2019, Phishing and Web Fraud - Cyber Security Informer

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

This is all meant to be a big joke: Krebs means “crab” or “cancer” in German, but a “crab” is sometimes used in Russian hacker slang to refer to a “carder,” or a person who regularly engages in street-level credit card fraud. ” Mitch demanded, referring to the phishing site.

Phishing

Phishing Cybercrime Accountability Advertising

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing

Phishing Passwords Hacking Internet

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “ vishing ” attacks and “ SIM swapping ,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Scams

Scams Wireless Identity Theft Mobile

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

Back in 2019, KrebsOnSecurity wrote about thieves employing this method to seize control over thousands of domains registered at GoDaddy, and using those to send bomb threats and sextortion emails (GoDaddy says they fixed that weakness in their systems not long after that 2019 story). by the brand protection firm MarkMonitor.

DNS

DNS Internet Internet Phishing

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals. Stamford, Ct. . Image: APWG.

Phishing

Phishing Marketing Accountability DNS

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. 2019 that wasn’t discovered until April 2020.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

SEPTEMBER 2, 2024

Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites. KrebsOnSecurity profiled OTP Agency in a February 2021 story about arrests tied to another phishing-related service based in the U.K. Three men in the United Kingdom have pleaded guilty to operating otp[.]agency

Accountability

Accountability Banking Passwords Scams

Be Very Sparing in Allowing Site Notifications

Krebs on Security

NOVEMBER 17, 2020

Frank Angiolelli , vice president of security at Indelible, said rogue notifications can be abused for credential phishing, as well as foisting malware and other unwanted applications on users. “This method is currently being used to deliver something akin to adware or click fraud type activity,” Angiolelli said.

Antivirus

Antivirus Advertising Internet Internet

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

But when the interested party inquires about the listing, they are sent a link to a site that looks like Airbnb.com but which is actually a phishing page. Here’s one from would-be victim Shanon, on March 28, 2019, to the scammers. In the case of these particular fraudsters, their fake page was “ airbnb.longterm-airbnb[.]co[.]uk

Scams

Scams Advertising Accountability Phishing

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

” In Dragonfly’s second iteration between 2014 and 2017, the hacking group spear-phished more than 3,300 people at more than 500 U.S. and international companies and entities, including U.S. federal agencies like the Nuclear Regulatory Commission. ” HYDRA.

Marketing

Marketing Energy and Utilities Malware Ransomware

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Mozilla spokesperson Ellen Canale said Mozilla took ownership of virtualfirefox.com in September 2017 after a trademark dispute, but that the DNS nameserver for the record was not reset until January of 2019. “We’ve reviewed the configuration of both our registrar and nameservers and have found no indication of misuse.

DNS

DNS Internet Internet Computers and Electronics

Cyber Security Informer

Phishing Sites Targeting Scammers and Thieves

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Trending Sources

Fake Lawsuit Threat Exposes Privnote Phishing Sites

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Karma Catches Up to Global Phishing Service 16Shop

Two Charged in SIM Swapping, Vishing Scams

Don’t Let Your Domain Name Become a “Sitting Duck”

Phishers are Angling for Your Cloud Providers

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Owners of 1-Time Passcode Theft Service Plead Guilty

Be Very Sparing in Allowing Site Notifications

‘Land Lordz’ Service Powers Airbnb Scams

Actions Target Russian Govt. Botnet, Hydra Dark Market

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Stay Connected