IRS Cybercrime Agent Lurks Dark Web Subreddit Looking For Hackers
Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Tue, 17 Oct 2017 21:35:06 +0000
Even the taxman lurks on r/DarkNetMarkets.
Read moreCredit to Author: Lorenzo Franceschi-Bicchierai| Date: Tue, 17 Oct 2017 21:35:06 +0000
Even the taxman lurks on r/DarkNetMarkets.
Read moreCredit to Author: BrianKrebs| Date: Wed, 04 Oct 2017 04:34:50 +0000
Maybe you’ve been feeling left out because you weren’t among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today. Yahoo! announced that, our bad!: It wasn’t just one billion users who had their account information filched in its record-breaking 2013 data breach. It was more like three billion (read: all) users. Meanwhile, big three credit bureau Equifax added 2.5 million more victims to its roster of 143 million Americans who had their Social Security numbers and other personal data filched in a breach earlier this year. At the same time, Equifax’s erstwhile CEO informed Congress that the breach was the result of even more bone-headed security than was first disclosed. To those still feeling left out by either company after this spate of news, I have only one thing to say (although I feel a bit like a broken record in repeating this): Assume you’re compromised, and take steps accordingly.
Read moreCredit to Author: Malwarebytes Labs| Date: Mon, 25 Sep 2017 16:24:17 +0000
A compilation of notable security news and blog posts from the 18th of September to the 24th of September. Read all about the CCleaner supply chain attack and a lot of other security news. Categories: Tags: atsccleanerEquifaxiceIRSmacnetflixweekly blog roundup |
The post A week in security (September 18 – September 24) appeared first on Malwarebytes Labs.
Read moreCredit to Author: Jérôme Segura| Date: Thu, 21 Sep 2017 15:00:24 +0000
Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT). Categories: Tags: CP2000CVE-2017-0199docexploitIRSmalspammalwareOfficephishingratremote administration toolRMSspyword |
The post Fake IRS notice delivers customized spying tool appeared first on Malwarebytes Labs.
Read moreCredit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:11:27 +0000
In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump. A story today at Diverseeducation.com points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.
Read moreCredit to Author: BrianKrebs| Date: Fri, 24 Mar 2017 16:03:21 +0000
A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.
Read moreCredit to Author: BrianKrebs| Date: Tue, 21 Mar 2017 19:07:14 +0000
Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of the tool has created unexpected hurdles for many families hoping to qualify for financial aid, but the action also eliminated a key source of data that fraudsters could use to conduct tax refund fraud. Last week, the IRS and the Department of Education said in a joint statement that they were temporarily shutting down the IRS’s Data Retrieval Tool. The service was designed to make it easier to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.
Read more
Most regular readers here are familiar with CEO fraud — e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. Loyal readers also have heard an earful about W-2 phishing, in which crooks impersonate the boss and request a copy of all employee tax forms. According to a new “urgent alert” issued by the U.S. Internal Revenue Service, scammers are now combining both schemes and targeting a far broader range of organizations than ever before.