Cybersecurity, Scams and Web Fraud - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Before we get to the Apple scam in detail, we need to revisit Tony’s case. The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls. The phishing domain used to steal roughly $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

Phishers using multiple virtualized Android devices to orchestrate and distribute RCS-based scam campaigns. Their ability to scale operations globally and evasion techniques pose significant challenges to cybersecurity defenses.” Image: Prodaft.

Banking

Banking Phishing Mobile Retail

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

And it was fairly successful, according to Alex Holden , founder of Milwaukee-based cybersecurity firm Hold Security. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages or other media. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com

Passwords

Passwords Phishing Accountability Mobile

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account. “I’ve seen all kinds of crypto scams, but I’ve never seen one like this.”

Hacking

Hacking Accountability Scams Cryptocurrency

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Image: fr3d.hk/blog.

Phishing

Phishing Scams Banking Mobile

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed , as part of an elaborate scheme to land jobs at cryptocurrency firms.

Accountability

Accountability Cryptocurrency Scams CISO

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms. of spam and scams.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability

Accountability Advertising Passwords Phishing

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. But this history was either overlooked or ignored by Group-IB , the Singapore-based cybersecurity firm apparently hired by Banorte to help respond to the data breach. “Who does it?

Data breaches

Data breaches Banking Cybercrime Marketing

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

“This is dangerous, Apollo.io, Signalhire, and Cybersecurity Ventures.” of spam and scam.” “It’s interesting the downstream sources that repeat LinkedIn bogus content as truth,” Mason said.

CISO

CISO Cybercrime Accountability Information Security

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. “We will continue to work with registrars, cybersecurity firms and other stakeholders to make progress with this complex challenge.” is overseen by the U.S.

Phishing

Phishing Telecommunications Government DNS

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

“Hijacked domains have been used directly in phishing attacks and scams, as well as large spam systems,” reads the Infoblox report, which refers to lame domains as “ Sitting Ducks.” ” “There is evidence that some domains were used for Cobalt Strike and other malware command and control (C2).

DNS

DNS Internet Internet Phishing

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As I wrote in that story, Foreshadow appears to have served as a “holder” — a term used to describe a low-level member of any SIM-swapping group who agrees to carry out the riskiest and least rewarding role of the crime: Physically keeping and managing the various mobile devices and SIM cards that are used in SIM-swapping scams.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

re abruptly announced it was permanently closing after a cybersecurity breach allowed unknown intruders to trash its servers and delete customer data and backups. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers.

Malware

Malware Cybercrime Internet Internet

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). Allison Nixon is chief research officer for the New York City-based cybersecurity firm Unit 221B. One of the groups that reliably posted “Tmo up!”

Mobile

Mobile Phishing Authentication Advertising

Sipping from the Coronavirus Domain Firehose

Krebs on Security

APRIL 16, 2020

As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. By most measures, the volume of new domain registrations that include the words “Coronavirus” or “Covid” has closely tracked the spread of the deadly virus. .”

Cyber threats

Cyber threats Phishing Data collection Government

Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

China-based SMS Phishing Triad Pivots to Banks

Webinars

Trending Sources

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Webinars

How Coinbase Phishers Steal One-Time Passwords

Discord Admins Hacked by Malicious Bookmarks

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Malicious Office 365 Apps Are the Ultimate Insiders

When Efforts to Contain a Data Breach Backfire

Fake CISO Profiles on LinkedIn Target Fortune 500s

Why is.US Being Used to Phish So Many of Us?

Don’t Let Your Domain Name Become a “Sitting Duck”

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

No SOCKS, No Shoes, No Malware Proxy Services!

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Sipping from the Coronavirus Domain Firehose

Stay Connected