Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 262

Phishing Accountability Artificial Intelligence Cybercrime 262

Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. As such, readers should be the lookout for any scams or phishing attempts in the coming weeks. But Hunts immediate disclosure of the attack should be commended.

Phishing 120

Phishing Data breaches Password Management Scams 120

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising 134

Advertising Accountability Phishing Scams 134

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. Since this seemed like a reasonable and simple request — and she indeed had an account at the bank in question — she responded, “NO.”

Banking 363

Banking Phishing Scams Accountability 363

Malwarebytes

MARCH 4, 2025

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. We’ve received several reports of this recently, so we dug into how the scam works. Weve identified an unauthorized transaction made from your PayPal account to Coinbase: Amount: $755.38

Scams 138

Scams Accountability Phishing Banking 138

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft 252

Identity Theft Phishing Cryptocurrency Accountability 252

Krebs on Security

OCTOBER 1, 2018

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? A CLOSE CALL.

Scams 279

Scams Phishing Banking Mobile 279

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Some of those lures worked, and allowed thieves to gain control over booking.com accounts.

Phishing 269

Phishing Malware Scams Passwords 269

SecureWorld News

DECEMBER 4, 2024

The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands [3] including Walmart, Target, and Best Buy increasing by more than 2,000% during peak shopping periods. Make logins secure Firstly, ensure all staff have strong passwords (12-16 characters).

Retail 116

Retail Scams Phishing Cyber threats 116

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. Organizations should enforce least privilege access and enable multi-factor authentication (MFA) on all accounts that have it available.

Phishing 112

Phishing Cybercrime Scams Authentication 112

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. “Members don’t have to request to use Zelle. .

Scams 362

Scams Banking Passwords Authentication 362

eSecurity Planet

MARCH 31, 2025

Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Karin Zilberstein, vice president of Product at cybersecurity company Guardio, says the platform consistently ranks among the top 10 most imitated companies in phishing schemes. Use a strong, unique password for your Netflix account.

Scams 107

Scams Artificial Intelligence Phishing Passwords 107

Malwarebytes

APRIL 16, 2025

In a new version of the old Hello pervert emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. But, as with all sextortion scams, this threat is an entirely empty one. Scammers do this to bypass phishing filters.

Accountability 82

Accountability Scams Passwords Phishing 82

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. million from 158 Poloniex users, and $1.17

Cryptocurrency 362

Cryptocurrency Phishing Accountability Cybercrime 362

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. “And I just am not seeing anything this egregious in terms of viruses and spams from the other email service providers.”

Accountability 361

Accountability Hacking Authentication Marketing 361

Malwarebytes

APRIL 8, 2025

Brand impersonation: from Google ad to phishing page Accounting and tax preparation software has traditionally been a common lure for scammers, particularly those related to online support operating out of large call centres in India and surrounding areas. Malicious QuickBooks domains quicckboocks-accounting[.]com

Phishing 82

Phishing Scams Accountability Passwords 82

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 357

Phishing Authentication Passwords Accountability 357

Krebs on Security

MARCH 28, 2024

They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Phishing 308

Phishing Scams Accountability Passwords 308

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 320

Phishing DNS Scams Technology 320

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. Image: Mastercard.us. A graphic from Mastercard touting the potential benefits of cardless ATM transactions.

Phishing 269

Phishing Banking Scams Accountability 269

Krebs on Security

AUGUST 9, 2021

That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. com, and was wondering when the funds would be reflected in the balance of his account on the shop. Shortly after it came online as a phishing site last year, BriansClub[.]com

Phishing 362

Phishing Cybercrime Accountability Advertising 362

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings.

Scams 271

Scams Advertising Accountability Phishing 271

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. These often start with a call to users, claiming their Gmail account has been compromised.

Phishing 109

Phishing Artificial Intelligence Identity Theft Accountability 109

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams 343

Scams Wireless Identity Theft Mobile 343

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 329

Phishing Scams Banking Mobile 329

Joseph Steinberg

DECEMBER 1, 2020

Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation.

Media 246

Media Accountability Phishing Scams 246

Troy Hunt

APRIL 5, 2025

This week, there are a few more lessons from the successful phish against me the previous week, and in happier news, there is some really solid progress on the HIBP UX rebuild. After an unusually long day of travelling from Iceland, we've finally made it to the land of Guinness, Leprechauns, and a tax haven for tech companies.

Phishing 159

Phishing Scams Accountability 159

Malwarebytes

APRIL 18, 2025

Text scams alone cost US citizens at least $470 million in 2024, according to new data from the US Federal Trade Commission (FTC). Because many scams go unreported, though, this dollar amount might be considerably more. Top 5 text scams While scams reach us in many ways, the FTC focused on text scams in their report.

Scams 86

Scams Mobile Wireless Retail 86

Krebs on Security

OCTOBER 7, 2022

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. . In the case of Zelle scams, the answer is yes. ” Sen.

Banking 287

Banking Accountability Scams Passwords 287

Troy Hunt

NOVEMBER 18, 2019

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? banks will never do things that look like a phish? see that there is no slash after.com.au?

Banking 254

Banking Phishing Scams Accountability 254

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com. The Coinbase phishing panel. million Italians.

Passwords 362

Passwords Phishing Accountability Mobile 362

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

IT Security Guru

MARCH 18, 2025

So, how can we make dating scams less attractive? Accountability Fraudsters want to get you off the apps as quickly as possible, ultimately aiming for encrypted messaging services. Which brings us to a misconception about dating scams: most dating related scams happen off the apps. The answer?

Scams 95

Scams Education Artificial Intelligence Media 95

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 240

Phishing Scams Computers and Electronics Software 240

Joseph Steinberg

FEBRUARY 4, 2024

Scammers stole over $25 million from a multinational business by utilizing cutting-edge real-time video deepfake technology to convince an employee in the firm’s accounts-payable department that the worker had properly validated a payment request previously sent to him via email. Million USD at the time of the theft and at present).

Artificial Intelligence 353

Artificial Intelligence Phishing Scams Accountability 353

Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. Urlscan also found this phishing scam from Jan.

Phishing 358

Phishing Marketing Scams Accountability 358