Accountability and Advertising - Cyber Security Informer

Using Fake Student Accounts to Shill Brands

Schneier on Security

NOVEMBER 3, 2021

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. They also said that the scammers were creating the fake accounts by signing up for online classes and then using the email address that process provided to infiltrate the university’s various blogging platforms.

Accountability

Accountability Advertising Scams

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

OCTOBER 2, 2018

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

Advertising

Advertising Authentication Accountability Adware

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.

Accountability

Accountability Hacking Scams Media

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. also is a favored marketplace for people involved in selling phony social media accounts.

Accountability

Accountability Advertising Hacking Cybercrime

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Advertising Accountability Phishing Scams

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Accountability

Accountability Hacking Media Mobile

Ad Network Sizmek Probes Account Breach

Krebs on Security

MARCH 13, 2019

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. The starting bid was $800. A screenshot shared by the dark web seller.

Accountability

Accountability Passwords Advertising Penetration Testing

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. The service in question — kopeechka[.]store ” “Are you working on large volumes and are costs constantly growing? The service in question — kopeechka[.]store

Accountability

Accountability Scams Cryptocurrency Advertising

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

The Hacker News

JANUARY 31, 2025

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.

Advertising

Advertising Scams Accountability Phishing

Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts

Penetration Testing

JANUARY 16, 2025

In a campaign uncovered by security researcher Jrme Segura from Malwarebytes, cybercriminals have been using fraudulent Google Ads The post Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts appeared first on Cybersecurity News.

Advertising

Advertising Accountability Cybersecurity Scams

New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

The Hacker News

FEBRUARY 21, 2024

Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022.

Advertising

Advertising Accountability Malware

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

Also, the apps will persist in a user’s Office 365 account indefinitely until removed, and will survive even after an account password reset. “Now, they’re compromising accounts in credible tenants first,” Proofpoint explains. A cybercriminal service advertising the sale of access to hacked Office365 accounts.

Accountability

Accountability Advertising Passwords Phishing

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

FEBRUARY 1, 2021

“smishing”) service for the mass sending of text messages designed to phish account credentials for different popular websites and steal personal and financial data for resale. One of SMS Bandits’ key offerings: An “auto-shop” web panel for selling stolen account credentials. Image: osint.fans.

Phishing

Phishing Telecommunications Advertising Mobile

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

FEBRUARY 17, 2020

In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic. A redacted extortion email targeting users of Google’s AdSense program.

Scams

Scams Advertising Accountability Web Fraud

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. AT&T’s disclosure said the information exposed included customer first name, wireless account number, wireless phone number and email address.

Mobile

Mobile Wireless Advertising Telecommunications

Kaiser health insurance leaked patient data to advertisers

Malwarebytes

APRIL 29, 2024

Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. That’s nice for the advertisers, but the information gathered by these pixels tells them a lot about your browsing behavior, and a lot about you.

Advertising

Advertising Insurance Mobile Data breaches

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

MAY 21, 2020

The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. At the same time, the profile that advertisers can create reveals a lot.

Advertising

Advertising Internet Internet Accountability

Scammers advertise fake AppleCare+ service via GitHub repos

Malwarebytes

SEPTEMBER 12, 2024

We’d like to thank GitHub for their quick response in taking down the malicious accounts we reported to them. Scammers are creating several accounts on GitHub with one or multiple repositories with the same fraudulent index.html template: During an active campaign, they can easily swap phone numbers in case one got reported and blocked.

Advertising

Advertising Scams Social Engineering Banking

“Privacy Nutrition Labels” in Apple’s App Store

Schneier on Security

NOVEMBER 12, 2020

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s (..)

Advertising

Advertising Marketing Accountability Software

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

The Hacker News

OCTOBER 30, 2024

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News.

Accountability

Accountability Malware Advertising Cybersecurity

Turn on MFA Before Crooks Do It For You

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. Both are avid gamers on Microsoft’s Xbox platform, and for years their father managed their accounts via his own Microsoft account.

Authentication

Authentication Accountability Passwords Mobile

Ransomware Group Turns to Facebook Ads

Krebs on Security

NOVEMBER 10, 2020

Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. The Facebook ad blitz was paid for by Hodson Event Entertainment , an account tied to Chris Hodson , a deejay based in Chicago. On the evening of Monday, Nov. Image: Chris Hodson.

Ransomware

Ransomware Accountability Hacking Advertising

Microsoft advertisers phished via malicious Google ads

Malwarebytes

JANUARY 30, 2025

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers. These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft’s advertising platform.

Advertising

Advertising Phishing Accountability Marketing

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. “We’ve reviewed the ads in question, removed those that violated our policies, and suspended the associated accounts. million advertiser accounts. Google says it removed 5.2

Software

Software Advertising Malware Accountability

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. “Sorry, change password please.”

Cryptocurrency

Cryptocurrency Scams Accountability Hacking

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

NOVEMBER 7, 2018

“According to a police report, someone opened fraudulent credit card accounts and charged more than $14,000 and signed her neighbors up for Informed Delivery, too,” Clickorlando’s Louis Bolden explained. The only problem was she’d never signed up for the USPS program.

Identity Theft

Identity Theft Advertising Accountability Banking

A database containing data of 5.4 million Twitter accounts available for sale

Security Affairs

JULY 24, 2022

million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The bug exists due to the proccess of authorization used in the Android Client of Twitter, specifically in the procces of checking the duplication of a Twitter account.” Threat actor leaked data of 5.4

Accountability

Accountability Advertising Authentication Hacking

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Notices posted for Faceless users, advertising an email flooding service and soliciting zero-day vulnerabilities in Internet of Things devices. Image: Darkbeast/Ke-la.com.

Malware

Malware Passwords Accountability Advertising

Android Ad-Fraud Scheme

Schneier on Security

OCTOBER 25, 2018

After being provided with a list of the apps and websites connected to the scheme, Google investigated and found that dozens of the apps used its mobile advertising network. Google has removed more than 30 apps from the Play store, and terminated multiple publisher accounts with its ad networks.

Advertising

Advertising Mobile Internet Internet

Easy SMS Hijacking

Schneier on Security

MARCH 19, 2021

A wide ecosystem of these companies exist , each advertising their own ability to run text messaging for other businesses. Once the hacker is able to reroute a target’s text messages, it can then be trivial to hack into other accounts associated with that phone number. But Sakari is only one company.

Authentication

Authentication Accountability Advertising Mobile

A firsthand perspective on the recent LinkedIn account takeover campaign

Malwarebytes

SEPTEMBER 1, 2023

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning. A reset of the account’s password worked, but failed to remove the unwanted active session.

Accountability

Accountability Passwords Mobile Authentication

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

JULY 29, 2020

Whoever compromised the shop siphoned data on millions of card accounts that were acquired over four years through various illicit means from legitimate, hacked businesses around the globe — but mostly from U.S. Although Visa cards made up more than half of accounts put up for sale (12.1 Source: NYU.

Accountability

Accountability Banking Retail Hacking

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The service is currently advertising access to more than 150,000 devices globally. “We believe we are only seeing part of the full botnet, which may lead to more than 150,000 infected computers as advertised by BHProxies’ operators,” Arnoud wrote. The account didn’t resume posting on the forum until April 2014.

Accountability

Accountability Advertising Marketing Malware

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

JANUARY 28, 2022

That same ToX ID was claimed by a user called “ smiseo ” on the Russian forum BHF, in which smiseo advertises “clipper” malware written in Rust that swaps in the attacker’s bitcoin address when the victim copies a cryptocurrency address to their computer’s temporary clipboard. I AM DUCKERMAN.

Ransomware

Ransomware Accountability Cybercrime Malware

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising

The Hacker News

SEPTEMBER 4, 2023

Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware.

Accountability

Accountability Scams Cybercrime Advertising

Attacking Soldiers on Social Media

Schneier on Security

FEBRUARY 26, 2019

To recruit soldiers to the pages, they used targeted Facebook advertising. Inside the groups, the researchers used their phony accounts to ask the real service members questions about their battalions and their work. They also used these accounts to "friend" service members.

Media

Media Accountability Advertising

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. A USPS brochure advertising the features and benefits of Informed Visibility. Image: USPS.com.

Accountability

Accountability Authentication Identity Theft Advertising

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. co.uk , airbnb.pt-anuncio[.]com

Scams

Scams Advertising Accountability Phishing

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

.” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. SecureWorks said these attacks had been going on since at least March 2023.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet

Internet Internet Accountability Passwords

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have.

Cybercrime

Cybercrime VPN Malware Ransomware

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. and “Check bookmarks when you get account back.”

Accountability

Accountability Hacking Cryptocurrency Cybersecurity

Using Fake Student Accounts to Shill Brands

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Trending Sources

Account Hijacking Site OGUsers Hacked, Again

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Ad Network Sizmek Probes Account Breach

Service Rents Email Addresses for Account Signups

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts

New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

Malicious Office 365 Apps Are the Ultimate Insiders

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Pay Up, Or We’ll Make Google Ban Your Ads

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Kaiser health insurance leaked patient data to advertisers

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

Scammers advertise fake AppleCare+ service via GitHub repos

“Privacy Nutrition Labels” in Apple’s App Store

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

Turn on MFA Before Crooks Do It For You

Ransomware Group Turns to Facebook Ads

Microsoft advertisers phished via malicious Google ads

Using Google Search to Find Software Can Be Risky

Crooks hacked Mandiant X account to push cryptocurrency scam

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

A database containing data of 5.4 million Twitter accounts available for sale

Giving a Face to the Malware Proxy Service ‘Faceless’

Android Ad-Fraud Scheme

Easy SMS Hijacking

A firsthand perspective on the recent LinkedIn account takeover campaign

Interview With a Crypto Scam Investment Spammer

Here’s Why Credit Card Fraud is Still a Thing

Who’s Behind the Botnet-Based Service BHProxies?

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising

Attacking Soldiers on Social Media

USPS Site Exposed Data on 60 Million Users

‘Land Lordz’ Service Powers Airbnb Scams

Booking.com Phishers May Leave You With Reservations

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

A Day in the Life of a Prolific Voice Phishing Crew

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Stay Connected