Technology and Web Fraud - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms. “That can include control over data, like an account freeze or preservation request.”

Hacking

Hacking Accountability Government Social Engineering

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

An analysis of their technology infrastructure shows that all of these exchanges use Russian email providers, and most are directly hosted in Russia or by Russia-backed ISPs with infrastructure in Europe (e.g. A machine-translated version of Flymoney, one of dozens of cryptocurrency exchanges apparently nested at Cryptomus.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS , the equivalent “rich text” messaging capability built into Android devices.

Phishing

Phishing Scams Mobile Passwords

How Phished Data Turns into Apple & Google Wallets

Krebs on Security

FEBRUARY 18, 2025

Rather, the missives are sent through the Apple iMessage service and through RCS , the functionally equivalent technology on Google phones. And they are not traditional SMS phishing or “ smishing ” messages, as they bypass the mobile networks entirely.

Phishing

Phishing Mobile Scams Retail

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Krebs on Security

MARCH 31, 2022

Senate’s most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes. Today, one of the U.S. At issue are forged “emergency data requests,” (EDRs) sent through hacked police or government agency email accounts.

Government

Government Accountability Education Media

The Fake Browser Update Scam Gets a Makeover

Krebs on Security

OCTOBER 18, 2023

But when Cloudflare blocked those accounts the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain (BSC), a technology designed to run decentralized apps and “smart contracts,” or coded agreements that execute actions automatically when certain conditions are met.

Scams

Scams Malware Cryptocurrency Hacking

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

” In a statement provided to KrebsOnSecurity, Linkedin said it has “industry standard technologies in place for URL sharing and chained redirects that help us identify and prevent the spread of malware, phishing and spam.” . “The idea is to create a link that contains a clean page, redirecting to a phishing page.”

Phishing

Phishing Marketing Scams Accountability

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Krebs on Security

JANUARY 29, 2022

Several articles here have delved into the history of John Bernard , the pseudonym used by a fake billionaire technology investor who tricked dozens of startups into giving him tens of millions of dollars.

Scams

Scams Technology Web Fraud

Tech CEO Sentenced to 5 Years in IP Address Scheme

Krebs on Security

OCTOBER 17, 2023

based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Amir Golestan , the 40-year-old CEO of the Charleston, S.C. Canada, and parts of the Caribbean.

Internet

Internet Internet VPN Marketing

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

In addition, a technology called “deep packet inspection” can be used to deny all in- and outbound traffic from the physical interface except for the DHCP and the VPN server. However, Leviathan says this approach opens up a potential “side channel” attack that could be used to determine the destination of traffic.

VPN

VPN Wireless Internet Internet

The Technology Adoption Lifecycle of Genesis Market

Digital Shadows

MAY 3, 2021

Any Product Marketing professional worth their salt will have read the seminal “Crossing the Chasm” book, which highlights how technology. The post The Technology Adoption Lifecycle of Genesis Market first appeared on Digital Shadows.

Marketing

Marketing Technology Web Fraud Cybercrime

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link. MacOS computers include X-Protect , Apple’s built-in antivirus technology. “We are actively working on fixing these problems.

Malware

Malware Cryptocurrency Software Phishing

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Krebs on Security

APRIL 27, 2022

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. ” NEEDLES IN THE HAYSTACK.

Mobile

Mobile Government Media Technology

Anti-Money Laundering Service AMLBot Cleans House

Krebs on Security

OCTOBER 15, 2022

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

Cryptocurrency

Cryptocurrency Marketing Cybercrime Technology

The Stark Truth Behind the Resurgence of Russia’s Fin7

Krebs on Security

JULY 10, 2024

But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions , a sprawling hosting provider that is a persistent source of cyberattacks against enemies of Russia. authorities. In May 2023, the U.S.

Phishing

Phishing Cybercrime Malware Software

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

In late April, the FBI warned that technology is making these scams easier and more lucrative for fraudsters, who are particularly fond of impersonating recruiters. . “So my dad said, ‘Troll him back, and tell him you want a signing bonus via money order.’ ’ I was like, okay, what’s the worst that could happen?

