article thumbnail

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: osint.fans. “But on the telecom front they were using fairly sophisticated tactics.”

Phishing 348
article thumbnail

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. “And I just am not seeing anything this egregious in terms of viruses and spams from the other email service providers.”

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Man-in-the-Middle Phishing Attack

Schneier on Security

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 345
article thumbnail

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. million from 158 Poloniex users, and $1.17

article thumbnail

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

KrebsOnSecurity recently heard from a reader who said his daughter received an SMS that said it was from her bank, and inquired whether she’d authorized a $5,000 payment from her account. Since this seemed like a reasonable and simple request — and she indeed had an account at the bank in question — she responded, “NO.”

Banking 362
article thumbnail

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. ” A copy of the phishing message included in the PayPal.com invoice.

Scams 350
article thumbnail

Phish Leads to Breach at Calif. State Controller

Krebs on Security

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. Many attackers can do a great deal of damage with 24 hours of access to a user’s account. Source: sco.ca.gov. .

Phishing 310