Krebs on Security

DECEMBER 29, 2024

The first profiled Cryptomus , a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.

Scams 225

Scams Cybercrime Cryptocurrency Social Engineering 225

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime 110

Cybercrime Identity Theft Cryptocurrency Phishing 110

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Enable multi-factor authentication (MFA): Implementing MFA adds layer of security to your accounts.

Scams 123

Scams Malware Phishing Social Engineering 123

SecureWorld News

JANUARY 20, 2023

Popular email marketing service MailChimp recently fell victim to another data breach, this time caused by a successful social engineering attack on its employees and contractors. The company temporarily suspended access for accounts where suspicious activity was detected in order to protect user data.

Social Engineering 98

Social Engineering Data breaches Engineering Accountability 98

Security Affairs

NOVEMBER 24, 2020

Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy employees into handing over the control of the targeted domains with social engineering attacks.

Social Engineering 106

Social Engineering Engineering DNS Accountability 106

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The group of teenagers who hacked Twitter hailed from a community that traded in hacked social media accounts.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. A phishing page (helpdesk-att[.]com)

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 335

Hacking Cybercrime Phishing Passwords 335

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. ” reads the report published by Insikt Group.

Scams 84

Scams Media Cryptocurrency Cybercrime 84

SecureWorld News

SEPTEMBER 9, 2021

Then there was the money laundering, the cryptocurrency, the digital wallets. Business email compromise scheme and social engineering. million USD) to a bank account controlled by Alaumary and his co-conspirators. Social engineering—in person—was the next part of the scheme. million CAD (approximately $9.4

Social Engineering 96

Social Engineering Engineering Banking Cybercrime 96

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Members of The Community face charges of wire fraud and aggravated identity theft.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers. Pierluigi Paganini.

Accountability 144

Accountability Malware Phishing Social Engineering 144

eSecurity Planet

DECEMBER 21, 2021

Cryptocurrency Fuels Ransomware. One constant in all this will be cryptocurrency, the coin of the realm when it comes to ransomware. Cryptocurrency really is fueling this in a sense. … If you were to take cryptocurrency away from that, they don’t have a convenient digital platform.

Cryptocurrency 140

Cryptocurrency Ransomware Cybercrime Social Engineering 140

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 Consumers remained the primary target of financial cyberthreats, accounting for 73.69% of attacks. million in 2023.

Phishing 83

Phishing Banking Scams Mobile 83

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 269

Mobile Cryptocurrency Accountability Passwords 269

Heimadal Security

FEBRUARY 23, 2023

A new S1deload Stealer malware campaign infects YouTube and Facebook users as hackers try to use their devices for cryptocurrency mining. The Malware Attack Explained Threat actors use social engineering […] The post Warning! New Malware Hijacks YouTube and Facebook Accounts appeared first on Heimdal Security Blog.

Accountability 98

Accountability Malware Social Engineering Cryptocurrency 98

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. SecurityAffairs – hacking, cryptocurrency-themed apps). million. .”

Cryptocurrency 129

Cryptocurrency Mobile Hacking Accountability 129

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 335

Hacking Accountability Scams Media 335

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Dooley Doug Dooley , COO, Data Theorem In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 337

Mobile Phishing Authentication Accountability 337

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. A single bitcoin is trading at around $45,000.

Cryptocurrency 291

Cryptocurrency Cybercrime Computers and Electronics Scams 291

The Last Watchdog

APRIL 14, 2022

The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers. Scenario 2. Scenario 3. Planned attacks.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Malwarebytes

JULY 19, 2021

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. Folks already involved in cryptocurrency would likely have suspicions raised after reading the below. It’s all about that personal touch in the land of cryptocurrency scams.

Accountability 114

Accountability Scams Cryptocurrency Banking 114

Security Boulevard

DECEMBER 9, 2021

A crypto support bot scam discovered in May has now increased and widened its breadth of targeted cryptocurrency users. If the user falls for it, the scammer then works on the user, using social engineering to obtain the recovery phrase for the user’s cryptocurrency account.

Cryptocurrency 78

Cryptocurrency Scams Social Engineering Engineering 78

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.]

Social Engineering 141

Social Engineering Authentication Engineering Accountability 141

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. which owns LinkedIn, said in September 2022 that it had detected a wide range of social engineering campaigns using a proliferation of phony LinkedIn accounts.

Malware 326

Malware Software Technology Accountability 326

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 95

Insurance Cryptocurrency Cyber threats Marketing 95

Security Affairs

JUNE 4, 2024

“Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts. Their Telegram channel has over 1,255 members, a significant indicator of the scale and scope of the malicious activity being promoted by the group. ” reads the report published Resecurity.

Banking 129

Banking Phishing Social Engineering Engineering 129

Malwarebytes

JULY 19, 2022

Together with the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. Stay safe, everyone!

Cryptocurrency 98

Cryptocurrency Mobile Banking Internet 98

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. Trezor WARNING: Elaborate Phishing attack.

Phishing 138

Phishing Data breaches Cryptocurrency Social Engineering 138

Malwarebytes

MARCH 19, 2024

Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. Katz pleaded guilty before Chief U.S.

Social Engineering 141

Social Engineering Computers and Electronics Mobile Identity Theft 141

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. Microsoft researchers warn of a new social engineering campaign aimed at IT job seekers that relied on a new cluster of bogus skills assessment portals. ” warns Microsoft through a series of posts on X.

Social Engineering 142

Social Engineering Cryptocurrency Engineering Malware 142