Web Fraud 2.0 – Page 6 – Computer Security Articles

Why is .US Being Used to Phish So Many of Us?

September 1, 2023 admin A Little Sunshine, coalition for online accountability, dean marks, GoDaddy, interisle consulting group, national telecommunications and information administration, The Coming Storm, u.s. department of commerce, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 01 Sep 2023 15:38:11 +0000

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

Independent Krebs

Karma Catches Up to Global Phishing Service 16Shop

August 17, 2023 admin 16shop, Akamai, bandungxploiter, Breadcrumbs, constella intelligence, cyberthread.id, devilscream, FBI, Interpol, McAfee, Ne'er-Do-Well News, riswanda noor supatra, rizky mauluna sidik, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 17 Aug 2023 19:58:56 +0000

You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.

Independent Krebs

Teach a Man to Phish and He’s Set for Life

August 4, 2023 admin A Little Sunshine, check point software, Latest Warnings, LinkedIn, microsoft, Microsoft 365, phishing, right to left override, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 04 Aug 2023 13:49:15 +0000

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

Independent Krebs

How Malicious Android Apps Slip Into Disguise

August 3, 2023 admin A Little Sunshine, aleksandr eremin, anatsa, Android malware, Ars Technica, Google Play, The Coming Storm, threatfabric, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 03 Aug 2023 11:22:55 +0000

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into benign mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research.

Independent Krebs

Who and What is Behind the Malware Proxy Service SocksEscort?

July 25, 2023 admin A Little Sunshine, adrian crismaru, avrecon, black lotus labs, DomainTools.com, Intel471, Internet of Things (IoT), lumen, riley kilmer, socksescort, spur.us, Web Fraud 2.0, wiremo

Credit to Author: BrianKrebs| Date: Tue, 25 Jul 2023 21:20:55 +0000

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.

Independent Krebs

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

June 22, 2023 admin A Little Sunshine, Adidas, apple, brian hughes, Latest Warnings, Lego, smishing, sms phishing, united parcel service, UPS, ups canada ltd., Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 22 Jun 2023 19:11:33 +0000

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Independent Krebs

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 admin +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, Intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs

Service Rents Email Addresses for Account Signups

June 6, 2023 admin impulse scam crypto project, kopeechka, Mastodon, quotpw, renaud chaput, spam, Trend Micro, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 06 Jun 2023 20:09:13 +0000

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.