Banking and Internet - Cyber Security Informer

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

The site will then complain that the visitor’s bank needs to “verify” the transaction by sending a one-time code via SMS. In reality, the bank is sending that code to the mobile number on file for their customer because the fraudsters have just attempted to enroll that victim’s card details into a mobile wallet.

Banking

Banking Phishing Mobile Retail

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Transacting in Person with Strangers from the Internet

Krebs on Security

SEPTEMBER 9, 2022

But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions. These safe trading places exist because sometimes in-person transactions from the Internet don’t end well for one or more parties involved. Nearly all U.S. Nearly all U.S.

Internet

Internet Internet Banking Surveillance

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One thing we noticed on the phishing page after the first screen, was a message claiming that the internet connection was poor. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

Cybercrime Rapper Sues Bank over Fraud Investigation

Krebs on Security

AUGUST 7, 2024

That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. On June 26, Turner filed a pro se lawsuit against PNC Bank , alleging “unlawful discriminatory and tortuous action” after he was denied a wire transfer in the amount of $75,000.

Banking

Banking Cybercrime Accountability Retail

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. Kaspersky did not respond to repeated requests for comment. It remains unclear why Kaspersky is providing transit to Prospero.

Malware

Malware Antivirus Software DDOS

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.

DDOS

DDOS Government Internet Internet

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The CIA triad has evolved with the Internet. the Internet of today. For example, the 5G communications revolution isn’t just about faster access to videos; it’s about Internet-connected things talking to other Internet-connected things without our intervention. The first iteration of the Web—Web 1.0

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

The Last Watchdog

APRIL 24, 2025

Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of a dedicated Public Key Infrastructure (PKI) framework, tailored to banks and payment networks, guided by the Accredited Standards Committee X9 (ASC X9), and being rolled out by DigiCert.

Banking

Banking Internet Internet IoT

Android banking trojans: How they steal passwords and drain bank accounts

Malwarebytes

FEBRUARY 27, 2024

For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. What are Android banking trojans? Take the SharkBot banking trojan, which Malwarebytes detects and stops.

Banking

Banking Passwords Accountability Malware

Deepfake Video of Central Bank Governor and Journalist Promotes Fraudulent Investment Opportunity

Joseph Steinberg

SEPTEMBER 5, 2024

Reinesch and Zenners, the two people seen in the video, however, never discussed such a project, because the central bank has no so project; “the project” in question is nothing more than a scam created by criminals.

Banking

Banking Artificial Intelligence Scams Cryptocurrency

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Security Affairs

JULY 27, 2024

Ukraine launched a massive cyber operation that shut down the ATM services of the biggest Russian banks on July 27, reported the Kyiv Post. Ukraine has launched a massive cyberattack against ATMs of Russian banks, the cyber operation began on July 23. reported the KyivPost.

Banking

Banking Mobile Hacking Internet

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. million IBAN details.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Learning from Troy Hunt’s Sneaky Phish

Adam Shostack

APRIL 5, 2025

I do this for banks, and send them to a folder named for the bank. As an aside, the old internet of protocols meant people created new tools to interface with them as a matter of course. Maybe some jerk will see this, and think all of Adams custom addresses are vendor and three digits and says, hah, Ill send to all of those!

Phishing

Phishing Banking Internet Internet

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

Krebs on Security

APRIL 10, 2020

Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics

Computers and Electronics Banking Accountability Scams

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. Bank customers. Bank customers.

Malware

Malware Banking Phishing DDOS

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.

DNS

DNS Internet Internet Phishing

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

JANUARY 19, 2022

That’s right, the photos that you just sent your significant other over WhatsApp, the results of your recent bloodwork, and your bank statements that accessed over the weekend could all leak. People and organizations around the globe rely on encryption as the primary method of keeping data secure when transmitted across the Internet.

Encryption

Encryption Backups Banking Artificial Intelligence

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. Cloud Router was previously called 911 S5.

