Author Archives: BrianKrebs

After Tax Fraud Spike, Payroll Firm Greenshades Ditches SSN/DOB Logins

April 6, 2016

Online payroll management firm Greenshades.com is an object lesson in how not to do authentication. Until very recently, the company allowed corporate payroll administrators to access employee payroll data online using nothing more than an employee’s date of birth and Social Security number. That is, until criminals discovered this and began mass-filing fraudulent tax refund requests with the IRS on large swaths of employees at firms that use the company’s services.

Sources: Trump Hotels Breached Again

April 4, 2016

77 Comments

Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.

Crooks Steal, Sell Verizon Enterprise Customer Data

March 24, 2016

88 Comments

Verizon Enterprise Solutions, a division of the telecommunications giant that gets called in to help organizations respond to some of the world’s largest data breaches, is reeling from its own data breach involving the theft and resale of customer data, KrebsOnSecurity has learned.

Phishing Victims Muddle Tax Fraud Fight

March 24, 2016

28 Comments

Many U.S. citizens are bound to experience delays in getting their tax returns processed this year, thanks largely to more stringent controls enacted by Uncle Sam and the states to block fraudulent tax refund requests filed by identity thieves. A steady drip of corporate data breaches involving phished employee W-2 information is adding to the backlog, as is an apparent mass adoption by ID thieves of professional tax services for processing large numbers of phony refund requests.

Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection

March 22, 2016

106 Comments

A Kentucky hospital says it is operating in an “internal state of emergency” after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up.

Carders Park Piles of Cash at Joker’s Stash

March 21, 2016

56 Comments

A steady stream of card breaches at retailers, restaurants and hotels has flooded underground markets with a historic glut of stolen debit and credit card data. Today there are at least hundreds of sites online selling stolen account data, yet only a handful of them actively court bulk buyers and organized crime rings. Faced with a buyer’s market, these elite shops set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service.

Spammers Abusing Trust in US .Gov Domains

March 17, 2016

37 Comments

Spammers are abusing U.S. dot-gov (.gov) link shorteners and ill-advised features on state government domains to promote spammy sites that are hidden behind short links ending in”usa.gov”.

Thieves Phish Moneytree Employee Tax Data

March 16, 2016

38 Comments

Payday lending firm Moneytree is the latest company to alert current and former employees that their tax data — including Social Security numbers, salary and address information — was accidentally handed over directly to scam artists.

From Stolen Wallet to ID Theft, Wrongful Arrest

March 14, 2016

81 Comments

It’s remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victim’s wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids.

Hackers Target Anti-DDoS Firm Staminus

March 11, 2016

51 Comments

Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear to be Staminus’s customer credentials, support tickets, credit card numbers and other sensitive data.