2022, Scams and Web Fraud - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Before we get to the Apple scam in detail, we need to revisit Tony’s case. The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls. The phishing domain used to steal roughly $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.” A U2F device made by Yubikey.

Hacking

Hacking Social Engineering Phishing Scams

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Krebs on Security

OCTOBER 9, 2023

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. com was registered in 2022 via Singapore-based Alibaba.com , but the registrant city and state listed for that domain says “Georgia, AL,” which is not a real location. The fake USPS phishing page. Postal Service (USPS) customers.

Phishing

Phishing Scams Passwords Web Fraud

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

.” The written notice goes on to say UPS believes the data exposure “affected packages for a small group of shippers and some of their customers from February 1, 2022 to April 24, 2023.” The message included his full name, phone number, and postal code, and urged him to click a link to mydeliveryfee-ups[.]info

Phishing

Phishing Retail Mobile Scams

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations.

Accountability

Accountability Cryptocurrency Scams CISO

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

In mid-June 2022, a flood of SMS phishing messages began targeting employees at commercial staffing firms that provide customer support and outsourcing to thousands of companies. The messages began at 2022-07-20 22:50 UTC. Image: Cloudflare.com. 2021 post about the change. ”

Mobile

Mobile Phishing Authentication Accountability

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Here’s what part of their current homepage looks like: The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys.

Malware

Malware Cybercrime Internet Internet

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains registered daily.US US phishing domains.

Phishing

Phishing Telecommunications Malware Scams

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

billion ads in 2022, and restricted more than 4.3 The company’s latest ad safety report says Google in 2022 blocked or removed 1.36 ” Almost a month later, another FreeCAD user reported getting stung by the same scam. We’ll continue to monitor and apply our protections.” Google says it removed 5.2

Software

Software Advertising Malware Accountability

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

On August 3, 2022, someone using the alias “ Holistic-K1ller ” posted on Breached a thread selling data allegedly stolen from Grupo Financiero Banorte , Mexico’s second-biggest financial institution by total loans. . “Who does it? Instead of helping, they pushed the organization from the hill.”

Data breaches

Data breaches Banking Cybercrime Marketing

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

Last year, researchers at Minerva Labs spotted the botnet being used to blast out sextortion scams. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The website BHProxies[.]com The account didn’t resume posting on the forum until April 2014.

Accountability

Accountability Advertising Marketing Malware

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. Interisle’s newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000.US This is noteworthy because.US

Phishing

Phishing Telecommunications Government DNS

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

” The service charged 20 percent of all “scam wires,” unauthorized wire transfers resulting from bank account takeovers or scams like CEO impersonation schemes. 2022 closure of LuxSocks , another malware-based proxy network. Kilmer said 911 also gained an influx of new customers after the Jan.

VPN

VPN Computers and Electronics Antivirus Software

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing

Phishing Passwords Internet Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys. “Probably, they wanted to keep that revenue stream going.”

Malware

Malware VPN Internet Internet

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary.

Mobile

Mobile Phishing Authentication Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. ” One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month. “On Twitter, more spam and crypto scam.”

Scams

Scams DDOS Cryptocurrency Accountability

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Retail

Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

When Low-Tech Hacks Cause High-Impact Breaches

Trending Sources

Massive Losses Define Epidemic of ‘Pig Butchering’

Service Rents Email Addresses for Account Signups

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Phishers Spoof USPS, 12 Other Natl’ Postal Services

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

How 1-Time Passcodes Became a Corporate Liability

No SOCKS, No Shoes, No Malware Proxy Services!

US Harbors Prolific Malicious Link Shortening Service

Using Google Search to Find Software Can Be Risky

When Efforts to Contain a Data Breach Backfire

Who’s Behind the Botnet-Based Service BHProxies?

Why is.US Being Used to Phish So Many of Us?

A Deep Dive Into the Residential Proxy Service ‘911’

Karma Catches Up to Global Phishing Service 16Shop

Who and What is Behind the Malware Proxy Service SocksEscort?

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Interview With a Crypto Scam Investment Spammer

Infrastructure Laundering: Blending in with the Cloud

Stay Connected