BrianKrebs
Contacting BrianKrebs
Federation handle:
@briankrebs@infosec.exchange
BrianKrebs's Information
BrianKrebs's Bio
Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07 Twitter: @briankrebs Linkedin: https://www.linkedin.com/in/bkrebs/
BrianKrebs's Posts
BrianKrebs has 3 posts.
BrianKrebs
In response to this postA lot people stop reading these stories when they realize that most of the targets are cryptocurrency holders. But the truth is these voice phishing techniques would be even more successful on lower-stakes, run-of-the-mill user accounts. It just so happens that phishing crypto users is way more lucrative.
@briankrebs I carry on reading because I get to see shitcoin holders be miserable *and* learn interesting broadly-applicable threat model stuff
by Graham Sutherland / Polynomial ;
Likes: 0
Replies: 1
Boosts: 1
BrianKrebs
If you're an Apple user and I spoof your phone number in a call to the legitimate Apple Customer Support line (800-275-2273), I can force Apple to send you a system level "Apple Account Confirmation" prompt to all of your signed-in devices.
This approach is commonly used by a prolific voice phishing group to convince targets they really are in a support call with an Apple representative.
Today's deep dive into this weird world was made possible in part by a series of live phishing videos, tutorials and other secrets shared by an insider that show in unprecedented detail how these voice phishing scams can be so convincing.
Please share this story widely, because I learned a ton reporting this and frankly the various methods used by these groups to dox and target people are really slick.
From the story: "Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices."
https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/
https://youtu.be/F44un1_y2fs
A lot people stop reading these stories when they realize that most of the targets are cryptocurrency holders. But the truth is these voice phishing techniques would be even more successful on lower-stakes, run-of-the-mill user accounts. It just so happens that phishing crypto users is way more lucrative.
by BrianKrebs ;
Likes: 0
Replies: 1
Boosts: 2
BrianKrebs
So the Mrs. and I are having a friendly little fitness competition this year and I was psyched b/c I was sure that blowing the snow off the long driveway would ensure my victory today. I discovered after finishing that my stupid watch decided to "pause" my fitness rings halfway through, even though I probably walked several miles. In reality, I must have done it myself with all the mittens and layers, but I mean come on. Why does this feature even exist? Who "pauses" their fitness tracking?
@briankrebs I don't know about the watch but you clearly need a shorter driveway or to live in a place with less snow.
by Matt Blaze ;
Likes: 0
Replies: 1
Boosts: 0