VPN

VPN Government Cybercrime Internet

Phone Farming for Ad Fraud

Schneier on Security

AUGUST 6, 2019

Interesting article on people using banks of smartphones to commit ad fraud for profit. No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high -- here's an article that places losses between $6.5

Banking

Banking Internet Internet

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

MAY 16, 2020

A federal fraud investigator who spoke with KrebsOnSecurity on condition of anonymity said many states simply don’t have enough controls in place to detect patterns that might help better screen out fraudulent unemployment applications, such as looking for multiple applications involving the same Internet addresses and/or bank accounts.

Insurance

Insurance Banking Identity Theft Accountability

Wire Fraud Scam Upgraded with Bitcoin

Schneier on Security

NOVEMBER 16, 2021

The FBI has issued a bulletin describing a bitcoin variant of a wire fraud scam : As the agency describes it, the scammer will contact their victim and somehow convince them that they need to send money, either with promises of love, further riches, or by impersonating an actual institution like a bank or utility company.

Scams

Scams Cryptocurrency Banking Internet

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Krebs on Security

SEPTEMBER 16, 2021

man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. A jury in California today reached a guilty verdict in the trial of Matthew Gatrel , a St. Charles, Ill. The user interface for Downthem[.]org.

DDOS

DDOS DNS Internet Internet

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

Security Boulevard

JANUARY 24, 2025

Plus, the EUs DORA cyber rules for banks go into effect. DORA establishes strict cybersecurity requirements for financial firms including banks , insurance companies and investment firms, as well as for third-parties that provide information and communications technology (ICT) products and services to financial sector organizations.

Banking

Banking Cybersecurity Artificial Intelligence Ransomware

A Robot the Size of the World

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. This was the Internet of Things (IoT). The classical definition of a robot is something that senses, thinks, and acts—that’s today’s Internet. It was connected to your smartphone. It had actuators: Drones, autonomous cars.

Internet

Internet Internet IoT Banking

Internet Safety Month: Keep Your Online Experience Safe and Secure

Webroot

MAY 31, 2024

What is Internet Safety Month? Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we’re taking the best precautions to stay safe online. Review your bank and credit card statements regularly for any unauthorized transactions.

Internet

Internet Internet Identity Theft Passwords

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

MAY 28, 2024

From 2015 to July 2022, 911 S5 sold access to hundreds of thousands of Microsoft Windows computers daily, as “proxies” that allowed customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States.

VPN

VPN Banking Cybercrime Internet

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

The internet is filled with falsehoods. If your bank gives you an unexpected phone call, ring them back on a number you know is theirs. Were forever investigating new scams here at Malwarebytes, and so we get how hard it is to know whator whoto trust online. Check via another way.

Scams

Scams Passwords Accountability Password Management

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals. Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

The user simply waves their phone at a local payment terminal that accepts Apple or Google pay, and the app relays an NFC transaction over the Internet from a phone in China. A CBS News story on the Sacramento arrests said one of the suspects tried to use 42 separate bank cards, but that 32 were declined.

Phishing

Phishing Mobile Scams Banking

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

As soon as the scammers spotted an email where someone was asked to make a payment as part of a real estate transaction, they would change the wiring instructions and let the victims deposit their payments into bank accounts associated with the criminals instead of the legitimate real estate transaction.

Accountability

Accountability Banking Internet Internet

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

telecommunication and internet service providers. BeyondTrust provides Privileged Access Management and secure remote access, serving sectors like government, healthcare, banking, and energy. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co.,

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The Last Watchdog

MAY 21, 2024

Benishti told me about a remarkable GAN-powered phishing simulation test that took place recently with highly-trained bank employees. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW For a full drill down, please give the accompanying podcast a listen.

Phishing

Phishing Banking Technology Internet

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

APRIL 4, 2023

” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials. “You can buy a bot with a real fingerprint, access to e-mail, social networks, bank accounts, payment systems!,” Image: KrebsOnSecurity.

