2023, Scams and Web Fraud - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Last week, the Massachusetts Department of Transportation (MassDOT) warned residents to be on the lookout for a new SMS phishing or “smishing” scam targeting users of EZDriveMA , MassDOT’s all electronic tolling program. In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S.

Phishing

Phishing Scams Mobile Passwords

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

A scan of social media networks showed this is not an uncommon scam. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware. SecureWorks said these attacks had been going on since at least March 2023. million phishing attempts in 2023.”

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups. xyz , a domain registered in November 2023. Here’s a closer look at the size of this scheme, and some findings about who may be responsible.

Scams

Scams DNS Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform.

Scams

Scams DDOS Cryptocurrency Accountability

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

For example, a would-be smishing victim might enter their personal and financial information, but then decide the whole thing is scam before actually submitting the data. Merrill said the criminals appear to send only a few dozen messages at a time, likely because completing the scam takes manual work by the human operators in China.

Phishing

Phishing Mobile Scams Retail

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. For example, when it was registered through NameSilo in July 2023, the domain 1ox[.]us US phishing domains.

Phishing

Phishing Telecommunications Malware Scams

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

.” The written notice goes on to say UPS believes the data exposure “affected packages for a small group of shippers and some of their customers from February 1, 2022 to April 24, 2023.” The message included his full name, phone number, and postal code, and urged him to click a link to mydeliveryfee-ups[.]info

Phishing

Phishing Retail Mobile Scams

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing

Phishing Scams Computers and Electronics Software

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

” In February 2023, Hegel co-authored a report on this same network, which Sentinel One has dubbed MalVirt (a play on “malvertising”). This October 2023 report on the FreeCAD user forum came from a user who reported downloading a copy of the software from freecadsoft[.]com They paid Google for sponsored posts.”

Software

Software Advertising Malware Accountability

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram. The file that Doug ran is a simple Apple Script (file extension “ scpt”) that downloads and executes a malicious trojan made to run on macOS systems.

Malware

Malware Cryptocurrency Software Phishing

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. Most reshipping scams promise employees a monthly salary and even cash bonuses.

Cybercrime

Cybercrime Marketing Scams Retail

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

All three SIM-swapping entities that were tracked for this story remain active in 2023, and they all conduct business in open channels on the instant messaging platform Telegram. One of the groups that reliably posted “Tmo up!”

Mobile

Mobile Phishing Authentication Advertising

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. Interisle’s newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000.US This is noteworthy because.US

Phishing

Phishing Telecommunications Government DNS

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

stole at least $800,000 from at least five victims between August 2022 and March 2023. In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. Image credit: Amitai Cohen of Wiz.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Thread Hijacking: Phishes That Prey on Your Curiosity

Krebs on Security

MARCH 28, 2024

2023, the Pennsylvania news outlet LancasterOnline.com published a story about Adam Kidan , a wealthy businessman with a criminal past who is a major donor to Republican causes and candidates, including Rep. “We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said.

Phishing

Phishing Scams Accountability Passwords

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

. “So, the attacker receives the invitation to fill out the form – and when they complete it, they enter their intended victim’s email address into the form, not their own,” Cluely wrote in a December 2023 post. ” The fake Google representative was polite, patient, professional and reassuring.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Retail

Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Booking.com Phishers May Leave You With Reservations

Trending Sources

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Interview With a Crypto Scam Investment Spammer

The Fake Browser Update Scam Gets a Makeover

How Phished Data Turns into Apple & Google Wallets

US Harbors Prolific Malicious Link Shortening Service

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Teach a Man to Phish and He’s Set for Life

Using Google Search to Find Software Can Be Risky

Calendar Meeting Links Used to Spread Mac Malware

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Why is.US Being Used to Phish So Many of Us?

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Thread Hijacking: Phishes That Prey on Your Curiosity

How to Lose a Fortune with Just One Bad Click

Infrastructure Laundering: Blending in with the Cloud

Stay Connected