Web Fraud 2.0 – Page 11 – WindowsTechs.com

Phishing Sites Targeting Scammers and Thieves

Posted on August 9, 2021 by BrianKrebs

I was preparing to knock off work on a recent Friday evening when a curious and annoying email came in via the contact form on this site:

“Hello I go by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”

Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s not hard to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google. Continue reading Phishing Sites Targeting Scammers and Thieves→

The Life Cycle of a Breached Database

Posted on July 29, 2021 by BrianKrebs

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. Continue reading The Life Cycle of a Breached Database→

How to Tell a Job Offer from an ID Theft Trap

Posted on May 21, 2021 by BrianKrebs

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Continue reading How to Tell a Job Offer from an ID Theft Trap→

Recycle Your Phone, Sure, But Maybe Not Your Number

Posted on May 19, 2021 by BrianKrebs

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online. Continue reading Recycle Your Phone, Sure, But Maybe Not Your Number→

Malicious Office 365 Apps Are the Ultimate Insiders

Posted on May 5, 2021 by BrianKrebs

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Continue reading Malicious Office 365 Apps Are the Ultimate Insiders→

How $100M in Jobless Claims Went to Inmates

Posted on February 25, 2021 by BrianKrebs

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud. Continue reading How $100M in Jobless Claims Went to Inmates→

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Posted on February 9, 2021 by BrianKrebs

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. Continue reading Arrest, Raids Tied to ‘U-Admin’ Phishing Kit→

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Posted on February 4, 2021 by BrianKrebs

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. Continue reading Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts→

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Posted on February 2, 2021 by BrianKrebs

ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure. Continue reading ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered→

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Posted on November 21, 2020 by BrianKrebs

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. Continue reading GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services→