How to Tell a Job Offer from an ID Theft Trap

Credit to Author: BrianKrebs| Date: Fri, 21 May 2021 17:41:14 +0000

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.

Read more

Recycle Your Phone, Sure, But Maybe Not Your Number

Credit to Author: BrianKrebs| Date: Wed, 19 May 2021 15:13:30 +0000

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone else. New research shows how fraudsters can abuse wireless provider websites to identify available, recycled mobile numbers that allow password resets at a range of email providers and financial services online.

Read more

Malicious Office 365 Apps Are the Ultimate Insiders

Credit to Author: BrianKrebs| Date: Wed, 05 May 2021 12:27:50 +0000

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Read more

Experian’s Credit Freeze Security is Still a Joke

Credit to Author: BrianKrebs| Date: Mon, 26 Apr 2021 21:58:24 +0000

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Read more

Can We Stop Pretending SMS Is Secure Now?

Credit to Author: BrianKrebs| Date: Tue, 16 Mar 2021 22:30:28 +0000

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of people (many of them low-paid mobile store employees) who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Read more

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Credit to Author: BrianKrebs| Date: Fri, 05 Mar 2021 21:07:07 +0000

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Read more

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Credit to Author: BrianKrebs| Date: Tue, 02 Mar 2021 21:19:17 +0000

Microsoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

Read more

The Taxman Cometh for ID Theft Victims

Credit to Author: BrianKrebs| Date: Fri, 29 Jan 2021 18:56:45 +0000

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.

Read more