Scams

Scams Accountability Advertising Web Fraud

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

technology firm, confirmed receipt of USDoD’s message but asked to remain anonymous for this story. That InfraGard member, who is head of security at a major U.S.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

Accountability

Accountability Government Hacking Social Engineering

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

” “Since playing Tradewars on my Tandy 1000 with a 300 baud modem in the early ’90s, I’ve had a lifelong passion for technology, which I’ve carried with me as Deputy CISO of the world’s largest health plan,” her profile reads. Maryann’s profile says she’s from Tupelo, Miss.,

CISO

CISO Cybercrime Accountability Information Security

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

. “You hand that over to a person who used to mine Ethereum or Bitcoin, and if they have a large enough dictionary [of pre-computed hashes] then you can essentially break 60-70 percent of the hashed passwords in a day or two,” said Fabian Wosar , chief technology officer at security firm Emsisoft.

Passwords

Passwords Password Management Phishing Scams

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

Unfortunately, those most likely to fall for these OTP interception schemes are people who are less experienced with technology. Then you can call your bank or whoever else you need.

Passwords

Passwords Mobile Authentication Banking

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

MAY 30, 2023

On May 27, Nahmii — a cryptocurrency technology based on the Ethereum blockchain — warned on Twitter that one of its community moderators on Discord was compromised and posting fake airdrop details. On May 9, MetrixCoin reported that its Discord server was hacked, with fake airdrop details pushed to all users.

Hacking

Hacking Accountability Scams Cryptocurrency

When Efforts to Contain a Data Breach Backfire

Krebs on Security

AUGUST 16, 2022

“There has been no violation of our platforms and technological infrastructure,” Banorte said. But in a brief written statement picked up on Twitter , Banorte said there was no breach involving their infrastructure, and the data being sold is old. ” That statement may be 100 percent true.

Data breaches

Data breaches Banking Cybercrime Marketing

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

The phishers often will explain that they’re calling from the employer’s IT department to help troubleshoot issues with the company’s email or virtual private networking (VPN) technology.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files,” said Fabian Wosar , chief technology officer at Emsisoft. ”

Healthcare

Healthcare Backups Ransomware Insurance

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Krebs on Security

JANUARY 17, 2024

” “Punchmade Dev is best known for his creative ways to use technology, video gaming, and social media to build a fan base,” the profile continues. The profile explains that he launched his own record label in 2021 called Punchmade Records, where he produces his own instrumentals and edits his own music videos.

Cybercrime

Cybercrime Media Banking Accountability

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

Department of Justice (DOJ) says the GRU’s hackers built Cyclops Blink by exploiting previously undocumented security weaknesses in firewalls and routers made by both ASUS and WatchGuard Technologies.

Marketing

Marketing Energy and Utilities Malware Ransomware

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Krebs on Security

JUNE 22, 2023

In April 2022, KrebsOnSecurity heard from Alex, the CEO of a technology company in Canada who asked to leave his last name out of this story. A smishing website targeting Canadians who recently purchased from Adidas online. The site would only load in a mobile browser.

Phishing

Phishing Retail Mobile Scams

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

252) are currently blocked by Google’s Safebrowsing technology, and labeled with a conspicuous red warning saying the website will try to foist malware on visitors who ignore the warning and continue. My guess it’s still continuing because of the up-and-down [of the] domains hosting malware and then looking legitimate.”

Software

Software Advertising Malware Accountability

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The fundamental problem with WPAD is the same with Active Directory: Both are technologies originally designed to be used in closed, static, trusted office environments, and neither was built with today’s mobile devices or workforce in mind.

DNS

DNS Internet Internet Authentication

The Great $50M African IP Address Heist

Krebs on Security

DECEMBER 11, 2019

Bill Woodcock is executive director of Packet Clearing House , a non-profit research institute dedicated to understanding and supporting Internet traffic exchange technology, policy, and economics. “To say that he had an evident conflict of interest would be a gross understatement.”

Internet

Internet Internet Marketing Government

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. technology companies during the summer of 2022. 9, 2024, U.S. A graphic depicting how 0ktapus leveraged one victim to attack another.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms.

Mobile

Mobile Phishing Authentication Accountability

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

” Jason Lathrop is vice president of technology and operations at ISOutsource , a Seattle-based consulting firm with roughly 100 employees. . “I wrote our LinkedIn rep and said we were considering closing the group down the bots were so bad,” Miller said.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Krebs on Security

SEPTEMBER 30, 2024

Also known as “ Assad Faiq” and “ The Godfather ,” Iza is the 30-something founder of a cryptocurrency investment platform called Zort that advertised the ability to make smart trades based on artificial intelligence technology.

