Web Fraud 2.0 – Page 11 – WindowsTechs.com

Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Posted on August 25, 2021 by BrianKrebs

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for developing a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily. Continue reading Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents→

New Anti Anti-Money Laundering Services for Crooks

Posted on August 13, 2021 by BrianKrebs

Two new dark web services are marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “Antinalysis” and “AMLBot,” the services purport to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people. Continue reading New Anti Anti-Money Laundering Services for Crooks→

Phishing Sites Targeting Scammers and Thieves

Posted on August 9, 2021 by BrianKrebs

I was preparing to knock off work on a recent Friday evening when a curious and annoying email came in via the contact form on this site:

“Hello I go by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.”

Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s not hard to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google. Continue reading Phishing Sites Targeting Scammers and Thieves→

The Life Cycle of a Breached Database

Posted on July 29, 2021 by BrianKrebs

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here’s a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database.

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They’re ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs — such as polluting the Internet with weaponized data when they’re leaked or stolen en masse. Continue reading The Life Cycle of a Breached Database→

How to Tell a Job Offer from an ID Theft Trap

Posted on May 21, 2021 by BrianKrebs

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Continue reading How to Tell a Job Offer from an ID Theft Trap→

Recycle Your Phone, Sure, But Maybe Not Your Number

Posted on May 19, 2021 by BrianKrebs

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.

Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online. Continue reading Recycle Your Phone, Sure, But Maybe Not Your Number→

Malicious Office 365 Apps Are the Ultimate Insiders

Posted on May 5, 2021 by BrianKrebs

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Continue reading Malicious Office 365 Apps Are the Ultimate Insiders→

How $100M in Jobless Claims Went to Inmates

Posted on February 25, 2021 by BrianKrebs

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud. Continue reading How $100M in Jobless Claims Went to Inmates→

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Posted on February 9, 2021 by BrianKrebs

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. Continue reading Arrest, Raids Tied to ‘U-Admin’ Phishing Kit→

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Posted on February 4, 2021 by BrianKrebs

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames. Continue reading Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts→