Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. As such, readers should be the lookout for any scams or phishing attempts in the coming weeks. But Hunts immediate disclosure of the attack should be commended.

Phishing 118

Phishing Data breaches Password Management Scams 118

SecureWorld News

DECEMBER 4, 2024

The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands [3] including Walmart, Target, and Best Buy increasing by more than 2,000% during peak shopping periods. Make logins secure Firstly, ensure all staff have strong passwords (12-16 characters).

Retail 116

Retail Scams Phishing Cyber threats 116

Krebs on Security

NOVEMBER 19, 2021

Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Scams 361

Scams Banking Passwords Authentication 361

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 259

Phishing Accountability Artificial Intelligence Cybercrime 259

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. One of dozens of FedEx-themed phishing sites currently being advertised via SMS spam. ” Attempting to visit the domain in the phishing link — o001cfedeex[.]com

Phishing 334

Phishing Scams Mobile DNS 334

eSecurity Planet

MARCH 31, 2025

Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Karin Zilberstein, vice president of Product at cybersecurity company Guardio, says the platform consistently ranks among the top 10 most imitated companies in phishing schemes. Use a strong, unique password for your Netflix account.

Scams 108

Scams Artificial Intelligence Phishing Passwords 108

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft 250

Identity Theft Phishing Cryptocurrency Accountability 250

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 126

Engineering Phishing Banking Authentication 126

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 355

Phishing Authentication Passwords Accountability 355

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 322

Phishing Scams Malware Passwords 322

Malwarebytes

APRIL 16, 2025

But, as with all sextortion scams, this threat is an entirely empty one. The scammer says they know your password or compromised your account. Scammers do this to bypass phishing filters. Change the password and enable 2FA if possible. Scary stuff, and it supports the claims the scammer makes.

Accountability 119

Accountability Scams Passwords Phishing 119

Malwarebytes

APRIL 8, 2025

By purchasing prominent Google Ads, they are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even one-time passcodes (OTPs) the keys to someone’s financial data needed for tax compliance.

Phishing 80

Phishing Scams Accountability Passwords 80

Krebs on Security

MARCH 28, 2024

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. But Sholtis said he didn’t enter his Outlook username and password. “We were just perplexed,” Murse said. “We were just perplexed,” Murse said.

Phishing 305

Phishing Scams Accountability Passwords 305

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Note: The password for the document is 123456.

Phishing 279

Phishing Antivirus Scams Malware 279

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. Image: Mastercard.us. A graphic from Mastercard touting the potential benefits of cardless ATM transactions.

Phishing 268

Phishing Banking Scams Accountability 268

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. Use a password manager to autofill credentials only on trusted sites.

Phishing 108

Phishing Artificial Intelligence Identity Theft Accountability 108

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams 271

Scams Advertising Accountability Phishing 271

Krebs on Security

NOVEMBER 3, 2020

Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “ vishing ” attacks and “ SIM swapping ,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Scams 342

Scams Wireless Identity Theft Mobile 342

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords 363

Passwords Password Management Phishing Scams 363

IT Security Guru

APRIL 25, 2025

Phishing is a great example of this, with it evolving from simple email scams to more malicious and carefully thought-out attacks. As more people shift to online financial platforms or cryptocurrencies, digital wallets have become a common target for phishing scams.

Scams 45

Scams Phishing Cryptocurrency Cyber threats 45

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, Click to enlarge.

Passwords 314

Passwords Mobile Accountability Marketing 314

Adam Levin

NOVEMBER 17, 2020

Here are 50 ways to avoid getting scammed on Black Friday — and beyond. Make sure your smartphone, tablet and laptop are password-protected, particularly if you’re in the habit of carrying them around wherever you go. Popular browsers, like Safari or Firefox, frequently issue updates to protect against scams. Lock your devices.

Scams 243

Scams Retail Banking Passwords 243

Adam Levin

NOVEMBER 23, 2020

of all reports to the BBB Scam Tracker “were online purchase scams, up from 24.3% of those consumers lost money due to those scams, up from 71.2% A BBB survey conducted in August found that the majority of these scammed consumers made purchases for which they never received products. Change your passwords.

Scams 239

Scams Banking Retail Consumer Protection 239

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 322

Hacking Social Engineering Phishing Scams 322

Webroot

APRIL 11, 2025

Thats why each year, the IRS releases its list of Dirty Dozen Tax Scams. Common tax scams to watch out for in 2025 IRS Impersonation: The most common type of tax fraud starts with a phone call, text or email. Its easy to avoid these scams by remembering this important tip – the first time the IRS contacts you, it will be by U.S.

Scams 60

Scams Identity Theft Backups Phishing 60

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? These pages act as a sort of gateway to external websites specifically designed to steal the usernames and passwords from the coveted advertisers’ Google accounts.

Advertising 133

Advertising Accountability Phishing Scams 133

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 230

Phishing Passwords Hacking Internet 230

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. The history of scams and phishing. The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at that time.

Scams 134

Scams Phishing Social Engineering Banking 134

SecureWorld News

FEBRUARY 14, 2025

Be wary of romance scams "People can be vulnerable on February 14th," said Dave Machin , Partner at The Berkeley Partnership. "If Avoid phishing emails and messages You may receive emails or texts with fake Valentine's Day deals, electronic greeting cards (e-cards), or delivery notifications.

Scams 74

Scams Cybercrime Social Engineering Phishing 74

Approachable Cyber Threats

MARCH 12, 2025

Category Awareness, Social Enginering Risk Level Phishing emails are getting harder to detect. What is phishing, and why is it such a big deal?" Phishing is one of the oldest tricks in the hacker playbook - but its also one of the most effective. Alright, but cant I just spot and delete phishing emails?"

Phishing 52

Phishing Scams Social Engineering Artificial Intelligence 52

Malwarebytes

JANUARY 27, 2025

But shortly after the payment, ALPHV disappeared in an unconvincing exit scam designed to make it look as if the groups website had been seized by the FBI, forgetting to pay its affiliates in the process. Change your password. You can make a stolen password useless to thieves by changing it. Watch out for fake vendors.

Data breaches 125

Data breaches Healthcare Passwords Insurance 125

Krebs on Security

JUNE 13, 2020

A Google search for the term “privnotes” brings up a misleading paid ad for the phishing site privnotes.com, which is listed above the legitimate site — privnote.com. “It’s a pretty smart scam.” Creating a message merely generates a link. ” But that’s not the half of it. .

Phishing 254

Phishing Encryption Internet Internet 254

Malwarebytes

MARCH 17, 2025

Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA). Change all your passwords and do this using a clean, trusted device. IOCs Below are some recent examples of domains involved in this type of scam and the reason why Malwarebytes products block them. Email addresses.

Malware 139

Malware Adware Education Phishing 139

Troy Hunt

MARCH 10, 2022

Looking back on this video a few hours later, the thing that strikes me is the discussion around what appears to be a phishing page seeking donations for Ukraine. Easy answer - they don't, that's why phishing remains so lucrative.

Phishing 317

Phishing Scams Passwords Ransomware 317

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency 363

Cryptocurrency VPN Scams Social Engineering 363

Tech Republic Security

MARCH 26, 2020

Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.

Scams 218

Scams Phishing Passwords Malware 218