Document and Web Fraud - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. “Unlimited Emergency Data Requests. . Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

This address was the subject of an investigation published in July by CTV National News and the Investigative Journalism Foundation (IJF) , which documented dozens of cases across Canada where multiple MSBs are incorporated at the same address, often without the knowledge or consent of the location’s actual occupant. in Vancouver, BC.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

” The rise of so-called “ghost tap” mobile software was first documented in November 2024 by security experts at ThreatFabric. . “These guys provide the software for $500 a month, and it can relay both NFC enabled tap-to-pay as well as any digital wallet. The even have 24-hour support.”

Phishing

Phishing Mobile Scams Banking

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

SWAT apparently kept its books in a publicly accessible Google Sheets document, and that document reveals Fearlless and his business partner each routinely made more than $100,000 every month operating their various reshipping businesses.

Cybercrime

Cybercrime Marketing Scams Retail

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. That vulnerability was documented in more detail at exploit archive Packet Storm Security in March 2020 and indexed by Check Point Software in May 2020, suggesting it still persists in current versions of the product.

Phishing

Phishing Scams Banking Mobile

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.” If you receive a vishing call, document the phone number of the caller as well as the domain that the actor tried to send you to and relay this information to law enforcement.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

31 that uses Linkedin.com links to redirect anyone who clicks to a site that spoofs Adobe , and then prompts users to log in to their Microsoft email account to view a shared document. Here’s one example from Jan. A recent phishing site that abused LinkedIn’s marketing redirect. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Experian said I had three options for a free credit report at this point: Mail a request along with identity documents, call a phone number for Experian, or upload proof of identity via the website. Your mileage on this front may vary, and you may end up having to send copies of your identity documents through the mail or website.

Identity Theft

Identity Theft Accountability Authentication Web Fraud

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Accountability Authentication

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground. The latest document in the hacked archive is dated April 2021.

Banking

Banking Marketing DDOS Risk

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

The service also advertised the ability to extract and filter emails and files based on selected keywords, as well as attach malicious macros to all documents in a user’s Microsoft OneDrive. A cybercriminal service advertising the sale of access to hacked Office365 accounts. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Unfortunately for us, Doug freaked out after deciding he’d been tricked — backing up his important documents, changing his passwords, and then reinstalling macOS on his computer. If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best.

Malware

Malware Cryptocurrency Software Phishing

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

“If you bought Google Workspace via Google Domains, Squarespace is now your authorized reseller,” the help document explains. .” The guide also recommends removing unnecessary Squarespace user accounts, and disabling reseller access in Google Workspace.

Accountability

Accountability Cryptocurrency Passwords DNS

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

” This attack comes on the heels of another targeted phishing campaign leveraging Pardot that was documented earlier this month by Netskope , a cloud security firm. “A large number of enterprises provide their vendors and partners access to their CRM for uploading documents such as invoices, purchase orders, etc.

Phishing

Phishing Marketing Accountability DNS

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Accountability

Accountability Government Hacking Social Engineering

The Great $50M African IP Address Heist

Krebs on Security

DECEMBER 11, 2019

Guilmette estimates the current market value of the purloined IPs he’s documented in this case exceeds USD $50 million. ” For example, documents obtained from the government of Uganda by Guilmette and others show Byaruhanga registered a private company called ipv4leasing after joining AFRINIC. .

Internet

Internet Internet Marketing Government

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine ( here’s one video example of a malicious Microsoft Office attachment from the malware sandbox service any.run ).

Cybercrime

Cybercrime Malware VPN Ransomware

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

MARCH 7, 2023

Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States.

Phishing

Phishing Media Internet Internet

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

JANUARY 8, 2019

This version of Office prompts the user to sync all data and documents over to a 5TB Microsoft OneDrive account. ” Here’s what the profile looked like when the reader tried to change details tied to the license. What could go wrong?

