The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Credit to Author: BrianKrebs| Date: Fri, 19 Nov 2021 21:36:30 +0000

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.

Read more

SMS About Bank Fraud as a Pretext for Voice Phishing

Credit to Author: BrianKrebs| Date: Wed, 10 Nov 2021 21:12:03 +0000

Most of us have probably heard the term “smishing” — which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.

Read more

Microsoft Patch Tuesday, November 2021 Edition

Credit to Author: BrianKrebs| Date: Tue, 09 Nov 2021 20:39:07 +0000

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today — potentially giving adversaries a head start in figuring out how to exploit them.

Read more

‘Tis the Season for the Wayward Package Phish

Credit to Author: BrianKrebs| Date: Thu, 04 Nov 2021 16:49:59 +0000

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here’s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.

Read more

‘Trojan Source’ Bug Threatens the Security of All Code

Credit to Author: BrianKrebs| Date: Mon, 01 Nov 2021 04:23:36 +0000

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.

Read more

The Rise of One-Time Password Interception Bots

Credit to Author: BrianKrebs| Date: Wed, 29 Sep 2021 12:22:03 +0000

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Read more

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Credit to Author: BrianKrebs| Date: Tue, 28 Sep 2021 15:49:46 +0000

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.

Read more

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Credit to Author: BrianKrebs| Date: Wed, 08 Sep 2021 15:03:45 +0000

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.

Read more