Document, Scams and Web Fraud - Cyber Security Informer

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

” The rise of so-called “ghost tap” mobile software was first documented in November 2024 by security experts at ThreatFabric. For example, a would-be smishing victim might enter their personal and financial information, but then decide the whole thing is scam before actually submitting the data.

Phishing

Phishing Mobile Scams Retail

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” ” In the early morning hours of Nov. PST on Nov.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

31 that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document. Urlscan also found this phishing scam from Jan. Here’s one example from Jan. Image: Urlscan.io. 12 that uses Slinks to spoof the U.S.

Phishing

Phishing Marketing Scams Accountability

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. 2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. The U-Admin phishing panel interface.

Phishing

Phishing Scams Banking Mobile

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. Most reshipping scams promise employees a monthly salary and even cash bonuses.

Cybercrime

Cybercrime Marketing Scams Retail

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Phishing

Phishing Scams Computers and Electronics Software

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram. If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best. ” Image: SlowMist.

Malware

Malware Cryptocurrency Software Phishing

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Hegel noted that the spike in malicious software-themed ads came not long after Microsoft started blocking by default Office macros in documents downloaded from the Internet. ” Almost a month later, another FreeCAD user reported getting stung by the same scam. “It appears to be same campaign continuing,” Hegel said.

Software

Software Advertising Malware Accountability

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

“Hijacked domains have been used directly in phishing attacks and scams, as well as large spam systems,” reads the Infoblox report, which refers to lame domains as “ Sitting Ducks.” ” “There is evidence that some domains were used for Cobalt Strike and other malware command and control (C2).

DNS

DNS Internet Internet Phishing

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. 16Shop documentation instructing operators on how to deploy the kit.

Phishing

Phishing Passwords Internet Internet

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As documented by Group-IB, the group pivoted from its access to Twilio to attack at least 163 of its customers. 0ktapus often leveraged information or access gained in one breach to perpetrate another.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS

DNS Internet Internet Computers and Electronics

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

They’re frequently cheap to buy , stolen in large numbers , and can be bundled with other documents such as passport, driver’s licence, email, and more. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Data breaches Scams

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

.” According to ID.me, a major driver of phony jobless claims comes from social engineering, where people have given away personal data in response to romance or sweepstakes scams, or after applying for what they thought was a legitimate work-from-home job. “A lot of this is targeting the elderly,” Hall said.

Scams

Scams Insurance DDOS Authentication

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

But when the thieves tried to move $100,000 worth of cryptocurrency out of his account, Coinbase sent an email stating that the account had been locked, and that he would have to submit additional verification documents before he could do anything with it. “It’s almost like there’s no consequences. .

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Cyber Security Informer

‘Land Lordz’ Service Powers Airbnb Scams

How Phished Data Turns into Apple & Google Wallets

Trending Sources

Massive Losses Define Epidemic of ‘Pig Butchering’

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

How Phishers Are Slinking Their Links Into LinkedIn

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Teach a Man to Phish and He’s Set for Life

Calendar Meeting Links Used to Spread Mac Malware

Malicious Office 365 Apps Are the Ultimate Insiders

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Using Google Search to Find Software Can Be Risky

Don’t Let Your Domain Name Become a “Sitting Duck”

Karma Catches Up to Global Phishing Service 16Shop

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

SSNDOB marketplace shut down by global law enforcement operation

How $100M in Jobless Claims Went to Inmates

How to Lose a Fortune with Just One Bad Click

Stay Connected