Schneier on Security

JUNE 4, 2019

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. Several new cybercrimes are significant enough to mention, including business email compromise and crimes involving cryptocurrencies. and more on response.

Cybercrime 240

Cybercrime Scams Cryptocurrency Antivirus 240

Krebs on Security

NOVEMBER 26, 2018

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].

Phishing 279

Phishing Scams Cryptocurrency Internet 279

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 271

Phishing Cryptocurrency DDOS Internet 271

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Automated mobile farms that deploy phishing messages at scale.

Phishing 59

Phishing Scams Cybercrime Retail 59

CyberSecurity Insiders

JANUARY 3, 2023

Spy”-type cyberspace race as both criminals and defenders vie to gain the upper hand using new and emerging technologies. Every technology that enables our cyber teams to pinpoint and resolve threats and prevent attacks more quickly and accurately also benefits cybercriminals.

Technology 135

Technology Cybercrime Artificial Intelligence Government 135

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 229

Phishing Passwords Internet Internet 229

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Related: Utilizing humans as security sensors. Rising popularity.

Phishing 198

Phishing Artificial Intelligence Cybercrime Social Engineering 198

The Last Watchdog

FEBRUARY 4, 2025

These sprawling identities, exposed through breaches, infostealer infections, and phishing attacks, create shadow data that traditional tools simply cant address. Fleury Fleury continued, This evolution to make holistic identity threat protection a reality for enterprises is critical to our mission of disrupting cybercrime.

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

Security Affairs

JUNE 7, 2021

“Over the past month, operators of one of the top Russian-language cybercrime forums have been running a “contest,” calling for the community to submit papers that examine how to target cryptocurrency-related technology.” ” reads a post published by Intel 471. ” concludes the post. Pierluigi Paganini.

Cryptocurrency 144

Cryptocurrency Cybercrime Hacking Technology 144

Security Affairs

NOVEMBER 25, 2024

Thai authorities arrested members of two Chinese cybercrime organizations, one of these groups carried out SMS blaster attacks. “This “SMS blasting” attack relies on using technology that impersonates cellular base stations and is capable of transmitting thousands of messages to devices within a close geographical radius.”

Mobile 123

Mobile Scams Technology Telecommunications 123

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

Phishing 313

Phishing Cybercrime Malware Software 313

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency 128

Cryptocurrency Cybercrime Education Scams 128

Malwarebytes

FEBRUARY 4, 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. Uhh, again, that is.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 143

Phishing Marketing Banking Technology 143

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 144

Phishing Marketing Scams Accountability 144

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

CSO Magazine

APRIL 6, 2021

The gang is selling access to systems infected with the backdoor to other sophisticated cybercrime groups including FIN6, Evilnum and Cobalt Group that are known to target organizations from various industries. Check out these 11 phishing prevention tips for best technology practices, employee education and social media smarts. |

Cybercrime 121

Cybercrime CSO Education Media 121

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). A progressive web app (PWA) is an app that’s built using web platform technologies, but that provides a user experience like that of a platform-specific app. ” reads the report published by ESET.

Phishing 131

Phishing Mobile Banking Social Engineering 131

Krebs on Security

JULY 29, 2021

. “You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar , chief technology officer at security firm Emsisoft. TARGETED PHISHING.

Passwords 363

Passwords Password Management Phishing Scams 363

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 98

Phishing Cybercrime Authentication Advertising 98

Krebs on Security

JUNE 29, 2023

In a statement provided to KrebsOnSecurity, Group-IB said Mr. Kislitsin is no longer an employee, and that he now works for a Russian organization called FACCT , which stands for “ Fight Against Cybercrime Technologies.”

Cybersecurity 298

Cybersecurity Cybercrime Hacking Government 298

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. The history of scams and phishing. The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at that time. Phishing site with chat support.

