Phishing, Scams and Telecommunications - Cyber Security Informer

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. On the left is the (test) data entered at the phishing site. On the left is the (test) data entered at the phishing site. Image: Ford Merrill. Image: SilentPush.

Banking

Banking Phishing Mobile Retail

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US US phishing domains.US is overseen by the U.S.

Phishing

Phishing Telecommunications Government DNS

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing

Phishing Telecommunications Malware Scams

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

These attacks aim at spreading malware by including malicious links that infect devices, phish information by tricking users into sharing personal or financial data, and causing disruptions by overwhelming networks or targeting individuals with spam. The equipment sent nearly 1 million fraudulent messages in 3 days.

Mobile

Mobile Scams Technology Telecommunications

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries.

Phishing

Phishing VPN Social Engineering Media

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency

Cryptocurrency Malware Hacking Ransomware

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

but given the Salt Typhoon breach and the apparent lackluster security practices and culture at just about every American telecommunications company, this was too interesting to ignore. Cape is a mobile carrier startup claiming to provide a more secure and private service alternative to traditional telecommunications services.

Surveillance

Surveillance Telecommunications Malware Data breaches

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach at a marketing vendor exposed certain account information for nine million customers. “An individual’s CPNI can be shared with other telecommunications providers for network operating reasons,” wrote TechTarget’s Gavin Wright.

Mobile

Mobile Wireless Advertising Accountability

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

The unknown intruders gained access to internal Mailchimp tools and customer data by social engineering employees at the company, and then started sending targeted phishing attacks to owners of Trezor hardware cryptocurrency wallets. com, which was fed by pig butchering scams. Uber blames LAPSUS$ for the intrusion.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

AT&T confirms 73 million people affected by data breach

Malwarebytes

APRIL 2, 2024

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Watch out for fake vendors.

Data breaches

Data breaches Passwords Phishing Accountability

Why is.US Being Used to Phish So Many of Us?

Security Boulevard

SEPTEMBER 1, 2023

US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. Being Used to Phish So Many of Us? Domain names ending in “.US” This is noteworthy because.US is overseen by the U.S.

Phishing

Phishing Scams Government Telecommunications

Authorities Unsure if Spain, Portugal Power Outage Was a Cyber Attack

SecureWorld News

APRIL 29, 2025

The blackout, which began around midday local time, halted public transportation, grounded flights, and disrupted critical services such as hospitals and telecommunications. Phishing scams, money transfer requests, and the use of fake travel tickets may also increase during this time."

Cyber Attacks

Cyber Attacks Energy and Utilities Telecommunications Cybersecurity

Developing Your Business Email Compromise (BEC) Incident Response Plan

SecureWorld News

NOVEMBER 22, 2021

The Business Email Compromise (BEC) scam is one of the simplest and most damaging attacks businesses can face with losses ranging from hundreds to millions of dollars. According to the Federal Bureau of Investigation (FBI), losses due to BEC scams since 2013 total around $28 billion dollars and it is the most profitable cybercrime there is.

Scams

Scams Cybercrime Accountability Banking

News alert: AI-powered web scrapers from Oxylabs are breaking new ground in fraud detection

The Last Watchdog

OCTOBER 20, 2023

“Enterprises in the finance, banking, and telecommunications sectors are the most susceptible to online fraud, but it can happen to any company,” said Vaidotas Sedys , Head of Risk Management at Oxylabs. ML algorithms scan thousands of transactions, identifying hidden correlations or patterns, an impossible task for human risk analysts.

Artificial Intelligence

Artificial Intelligence Identity Theft Telecommunications Big data

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. One of the groups that reliably posted “Tmo up!

Mobile

Mobile Phishing Authentication Advertising

Spam and phishing in Q3 2021

SecureList

NOVEMBER 1, 2021

Scamming championship: sports-related fraud. Scam: get it yourself, share with friends. million redirects to phishing pages. Spam in the name of generous philanthropists and large organizations offering lockdown compensation is already a standard variant of the “Nigerian prince” scam. Statistics: phishing.

Phishing

Phishing Scams Accountability Computers and Electronics

Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches

Data breaches Healthcare Cybercrime Social Engineering

Hacker in Snowflake Extortions May Be a U.S. Soldier

Krebs on Security

NOVEMBER 26, 2024

In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target’s phone calls and text messages to a device they control. However, Vars_Secc would be banned from XSS after attempting to sell access to the Russian telecommunications giant Rostelecom. [In

DDOS

DDOS Cybercrime Accountability Government

Cyber Security Informer

China-based SMS Phishing Triad Pivots to Banks

Why is.US Being Used to Phish So Many of Us?

Webinars

Trending Sources

US Harbors Prolific Malicious Link Shortening Service

Webinars

Thai police arrested Chinese hackers involved in SMS blaster attacks

Voice Phishers Targeting Corporate VPNs

Security Affairs newsletter Round 498 by Pierluigi Paganini – INTERNATIONAL EDITION

Privacy Roundup: Week 12 of Year 2025

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Happy 13th Birthday, KrebsOnSecurity!

AT&T confirms 73 million people affected by data breach

Why is.US Being Used to Phish So Many of Us?

Authorities Unsure if Spain, Portugal Power Outage Was a Cyber Attack

Developing Your Business Email Compromise (BEC) Incident Response Plan

News alert: AI-powered web scrapers from Oxylabs are breaking new ground in fraud detection

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Spam and phishing in Q3 2021

Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

Hacker in Snowflake Extortions May Be a U.S. Soldier

Stay Connected