrime Hacking Internet

Anti-Money Laundering Service AMLBot Cleans House

Krebs on Security

OCTOBER 15, 2022

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

Cybercrime

Cybercrime Cryptocurrency Marketing Risk

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.

Passwords

Passwords Phishing Scams Data breaches

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Scams

Scams Accountability Advertising Internet

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

Passwords

Passwords Phishing Scams Cryptocurrency

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms.

Hacking

Hacking Accountability Cybercrime Government

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

Passwords

Passwords Authentication Cybercrime Phishing

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.

Phishing

Phishing Scams DNS Passwords

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

SEPTEMBER 28, 2021

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.

Phishing

Phishing Cyber Attacks Malware Mobile

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings.

Cryptocurrency

Cryptocurrency Malware Accountability Mobile

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Authentication

Authentication Wireless Mobile Passwords

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club , a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a (..)

Hacking

Hacking Cybercrime Passwords Authentication

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline.

Malware

Malware Passwords Hacking Internet

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S.

Government

Government Hacking Cybercrime Surveillance

Discord Admins Hacked by Malicious Bookmarks

Interview With a Crypto Scam Investment Spammer

Webinars

Trending Sources

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Webinars

Identity Thieves Bypassed Experian Security to View Credit Reports

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Giving a Face to the Malware Proxy Service ‘Faceless’

UK Sets Up Fake Booter Sites To Muddy DDoS Market

When Low-Tech Hacks Cause High-Impact Breaches

Experian Glitch Exposing Credit Files Lasted 47 Days

Sued by Meta, Freenom Halts Domain Registrations

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Fake CISO Profiles on LinkedIn Target Fortune 500s

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Who’s Behind the Botnet-Based Service BHProxies?

New Ransom Payment Schemes Target Executives, Telemedicine

Disneyland Malware Team: It’s a Puny World After All

Experian, You Have Some Explaining to Do

How 1-Time Passcodes Became a Corporate Liability

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

A Deep Dive Into the Residential Proxy Service ‘911’

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Scammers Sent Uber to Take Elderly Lady to the Bank

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Hoax Email Blast Abused Poor Coding in FBI Website

KrebsOnSecurity in New Netflix Series on Cybercrime

When Efforts to Contain a Data Breach Backfire

Phishing Sites Targeting Scammers and Thieves

911 Proxy Service Implodes After Disclosing Breach

No SOCKS, No Shoes, No Malware Proxy Services!

Anti-Money Laundering Service AMLBot Cleans House

The Life Cycle of a Breached Database

How to Tell a Job Offer from an ID Theft Trap

How Coinbase Phishers Steal One-Time Passwords

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

The Rise of One-Time Password Interception Bots

‘Tis the Season for the Wayward Package Phish

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Recycle Your Phone, Sure, But Maybe Not Your Number

Crime Shop Sells Hacked Logins to Other Crime Shops

The Link Between AWM Proxy & the Glupteba Botnet

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Stay Connected