Web Fraud 2.0 – Page 10 – PossibleThreat Articles

Does Your Domain Have a Registry Lock?

January 24, 2020 0 Comments arno vis, csc, dnspionage, dnssec, e-hawk, e-hawk.net, Latest Warnings, openprovider, pdr, peter cholnoky, public domain registry, raymond dijkxhoorn, registrar lock, registry lock, The Coming Storm, Web Fraud 2.0, whatsapp

Credit to Author: BrianKrebs| Date: Fri, 24 Jan 2020 16:37:11 +0000

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

Independent Krebs Security

Phishing for Apples, Bobbing for Links

January 13, 2020 0 Comments apple phishing, Latest Warnings, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 13 Jan 2020 16:09:58 +0000

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures has emerged as the most targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.

Independent Krebs Security

Tricky Phish Angles for Persistence, Not Passwords

January 7, 2020 0 Comments jeff jones, Latest Warnings, login.microsoftonline.com, michael tyler, microsoft office 365, microsoftonline.com, phishlabs, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2020 21:35:40 +0000

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.

Independent Krebs Security

The Great $50M African IP Address Heist

December 11, 2019 0 Comments A Little Sunshine, Adconion Direct, afrinic, afriq*access, bill woodcock, eddy kayihura, infoplan, ipv4leasing, itc, jan vermeulen, mybroadband.co.za, packet clearing house, ron guilmette, the african network information centre, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2019 22:31:12 +0000

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.

Independent Krebs Security

It’s Way Too Easy to Get a .gov Domain Name

November 26, 2019 0 Comments cisa, cybersecurity and infrastructure security agency, dotgov bill, dotgov.gov, exeterri.gov, john levine, The Coming Storm, town.exeter.ri.us, U.S. Department of Homeland Security, u.s. general services administration, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Nov 2019 02:08:55 +0000

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.

Independent Krebs Security

NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm

November 3, 2019 0 Comments A Little Sunshine, credential replay attacks, digital insight, intuit, Mint, ncr corp, quickbooks online, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Sun, 03 Nov 2019 21:41:48 +0000

Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse.

Independent Krebs Security

“BriansClub” Hack Rescues 26M Stolen Cards

October 15, 2019 0 Comments allison nixon, andrei barysevich, briansclub, briansclub hack, Data Breaches, flashpoint, gemini advisory, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 15 Oct 2019 11:05:09 +0000

“BriansClub,” a popular underground store for buying stolen credit card data that uses Yours Truly’s likeness in its advertising, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Independent Krebs

Phishers are Angling for Your Cloud Providers

August 30, 2019 0 Comments Anti-Phishing Working Group, Ashwin Vamshi, cloud customer relationship management, CRM phishing, Latest Warnings, Netskope, Pardot, Salesforce, The Coming Storm, United Rentals, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 30 Aug 2019 16:21:59 +0000

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.