Web Fraud 2.0 – Page 11 – PossibleThreat Articles

Coronavirus Widens the Money Mule Pool

March 17, 2020 0 Comments A Little Sunshine, alex holden, bitcoin atm scam, coronavirus scam, globalgiving, Hold Security, holdsecurity.com, kevin conroy, Latest Warnings, vasty health care foundation, vastyhealthcarefoundation.com, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 17 Mar 2020 22:11:46 +0000

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.”

Independent Krebs Security

Crafty Web Skimming Domain Spoofs “https”

March 17, 2020 0 Comments .ps, A Little Sunshine, Akamai, cheney bros. inc., content security policy, denis sinegubko, grandwesternsteaks.com, jerome segura, malwarebytes, privacy.com, publicwww, ryan barnett, subresource integrity, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 12 Mar 2020 00:28:57 +0000

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site’s source code: “http[.]ps” (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).

Independent Krebs Security

Does Your Domain Have a Registry Lock?

January 24, 2020 0 Comments arno vis, csc, dnspionage, dnssec, e-hawk, e-hawk.net, Latest Warnings, openprovider, pdr, peter cholnoky, public domain registry, raymond dijkxhoorn, registrar lock, registry lock, The Coming Storm, Web Fraud 2.0, whatsapp

Credit to Author: BrianKrebs| Date: Fri, 24 Jan 2020 16:37:11 +0000

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

Independent Krebs Security

Phishing for Apples, Bobbing for Links

January 13, 2020 0 Comments apple phishing, Latest Warnings, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 16:09:58 +0000

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures has emerged as the most targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.

Independent Krebs Security

Tricky Phish Angles for Persistence, Not Passwords

January 7, 2020 0 Comments jeff jones, Latest Warnings, login.microsoftonline.com, michael tyler, microsoft office 365, microsoftonline.com, phishlabs, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2020 21:35:40 +0000

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.

Independent Krebs Security

The Great $50M African IP Address Heist

December 11, 2019 0 Comments A Little Sunshine, Adconion Direct, afrinic, afriq*access, bill woodcock, eddy kayihura, infoplan, ipv4leasing, itc, jan vermeulen, mybroadband.co.za, packet clearing house, ron guilmette, the african network information centre, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2019 22:31:12 +0000

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.

Independent Krebs Security

It’s Way Too Easy to Get a .gov Domain Name

November 26, 2019 0 Comments cisa, cybersecurity and infrastructure security agency, dotgov bill, dotgov.gov, exeterri.gov, john levine, The Coming Storm, town.exeter.ri.us, U.S. Department of Homeland Security, u.s. general services administration, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Nov 2019 02:08:55 +0000

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.

Independent Krebs Security

NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm

November 3, 2019 0 Comments A Little Sunshine, credential replay attacks, digital insight, intuit, Mint, ncr corp, quickbooks online, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Sun, 03 Nov 2019 21:41:48 +0000

Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse.

Independent Krebs Security

“BriansClub” Hack Rescues 26M Stolen Cards

October 15, 2019 0 Comments allison nixon, andrei barysevich, briansclub, briansclub hack, Data Breaches, flashpoint, gemini advisory, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 15 Oct 2019 11:05:09 +0000

“BriansClub,” a popular underground store for buying stolen credit card data that uses Yours Truly’s likeness in its advertising, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.