Web Fraud - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass , warning that recipients face fines if a delinquent toll fee remains unpaid.

Phishing

Phishing Scams Mobile Passwords

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “ Smishing Triad ” mainly impersonated toll road operators and shipping companies.

Phishing

Phishing Banking Mobile Retail

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan ), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers.

DDOS

DDOS Government Internet Internet

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years.

Hacking

Hacking Cybercrime Phishing Passwords

How to Tell a Job Offer from an ID Theft Trap

Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Scams

Scams Accountability Advertising Web Fraud

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Hoax Email Blast Abused Poor Coding in FBI Website

Krebs on Security

NOVEMBER 13, 2021

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation.

Internet

Internet Internet Hacking Accountability

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

MAY 16, 2020

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service.

Insurance

Insurance Banking Identity Theft Accountability

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.

Passwords

Passwords Password Management Phishing Scams

Would You Have Fallen for This Phone Scam?

Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable.

Scams

Scams Banking Accountability Financial Services

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process.

Passwords

Passwords Phishing Accountability Mobile

Phishing Sites Targeting Scammers and Thieves

Krebs on Security

AUGUST 9, 2021

I was preparing to knock off work for the week on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”

Phishing

Phishing Cybercrime Accountability Advertising

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

Scams

Scams Banking Passwords Authentication

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings.

Cryptocurrency

Cryptocurrency Malware Mobile Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Mobile

Mobile Wireless Accountability Authentication

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

FEBRUARY 17, 2020

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program.

Scams

Scams Advertising Accountability Web Fraud

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

NOVEMBER 26, 2019

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org.

Government

Government Internet Internet Web Fraud

Be Very Sparing in Allowing Site Notifications

Krebs on Security

NOVEMBER 17, 2020

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device.

Antivirus

Antivirus Advertising Internet Internet

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts.

Accountability

Accountability Cryptocurrency Passwords DNS

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it?

Phishing

Phishing Marketing Scams Accountability

Riding the State Unemployment Fraud ‘Wave’

Krebs on Security

MAY 23, 2020

When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that’s exactly what appears to be going on right now as multiple U.S.

Insurance

Insurance Accountability Banking Government

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing

Phishing Scams Malware Passwords

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage.

VPN

VPN Wireless Internet Internet

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time.

DNS

DNS Internet Internet Authentication

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware.

Malware

Malware Cybercrime Ransomware Marketing

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information.

Scams

Scams DNS Internet Internet

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

Identity Theft

Identity Theft Accountability Authentication Web Fraud

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

The 911 service as it exists today. For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States.

VPN

VPN Computers and Electronics Antivirus Software

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware VPN Ransomware

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

SEPTEMBER 28, 2021

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode.

Mobile

Mobile Phishing Malware Software

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors.

Cybercrime

Cybercrime Computers and Electronics Marketing Scams

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page.

Accountability

Accountability Advertising Passwords Phishing

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Krebs on Security

JULY 26, 2024

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature.

Accountability

Accountability Authentication Cryptocurrency Web Fraud

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

Passwords

Passwords Mobile Authentication Banking

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K. resident Kyell A.

Scams

Scams Wireless Identity Theft Mobile

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club , a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a (..)

Hacking

Hacking Cybercrime Passwords Authentication

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period.

Accountability

Accountability Authentication Passwords Hacking

A Day in the Life of a Prolific Voice Phishing Crew

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Webinars

Trending Sources

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Webinars

China-based SMS Phishing Triad Pivots to Banks

How Cryptocurrency Turns to Cash in Russian Banks

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Booking.com Phishers May Leave You With Reservations

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

How to Tell a Job Offer from an ID Theft Trap

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Hoax Email Blast Abused Poor Coding in FBI Website

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

The Life Cycle of a Breached Database

Would You Have Fallen for This Phone Scam?

How Coinbase Phishers Steal One-Time Passwords

Phishing Sites Targeting Scammers and Thieves

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Recycle Your Phone, Sure, But Maybe Not Your Number

Pay Up, Or We’ll Make Google Ban Your Ads

It’s Way Too Easy to Get a.gov Domain Name

Be Very Sparing in Allowing Site Notifications

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

How Phishers Are Slinking Their Links Into LinkedIn

Riding the State Unemployment Fraud ‘Wave’

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

This Windows PowerShell Phish Has Scary Potential

Why Your VPN May Not Be As Secure As It Claims

Local Networks Go Global When Domain Names Collide

This Service Helps Malware Authors Fix Flaws in their Code

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Identity Thieves Bypassed Experian Security to View Credit Reports

A Deep Dive Into the Residential Proxy Service ‘911’

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

How Cybercriminals are Weathering COVID-19

Malicious Office 365 Apps Are the Ultimate Insiders

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

The Rise of One-Time Password Interception Bots

Two Charged in SIM Swapping, Vishing Scams

Crime Shop Sells Hacked Logins to Other Crime Shops

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Stay Connected