Krebs on Security

JANUARY 3, 2019

A new phone-based phishing scam that spoofs Apple Inc. 2, 2019: What Westby’s iPhone displayed as the scam caller’s identity. Westby said the Apple agent told her that Apple had not contacted her, that the call was almost certainly a scam, and that Apple would never do that — all of which she already knew.

Scams 279

Scams Phishing Cyber Risk Engineering 279

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing 339

Phishing Scams Mobile DNS 339

Krebs on Security

OCTOBER 1, 2018

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? A CLOSE CALL.

Scams 279

Scams Phishing Banking Mobile 279

Krebs on Security

NOVEMBER 10, 2021

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional ph ishing scams sent through SMS text messages. ” Seconds later, her mobile phone rang. The entirety of the scam takes place over the phone. “What was different about this was it was all very smooth.

Banking 363

Banking Phishing Scams Accountability 363

Malwarebytes

APRIL 7, 2025

Back in August 2024, we warned about a relatively new type of SMS phishing (or smishing ) scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. The phishing sites are typically out to steal personal information and/or payment details. E.g. e-zpass.com- roadioe[.]cc.

Scams 85

Scams Phishing Mobile Internet 85

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. Adware, the most common mobile threat, accounted for 35% of total detections. million malicious and potentially unwanted installation packages were detected, almost 69,000 of which associated with mobile banking Trojans. A total of 1.1

Mobile 116

Mobile Malware Adware Banking 116

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. How to avoid smishing scams Never reply to suspicious messages, even if its only a Y or 1. Report bogus messages and numbers.

Phishing 131

Phishing Social Engineering Scams Mobile 131

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Each advertises their claimed access to T-Mobile systems in a similar way. ” or “ Tmo up!

Mobile 341

Mobile Phishing Authentication Advertising 341

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 331

Phishing Scams Banking Mobile 331

Krebs on Security

NOVEMBER 3, 2020

Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “ vishing ” attacks and “ SIM swapping ,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Scams 342

Scams Wireless Identity Theft Mobile 342

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 88

Phishing Mobile Social Engineering Data breaches 88

Security Boulevard

DECEMBER 10, 2024

SpartanWarrioz, whose prolific phishing kit business took a hit when the group's Telegram channel was shut down in November, is rebounding quickly, creating a new channel and courting former subscribers as it rebuilds its operations, Forta researchers say.

Scams 120

Scams Phishing Social Engineering Engineering 120

SecureWorld News

MARCH 18, 2025

In recent months, a sophisticated scam has emerged, targeting drivers across the United States with fraudulent text messages about unpaid road tolls. Smishing scams like these follow a predictable yet highly effective, nefarious behavioral blueprintleveraging urgency, impersonation, and fear to manipulate victims into compliance.

Scams 84

Scams Mobile Phishing Education 84

Krebs on Security

AUGUST 28, 2024

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. Some people interviewed who received the messages said they figured it was a scam because they knew for a fact they were registered to vote in their state.

Phishing 314

Phishing Scams Mobile Advertising 314

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. Image: Mastercard.us. A graphic from Mastercard touting the potential benefits of cardless ATM transactions.

Phishing 268

Phishing Banking Scams Accountability 268

Krebs on Security

AUGUST 9, 2021

In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information. The payment message displayed by the carding site phishing domain BriansClub[.]com. Shortly after it came online as a phishing site last year, BriansClub[.]com

Phishing 362

Phishing Cybercrime Accountability Advertising 362

Krebs on Security

JANUARY 13, 2020

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing 265

Phishing Scams Mobile Encryption 265

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. They are also using AI-powered tools to create emails that can bypass security filters.

Phishing 107

Phishing Artificial Intelligence Identity Theft Accountability 107

Troy Hunt

SEPTEMBER 17, 2020

As I started delving back through my own writing over the years, the picture became much clearer and it really crystallised just this week after I inadvertently landed on a nasty phishing site. In the end I broke it down into 3 Ps: padlocks, phishing and privacy. Now let's try the mobile app: What's the encryption story there?

VPN 363

VPN Phishing DNS Encryption 363

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile 318

Mobile Wireless Advertising Accountability 318

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. ” AN ‘IDENTITY CRISIS’?

Mobile 268

Mobile Cryptocurrency Accountability Authentication 268

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com. The Coinbase phishing panel. million Italians.

Passwords 363

Passwords Phishing Accountability Mobile 363

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes. This scenario follows the common phishing tactics: strike at personal interest.

Scams 82

Scams Social Engineering Mobile Phishing 82

Security Affairs

NOVEMBER 25, 2024

.” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.

Mobile 123

Mobile Scams Technology Telecommunications 123

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. 2, and Aug.

Mobile 341

Mobile Phishing Authentication Accountability 341

eSecurity Planet

MARCH 28, 2025

A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apples iMessage and Androids Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Examples of scam campaigns delivered via iMessage and RCS.

Phishing 58

Phishing Scams Cybercrime Retail 58

Security Boulevard

DECEMBER 14, 2021

Phishing scams continue to top the list of cybercrimes. Phishing attacks account for more than 80% of reported security incidents. have experienced a successful phishing. have experienced a successful phishing. The post Preparing for Evolving Phishing Scams appeared first on Security Boulevard.

Scams 126

Scams Phishing Social Engineering Cybercrime 126

Adam Levin

NOVEMBER 17, 2020

Here are 50 ways to avoid getting scammed on Black Friday — and beyond. Popular browsers, like Safari or Firefox, frequently issue updates to protect against scams. There’s a chance the unsolicited offer in your inbox is a “ phishing ” scheme. Phishing schemes don’t only travel by way of email. Choose credit over debit.

Scams 243

Scams Retail Banking Passwords 243

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 74

Phishing Banking Scams Mobile 74

Malwarebytes

MARCH 23, 2021

Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for phishers. Even one of my relatives with a semi-mystical ability to never experience a scam ever, received a fake SMS at the weekend. postage fee last Friday, having not seen the scam warnings circulating online.

Scams 130

Scams Phishing Banking Accountability 130

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

DECEMBER 29, 2018

Many of you have requested a redesign to make this site more mobile-friendly. Below are some of the most-read and commented-on enterprise stories throughout 2018, a year marked by a relentless onslaught of data breaches, data leaks and increasingly sneaky scams. Half of All Phishing Sites Now Have the Padlock. Mobile Carriers.

Mobile 270

Mobile Scams Phishing Data breaches 270

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 327

Hacking Social Engineering Phishing Scams 327

Security Boulevard

APRIL 29, 2024

The post USPS Phishing Scams Generate Almost as Much Traffic as the Real Site appeared first on Security Boulevard. Smishing is hard to stamp out. Worse, bogus domains surpass the legitimate one during the holiday season, when more people expect packages.

Scams 128

Scams Phishing Social Engineering Engineering 128

Malwarebytes

FEBRUARY 10, 2021

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. “Who is targeted by email-based phishing and malware? Attacks primarily focus on North America and Europe, with the US receiving the highest volume of phishing and malware mails.

Scams 138

Scams Phishing Data breaches Malware 138

Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. ” Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia [91.215.85-166]

Phishing 327

Phishing Retail Mobile Scams 327