Web Fraud 2.0 – Computer Security Articles

Credit to Author: BrianKrebs| Date: Tue, 18 Feb 2025 18:37:26 +0000

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.

Independent Krebs

March 2, 2025 admin

How Phished Data Turns into Apple & Google Wallets

Credit to Author: BrianKrebs| Date: Tue, 18 Feb 2025 18:37:26 +0000

Independent Krebs

January 30, 2025 admin

Infrastructure Laundering: Blending in with the Cloud

Credit to Author: BrianKrebs| Date: Thu, 30 Jan 2025 17:10:08 +0000

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “Funnull” — highlights a persistent whac-a-mole problem facing cloud services.

Independent Krebs

January 16, 2025 admin

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Credit to Author: BrianKrebs| Date: Thu, 16 Jan 2025 21:18:48 +0000

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Independent Krebs

January 7, 2025 admin

A Day in the Life of a Prolific Voice Phishing Crew

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2025 23:41:53 +0000

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Independent Krebs

December 18, 2024 admin

How to Lose a Fortune with Just One Bad Click

Credit to Author: BrianKrebs| Date: Wed, 18 Dec 2024 13:17:59 +0000

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Independent Krebs

December 11, 2024 admin

How Cryptocurrency Turns to Cash in Russian Banks

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2024 21:38:48 +0000

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.

Independent Krebs

November 9, 2024 admin

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Credit to Author: BrianKrebs| Date: Sat, 09 Nov 2024 19:20:26 +0000

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.