Krebs on Security

APRIL 30, 2025

Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. A Scattered Spider/0Ktapus SMS phishing lure sent to Twilio employees in 2022.

Identity Theft 179

Identity Theft Phishing Cryptocurrency Cybercrime 179

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 274

Phishing Cryptocurrency DDOS Internet 274

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. A Google-translated version of the now-defunct Coinbase phishing site, coinbase.com.password-reset[.]com. The Coinbase phishing panel. million Italians.

Passwords 362

Passwords Phishing Accountability Mobile 362

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 109

Cybercrime Identity Theft Cryptocurrency Phishing 109

CyberSecurity Insiders

NOVEMBER 26, 2021

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers. And then use a 2FA to add an extra layer of security protection to safeguard an online account.

Cryptocurrency 131

Cryptocurrency Accountability Passwords Software 131

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft. . ” states Microsoft.

Cryptocurrency 132

Cryptocurrency Phishing Accountability VPN 132

Adam Levin

OCTOBER 10, 2018

High-profile Instagram accounts are being targeted by ransomware attacks and phishing schemes, with evidence suggesting that many account holders are paying the attackers. W]e will have to delete your account within 3 hours,” the hackers’ message adds, threatening to wipe out the account if the ransom isn’t paid.

Accountability 195

Accountability Ransomware Media Phishing 195

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. Korean and Chinese authorities dismantled a voice phishing syndicate that caused $1.1B million to a fake account in Timor Leste, where authorities intercepted USD 39.3

Cryptocurrency 125

Cryptocurrency Phishing Scams Cybercrime 125

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 335

Hacking Cybercrime Phishing Passwords 335

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams 346

Scams Wireless Identity Theft Mobile 346

Malwarebytes

MAY 3, 2022

Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. Is your iPhone about to be Airdrop phished? It’s one of those odd scams, doing weird things, to accounts you have no idea about.

Cryptocurrency 137

Cryptocurrency Phishing Risk Scams 137

Krebs on Security

DECEMBER 29, 2024

The first profiled Cryptomus , a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.

Scams 225

Scams Cybercrime Cryptocurrency Social Engineering 225

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

Malwarebytes

JUNE 23, 2022

However, a “wallet drainer” is just another way of saying “phishing website” There are three ways the majority of cryptocurrency phishes take place: Airdrop phishing. The phishing component depended on them manually entering their details into the fake website. Bogus giveaways.

Cryptocurrency 114

Cryptocurrency Phishing Scams Advertising 114

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. 2, and Aug.

Mobile 337

Mobile Phishing Authentication Accountability 337

Security Affairs

APRIL 7, 2025

. “PoisonSeed threat actors are targeting enterprise organizations and individuals outside the cryptocurrency industry.They have been phishing CRM and bulk email providers credentials to export email lists and send bulk spam from the accounts. ” reads the report published by Silent Push. ” continues the report.

Scams 72

Scams Cryptocurrency Phishing Cybercrime 72

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 328

Accountability Cryptocurrency Passwords DNS 328

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Digital Shadows

JANUARY 22, 2025

Phishing Remains Top Tactic, Fueled by Teams Abuse Figure 1: Top attack techniques in true-positive customer incidents for finance & insurance sector, H2 2024 vs H2 2023 Phishing dominated cyber attacks in H2 2024, accounting for over 90% of incidents across industries due to its simplicity and effectiveness.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 326

Malware Cryptocurrency Software Phishing 326

Krebs on Security

AUGUST 9, 2019

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. “I take full responsibility for this. A portion of the ransom note left behind by the latest version of MegaCortex.

Phishing 234

Phishing Backups Ransomware Encryption 234

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 82

Phishing Banking Scams Mobile 82

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. “Targeting of Cryptocurrency Users and Influencers: Crazy Evil explicitly victimizes the cryptocurrency space with bespoke spearphishing lures.”

Scams 83

Scams Media Cryptocurrency Cybercrime 83

The Hacker News

DECEMBER 13, 2023

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks.

Cryptocurrency 105

Cryptocurrency Phishing Accountability 105

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 72

Small Business Cybersecurity Passwords Scams 72

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 136

Phishing Data breaches Cryptocurrency Social Engineering 136

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability 144

Accountability Malware Phishing Social Engineering 144

The Hacker News

NOVEMBER 29, 2021

Threat actors are exploiting improperly-secured Google Cloud Platform (GCP) instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation.

Cryptocurrency 107

Cryptocurrency Accountability Phishing Ransomware 107

IT Security Guru

APRIL 25, 2025

Phishing is a great example of this, with it evolving from simple email scams to more malicious and carefully thought-out attacks. As more people shift to online financial platforms or cryptocurrencies, digital wallets have become a common target for phishing scams.

Scams 44

Scams Phishing Cryptocurrency Cyber threats 44

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 130

Scams Phishing Cryptocurrency Social Engineering 130

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. ” the company said on X.

Accountability 135

Accountability Hacking Cryptocurrency Cybersecurity 135

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 357

Passwords Accountability Engineering Phishing 357

SecureList

JUNE 10, 2024

Individual countries have adopted laws that require certain types of organizations to protect users’ accounts with 2FA. The bot accepts payments in cryptocurrency only. You typically do this after you get hold of the victim’s account credentials but before attempting to sign in to their account.

Phishing 145

Phishing Banking Social Engineering Accountability 145

Security Boulevard

JANUARY 16, 2022

Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers’ computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate […].

Accountability 122

Accountability Antivirus Cryptocurrency Scams 122

The Last Watchdog

DECEMBER 18, 2024

Dooley Doug Dooley , COO, Data Theorem In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities. Supply chain attacks will intensify through poisoned APIs and unchecked software dependencies.

Risk 173

Risk Threat Detection Technology Phishing 173