Web Fraud 2.0 – WindowsTechs.com

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

Posted on April 22, 2024 by BrianKrebs

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps. Continue reading Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme→

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Posted on April 4, 2024 by BrianKrebs

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. Continue reading Fake Lawsuit Threat Exposes Privnote Phishing Sites→

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Posted on April 3, 2024 by BrianKrebs

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. Continue reading ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec→

Thread Hijacking: Phishes That Prey on Your Curiosity

Posted on March 28, 2024 by BrianKrebs

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. Continue reading Thread Hijacking: Phishes That Prey on Your Curiosity→

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Posted on March 22, 2024 by BrianKrebs

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years. Continue reading Mozilla Drops Onerep After CEO Admits to Running People-Search Networks→

Calendar Meeting Links Used to Spread Mac Malware

Posted on February 28, 2024 by BrianKrebs

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. Continue reading Calendar Meeting Links Used to Spread Mac Malware→

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Posted on January 30, 2024 by BrianKrebs

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. Continue reading Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider→

Using Google Search to Find Software Can Be Risky

Posted on January 25, 2024 by BrianKrebs

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair. Continue reading Using Google Search to Find Software Can Be Risky→

Canadian Man Stuck in Triangle of E-Commerce Fraud

Posted on January 19, 2024 by BrianKrebs

A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card. Continue reading Canadian Man Stuck in Triangle of E-Commerce Fraud→

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Posted on January 17, 2024 by BrianKrebs

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. Continue reading E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop→