Accountability, Advertising and Web Fraud

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

.” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. SecureWorks said these attacks had been going on since at least March 2023.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Accountability

Accountability Hacking Media Mobile

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. The service in question — kopeechka[.]store ” “Are you working on large volumes and are costs constantly growing? The service in question — kopeechka[.]store

Accountability

Accountability Scams Cryptocurrency Advertising

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

Also, the apps will persist in a user’s Office 365 account indefinitely until removed, and will survive even after an account password reset. “Now, they’re compromising accounts in credible tenants first,” Proofpoint explains. A cybercriminal service advertising the sale of access to hacked Office365 accounts.

Accountability

Accountability Advertising Passwords Phishing

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

FEBRUARY 17, 2020

In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic. A redacted extortion email targeting users of Google’s AdSense program.

Scams

Scams Advertising Accountability Web Fraud

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. “We’ve reviewed the ads in question, removed those that violated our policies, and suspended the associated accounts. million advertiser accounts. Google says it removed 5.2

Software

Software Advertising Malware Accountability

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Notices posted for Faceless users, advertising an email flooding service and soliciting zero-day vulnerabilities in Internet of Things devices. Image: Darkbeast/Ke-la.com.

Malware

Malware Passwords Accountability Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BHProxies sells access to “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for their Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web. The account didn’t resume posting on the forum until April 2014.

Accountability

Accountability Advertising Marketing Malware

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have.

Cybercrime

Cybercrime VPN Malware Ransomware

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams

Scams Banking Accountability Financial Services

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. co.uk , airbnb.pt-anuncio[.]com

Scams

Scams Advertising Accountability Phishing

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

The idea is that even if the user’s password gets stolen, the attacker still can’t access the user’s account without that second factor — i.e. without access to the victim’s mobile device or phone number. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords

Passwords Mobile Authentication Banking

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

Siegel said the “recruiter” sent her a list of screening questions that all seemed relevant to the position being advertised. LinkedIn said its platform uses automated and manual defenses to detect and address fake accounts or fraudulent payments. of the fake accounts. . of the fake accounts.

Scams

Scams Accountability Advertising Web Fraud

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

That is a far cry from the proxy inventory advertised by 911, which stood at more than 200,000 IP addresses for rent just a few days ago. According to Constella Intelligence [currently an advertiser on KrebsOnSecurity], Oleg used the same password from his iboss32@ro.ru Image: Spur.us. is no longer active.

Malware

Malware Cybercrime Internet Internet

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

NOVEMBER 13, 2018

Randall said she didn’t notice at the time because she was in the middle of switching careers, didn’t have any active photography clients, and had gotten out of the habit of checking that email account. “I still don’t have access to it because I don’t have access to the email account tied to my old domain. .

Accountability

Accountability eCommerce Cybercrime Advertising

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death. THE LAPSUS$ CONNECTION.

Accountability

Accountability Government Hacking Social Engineering

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. The “ drops ” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites.

Cybercrime

Cybercrime Marketing Scams Retail

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number. Each advertises their claimed access to T-Mobile systems in a similar way.

Mobile

Mobile Phishing Authentication Advertising

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. One of many self portraits published on the Instagram account of Enzo Zelocchi.

Cryptocurrency

Cryptocurrency Government Internet Internet

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

A screen shot from a user account at “Snowden,” a long-running reshipping mule service. It stands to reason that the virus outbreak might depress cybercriminal demand for “dumps,” or stolen account data that can be used to create physical counterfeit credit cards.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. One source who had at least two employees fall for the scheme forwarded KrebsOnSecurity a response from UR’s privacy division, which blamed the incident on a third-party advertising partner.

Phishing

Phishing Marketing Accountability DNS

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple reason that there are tons of completely fake e-commerce sites out there looking to separate the unwary from their credit card details. CHCEK THE SHIPPING.

Scams

Scams Wireless Phishing Banking

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that they openly operated hundreds of web sites selling tools designed to trick people into giving up usernames and passwords, or deploying malicious software on their PCs. ” A number of questions, indeed. .

Phishing

Phishing Cybercrime Malware Advertising

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

Cyber intelligence firm Intel 471 reports that obelisk57@gmail.com was used to register an account on the forum Blacksoftware under the nickname “ Kerens.” Bringing things full circle, Constella Intelligence shows that various online accounts tied to the email address unforgiven57@mail.ru .” Crypt[.]guru’s

Malware

Malware Antivirus Cybercrime Hacking

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

Privnote’s ease-of-use and popularity among cryptocurrency enthusiasts has made it a perennial target of phishers , who erect Privnote clones that function more or less as advertised but also quietly inject their own cryptocurrency payment addresses when a note is created that contains crypto wallets. io seem like a legitimate website.

