Scams and Web Fraud - Cyber Security Informer

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams. .” A copy of the phishing message included in the PayPal.com invoice.

Scams

Scams Phishing Accountability Software

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Scams

Scams Banking Passwords Authentication

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.

Scams

Scams DNS Internet Internet

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But such records are ideally suited for criminals engaged in the type of phone scams that are the subject of this article.

Scams

Scams Banking Accountability Financial Services

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. ” One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month. “On Twitter, more spam and crypto scam.”

Scams

Scams DDOS Cryptocurrency Accountability

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. resident Kyell A.

Scams

Scams Wireless Identity Theft Mobile

Beware of Hurricane Florence Relief Scams

Krebs on Security

SEPTEMBER 24, 2018

All of the domains mentioned above have been reported to the Justice Department’s National Center for Disaster Fraud , which accepts tips at disaster@leo.gov. Let me be clear: Just because a site is listed here doesn’t mean it’s a scam (or that it will be).

Scams

Scams Accountability Media Web Fraud

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Scams

Scams Accountability Advertising Web Fraud

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Last week, the Massachusetts Department of Transportation (MassDOT) warned residents to be on the lookout for a new SMS phishing or “smishing” scam targeting users of EZDriveMA , MassDOT’s all electronic tolling program. In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S.

Phishing

Phishing Scams Mobile Passwords

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly. com, g001bfedeex[.]com, com, and so on.

Phishing

Phishing Scams Mobile DNS

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

AUGUST 4, 2022

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. But my mom went over to the neighbor’s house and they saw it for what it was — a scam.”

Banking

Banking Scams Accountability Passwords

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

Urlscan also found this phishing scam from Jan. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. The FBI says BEC scams netted thieves more than $12 billion between 2013 and 2018.

Scams

Scams Accountability Media Banking

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

FEBRUARY 17, 2020

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate.

Scams

Scams Advertising Accountability Web Fraud

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing. Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly. Urgency should be a giant red flag. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

SEPTEMBER 19, 2024

While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user. Because this particular scam has a great deal of room for growth and creativity.

Phishing

Phishing Scams Malware Passwords

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Security Boulevard

NOVEMBER 19, 2021

What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. The post The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back appeared first on Security Boulevard.

Scams

Scams Banking Accountability Phishing

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Krebs on Security

JANUARY 29, 2022

The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. ” Bernard’s scam is genius because he never approaches investors directly; rather, investors are incentivized to put his portfolio in front of tech firms seeking financial backing. Tønnevold rejects this.”

Scams

Scams Technology Web Fraud

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook.

Passwords

Passwords Phishing Accountability Mobile

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com said he suspected the call was a scam, but decided to play along for about an hour — all the while recording the call and coaxing information out of the scammer. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking

Hacking Social Engineering Phishing Scams

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account. “I’ve seen all kinds of crypto scams, but I’ve never seen one like this.”

Hacking

Hacking Accountability Scams Cryptocurrency

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing

Phishing Scams Computers and Electronics Software

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Image: fr3d.hk/blog.

Phishing

Phishing Scams Banking Mobile

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers.

Scams

Scams Wireless Phishing Banking

Phishing for Apples, Bobbing for Links

Krebs on Security

JANUARY 13, 2020

The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly.

Phishing

Phishing Scams Mobile Encryption

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Fake profiles also may be tied to so-called “pig butchering” scams , wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out. of spam and scams. “Clearly they are not monitored,” Taylor assessed.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. Most reshipping scams promise employees a monthly salary and even cash bonuses.

Cybercrime

Cybercrime Marketing Scams Retail

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

For example, a would-be smishing victim might enter their personal and financial information, but then decide the whole thing is scam before actually submitting the data. Merrill said the criminals appear to send only a few dozen messages at a time, likely because completing the scam takes manual work by the human operators in China.

Phishing

Phishing Mobile Scams Retail

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Before we get to the Apple scam in detail, we need to revisit Tony’s case. The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls. The phishing domain used to steal roughly $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

Fake profiles also may be tied to so-called “pig butchering” scams , wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

Accountability

Accountability Cryptocurrency Scams CISO

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

MAY 16, 2020

In those schemes, the scammers typically recruit people — often victims of online romance scams or those who also are out of work and looking for any source of income — to receive direct deposits from the fraudulent transactions, and then forward the bulk of the illicit funds to the perpetrators.

Insurance

Insurance Banking Identity Theft Accountability

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains registered daily.US

Phishing

Phishing Telecommunications Malware Scams

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

Most online retailers years ago stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. For example, reshipping scams have over the years become easier for both reshipping mule operators and the mules themselves.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability

Accountability Advertising Passwords Phishing

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram. The file that Doug ran is a simple Apple Script (file extension “ scpt”) that downloads and executes a malicious trojan made to run on macOS systems.

Malware

Malware Cryptocurrency Software Phishing

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). One of the groups that reliably posted “Tmo up!” ” messages to announce SIM-swap availability against T-Mobile customers also reliably posted “Tmo down!

Mobile

Mobile Phishing Authentication Advertising

Riding the State Unemployment Fraud ‘Wave’

Krebs on Security

MAY 23, 2020

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S.

Insurance

Insurance Accountability Banking Government

Double-Your-Crypto Scams Share Crypto Scam Host

Security Boulevard

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers.

Scams

Scams Cryptocurrency Web Fraud

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

SEPTEMBER 2, 2024

Text messages, emails and phone calls warning recipients about potential fraud are some of the most common scam lures. More on SMSRanger in an upcoming post. If someone (or something) calls saying they’re from your bank, or asks you to provide any personal or financial information, do not respond. Just hang up, full stop.

Accountability

Accountability Banking Passwords Scams

PayPal Phishing Scam Uses Invoices Sent Via PayPal

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Trending Sources

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

‘Land Lordz’ Service Powers Airbnb Scams

Would You Have Fallen for This Phone Scam?

Interview With a Crypto Scam Investment Spammer

The Fake Browser Update Scam Gets a Makeover

Two Charged in SIM Swapping, Vishing Scams

Beware of Hurricane Florence Relief Scams

How to Tell a Job Offer from an ID Theft Trap

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Massive Losses Define Epidemic of ‘Pig Butchering’

‘Tis the Season for the Wayward Package Phish

Scammers Sent Uber to Take Elderly Lady to the Bank

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

How Phishers Are Slinking Their Links Into LinkedIn

Service Rents Email Addresses for Account Signups

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Pay Up, Or We’ll Make Google Ban Your Ads

The Life Cycle of a Breached Database

This Windows PowerShell Phish Has Scary Potential

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

How Coinbase Phishers Steal One-Time Passwords

When Low-Tech Hacks Cause High-Impact Breaches

Discord Admins Hacked by Malicious Bookmarks

Teach a Man to Phish and He’s Set for Life

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

How to Shop Online Like a Security Pro

Phishing for Apples, Bobbing for Links

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

How Phished Data Turns into Apple & Google Wallets

A Day in the Life of a Prolific Voice Phishing Crew

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

US Harbors Prolific Malicious Link Shortening Service

How Cybercriminals are Weathering COVID-19

Malicious Office 365 Apps Are the Ultimate Insiders

Calendar Meeting Links Used to Spread Mac Malware

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Riding the State Unemployment Fraud ‘Wave’

Double-Your-Crypto Scams Share Crypto Scam Host

Owners of 1-Time Passcode Theft Service Plead Guilty

Stay Connected