Government, Scams and Web Fraud - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Last week, the Massachusetts Department of Transportation (MassDOT) warned residents to be on the lookout for a new SMS phishing or “smishing” scam targeting users of EZDriveMA , MassDOT’s all electronic tolling program. In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S.

Phishing

Phishing Scams Mobile Passwords

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Krebs on Security

OCTOBER 9, 2023

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. The Georgia, AL domains at Alibaba also encompass several that spoof sites claiming to collect outstanding road toll fees and fines from the governments of Australia , New Zealand and Singapore. The fake USPS phishing page.

Phishing

Phishing Scams Passwords Web Fraud

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

MAY 16, 2020

” “It is assumed the fraud ring behind this possesses a substantial PII database to submit the volume of applications observed thus far,” the Secret Service warned. ” The surge in fraud comes as many states are struggling to process an avalanche of jobless claims filed as a result of the Coronavirus pandemic.

Insurance

Insurance Banking Identity Theft Accountability

Riding the State Unemployment Fraud ‘Wave’

Krebs on Security

MAY 23, 2020

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S. ” Image: Agari.

Insurance

Insurance Accountability Banking Government

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. government overall, nor to the US public.” This is noteworthy because.US

Phishing

Phishing Telecommunications Government DNS

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed , as part of an elaborate scheme to land jobs at cryptocurrency firms.

Accountability

Accountability Cryptocurrency Scams CISO

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Cybersecurity firm Mandiant (recently acquired by Google ) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms. of spam and scams.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. government agencies. The findings come close on the heels of a report that identified.US

Phishing

Phishing Telecommunications Malware Scams

Sipping from the Coronavirus Domain Firehose

Krebs on Security

APRIL 16, 2020

As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. “It’s either that or the government gets involved. government may well soon get more involved. ” The U.S. Earlier this week, Senators Cory Booker (D-N.J.),

Cyber threats

Cyber threats Phishing Data collection Government

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

of spam and scam.” None of the profiles listed here responded to requests for comment (or to become a connection). . “In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1%

CISO

CISO Cybercrime Accountability Information Security

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

The researchers concluded that 911 is supported by a “mid scale botnet-like infrastructure that operates in several networks, such as corporate, government and critical infrastructure.” Highlighting the risk that 911 nodes could pose to internal corporate networks, they observed that “the infection of a node enables the 911.re

VPN

VPN Computers and Electronics Antivirus Software

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. “If governments fail to prioritize this source of threat, violence originating from the Internet will affect regular people.”

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

“Hijacked domains have been used directly in phishing attacks and scams, as well as large spam systems,” reads the Infoblox report, which refers to lame domains as “ Sitting Ducks.” ” “There is evidence that some domains were used for Cobalt Strike and other malware command and control (C2).

DNS

DNS Internet Internet Phishing

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

According to Russian prosecutors, the scam went like this: Consumers would receive an SMS with links to sites that falsely claimed a number of well-known companies were sponsoring drawings and lotteries for people who enrolled or agreed to answer surveys. “I do not think that it was a reason for his arrest,” Artimovich said.

Banking

Banking Marketing DDOS Risk

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com , the world’s (..)

DNS

DNS Internet Internet Computers and Electronics

SSNDOB marketplace shut down by global law enforcement operation

Malwarebytes

JUNE 8, 2022

We’ve noted the gradual emergence of Bitcoin ATMs in scams previously; here, cryptocurrency ATMs are more popular as a payment method to SSNDOB than other dubious online services. Chainalysis also notes a potential connection between SSNDOB and another dark web market trading in credit cards which called it quits in 2021.

DDOS

DDOS Cryptocurrency Data breaches Scams

Why is.US Being Used to Phish So Many of Us?

Security Boulevard

SEPTEMBER 1, 2023

US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. Domain names ending in “.US” This is noteworthy because.US is overseen by the U.S. Also,US domains are only supposed to be available to U.S.

Phishing

Phishing Scams Government Telecommunications

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

requires applicants to supply a great deal more information than previously requested by the states, such as images of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service. To screen out fraudsters, ID.me

Scams

Scams Insurance DDOS Authentication

Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Massive Losses Define Epidemic of ‘Pig Butchering’

Trending Sources

Phishers Spoof USPS, 12 Other Natl’ Postal Services

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Riding the State Unemployment Fraud ‘Wave’

Why is.US Being Used to Phish So Many of Us?

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

US Harbors Prolific Malicious Link Shortening Service

Sipping from the Coronavirus Domain Firehose

Fake CISO Profiles on LinkedIn Target Fortune 500s

A Deep Dive Into the Residential Proxy Service ‘911’

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Don’t Let Your Domain Name Become a “Sitting Duck”

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

SSNDOB marketplace shut down by global law enforcement operation

Why is.US Being Used to Phish So Many of Us?

How $100M in Jobless Claims Went to Inmates

Stay Connected