Data breaches, Scams and Web Fraud - Cyber Security Informer

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

That same month, they also sold data on 1.4 But this history was either overlooked or ignored by Group-IB , the Singapore-based cybersecurity firm apparently hired by Banorte to help respond to the data breach. “We ask you to remove this post containing Banorte data. . “Who does it?

Data breaches

Data breaches Banking Cybercrime Marketing

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Before we get to the Apple scam in detail, we need to revisit Tony’s case. The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls. Perm’s group and other crypto phishing gangs rely on a mix of homemade code and third-party data broker services to refine their target lists.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. .” Urgency should be a giant red flag. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

Phishers using multiple virtualized Android devices to orchestrate and distribute RCS-based scam campaigns. According to Prodaft, the threat actors first acquire phone numbers through various means including data breaches, open-source intelligence, or purchased lists from underground markets. Image: Prodaft.

Phishing

Phishing Banking Mobile Retail

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

.” According to ID.me, a major driver of phony jobless claims comes from social engineering, where people have given away personal data in response to romance or sweepstakes scams, or after applying for what they thought was a legitimate work-from-home job. “A lot of this is targeting the elderly,” Hall said.

Scams

Scams Insurance DDOS Authentication

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

On July 20, the attackers turned their sights on internet infrastructure giant Cloudflare.com , and the intercepted credentials show at least five employees fell for the scam (although only two employees also provided the crucial one-time MFA code). Image: Cloudflare.com. 2021 post about the change. ”

Mobile

Mobile Phishing Authentication Accountability

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing

Phishing Passwords Hacking Internet

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Data breaches Scams

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). One of the groups that reliably posted “Tmo up!” ” messages to announce SIM-swap availability against T-Mobile customers also reliably posted “Tmo down!

Mobile

Mobile Phishing Authentication Advertising

Cyber Security Informer

When Efforts to Contain a Data Breach Backfire

A Day in the Life of a Prolific Voice Phishing Crew

Trending Sources

The Life Cycle of a Breached Database

China-based SMS Phishing Triad Pivots to Banks

How $100M in Jobless Claims Went to Inmates

How 1-Time Passcodes Became a Corporate Liability

Karma Catches Up to Global Phishing Service 16Shop

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

SSNDOB marketplace shut down by global law enforcement operation

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Stay Connected