Software

Software Passwords Accountability Web Fraud

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

The intercepted CLOP communication seen by KrebsOnSecurity shows the group bragged about twice having success infiltrating new victims in the healthcare industry by sending them infected files disguised as ultrasound images or other medical documents for a patient seeking a remote consultation.

Healthcare

Healthcare Backups Ransomware Insurance

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

MARCH 22, 2024

Those include voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, and bankruptcy filings. states exempt so-called “public” or “government” records from consumer privacy laws.

Media

Media Government Data breaches Marketing

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

In this well-documented tactic, known as a DHCP starvation attack , an attacker floods the DHCP server with requests that consume all available IP addresses that can be allocated. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.”

VPN

VPN Wireless Internet Internet

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

. “The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. – No video: The scammers will come up with all kinds of excuses not to do a video call.

Scams

Scams Cryptocurrency Marketing Internet

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Hegel noted that the spike in malicious software-themed ads came not long after Microsoft started blocking by default Office macros in documents downloaded from the Internet. He said the volume of the current malicious ad campaigns from this group appears to be relatively low compared to a year ago.

Software

Software Advertising Malware Accountability

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

But a copy of the document obtained by KrebsOnSecurity shows the name of the federal agent who testified to it has been blacked out. The final page of Noah Michael Urban’s indictment shows the investigating agent redacted their name from charging documents. Urban’s indictment is currently sealed.

Cybercrime

Cybercrime Accountability Mobile Hacking

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Krebs on Security

DECEMBER 5, 2022

.” While the defendants represented that they had the ability to dismantle the Glupteba botnet, when it came time for discovery — the stage in a lawsuit where both parties can compel the production of documents and other information pertinent to their case — the attorney for the defendants told the court his clients had been fired (..)

Cybercrime

Cybercrime Malware Internet Internet

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Shanon: My partner wants to see the place before we send money over as we done this last time and someone scammed us I ain’t saying your not legit as you have send documents with details on name etc. Here’s one from would-be victim Shanon, on March 28, 2019, to the scammers. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

There is a frequently updated list published on GitHub called “ Can I take over DNS ,” which has been documenting exploitability by DNS provider over the past several years. How does one know whether a DNS provider is exploitable? The list includes examples for each of the named DNS providers.

DNS

DNS Internet Internet Phishing

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn , or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Phishing

Phishing Scams Computers and Electronics Software

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

” This is not the first time Instagram has come for his accounts: As documented in this story in The Atlantic , some of his accounts totaling more than 1 million followers were axed in late 2018 when the platform took down 500 usernames that were stolen, resold, and used for posting memes.

Accountability

Accountability Hacking Media Mobile

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

As documented by Group-IB, the group pivoted from its access to Twilio to attack at least 163 of its customers. 0ktapus often leveraged information or access gained in one breach to perpetrate another.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

A few months later, Bryant documented the same technique being used to take over more than 120,000 trusted domains for spam campaigns. Contacted by KrebsOnSecurity, GoDaddy acknowledged the authentication weakness documented by Guilmette.

DNS

DNS Internet Internet Computers and Electronics

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

Upon his release from custody, Heinrich told the FBI that Iza was still using his account at the public screenshot service Gyazo to document communications regarding his alleged bribing of LASD officers.

Cryptocurrency

Cryptocurrency Government Internet Internet

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

The reader who shared this story (and copious documentation to go with it) asked to have his real name omitted to avoid encouraging further attacks against his identity. One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders. So we’ll just call him “Jim.”

Financial Services

Financial Services Banking Accountability Identity Theft

How Malicious Android Apps Slip Into Disguise

Krebs on Security

AUGUST 3, 2023

“We are investigating possible fixes for developer tools and plan to update our documentation accordingly,” Google’s statement continued. Image: ThreatFabric.

Mobile

Mobile Malware Banking Cybercrime

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

16Shop documentation instructing operators on how to deploy the kit. .” According to the Indonesian security blog Cyberthreat.id , Saputra admitted being the administrator of 16Shop , but told the publication he handed the project off to others by early 2020. Image: ZeroFox.

