MyEquifax.com Bypasses Credit Freeze PIN

Credit to Author: BrianKrebs| Date: Fri, 08 Mar 2019 16:12:38 +0000

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Read more

Hackers Sell Access to Bait-and-Switch Empire

Credit to Author: BrianKrebs| Date: Mon, 04 Mar 2019 22:11:33 +0000

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, Microsoft and Oprah Winfrey, to name a few.

Read more

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Credit to Author: BrianKrebs| Date: Fri, 08 Feb 2019 12:58:45 +0000

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at the credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

Read more

Crooks Continue to Exploit GoDaddy Hole

Credit to Author: BrianKrebs| Date: Mon, 04 Feb 2019 19:12:25 +0000

Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

Read more

Secret Service: Theft Rings Turn to Fuze Cards

Credit to Author: BrianKrebs| Date: Thu, 10 Jan 2019 16:27:54 +0000

Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns.

Read more

Dirt-Cheap, Legit, Windows Software: Pick Two

Credit to Author: BrianKrebs| Date: Tue, 08 Jan 2019 15:00:33 +0000

Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.

Read more

Apple Phone Phishing Scams Getting Better

Credit to Author: BrianKrebs| Date: Thu, 03 Jan 2019 19:21:40 +0000

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Read more

Spammed Bomb Threat Hoax Demands Bitcoin

Credit to Author: BrianKrebs| Date: Thu, 13 Dec 2018 20:24:32 +0000

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

Read more

Half of all Phishing Sites Now Have the Padlock

Credit to Author: BrianKrebs| Date: Mon, 26 Nov 2018 14:57:53 +0000

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Read more

How to Shop Online Like a Security Pro

Credit to Author: BrianKrebs| Date: Fri, 23 Nov 2018 23:24:06 +0000

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.

Read more

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Credit to Author: BrianKrebs| Date: Tue, 13 Nov 2018 16:26:39 +0000

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

Read more