Cryptocurrency

Cryptocurrency Government Internet Internet

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

Launched in 2008, privnote.com employs technology that encrypts each message so that even Privnote itself cannot read its contents. The real Privnote, at privnote.com. And it doesn’t send or receive messages. Creating a message merely generates a link.

Phishing

Phishing Cryptocurrency DDOS Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

“Our technology ensures the maximum security from reverse engineering and antivirus detections,” ExEClean promised. Another domain tied to the ustraffic@qq.com email in 2016 was ExeClean[.]net The Exe Clean service made malware look like goodware to antivirus products.

VPN

VPN Computers and Electronics Antivirus Software

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

account for a slew of other “iboss” themed email addresses, one of which is tied to a LinkedIn profile for an Oleg Iskhusnyh , who describes himself as a senior web developer living in Nur-Sultan, Kazakhstan. DON’T JUDGE A MAN UNTIL YOU’VE WALKED A MILE IN HIS SOCKS.

Malware

Malware Cybercrime Internet Internet

The Dark Nexus Between Harm Groups and ‘The Com’

Krebs on Security

SEPTEMBER 13, 2024

Throughout 2022, LAPSUS$ would hack and social engineer their way into some of the world’s biggest technology companies , including EA Games, Microsoft , NVIDIA , Okta , Samsung , and T-Mobile.

Cybercrime

Cybercrime Accountability Mobile Hacking

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

A LinkedIn profile for Rizky says he is a backend Web developer in Bandung who earned a bachelor’s degree in information technology in 2020. Mr. Rizky did not respond to requests for comment.

Phishing

Phishing Passwords Hacking Internet

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Facebook ; Gap (Apparel) Inc ; Fifth Third Bancorp ; Hearst Communications ; Hilton Interntional ; ING Bank ; the Massachusetts Institute of Technology (MIT); McDonalds Corp. ; NBC Universal Media ; NRG Energy ; Oath, Inc (a.k.a Yahoo + AOL) ; Oracle ; Tesla Motors ; Time Warner ; US Bank; US Steel Corp.;

DNS

DNS Internet Internet Computers and Electronics

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Security Boulevard

JANUARY 29, 2022

Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars.

Technology

Technology Web Fraud

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Krebs on Security

MARCH 22, 2022

Pavel Vrublevsky , founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “ Spam Nation ,” was arrested in Moscow this month and charged with fraud.

Banking

Banking Marketing DDOS Risk

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

” Bailey said in one common type of arrangement, the lender provides the necessary capital, expertise, staff, technology, and corporate structure to run the lending business and keeps most of the profits.

Financial Services

Financial Services Banking Accountability Identity Theft

FBI: Spike in Hacked Police Emails, Fake Subpoenas

How Cryptocurrency Turns to Cash in Russian Banks

Trending Sources

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

How Phished Data Turns into Apple & Google Wallets

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

The Fake Browser Update Scam Gets a Makeover

How Phishers Are Slinking Their Links Into LinkedIn

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Tech CEO Sentenced to 5 Years in IP Address Scheme

Why Your VPN May Not Be As Secure As It Claims

The Technology Adoption Lifecycle of Genesis Market

Calendar Meeting Links Used to Spread Mac Malware

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Anti-Money Laundering Service AMLBot Cleans House

The Stark Truth Behind the Resurgence of Russia’s Fin7

How to Tell a Job Offer from an ID Theft Trap

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Fake CISO Profiles on LinkedIn Target Fortune 500s

The Life Cycle of a Breached Database

The Rise of One-Time Password Interception Bots

Discord Admins Hacked by Malicious Bookmarks

When Efforts to Contain a Data Breach Backfire

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

New Ransom Payment Schemes Target Executives, Telemedicine

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Actions Target Russian Govt. Botnet, Hydra Dark Market

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Using Google Search to Find Software Can Be Risky

Local Networks Go Global When Domain Names Collide

The Great $50M African IP Address Heist

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

How 1-Time Passcodes Became a Corporate Liability

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

Fake Lawsuit Threat Exposes Privnote Phishing Sites

A Deep Dive Into the Residential Proxy Service ‘911’

No SOCKS, No Shoes, No Malware Proxy Services!

The Dark Nexus Between Harm Groups and ‘The Com’

Karma Catches Up to Global Phishing Service 16Shop

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

‘Spam Nation’ Villain Vrublevsky Charged With Fraud

Scary Fraud Ensues When ID Theft & Usury Collide

Stay Connected