Authentication, Scams and Web Fraud - Cyber Security Informer

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Scams

Scams Banking Passwords Authentication

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. Sure enough, he said, as long as he was calling from the number on file for his account, the automated system let him review recent transactions without any further authentication.

Scams

Scams Banking Accountability Financial Services

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com said he suspected the call was a scam, but decided to play along for about an hour — all the while recording the call and coaxing information out of the scammer. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking

Hacking Social Engineering Phishing Scams

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. A scan of social media networks showed this is not an uncommon scam. .” The phony booking.com website generated by visiting the link in the text message.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com.

Mobile

Mobile Phishing Authentication Accountability

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). ” TMO UP!

Mobile

Mobile Phishing Authentication Advertising

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account. Scavuzzo said the administrator’s account was hijacked even though she had multi-factor authentication turned on.

Hacking

Hacking Accountability Scams Cryptocurrency

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

SEPTEMBER 2, 2024

agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Text messages, emails and phone calls warning recipients about potential fraud are some of the most common scam lures.

Accountability

Accountability Banking Passwords Scams

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook.

Passwords

Passwords Phishing Accountability Mobile

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing. Urgency should be a giant red flag. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. Perhaps the biggest selling point for U-Admin is a module that helps phishers intercept multi-factor authentication codes. Image: fr3d.hk/blog.

Phishing

Phishing Scams Banking Mobile

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock.

DNS

DNS Internet Internet Phishing

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability

Accountability Advertising Passwords Phishing

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Fake profiles also may be tied to so-called “pig butchering” scams , wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out. of spam and scams. “Clearly they are not monitored,” Taylor assessed.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. mail server responds “OK” = successful access).

Accountability

Accountability Authentication Passwords Hacking

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. A booking photo of Noah Michael Urban released by the Volusia County Sheriff.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing

Phishing Passwords Internet Internet

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers.

Scams

Scams Wireless Phishing Banking

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette. “After investigating the matter, our team confirmed that a threat actor(s) abused our DNS setup process,” the company said in an emailed statement.

DNS

DNS Internet Internet Computers and Electronics

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. to shore up their authentication efforts, with six more states under contract to use the service in the coming months.

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

‘Land Lordz’ Service Powers Airbnb Scams

Trending Sources

Would You Have Fallen for This Phone Scam?

When Low-Tech Hacks Cause High-Impact Breaches

Service Rents Email Addresses for Account Signups

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Booking.com Phishers May Leave You With Reservations

How 1-Time Passcodes Became a Corporate Liability

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Discord Admins Hacked by Malicious Bookmarks

Owners of 1-Time Passcode Theft Service Plead Guilty

How Coinbase Phishers Steal One-Time Passwords

The Life Cycle of a Breached Database

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Don’t Let Your Domain Name Become a “Sitting Duck”

Malicious Office 365 Apps Are the Ultimate Insiders

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Karma Catches Up to Global Phishing Service 16Shop

How to Shop Online Like a Security Pro

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

How $100M in Jobless Claims Went to Inmates

Stay Connected