Mobile and Phishing - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. Reports of similar SMS phishing attacks against customers of other U.S. This is by no means a comprehensive list.

Phishing

Phishing Scams Mobile Passwords

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. An image from one Chinese phishing group’s Telegram channel shows various toll road phish kits available.

Phishing

Phishing Mobile Scams Banking

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. How are these China-based phishing groups obtaining stolen payment card data and then loading it onto Google and Apple phones? It all starts with phishing. Image: WLVT-8.

Phishing

Phishing Mobile Scams Banking

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

Security Boulevard

JANUARY 27, 2025

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say.

Mobile

Mobile Scams Phishing Social Engineering

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. ”

Cybercrime

Cybercrime Phishing Accountability Internet

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

T-Mobile Data Breach

Schneier on Security

AUGUST 19, 2021

It’s a big one : As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000.

Mobile

Mobile Data breaches Phishing Cybercrime

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: osint.fans. “But on the telecom front they were using fairly sophisticated tactics.”

Phishing

Phishing Telecommunications Advertising Mobile

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

Mobile malware evolution in 2024

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. Adware, the most common mobile threat, accounted for 35% of total detections. million malicious and potentially unwanted installation packages were detected, almost 69,000 of which associated with mobile banking Trojans. A total of 1.1

Mobile

Mobile Malware Adware Banking

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up!

Mobile

Mobile Phishing Authentication Advertising

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile

Mobile Accountability Data breaches Identity Theft

iMessage text gets recipient to disable phishing protection so they can be phished

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. Your mobile device may already have some form of safe message ID enabled without you knowing. Report bogus messages and numbers.

Phishing

Phishing Social Engineering Scams Mobile

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing

Phishing Scams Mobile DNS

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Mishing Is the New Phishing — And It’s More Dangerous

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing

Phishing Mobile Social Engineering Data breaches

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

Fortinet CISO Details ‘Phish-Free’ Phishing Scheme Using PayPal

Security Boulevard

JANUARY 9, 2025

A bad actor is using a Microsoft 365 test domain and a self-created distribution list to bypass traditional email protections and entice victims to hand over their PayPal account information in what Fortinet's CISO is calling a "phish-free" phishing campaign.

CISO

CISO Phishing Accountability Social Engineering

SMS About Bank Fraud as a Pretext for Voice Phishing

Krebs on Security

NOVEMBER 10, 2021

” Seconds later, her mobile phone rang. ” The remarkable aspect of these phone-based phishing scams is typically the attackers never even try to log in to the victim’s bank account. “She knows the drill so she hung up and called Chase, who confirmed they had not called her,” he said.

Banking

Banking Phishing Scams Accountability

WhatsApp spear phishing campaign uses QR codes to add device

Malwarebytes

JANUARY 17, 2025

Once a relationship had been established, the target would receive a phishing link or a document that contained a phishing link. How to stay safe These spear phishing campaigns are highly targeted and youll probably never see an invite to this group. There are a few simple rules that will help you avoid this kind of phishing.

Phishing

Phishing Accountability Mobile Risk

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Scams

Scams Phishing Accountability Software

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

Krebs on Security

AUGUST 18, 2021

T-Mobile is warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-Mobile hasn’t yet responded to requests for clarification regarding how many of the 7.8

Mobile

Mobile Identity Theft Accountability Cybercrime

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Accountability

Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns

Penetration Testing

DECEMBER 22, 2024

Cybercriminals are targeting corporate executives with highly advanced mobile spear phishing attacks, leveraging sophisticated evasion techniques and exploiting the inherent vulnerabilities of mobile devices, a new report reveals.

Mobile

Mobile Phishing Cybersecurity

Phishing for Apples, Bobbing for Links

Krebs on Security

JANUARY 13, 2020

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing

Phishing Scams Mobile Encryption

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. How to avoid AI Gmail phishing Never click on links or download files from unexpected emails or messages. The FBI has also warned users to be cautious when receiving unsolicited emails or text messages.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Security Affairs

SEPTEMBER 21, 2024

A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using a phishing platform.

Mobile

Mobile Phishing Computers and Electronics Marketing

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

The Hacker News

SEPTEMBER 20, 2024

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones.

