Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 239

Phishing Accountability Artificial Intelligence Cybercrime 239

Krebs on Security

JANUARY 30, 2024

.” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Krebs on Security

FEBRUARY 28, 2024

Sure, Doug said, here’s my Calendly profile, book a time and we’ll do it then. A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. ” Image: SlowMist.

Malware 309

Malware Cryptocurrency Software Phishing 309

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock.

DNS 288

DNS Internet Internet Phishing 288

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. But when the interested party inquires about the listing, they are sent a link to a site that looks like Airbnb.com but which is actually a phishing page.

Scams 249

Scams Advertising Accountability Phishing 249

Krebs on Security

JANUARY 22, 2019

Grasping the true breadth of Bryant’s prescient discovery requires a brief and simplified primer on how Web sites work. When someone wants to register a domain at a registrar like GoDaddy, the registrar will typically provide two sets of DNS records that the customer then needs to assign to his domain.

DNS 247

DNS Internet Internet Computers and Electronics 247

Krebs on Security

JULY 16, 2019

For at least the past decade, a computer crook variously known as “ Yalishanda ,” “ Downlow ” and “ Stas_vl ” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers.

Cybercrime 205

Cybercrime Phishing Banking Malware 205