Web Fraud 2.0 – Page 10 – WindowsTechs.com

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Posted on November 19, 2021 by BrianKrebs

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Continue reading The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back→

Hoax Email Blast Abused Poor Coding in FBI Website

Posted on November 13, 2021 by BrianKrebs

The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. Continue reading Hoax Email Blast Abused Poor Coding in FBI Website→

‘Tis the Season for the Wayward Package Phish

Posted on November 4, 2021 by BrianKrebs

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients. Continue reading ‘Tis the Season for the Wayward Package Phish→

How Coinbase Phishers Steal One-Time Passwords

Posted on October 13, 2021 by BrianKrebs

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts. Continue reading How Coinbase Phishers Steal One-Time Passwords→

The Rise of One-Time Password Interception Bots

Posted on September 29, 2021 by BrianKrebs

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets. Continue reading The Rise of One-Time Password Interception Bots→

Apple Airtag Bug Enables ‘Good Samaritan’ Attack

Posted on September 28, 2021 by BrianKrebs

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. Continue reading Apple Airtag Bug Enables ‘Good Samaritan’ Attack→

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Posted on September 2, 2021 by BrianKrebs

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. Continue reading Gift Card Gang Extracts Cash From 100k Inboxes Daily→

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Posted on September 1, 2021 by BrianKrebs

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two week ago, VIP72’s online storefront — which sold access to more than 30,000 compromised PCs — simply vanished. Continue reading 15-Year-Old Malware Proxy Network VIP72 Goes Dark→

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Posted on August 25, 2021 by BrianKrebs

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily. Continue reading Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents→

New Anti Anti-Money Laundering Services for Crooks

Posted on August 13, 2021 by BrianKrebs

Two new dark web services are marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “Antinalysis” and “AMLBot,” the services purport to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people. Continue reading New Anti Anti-Money Laundering Services for Crooks→