Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

States Seek Better Mousetrap to Stop Tax Refund Fraud

June 2, 2015
57 Comments

With the 2014 tax filing season squarely in the rearview mirror, state tax authorities are struggling to incorporate new approaches to identifying and stopping fraudulent tax refund requests, a $6 billion-a-year problem that’s hit many states particularly hard this year. But some states say they are encountering resistance to those efforts on nearly every front, from Uncle Sam to online tax vendors and from the myriad of financial firms that profit handsomely from processing phony tax refunds.

Phony Tax Refunds: A Cash Cow for Everyone

June 2, 2015
28 Comments

When identity thieves filed a phony $7,7700 tax refund request in the name of Joe Garrett, Alabama’s deputy tax commissioner, they didn’t get all of the money they requested. A portion of the cash went to more than a half dozen U.S. companies that each grab a slice of the fraudulent refund, including banks, payment processing firms, tax preparation companies and e-commerce giants.

Malware Evolution Calls for Actor Attribution?

May 31, 2015
22 Comments

What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it’s important to consider attribution insofar as it is knowable, but it’s remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

Phishing Gang is Audacious Manipulator

May 28, 2015
31 Comments

Cybercriminals who specialize in phishing — or tricking people into giving up usernames and passwords at fake bank and ecommerce sites — aren’t generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. That’s most definitely the case with a phishing gang that calls itself the “Manipulaters Team”, whose Web site boasts that it specializes in brand research and development.

More Evidence of mSpy Apathy Over Breach

May 27, 2015
20 Comments

Mobile spyware maker mSpy has expended a great deal of energy denying and then later downplaying a breach involving data stolen from tens of thousands of mobile devices running its software. Unfortunately for victims of this breach, mSpy’s lackadaisical response has left millions of screenshots taken from those devices wide open and exposed to the Internet via its own Web site.

IRS: Crooks Stole Data on 100K Taxpayers Via ‘Get Transcript’ Feature

May 26, 2015
58 Comments

In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS’s own Web site to pull taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year.

Recent Breaches a Boon to Extortionists

May 26, 2015
22 Comments

The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for financial gain.

Carefirst Blue Cross Breach Hits 1.1M

May 21, 2015
60 Comments

CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers. There are indications that the same attack methods may have been used in this intrusion as with breaches at Anthem and Premera, incidents that collectively involved data on more than 90 million Americans.

mSpy Denies Breach, Even as Customers Confirm It

May 20, 2015
39 Comments

Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers.

Security Firm Redefines APT: African Phishing Threat

May 20, 2015
47 Comments

A security firm made headlines last week when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests that the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.