Phishing

Phishing Cryptocurrency DDOS Internet

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem.

Mobile

Mobile Government Media Technology

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

SSNDOB advertised its services on dark web forums and offered customer support for buyers. One breach taking your login from a gaming forum can quickly become something that exposes Government service logins or bank accounts. DDoS attacks from rivals are common, so several domains working together keeps things ticking over.

DDOS

DDOS Cryptocurrency Data breaches Scams

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

Also, this greenhorn criminal clearly had bought into BriansClub’s advertising, which uses my name and likeness in a series of ads that run on all the top cybercrime forums. That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts.

Phishing

Phishing Cybercrime Accountability Advertising

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

net , a service that advertised to cybercriminals seeking to obfuscate their malicious software so that it goes undetected by all or at least most of the major antivirus products on the market. net , which advertised “free unlimited internet file-sharing platform” for those who agreed to install their software.

VPN

VPN Computers and Electronics Antivirus Software

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

The 122 services targeted in Sanders’ research include some of the more prominent businesses advertising on the cybercrime forums today, such as: -abuse-friendly or “bulletproof” hosting providers like anonvm[.]wtf, wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

A Twitter account for Web Listings Inc. has posts dating back to 2010, and points to even more Web Listings domains, including weblistingsinc.org. ” Historic WHOIS registration records from Domaintools [an advertiser on this blog] say Weblistingsinc.org was registered in Nov. Image: Better Business Bureau.

Scams

Scams Marketing Internet Internet

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

Krebs on Security

SEPTEMBER 4, 2022

But these more “hands-on” and first person attacks are becoming increasingly common within certain cybercriminal communities, particularly those engaged in SIM swapping , a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.

Government

Government Accountability Cryptocurrency Web Fraud

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Krebs on Security

OCTOBER 3, 2024

Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. The site’s homepage features a banner at the top that strongly suggests the service is reselling access to existing cloud accounts.

Accountability

Accountability Artificial Intelligence Web Fraud Cryptocurrency

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

OCTOBER 15, 2019

.” Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.

Hacking

Hacking Cybercrime Marketing Banking

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

When Twitter got hacked in July 2020 and some of the most-followed celebrity accounts on Twitter started tweeting double-your-crypto offers, 383 people sent more than $100,000 in a few hours. In many ways, the crypto giveaway scam is a natural extension of perhaps the oldest cyber fraud in the book: Advanced-fee fraud.

Scams

Scams Cryptocurrency Media Hacking

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. Many states also lacked the ability to tell when multiple payments were going to the same bank accounts. protections.

Scams

Scams Insurance DDOS Authentication

A Day in the Life of a Prolific Voice Phishing Crew

Booking.com Phishers May Leave You With Reservations

Trending Sources

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Service Rents Email Addresses for Account Signups

Malicious Office 365 Apps Are the Ultimate Insiders

Pay Up, Or We’ll Make Google Ban Your Ads

Using Google Search to Find Software Can Be Risky

Giving a Face to the Malware Proxy Service ‘Faceless’

Interview With a Crypto Scam Investment Spammer

Who’s Behind the Botnet-Based Service BHProxies?

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Would You Have Fallen for This Phone Scam?

‘Land Lordz’ Service Powers Airbnb Scams

The Rise of One-Time Password Interception Bots

How to Tell a Job Offer from an ID Theft Trap

No SOCKS, No Shoes, No Malware Proxy Services!

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

How Cybercriminals are Weathering COVID-19

Phishers are Angling for Your Cloud Providers

How to Shop Online Like a Security Pro

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Why Malware Crypting Services Deserve More Scrutiny

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Fighting Fake EDRs With ‘Credit Ratings’ for Police

SSNDOB marketplace shut down by global law enforcement operation

Phishing Sites Targeting Scammers and Thieves

A Deep Dive Into the Residential Proxy Service ‘911’

How Cryptocurrency Turns to Cash in Russian Banks

Who’s Behind the ‘Web Listings’ Mail Scam?

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

“BriansClub” Hack Rescues 26M Stolen Cards

Double-Your-Crypto Scams Share Crypto Scam Host

How $100M in Jobless Claims Went to Inmates

Stay Connected