Phishing, Technology and Web Fraud - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. Reports of similar SMS phishing attacks against customers of other U.S. This is by no means a comprehensive list.

Phishing

Phishing Scams Mobile Passwords

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms. “Unfortunately, a lot of this is phishing or malware campaigns,” Donahue said.

Hacking

Hacking Accountability Government Social Engineering

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing

Phishing Cryptocurrency DDOS Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing

Phishing Passwords Hacking Internet

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. A recent phishing site that abused LinkedIn’s marketing redirect. A recent phishing site that abused LinkedIn’s marketing redirect. Urlscan also found this phishing scam from Jan. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

Mobile

Mobile Phishing Authentication Accountability

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

. “You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar , chief technology officer at security firm Emsisoft. TARGETED PHISHING.

Passwords

Passwords Password Management Phishing Scams

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. ” Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia [91.215.85-166]

Phishing

Phishing Retail Mobile Scams

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. 2019 that wasn’t discovered until April 2020.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. technology companies during the summer of 2022. 7, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link. MacOS computers include X-Protect , Apple’s built-in antivirus technology. “We are actively working on fixing these problems.

Malware

Malware Cryptocurrency Software Phishing

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets. Some services also target other popular social media platforms or financial services, providing email phishing and SIM swapping capabilities.”

Passwords

Passwords Mobile Authentication Banking

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

Woodcock said anyone who might be a target of spear phishing attacks should be very concerned about using VPNs on an untrusted network. In addition, a technology called “deep packet inspection” can be used to deny all in- and outbound traffic from the physical interface except for the DHCP and the VPN server.

VPN

VPN Wireless Internet Internet

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

.” On May 26, Aura Network reported on Twitter that its Discord server was compromised in a phishing attack that resulted in the deletion of Discord channels and the dissemination of fake Aura Network Airdrop Campaign links.

Hacking

Hacking Accountability Scams Cryptocurrency

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

Department of Justice (DOJ) says the GRU’s hackers built Cyclops Blink by exploiting previously undocumented security weaknesses in firewalls and routers made by both ASUS and WatchGuard Technologies. and international companies and entities, including U.S. federal agencies like the Nuclear Regulatory Commission. ” HYDRA.

Marketing

Marketing Energy and Utilities Malware Ransomware

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Facebook ; Gap (Apparel) Inc ; Fifth Third Bancorp ; Hearst Communications ; Hilton Interntional ; ING Bank ; the Massachusetts Institute of Technology (MIT); McDonalds Corp. ; NBC Universal Media ; NRG Energy ; Oath, Inc (a.k.a Yahoo + AOL) ; Oracle ; Tesla Motors ; Time Warner ; US Bank; US Steel Corp.;

DNS

DNS Internet Internet Computers and Electronics

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. An image from one Chinese phishing group’s Telegram channel shows various toll road phish kits available.

Phishing

Phishing Mobile Scams Banking

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

NOVEMBER 6, 2018

This includes people who run or work at cryptocurrency-focused companies; those who participate as speakers at public conferences centered around Blockchain and cryptocurrency technologies; and those who like to talk openly on social media about their crypto investments. ” Lt.

Mobile

Mobile Cryptocurrency Accountability Passwords

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

Phishing

Phishing Cybercrime Malware Software

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

JULY 16, 2019

For at least the past decade, a computer crook variously known as “ Yalishanda ,” “ Downlow ” and “ Stas_vl ” has run one of the most popular “bulletproof” Web hosting services catering to a vast array of phishing sites, cybercrime forums and malware download servers.

Cybercrime

Cybercrime Phishing Banking Malware

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology. had some personal problems and checked himself into rehab.

Cryptocurrency

Cryptocurrency Government Internet Internet

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

Throughout 2022, LAPSUS$ would hack and social engineer their way into some of the world’s biggest technology companies , including EA Games, Microsoft , NVIDIA , Okta , Samsung , and T-Mobile. ” Beige members were implicated in two stories published here in 2020.

Cybercrime

Cybercrime Accountability Mobile Hacking

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Retail

Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Webinars

Trending Sources

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Webinars

Karma Catches Up to Global Phishing Service 16Shop

How Phishers Are Slinking Their Links Into LinkedIn

How 1-Time Passcodes Became a Corporate Liability

The Life Cycle of a Breached Database

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Calendar Meeting Links Used to Spread Mac Malware

The Rise of One-Time Password Interception Bots

Why Your VPN May Not Be As Secure As It Claims

Discord Admins Hacked by Malicious Bookmarks

Actions Target Russian Govt. Botnet, Hydra Dark Market

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

How Phished Data Turns into Apple & Google Wallets

Busting SIM Swappers and SIM Swap Myths

The Stark Truth Behind the Resurgence of Russia’s Fin7

Meet the World’s Biggest ‘Bulletproof’ Hoster

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

The Dark Nexus Between Harm Groups and ‘The Com’

Infrastructure Laundering: Blending in with the Cloud

Stay Connected