Cryptocurrency, Scams and Web Fraud - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 Before we get to the Apple scam in detail, we need to revisit Tony’s case. million in cryptocurrencies from Tony was verify-trezor[.]io. Image: Shutterstock, iHaMoo. million in an elaborate voice phishing attack.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. 2019 that wasn’t discovered until April 2020. PST on Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers. Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men.

Scams

Scams Wireless Identity Theft Mobile

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter.

Scams

Scams Cryptocurrency Marketing Internet

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Phishing

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. ” Last month, Coinbase disclosed that malicious hackers stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

Passwords

Passwords Phishing Accountability Mobile

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. “I’ve seen all kinds of crypto scams, but I’ve never seen one like this.”

Hacking

Hacking Accountability Scams Cryptocurrency

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed , as part of an elaborate scheme to land jobs at cryptocurrency firms. Up until Sept.

Accountability

Accountability Cryptocurrency Scams CISO

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com said he suspected the call was a scam, but decided to play along for about an hour — all the while recording the call and coaxing information out of the scammer. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking

Hacking Social Engineering Phishing Scams

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms. of spam and scams.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). Image: Cloudflare.com. ” On July 28 and again on Aug. According to an Aug. In an Aug.

Mobile

Mobile Phishing Authentication Accountability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

of spam and scam.” of spam and scam.” None of the profiles listed here responded to requests for comment (or to become a connection). In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down.

CISO

CISO Cybercrime Accountability Information Security

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. . “Is there one person from our community that think sending cease and desist letter to a hackers forum operator is a good idea?,” “Who does it?

Data breaches

Data breaches Banking Cybercrime Marketing

Interview With a Crypto Scam Investment Spammer

Security Boulevard

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The post Interview With a Crypto Scam Investment Spammer appeared first on Security Boulevard.

Scams

Scams Cryptocurrency Accountability Software

Double-Your-Crypto Scams Share Crypto Scam Host

Security Boulevard

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers.

Scams

Scams Cryptocurrency Web Fraud

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

According to Russian prosecutors, the scam went like this: Consumers would receive an SMS with links to sites that falsely claimed a number of well-known companies were sponsoring drawings and lotteries for people who enrolled or agreed to answer surveys. Inferno Pay, a cryptocurrency and payment API allegedly operated by the ChronoPay CEO.

Banking

Banking Marketing DDOS Risk

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Data breaches Scams

Massive Losses Define Epidemic of ‘Pig Butchering’

Security Boulevard

JULY 21, 2022

The post Massive Losses Define Epidemic of ‘Pig Butchering’ appeared first on Security Boulevard.

Cryptocurrency

Cryptocurrency Scams Web Fraud Marketing

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. “On Twitter, more spam and crypto scam.”

Scams

Scams DDOS Cryptocurrency Accountability

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. Most reshipping scams promise employees a monthly salary and even cash bonuses.

Cybercrime

Cybercrime Marketing Scams Retail

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. Unfortunately for Griffin, years ago he used Google Photos to store an image of the secret seed phrase that was protecting his cryptocurrency wallet. Image: Shutterstock, iHaMoo. io ) that mimicked the official Trezor website.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Webinars

Trending Sources

The Fake Browser Update Scam Gets a Makeover

Webinars

Two Charged in SIM Swapping, Vishing Scams

Massive Losses Define Epidemic of ‘Pig Butchering’

Service Rents Email Addresses for Account Signups

Calendar Meeting Links Used to Spread Mac Malware

How Coinbase Phishers Steal One-Time Passwords

Discord Admins Hacked by Malicious Bookmarks

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

The Life Cycle of a Breached Database

When Low-Tech Hacks Cause High-Impact Breaches

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

How 1-Time Passcodes Became a Corporate Liability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Fake CISO Profiles on LinkedIn Target Fortune 500s

When Efforts to Contain a Data Breach Backfire

Interview With a Crypto Scam Investment Spammer

Double-Your-Crypto Scams Share Crypto Scam Host

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

SSNDOB marketplace shut down by global law enforcement operation

Massive Losses Define Epidemic of ‘Pig Butchering’

Double-Your-Crypto Scams Share Crypto Scam Host

Interview With a Crypto Scam Investment Spammer

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

How to Lose a Fortune with Just One Bad Click

Stay Connected