Scams 134

Scams Phishing Social Engineering Banking 134

Duo's Security Blog

JANUARY 14, 2025

In recent webinar Preventing Helpdesk Phishing with Duo and Traceless , Duo PMM Katherine Yang sat down with Gene Reich, Co-founder of Traceless to discuss why stronger identity verification is critical for MSPs and helpdesk teamsespecially with the increased accessibility of AI technologies driving identity fraud.

Phishing 111

Phishing Technology Scams Cybercrime 111

The Last Watchdog

NOVEMBER 1, 2021

Related: Enlisting ‘human sensors’ Unfortunately, with crime-as-a-service, the same is true for people interested in trying their hand at cybercrime. Experts define CaaS as what happens when sophisticated hackers and criminals work together to create technology, toolkits, and methodologies geared toward carrying out cyberattacks.

Phishing 150

Phishing Cybercrime Technology Hacking 150

SecureWorld News

SEPTEMBER 14, 2023

Microsoft has recently brought attention to a highly-sophisticated and targeted phishing campaign conducted by a notorious threat actor group known as Storm-0324. Microsoft's Threat Intelligence team said: "In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file.

Phishing 116

Phishing Ransomware Cybercrime Threat Detection 116

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. And all of them operate via Telegram , a cloud-based instant messaging system.

Passwords 345

Passwords Mobile Authentication Banking 345

SecureWorld News

FEBRUARY 13, 2025

While initially popularized in entertainment and satire, cybercriminals now weaponize this technology for fraud, identity theft, and corporate deception. Traditional phishing attacks rely on deceptive emails, but deepfakes have taken impersonation to a new level by creating convincing audio and video forgeries.

Social Engineering 81

Social Engineering Authentication Identity Theft Education 81

Hacker Combat

SEPTEMBER 14, 2022

With an enterprise-grade iPhone protection app, mobile phishing defense firm novoShield has come out of hiding. According to novoShield, the new solution was created to shield organizations and end users against the rising amount of phishing attempts. The Apple AppStore already has the iPhone application.

Mobile 105

Mobile Phishing Cybercrime Risk 105

Security Affairs

NOVEMBER 12, 2021

Threat actors are increasingly using the HTML smuggling technique in phishing campaigns, Microsoft researchers warn. Microsoft experts warn that threat actors are increasingly using the HTML smuggling technique in phishing campaigns to stealthily deliver threats. SecurityAffairs – hacking, phishing). Pierluigi Paganini.

Phishing 129

Phishing Banking Passwords Malware 129

Bleeping Computer

JANUARY 1, 2024

In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. [.]

Cybercrime 92

Cybercrime Cryptocurrency Scams Phishing 92

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries. Mobile devices tend to have weaker security compared to desktop systems, making them an attractive target vector."

Phishing 107

Phishing Mobile Encryption Technology 107

CyberSecurity Insiders

APRIL 8, 2022

According to cybercrime prosecution statistics , 2022 is expected to see a worldwide annual spend of nearly $134 billion to both prevent and also deal with the aftermath effects of cybercrime – and that figure is estimated to rise even higher. For example, you cannot write the ‘playbook’ but then never revisit it or execute on it.

Technology 138

Technology Ransomware Cybercrime Cybersecurity 138

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. In the first six months of 2020, CERT-GIB blocked a total of 9 304 phishing web resources, which is an increase of 9 percent compared to the previous year.

Phishing 136

Phishing Ransomware Spyware Banking 136

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. “This is the most significant technological and financial operation ever led by the Department of Justice against a botnet,” said Martin Estrada , the U.S.

Hacking 308

Hacking Malware Ransomware Government 308

SecureWorld News

JULY 13, 2023

These research findings have widespread implications for the security community in understanding how threat actors are not only manipulating generative AI platforms for malicious purposes but also creating entirely new platforms based on the same technology, specifically designed to do their ill-bidding.

Cybercrime 98

Cybercrime Social Engineering Phishing Engineering 98