Accountability, Cryptocurrency and Web Fraud

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. ” In the early morning hours of Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Krebs on Security

JULY 26, 2024

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.

Accountability

Accountability Authentication Cryptocurrency Web Fraud

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. The next day, half of those profiles no longer existed.

Accountability

Accountability Cryptocurrency Scams CISO

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. The service in question — kopeechka[.]store ” “Are you working on large volumes and are costs constantly growing? The service in question — kopeechka[.]store

Accountability

Accountability Scams Cryptocurrency Advertising

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability

Accountability Cryptocurrency Passwords DNS

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

AUGUST 25, 2021

In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. universities). When Schober went to move approximately 16.4 When Schober went to move approximately 16.4

Cryptocurrency

Cryptocurrency Malware Mobile Accountability

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Phishing

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries.

Passwords

Passwords Phishing Accountability Mobile

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile

Mobile Cryptocurrency Accountability Passwords

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. Scavuzzo said the administrator’s account was hijacked even though she had multi-factor authentication turned on.

Hacking

Hacking Accountability Scams Cryptocurrency

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking

Hacking Cybercrime Phishing Passwords

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams

Scams Wireless Identity Theft Mobile

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing

Phishing Cryptocurrency DDOS Internet

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. Nor was he ever forced to improve his master password.

Passwords

Passwords Encryption Password Management Cryptocurrency

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile

Mobile Phishing Authentication Accountability

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

“The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. Many of these platforms include extensive study materials and tutorials on cryptocurrency investing.

Scams

Scams Cryptocurrency Marketing Internet

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. Holden has long maintained visibility into cryptocurrency transactions made by BriansClub. The links have been redacted.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

JANUARY 17, 2024

Images from Punchmade Dev’s Twitter/X account show him displaying bags of cash and wearing a functional diamond-crusted payment card skimmer. Punchmade Dev’s most controversial mix — a rap called “Wire Fraud Tutorial” — was taken down by Youtube last summer for violating the site’s rules.

Cybercrime

Cybercrime Media Banking Accountability

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down. “We do have strong human and automated systems in place, and we’re continually improving, as fake account activity becomes more sophisticated,” the statement reads. of spam and scam.”

CISO

CISO Cybercrime Accountability Information Security

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com found himself on the phone with one of the GoDaddy hackers, after someone who claimed they worked at GoDaddy called and said they needed him to authorize some changes to the account. “He was literally reading off the tickets to the notes of the admin panel inside GoDaddy.”

Hacking

Hacking Social Engineering Phishing Scams

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

The messages addressed customers by name and referenced past order numbers and payment amounts tied to each account. 22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. customers this month.

Passwords

Passwords Password Management Phishing Scams

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

.” According to 911, the service was hacked in early July, and it was discovered that someone manipulated the balances of a large number of user accounts. 911 said the intruders abused an application programming interface (API) that handles the topping up of accounts when users make financial deposits with the service.

Cybercrime

Cybercrime Software VPN Backups

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

It is true that a large number of hacked databases put up for sale on the cybercrime underground are sold only after a small subset of in-the-know thieves have harvested all of the low-hanging fruit in the data — e.g., access to cryptocurrency accounts or user credentials that are recycled across multiple websites.

Data breaches

Data breaches Banking Cybercrime Marketing

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

involving computers not directly connected to ICS/SCADA equipment) of the Wolf Creek Nuclear Operating Corporation (Wolf Creek) in Burlington, Kansas, which operates a nuclear power plant,” the DOJ’s account continues. ” HYDRA.

Marketing

Marketing Energy and Utilities Malware Ransomware

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Data breaches Scams

Interview With a Crypto Scam Investment Spammer

Security Boulevard

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms.

Scams

Scams Cryptocurrency Accountability Software

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. cryptocurrency holdings online. In December 2022, Troy Woody Jr. attorney general.

Cryptocurrency

Cryptocurrency Government Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. ’s son was loaded with cryptocurrency? ” What made the Miami men so convinced R.C.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

MARCH 14, 2023

Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases.

Hacking

Hacking Government Media Accountability

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account.

Cybercrime

Cybercrime Accountability Mobile Hacking

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and reselling them on the black market. Kareem said he was instructed to create an account at a website called portal-ctsi[.]com

Cybercrime

Cybercrime Marketing Scams Retail

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem.

Mobile

Mobile Government Media Technology

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

Krebs on Security

SEPTEMBER 4, 2022

But these more “hands-on” and first person attacks are becoming increasingly common within certain cybercriminal communities, particularly those engaged in SIM swapping , a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.

Government

Government Accountability Cryptocurrency Web Fraud

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Krebs on Security

OCTOBER 3, 2024

Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. The site’s homepage features a banner at the top that strongly suggests the service is reselling access to existing cloud accounts.

Accountability

Accountability Artificial Intelligence Web Fraud Cryptocurrency

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. Griffin is a battalion chief firefighter in the Seattle area, and on May 6 he received a call from someone claiming they were from Google support saying his account was being accessed from Germany.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

How Cryptocurrency Turns to Cash in Russian Banks

A Day in the Life of a Prolific Voice Phishing Crew

Webinars

Trending Sources

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Webinars

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Service Rents Email Addresses for Account Signups

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Calendar Meeting Links Used to Spread Mac Malware

How Coinbase Phishers Steal One-Time Passwords

Busting SIM Swappers and SIM Swap Myths

Discord Admins Hacked by Malicious Bookmarks

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Two Charged in SIM Swapping, Vishing Scams

Fake Lawsuit Threat Exposes Privnote Phishing Sites

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

How 1-Time Passcodes Became a Corporate Liability

Massive Losses Define Epidemic of ‘Pig Butchering’

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

The Fake Browser Update Scam Gets a Makeover

Fake CISO Profiles on LinkedIn Target Fortune 500s

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

When Low-Tech Hacks Cause High-Impact Breaches

The Life Cycle of a Breached Database

911 Proxy Service Implodes After Disclosing Breach

When Efforts to Contain a Data Breach Backfire

Actions Target Russian Govt. Botnet, Hydra Dark Market

SSNDOB marketplace shut down by global law enforcement operation

Interview With a Crypto Scam Investment Spammer

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Interview With a Crypto Scam Investment Spammer

Lamborghini Carjackers Lured by $243M Cyberheist

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Double-Your-Crypto Scams Share Crypto Scam Host

The Dark Nexus Between Harm Groups and ‘The Com’

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

How to Lose a Fortune with Just One Bad Click

Stay Connected