Mobile

Mobile Phishing

Apple Phone Phishing Scams Getting Better

Krebs on Security

JANUARY 3, 2019

A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. is likely to fool quite a few people.

Scams

Scams Phishing Cyber Risk Engineering

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

SEPTEMBER 17, 2020

As I started delving back through my own writing over the years, the picture became much clearer and it really crystallised just this week after I inadvertently landed on a nasty phishing site. In the end I broke it down into 3 Ps: padlocks, phishing and privacy. Now let's try the mobile app: What's the encryption story there?

VPN

VPN Phishing DNS Encryption

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

Department of Justice (DOJ) for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 However, it is unclear if Binns faces any immediate threat of extradition to the United States, where he is currently wanted on criminal hacking charges tied to the 2021 breach at T-Mobile. million customers.

Cybercrime

Cybercrime Mobile Media Hacking

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

eSecurity Planet

OCTOBER 28, 2024

We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE. The problem: A zero-day use-after-free vulnerability in Samsung Mobile Processor’s m2m scaler driver could lead to privilege escalation. webflow.io, which indicates a phishing site.

Phishing

Phishing Authentication VPN Software

Phishing attacks target mobile users via progressive web applications (PWA)

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). SMS campaigns sent phishing links indiscriminately to Czech phone numbers.

Phishing

Phishing Mobile Banking Social Engineering

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com. The Coinbase phishing panel. million Italians.

Passwords

Passwords Phishing Accountability Mobile

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile

Mobile Phishing Authentication Accountability

Companies are losing the war against phishing as attacks increase in number and sophistication

Tech Republic Security

JULY 20, 2021

A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.

Phishing

Phishing Mobile

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Malwarebytes

APRIL 1, 2025

To proceed with the update, please scan the QR code below with your mobile device or click the link provided to access the secure tax portal. If the receiver were to scan the QR code, they would be sent to a phishing site. The other big type of scams are phishing emails, like we saw above. Please do not reply to this email.

Scams

Scams Phishing Artificial Intelligence Social Engineering

New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Automated mobile farms that deploy phishing messages at scale.

Phishing

Phishing Scams Cybercrime Retail

Mobile Device Security Policy

Tech Republic Security

JANUARY 31, 2024

Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers. In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops.

Mobile

Mobile Social Engineering Engineering Phishing

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. A fake browser update page pushing mobile malware. Image: Intrinsec.

Malware

Malware Antivirus Software DDOS

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “ vishing ” attacks and “ SIM swapping ,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Scams

Scams Wireless Identity Theft Mobile

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”.

Mobile

Mobile Data breaches Authentication Accountability

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

How Phished Data Turns into Apple & Google Wallets

Trending Sources

Arrests in Tap-to-Pay Scheme Powered by Phishing

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

Why Phishers Love New TLDs Like.shop,top and.xyz

Booking.com Phishers May Leave You With Reservations

T-Mobile Data Breach

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Phishing evolves beyond email to become latest Android app threat

Mobile malware evolution in 2024

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

New T-Mobile Breach Affects 37 Million Accounts

iMessage text gets recipient to disable phishing protection so they can be phished

‘Tis the Season for the Wayward Package Phish

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Mishing Is the New Phishing — And It’s More Dangerous

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Fortinet CISO Details ‘Phish-Free’ Phishing Scheme Using PayPal

SMS About Bank Fraud as a Pretext for Voice Phishing

WhatsApp spear phishing campaign uses QR codes to add device

PayPal Phishing Scam Uses Invoices Sent Via PayPal

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns

Phishing for Apples, Bobbing for Links

How AI was used in an advanced phishing campaign targeting Gmail users

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Apple Phone Phishing Scams Getting Better

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Canadian Man Arrested in Snowflake Data Extortions

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

Phishing attacks target mobile users via progressive web applications (PWA)

How Coinbase Phishers Steal One-Time Passwords

How 1-Time Passcodes Became a Corporate Liability

Companies are losing the war against phishing as attacks increase in number and sophistication

“Urgent reminder” tax scam wants to phish your Microsoft credentials

New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses

Mobile Device Security Policy

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Two Charged in SIM Swapping, Vishing Scams

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Stay Connected