Scams, Technology and Web Fraud - Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Last week, the Massachusetts Department of Transportation (MassDOT) warned residents to be on the lookout for a new SMS phishing or “smishing” scam targeting users of EZDriveMA , MassDOT’s all electronic tolling program. In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S.

Phishing

Phishing Scams Mobile Passwords

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Scams

Scams Accountability Advertising Web Fraud

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

Urlscan also found this phishing scam from Jan. ” In a statement provided to KrebsOnSecurity, Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” Here’s one example from Jan.

Phishing

Phishing Marketing Scams Accountability

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Krebs on Security

JANUARY 29, 2022

Several articles here have delved into the history of John Bernard , the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars. The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. Tønnevold rejects this.”

Scams

Scams Technology Web Fraud

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

. “You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar , chief technology officer at security firm Emsisoft. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account. “I’ve seen all kinds of crypto scams, but I’ve never seen one like this.”

Hacking

Hacking Accountability Scams Cryptocurrency

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link. MacOS computers include X-Protect , Apple’s built-in antivirus technology. “We are actively working on fixing these problems.

Malware

Malware Cryptocurrency Software Phishing

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

” Jason Lathrop is vice president of technology and operations at ISOutsource , a Seattle-based consulting firm with roughly 100 employees. In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters , collecting personal and financial information from people who fall for employment scams.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

In March, 2023, a reader named Dylan from British Columbia wrote in to say he’d received one of these shipping fee scam messages not long after placing an order to buy gobs of building blocks directly from Lego.com. The message included his full name, phone number, and postal code, and urged him to click a link to mydeliveryfee-ups[.]info

Phishing

Phishing Retail Mobile Scams

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

” “Since playing Tradewars on my Tandy 1000 with a 300 baud modem in the early ’90s, I’ve had a lifelong passion for technology, which I’ve carried with me as Deputy CISO of the world’s largest health plan,” her profile reads. of spam and scam.”

CISO

CISO Cybercrime Accountability Information Security

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

“There has been no violation of our platforms and technological infrastructure,” Banorte said. ” asked Ohad Zaidenberg , founder of CTI League , a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. ” That statement may be 100 percent true. . “Who does it?

Data breaches

Data breaches Banking Cybercrime Marketing

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. Image: Cloudflare.com. 2021 post about the change. ”

Mobile

Mobile Phishing Authentication Accountability

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

252) are currently blocked by Google’s Safebrowsing technology, and labeled with a conspicuous red warning saying the website will try to foist malware on visitors who ignore the warning and continue. ” Almost a month later, another FreeCAD user reported getting stung by the same scam. They paid Google for sponsored posts.”

Software

Software Advertising Malware Accountability

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

“Our technology ensures the maximum security from reverse engineering and antivirus detections,” ExEClean promised. ” The service charged 20 percent of all “scam wires,” unauthorized wire transfers resulting from bank account takeovers or scams like CEO impersonation schemes.

VPN

VPN Computers and Electronics Antivirus Software

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. Mr. Rizky did not respond to requests for comment.

Phishing

Phishing Passwords Hacking Internet

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

Pavel Vrublevsky , founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “ Spam Nation ,” was arrested in Moscow this month and charged with fraud. “I do not think that it was a reason for his arrest,” Artimovich said.

Banking

Banking Marketing DDOS Risk

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. technology companies during the summer of 2022. 9, 2024, U.S. A graphic depicting how 0ktapus leveraged one victim to attack another.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

Here’s what part of their current homepage looks like: The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys.

Malware

Malware Cybercrime Internet Internet

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Facebook ; Gap (Apparel) Inc ; Fifth Third Bancorp ; Hearst Communications ; Hilton Interntional ; ING Bank ; the Massachusetts Institute of Technology (MIT); McDonalds Corp. ; NBC Universal Media ; NRG Energy ; Oath, Inc (a.k.a Yahoo + AOL) ; Oracle ; Tesla Motors ; Time Warner ; US Bank; US Steel Corp.;

DNS

DNS Internet Internet Computers and Electronics

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

Rather, the missives are sent through the Apple iMessage service and through RCS , the functionally equivalent technology on Google phones. For example, a would-be smishing victim might enter their personal and financial information, but then decide the whole thing is scam before actually submitting the data.

Phishing

Phishing Mobile Scams Banking

Infrastructure Laundering: Blending in with the Cloud

Krebs on Security

JANUARY 30, 2025

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams , gambling websites, and retail phishing pages.

Accountability

Accountability Scams Passwords Retail

Cyber Security Informer

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

The Fake Browser Update Scam Gets a Makeover

Webinars

Trending Sources

How to Tell a Job Offer from an ID Theft Trap

Webinars

How Phishers Are Slinking Their Links Into LinkedIn

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

The Life Cycle of a Breached Database

Discord Admins Hacked by Malicious Bookmarks

Calendar Meeting Links Used to Spread Mac Malware

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Fake CISO Profiles on LinkedIn Target Fortune 500s

When Efforts to Contain a Data Breach Backfire

How 1-Time Passcodes Became a Corporate Liability

Using Google Search to Find Software Can Be Risky

A Deep Dive Into the Residential Proxy Service ‘911’

Karma Catches Up to Global Phishing Service 16Shop

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

No SOCKS, No Shoes, No Malware Proxy Services!

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

How Phished Data Turns into Apple & Google Wallets

Infrastructure Laundering: Blending in with the Cloud

Stay Connected