Turn on MFA Before Crooks Do It For You

Credit to Author: BrianKrebs| Date: Fri, 19 Jun 2020 19:19:10 +0000

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident.

Read more

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Credit to Author: BrianKrebs| Date: Sun, 14 Jun 2020 04:01:22 +0000

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn’t quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.

Read more

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Credit to Author: BrianKrebs| Date: Tue, 09 Jun 2020 17:05:20 +0000

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

Read more

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Credit to Author: BrianKrebs| Date: Sat, 16 May 2020 04:34:45 +0000

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service sent to field offices around the United States this week says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.”

Read more

Microsoft Patch Tuesday, May 2020 Edition

Credit to Author: BrianKrebs| Date: Tue, 12 May 2020 21:16:38 +0000

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if you’re running Windows on any of your machines it’s time once again to prepare to get your patches on.

Read more

Tech Support Scam Uses Child Porn Warning

Credit to Author: BrianKrebs| Date: Thu, 07 May 2020 14:52:00 +0000

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs.

Read more

Would You Have Fallen for This Phone Scam?

Credit to Author: BrianKrebs| Date: Tue, 28 Apr 2020 20:55:32 +0000

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that your bank may be making it super easy for thieves to impersonate the bank, by giving away information about recent transactions on your account via automated, phone-based customer support systems.

Read more

When in Doubt: Hang Up, Look Up, & Call Back

Credit to Author: BrianKrebs| Date: Thu, 23 Apr 2020 17:27:50 +0000

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Read more