Scams and Web Fraud - Cyber Security Informer

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

AUGUST 18, 2022

While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams. .” A copy of the phishing message included in the PayPal.com invoice.

Scams

Scams Phishing Accountability Software

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. ” One of the crypto investment scam messages promoted in the spam campaigns on Mastodon this month. “On Twitter, more spam and crypto scam.”

Scams

Scams DDOS Cryptocurrency Accountability

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Scams

Scams Banking Passwords Authentication

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. Previously, the group had stored its malicious update files on Cloudflare, Guard.io

Scams

Scams Malware Cryptocurrency Hacking

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

site that helps him manage more than 500 scam properties and interactions with up to 100 (soon-to-be-scammed) “guests” looking to book the fake listings. The Land Lordz administrative panel for a scammer who’s running dozens of Airbnb scams in the United Kingdom. The price is € 250 + €500 secure deposit.

Scams

Scams Advertising Accountability Phishing

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But such records are ideally suited for criminals engaged in the type of phone scams that are the subject of this article.

Scams

Scams Banking Accountability Financial Services

Double-Your-Crypto Scams Share Crypto Scam Host

Security Boulevard

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers.

Scams

Scams Cryptocurrency Web Fraud

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.

Scams

Scams DNS Internet Internet

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Security Boulevard

NOVEMBER 19, 2021

What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. The post The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back appeared first on Security Boulevard.

Scams

Scams Banking Accountability Phishing

Interview With a Crypto Scam Investment Spammer

Security Boulevard

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The post Interview With a Crypto Scam Investment Spammer appeared first on Security Boulevard.

Scams

Scams Cryptocurrency Accountability Software

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. resident Kyell A.

Scams

Scams Wireless Identity Theft Mobile

Beware of Hurricane Florence Relief Scams

Krebs on Security

SEPTEMBER 24, 2018

All of the domains mentioned above have been reported to the Justice Department’s National Center for Disaster Fraud , which accepts tips at disaster@leo.gov. Let me be clear: Just because a site is listed here doesn’t mean it’s a scam (or that it will be).

Scams

Scams Accountability Media Web Fraud

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Scams

Scams Accountability Advertising Web Fraud

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

AUGUST 4, 2022

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. But my mom went over to the neighbor’s house and they saw it for what it was — a scam.”

Banking

Banking Scams Accountability Passwords

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

SEPTEMBER 19, 2024

While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user. Because this particular scam has a great deal of room for growth and creativity.

Phishing

Phishing Scams Malware Passwords

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

In May, KrebsOnSecurity interviewed a Russian spammer named “ Quotpw “ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms. com site,” the Trend researchers wrote. . Image: Trend Micro.

Accountability

Accountability Scams Cryptocurrency Advertising

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter. “The scale of this is so massive.

Scams

Scams Cryptocurrency Marketing Internet

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Security Boulevard

AUGUST 18, 2022

The post PayPal Phishing Scam Uses Invoices Sent Via PayPal appeared first on Security Boulevard. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.

Scams

Scams Phishing Accountability Software

‘Tis the Season for the Wayward Package Phish

Krebs on Security

NOVEMBER 4, 2021

Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly. com, g001bfedeex[.]com, com, and so on.

Phishing

Phishing Scams Mobile DNS

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums.

Phishing

Phishing Scams Computers and Electronics Software

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

Urlscan also found this phishing scam from Jan. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. Image: Urlscan.io.

Phishing

Phishing Marketing Scams Accountability

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

OCTOBER 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. The FBI says BEC scams netted thieves more than $12 billion between 2013 and 2018.

Scams

Scams Accountability Media Banking

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The general manager of Escrow.com said he suspected the call was a scam, but decided to play along for about an hour — all the while recording the call and coaxing information out of the scammer. One multifactor option — physical security keys — appears to be immune to these advanced scams.

Hacking

Hacking Social Engineering Phishing Scams

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account. “I’ve seen all kinds of crypto scams, but I’ve never seen one like this.”

Hacking

Hacking Accountability Scams Cryptocurrency

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Krebs on Security

JANUARY 29, 2022

The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. ” Bernard’s scam is genius because he never approaches investors directly; rather, investors are incentivized to put his portfolio in front of tech firms seeking financial backing. Tønnevold rejects this.”

Scams

Scams Technology Web Fraud

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

And as the phishing examples above demonstrate, many of today’s phishing scams use elements from hacked databases to make their lures more convincing. Most phishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly. Urgency should be a giant red flag. Take a deep breath.

Passwords

Passwords Password Management Phishing Scams

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

FEBRUARY 17, 2020

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate.

Scams

Scams Advertising Accountability Web Fraud

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Krebs on Security

NOVEMBER 2, 2023

Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. Most reshipping scams promise employees a monthly salary and even cash bonuses.