Phishing

Phishing Passwords Internet Internet

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

” Finally, Russian incorporation documents show the company LLC Website (web-site[.]ru)was A cached copy of the contact page for Starovikov[.]com com shows that in 2008 it displayed the personal information for a Dmitry Starovikov , who listed his Skype username as “lycefer.”

Passwords

Passwords Malware Internet Internet

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

OCTOBER 9, 2024

As documented in last month’s deep dive on top Com members , The Com is also a place where cybercriminals go to boast about their exploits and standing within the community, or to knock others down a peg or two.

Cryptocurrency

Cryptocurrency Social Engineering Accountability Mobile

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

The government believes the brains behind Joker’s Stash is Timur Kamilevich Shakhmametov , an individual who is listed in Russian incorporation documents as the owner of Arpa Plus , a Novosibirsk company that makes mobile games. Joker’s sold cards stolen in a steady drip of breaches at U.S.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

” Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

Validating legal requests by domain name may be fine for data demands that include documents like subpoenas and search warrants, which can be validated with the courts. But not so for EDRs, which largely bypass any official review and do not require the requestor to submit any court-approved documents.

Mobile

Mobile Government Media Technology

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

That document indicates the Liberty Reserve account claimed by MrMurza/AccessApproved — U1018928 — was assigned in 2011 to a “ Vadim Panov ” who used the email address lesstroy@mgn.ru.

Malware

Malware Passwords Accountability Advertising

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

From there, the perpetrators accessed a Google Drive document that Ferri had used to record credentials to other sites, including a cryptocurrency exchange. Soon after, the attackers were able to use their control over his mobile number to reset his Gmail account password.

Mobile

Mobile Cryptocurrency Accountability Passwords

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

They’re frequently cheap to buy , stolen in large numbers , and can be bundled with other documents such as passport, driver’s licence, email, and more. The SSNDOB Marketplace has listed the personal information for approximately 24 million individuals in the United States, generating more than $19 million USD in sales revenue.

DDOS

DDOS Cryptocurrency Data breaches Scams

FBI: Spike in Hacked Police Emails, Fake Subpoenas

How Cryptocurrency Turns to Cash in Russian Banks

Trending Sources

How Phished Data Turns into Apple & Google Wallets

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

How Phishers Are Slinking Their Links Into LinkedIn

Identity Thieves Bypassed Experian Security to View Credit Reports

Recycle Your Phone, Sure, But Maybe Not Your Number

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Malicious Office 365 Apps Are the Ultimate Insiders

Calendar Meeting Links Used to Spread Mac Malware

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Phishers are Angling for Your Cloud Providers

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

The Great $50M African IP Address Heist

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Sued by Meta, Freenom Halts Domain Registrations

Dirt-Cheap, Legit, Windows Software: Pick Two

New Ransom Payment Schemes Target Executives, Telemedicine

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Why Your VPN May Not Be As Secure As It Claims

Massive Losses Define Epidemic of ‘Pig Butchering’

Using Google Search to Find Software Can Be Risky

The Dark Nexus Between Harm Groups and ‘The Com’

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

‘Land Lordz’ Service Powers Airbnb Scams

Don’t Let Your Domain Name Become a “Sitting Duck”

Teach a Man to Phish and He’s Set for Life

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Scary Fraud Ensues When ID Theft & Usury Collide

How Malicious Android Apps Slip Into Disguise

Karma Catches Up to Global Phishing Service 16Shop

The Link Between AWM Proxy & the Glupteba Botnet

Lamborghini Carjackers Lured by $243M Cyberheist

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Giving a Face to the Malware Proxy Service ‘Faceless’

Busting SIM Swappers and SIM Swap Myths

SSNDOB marketplace shut down by global law enforcement operation

Stay Connected