Marketing

Marketing Passwords Cybercrime Banking

Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance

Webroot

SEPTEMBER 17, 2024

” For this report, the company conducted objective testing of nine endpoint security products, including Webroot® SecureAnywhere Internet Security with Antivirus. The post Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance appeared first on Webroot Blog. PassMark® Software Party, Ltd.

Internet

Internet Internet Antivirus Banking

India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

The Hacker News

FEBRUARY 7, 2025

India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud.

Banking

Banking Financial Services Phishing Internet

FIRESIDE CHAT: U.S. banking regulators call out APIs as embodying an attack surface full of risk

The Last Watchdog

MARCH 22, 2023

Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW In the short run companies subject to federal financial institution jurisdiction will have to hustle to get their API act together; and in the long run other companies in other verticals should follow suit.

Risk

Risk Banking Digital transformation Authentication

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

Financial information, like your banking credentials and crypto wallets. Report it to the Internet Crime Complaint Center. Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA). Email addresses. Work with them to take the necessary steps to protect your identity and your accounts.

Malware

Malware Adware Education Phishing

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

NOVEMBER 17, 2021

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America. ”

Internet

Internet Internet VPN Marketing

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing

Marketing Software Internet Internet

The largest Russian bank Sberbank hit by a massive DDoS attack

Security Affairs

NOVEMBER 9, 2023

The largest and oldest bank in Russia Sberbank faced the record-breaking DDoS attack that reached 1 million RPS. Sberbank , the Russian banking and financial services giant, announced that it was recently hit by a record-breaking distributed denial of service (DDoS) attack that reached 1 million RPS.

DDOS

DDOS Banking Cyber Attacks Financial Services

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

In the United States, when federal, state or local law enforcement agencies wish to obtain information about an account at a technology provider — such as the account’s email address, or what Internet addresses a specific cell phone account has used in the past — they must submit an official court-ordered warrant or subpoena.

Hacking

Hacking Accountability Government Social Engineering

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. Despite efforts by Columbus officials to thwart the attack by disconnecting the city’s systems from the internet, it became evident later that substantial data had been stolen and circulated on the dark web.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites. Brookfield, Wisc.-based billion in earnings last year.

Banking

Banking Accountability Passwords Technology

China-based SMS Phishing Triad Pivots to Banks

The Internet is Held Together With Spit & Baling Wire

Webinars

Trending Sources

Transacting in Person with Strangers from the Internet

Webinars

Crooks bank on Microsoft’s search engine to phish customers

Cybercrime Rapper Sues Bank over Fraud Investigation

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Web 3.0 Requires Data Integrity

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

Android banking trojans: How they steal passwords and drain bank accounts

Deepfake Video of Central Bank Governor and Journalist Promotes Fraudulent Investment Opportunity

Ukraine’s cyber operation shut down the ATM services of major Russian banks

France’s second-largest telecoms provider Free suffered a cyber attack

Learning from Troy Hunt’s Sneaky Phish

New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments

Disneyland Malware Team: It’s a Puny World After All

Report: Recent 10x Increase in Cyberattacks on Ukraine

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Is Your Computer Part of ‘The Largest Botnet Ever?’

Phone Farming for Ad Fraud

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Wire Fraud Scam Upgraded with Bitcoin

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

A Robot the Size of the World

Internet Safety Month: Keep Your Online Experience Safe and Secure

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Why we’re no longer doing April Fools’ Day

South African telecom provider Cell C disclosed a data breach following a cyberattack

Arrests in Tap-to-Pay Scheme Powered by Phishing

Scammer robs homebuyers of life savings in $20 million theft spree

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance

India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

FIRESIDE CHAT: U.S. banking regulators call out APIs as embodying an attack surface full of risk

Warning over free online file converters that actually install malware

Tech CEO Pleads to Wire Fraud in IP Address Scheme

The CrowdStrike Outage and Market-Driven Brittleness

The largest Russian bank Sberbank hit by a massive DDoS attack

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Stay Connected