Cybercrime

Cybercrime Marketing Scams Retail

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

Holden said each time a new victim submitted credentials at the Coinbase phishing site, the administrative panel would make a loud “ding” — presumably to alert whoever was at the keyboard on the other end of this phishing scam that they had a live one on the hook.

Passwords

Passwords Phishing Accountability Mobile

Owners of 1-Time Passcode Theft Service Plead Guilty

Krebs on Security

SEPTEMBER 2, 2024

Text messages, emails and phone calls warning recipients about potential fraud are some of the most common scam lures. More on SMSRanger in an upcoming post. If someone (or something) calls saying they’re from your bank, or asks you to provide any personal or financial information, do not respond. Just hang up, full stop.

Accountability

Accountability Banking Passwords Scams

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

A scan of social media networks showed this is not an uncommon scam. Booking.com did not respond to questions about that, and its current account security advice urges customers to enable 2FA. In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram. The file that Doug ran is a simple Apple Script (file extension “ scpt”) that downloads and executes a malicious trojan made to run on macOS systems.

Malware

Malware Cryptocurrency Software Phishing

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified.US domains registered daily.US

Phishing

Phishing Telecommunications Malware Scams

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Image: fr3d.hk/blog.

Phishing

Phishing Scams Banking Mobile

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

Fake profiles also may be tied to so-called “pig butchering” scams , wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out. of spam and scams. “Clearly they are not monitored,” Taylor assessed.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Scammers Sent Uber to Take Elderly Lady to the Bank

Security Boulevard

AUGUST 4, 2022

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.

Banking

Banking Scams Web Fraud

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

Fake profiles also may be tied to so-called “pig butchering” scams , wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

Accountability

Accountability Cryptocurrency Scams CISO

Phishing for Apples, Bobbing for Links

Krebs on Security

JANUARY 13, 2020

The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly.

Phishing

Phishing Scams Mobile Encryption

Sextortion Scams Now Include Photos of Your Home

Krebs on Security

SEPTEMBER 3, 2024

An old but persistent email scam known as “ sextortion ” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing.

Scams

Scams Spyware Malware Passwords

How to Tell a Job Offer from an ID Theft Trap

Security Boulevard

MAY 21, 2021

One of the oldest scams around -- the fake job interview that seeks only to harvest your personal and financial data -- is on the rise, the FBI warns. Here's the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Scams

Scams Web Fraud

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). One of the groups that reliably posted “Tmo up!” ” messages to announce SIM-swap availability against T-Mobile customers also reliably posted “Tmo down!

Mobile

Mobile Phishing Authentication Advertising

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers.

Scams

Scams Wireless Phishing Banking

Why is.US Being Used to Phish So Many of Us?

Security Boulevard

SEPTEMBER 1, 2023

US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. Domain names ending in “.US” This is noteworthy because.US is overseen by the U.S. government, which is frequently the target of phishing domains ending in.US. Also,US domains are only supposed to be available to U.S.

Phishing

Phishing Scams Government Telecommunications

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Interview With a Crypto Scam Investment Spammer

Trending Sources

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

The Fake Browser Update Scam Gets a Makeover

‘Land Lordz’ Service Powers Airbnb Scams

Would You Have Fallen for This Phone Scam?

Double-Your-Crypto Scams Share Crypto Scam Host

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Interview With a Crypto Scam Investment Spammer

Two Charged in SIM Swapping, Vishing Scams

Beware of Hurricane Florence Relief Scams

How to Tell a Job Offer from an ID Theft Trap

Scammers Sent Uber to Take Elderly Lady to the Bank

This Windows PowerShell Phish Has Scary Potential

Service Rents Email Addresses for Account Signups

Massive Losses Define Epidemic of ‘Pig Butchering’

PayPal Phishing Scam Uses Invoices Sent Via PayPal

‘Tis the Season for the Wayward Package Phish

Teach a Man to Phish and He’s Set for Life

How Phishers Are Slinking Their Links Into LinkedIn

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

When Low-Tech Hacks Cause High-Impact Breaches

Discord Admins Hacked by Malicious Bookmarks

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

The Life Cycle of a Breached Database

Pay Up, Or We’ll Make Google Ban Your Ads

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

How Coinbase Phishers Steal One-Time Passwords

Owners of 1-Time Passcode Theft Service Plead Guilty

Booking.com Phishers May Leave You With Reservations

Calendar Meeting Links Used to Spread Mac Malware

US Harbors Prolific Malicious Link Shortening Service

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Scammers Sent Uber to Take Elderly Lady to the Bank

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Phishing for Apples, Bobbing for Links

Sextortion Scams Now Include Photos of Your Home

How to Tell a Job Offer from an ID Theft Trap

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

How to Shop Online Like a Security Pro

Why is.US Being Used to Phish So Many of Us?

Stay Connected