Latest Warnings

IndependentKrebs

Financial Cyber Threat Sharing Group Phished

Credit to Author: BrianKrebs| Date: Thu, 01 Mar 2018 19:04:34 +0000

The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient.

Read More
IndependentKrebs

How to Fight Mobile Number Port-out Scams

Credit to Author: BrianKrebs| Date: Wed, 28 Feb 2018 14:46:30 +0000

T-Mobile, AT&T and other mobile carriers are reminding customers to take advantage of free services that can block identity thieves from easily “porting” your mobile number out to another provider, which allows crooks to intercept your calls and messages while your phone goes dark. Tips for minimizing the risk of number porting fraud are available below for customers of all four major mobile providers, including Sprint and Verizon.

Read More
IndependentKrebs

Attackers Exploiting Unpatched Flaw in Flash

Credit to Author: BrianKrebs| Date: Fri, 02 Feb 2018 14:21:06 +0000

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this still-ubiquitous program and harden your defenses. Adobe said a critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Read More
IndependentKrebs

First ‘Jackpotting’ Attacks Hit U.S. ATMs

Credit to Author: BrianKrebs| Date: Sat, 27 Jan 2018 18:45:08 +0000

ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand — has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

Read More
IndependentKrebs

Bitcoin Blackmail by Snail Mail Preys on Those with Guilty Conscience

Credit to Author: BrianKrebs| Date: Thu, 11 Jan 2018 18:25:26 +0000

KrebsOnSecurity heard from a reader whose friend recently received a remarkably customized extortion letter via snail mail that threatened to tell the recipient’s wife about his supposed extramarital affairs unless he paid $3,600 in bitcoin. The friend said he had nothing to hide and suspects this is part of a random but well-crafted campaign to prey on men who may have a guilty conscience.

Read More
IndependentKrebs

Buyers Beware of Tampered Gift Cards

Credit to Author: BrianKrebs| Date: Tue, 19 Dec 2017 16:28:57 +0000

Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it. A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure the card’s redemption code, allowing them to redeem or transfer the card’s balance online after the card is purchased by an unwitting customer.

Read More
IndependentKrebs

Phishers Are Upping Their Game. So Should You.

Credit to Author: BrianKrebs| Date: Fri, 08 Dec 2017 00:35:24 +0000

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Read More