Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing 132

Phishing Passwords Mobile Authentication 132

Malwarebytes

MARCH 19, 2025

California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US top sperm banks. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. 2FA that relies on a FIDO2 device cant be phished.

Banking 96

Banking Data breaches Computers and Electronics Passwords 96

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: osint.fans. “But on the telecom front they were using fairly sophisticated tactics.”

Phishing 358

Phishing Telecommunications Advertising Mobile 358

Malwarebytes

APRIL 1, 2025

If the receiver were to scan the QR code, they would be sent to a phishing site. The other big type of scams are phishing emails, like we saw above. Never send sensitive personal information such as your bank account, charge card, or Social Security number by email. Thank you for your prompt attention to this matter.

Scams 140

Scams Phishing Artificial Intelligence Social Engineering 140

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. ” reads the press release published by DoJ.

Scams 121

Scams Phishing Identity Theft Accountability 121

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 332

Phishing Scams Banking Mobile 332

Security Affairs

FEBRUARY 4, 2025

Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Then the malware starts monitoring the active window.

Banking 115

Banking Malware Antivirus Cyber threats 115

Krebs on Security

AUGUST 9, 2021

Playing along, I said I was sorry to hear about his ordeal, and asked Mitch if there were any stolen cards issued by a particular bank or to a specific region that he was seeking. The payment message displayed by the carding site phishing domain BriansClub[.]com. Shortly after it came online as a phishing site last year, BriansClub[.]com

Phishing 362

Phishing Cybercrime Accountability Advertising 362

Krebs on Security

OCTOBER 7, 2022

consumers have their online bank accounts hijacked and plundered by hackers, U.S. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule. Bank , and Wells Fargo. ” Sen.

Banking 290

Banking Accountability Scams Passwords 290

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 353

Phishing Password Management Passwords Banking 353

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Scams 344

Scams Phishing Accountability Software 344

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking 276

Banking Passwords Risk Accountability 276

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 83

DNS Phishing Banking Passwords 83

Penetration Testing

APRIL 8, 2025

Cybercriminals are actively distributing the Grandoreiro banking trojan through large-scale phishing campaigns, primarily targeting banking users in Latin America and Europe. According to a report by Forcepoint X-Labs, this resurgence involves the use of advanced techniques to evade detection and maximize impact.

Phishing 73

Phishing Banking Cybersecurity Malware 73

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Attackers also employ encrypted or password-protected files to evade security detection.

Banking 85

Banking Phishing Malware Passwords 85

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks: So. Parcel or phish?

Phishing 363

Phishing Scams Banking Social Engineering 363

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. And BEARHOST has been cultivating its reputation since at least 2019.

Malware 245

Malware Antivirus Software DDOS 245

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing 296

Phishing Telecommunications Government DNS 296

The Hacker News

OCTOBER 16, 2024

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.

Banking 138

Banking Phishing Malware Retail 138

The Hacker News

MARCH 27, 2024

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The archive ("Bank Handlowy w Warszawie

Banking 144

Banking Phishing Malware 144

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts. .

Banking 126

Banking Phishing Social Engineering Engineering 126

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 333

Malware Banking Phishing DDOS 333

The Hacker News

MARCH 11, 2024

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said.

Banking 144

Banking Phishing Malware 144

The Hacker News

MAY 19, 2024

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January.

Banking 144

Banking Phishing Malware 144

Malwarebytes

APRIL 3, 2025

Recently weve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. For example, banking apps will be often be installed on the same device.

Phishing 140

Phishing Banking Mobile Accountability 140

Krebs on Security

APRIL 23, 2020

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. Instead, she calmly assured him the bank would reverse the fraudulent charges and said they’d be sending him a new debit card via express mail.

Banking 363

Banking Scams Accountability Phishing 363

eSecurity Planet

MARCH 31, 2025

Karin Zilberstein, vice president of Product at cybersecurity company Guardio, says the platform consistently ranks among the top 10 most imitated companies in phishing schemes. The rise in artificial intelligence and advanced phishing methods has made it even harder. If necessary, contact your bank and report the scam.

Scams 107

Scams Artificial Intelligence Phishing Passwords 107

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. “Members don’t have to request to use Zelle.

Scams 362

Scams Banking Passwords Authentication 362

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com. The Coinbase phishing panel. million Italians.

Passwords 363

Passwords Phishing Accountability Mobile 363

Krebs on Security

NOVEMBER 9, 2024

” In a hypothetical example, a scammer uses a hacked government email account to request that a service provider place a hold on a specific bank or crypto account that is allegedly subject to a garnishment order, or party to crime that is globally sanctioned, such as terrorist financing or child exploitation.

Hacking 283

Hacking Accountability Government Social Engineering 283

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million detections compared to 5.84

Phishing 79

Phishing Banking Scams Mobile 79

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. After all, how would the caller know these numbers unless they were a bank employee?

Phishing 145

Phishing Banking Social Engineering Accountability 145

Security Affairs

MAY 19, 2024

A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by law enforcement in January. IBM X-Force warns of a new Grandoreiro banking trojan campaign that has been ongoing since March 2024. The banking Trojan is likely operated as a Malware-as-a-Service (MaaS).

Banking 130

Banking Malware Antivirus Accountability 130

Malwarebytes

FEBRUARY 27, 2024

For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. What are Android banking trojans? Take the SharkBot banking trojan, which Malwarebytes detects and stops.

Banking 145

Banking Passwords Accountability Malware 145

Tech Republic Security

MAY 23, 2024

Find out how Grandoreiro banking trojan campaigns work and the countries targeted, as well as how to mitigate this malware threat.

Banking 183

Banking Malware Social Engineering Cryptocurrency 183

Krebs on Security

MARCH 17, 2021

Here’s the story of one such goof committed by Fiserv [ NASDAQ:FISV ], a $15 billion firm that provides online banking software and other technology solutions to thousands of financial institutions. Vegh could see the message from his bank referenced a curious domain: defaultinstitution.com. .

Banking 350

Banking Accountability Software Mobile 350