A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. Last fall, two 18-year-old Israeli men were arrested for allegedly running vDOS, perhaps the most successful booter s

Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant’s account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how his account was hacked. But such attacks are becoming more

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn and Myspace. In a develop

Researchers have observed a new phishing campaign targeting PayPal users, directing them to fake pages designed to look nearly identical to the legitimate sites.According to ESET researchers, the attack uses “very convincing bait” in an effort to ultimately steal users’ login credentials and other confidential personal information.The attack is carried out a

vDOS — a so-called “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their

Fraudsters are leveraging an emerging social engineering technique called “angler phishing” to fool victims into handing over their PayPal credentials.Researchers at security firm Proofpoint, who discovered this particular campaign, elaborate on what sets angler phishing apart from ordinary phishing attacks:“The attack technique takes its n

Experts from Proofpoint discovered that the Banking trojan Chthonic was distributed via ‘legitimate’ PayPal accounts by abusing the “money request” feature. The imagination of cyber criminals is a never ending pit, according to the security firm Proofpoint, crooks are abusing PayPal to distribute the Chtonic banking trojan. Chtonic is

PayPal has fixed a vulnerability that could have been exploited by attackers to deliver malicious images through the payment pages of the website. The Security researcher Aditya K Sood discovered a vulnerability that could have been exploited by attackers to deliver malicious image through the payment pages of the PayPal website. The expert noticed that the

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa

Every type of person is a PayPal person. Each day, hundreds of well-known investors and business magnates are added to the list, like Peter Thiel, one of the original Facebook investors, or the South African tycoon Elon Musk, who is the CEO of both Tesla and SpaceX. A good part of the internet already uses PayPal. It has become the leading digital payment s

PayPal has just fixed a security vulnerability that could have been exploited to send malicious emails to users via its platform. Researchers at security firm Vulnerability Lab have discovered a filter bypass and an application-side input validation vulnerability that allowed attackers to inject malicious code into emails sent by the PayPal platform. “

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it.It’s a roundabout bug that turns out serious, and why I tel

Security experts at Trend Micro have uncovered a spam campaign spreading a bogus PayPal app to steal German users’ banking credentials. A spam campaign is targeting German Andoird users, the malicious emails impersonate PayPal trying to trick the recipient into downloading a bogus PayPal app update that hides a banking

Additional analysis by Joachim Capiral Mobile banking is now used by more and more users, so it shouldn’t be a surprise to see banking Trojans trying to hit these users as well. We’ve seen spammed mails that pretend to be an update notification for an official PayPal app. These mails ask the user to click on a link to download the update; users i

Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences.Hadji Samir, Ebrahim Hegazy, Ayoub Ait Elmokhtar, and Benjamin Kunz Mejri, researchers with