Duo's Security Blog

DECEMBER 14, 2023

A few days later, John finds himself locked out of his account, and quickly learns that the password reset link he clicked earlier did not come from his company. He took the steps needed to keep his account safe by following the directions from his IT team. What is social engineering? John is a diligent employee.

Social Engineering 130

Social Engineering Engineering Phishing Passwords 130

SecureWorld News

MARCH 20, 2025

Attackers are mimicking tournament brackets, betting promotions, and registration formstricking users into handing over credentials or linking bank accounts to fraudulent sites. This intersection of sports, money, and digital activity makes for a perfect storm of social engineering attacks.

Scams 84

Scams Social Engineering Mobile Phishing 84

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. A phishing page (helpdesk-att[.]com)

Phishing 363

Phishing VPN Social Engineering Media 363

The Last Watchdog

APRIL 10, 2019

These smaller institutions, much like the giants, are hustling to expand mobile banking services. Yet, they are much less well equipped to detect and repel cyber attackers, who are relentlessly seeking out and exploiting the fresh attack vectors spinning out of expansion of mobile banking.

Banking 147

Banking Mobile Accountability Artificial Intelligence 147

Malwarebytes

AUGUST 19, 2021

At the end of last week, T-Mobile was investigating reports of a “massive” customer data breach. A hacker claimed to stolen 100 million people’s data from T-Mobile’s servers, which included everything from names and driver licences to addresses and social security numbers. It’s now confirmed something bad did take place.

Mobile 142

Mobile Data breaches Social Engineering Accountability 142

Security Boulevard

JANUARY 7, 2022

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” a T-Mobile spokesperson told BleepingComputer last week in response to questions about a new T-Mobile data breach.

Mobile 122

Mobile Social Engineering Data breaches Accountability 122

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The actor logged the information provided by the employee and used it in real-time to gain access to corporate tools using the employee’s account.”

VPN 363

VPN Social Engineering Authentication Engineering 363

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. According to an Aug.

Mobile 338

Mobile Phishing Authentication Accountability 338

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile 133

Mobile Data breaches Telecommunications Accountability 133

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 324

Hacking Social Engineering Phishing Scams 324

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Consumers remained the primary target of financial cyberthreats, accounting for 73.69% of attacks.

Phishing 83

Phishing Banking Scams Mobile 83

The Last Watchdog

JUNE 18, 2018

They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials. Related articles: Hackers revamp tactics, target mobile wallets. based supplier of automated identity verification and digital account onboarding technologies. Today, it’s all about mobile.

Banking 173

Banking Mobile Social Engineering Authentication 173

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone. Read more about the story here.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The group of teenagers who hacked Twitter hailed from a community that traded in hacked social media accounts.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug. According to an Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Fresh on the heels of a disclosure that Microsoft Corp. Earlier this week, vice.com reported that hackers are phishing workers at major U.S.

Social Engineering 306

Social Engineering Telecommunications Data privacy Engineering 306

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

SecureWorld News

DECEMBER 10, 2024

Zimperium's zLabs team has uncovered a dangerous new variant of the Antidot banking trojan, dubbed AppLite, that is targeting Android devices through sophisticated mobile phishing (mishing) campaigns. Corporate Exploitation: Poses risks to companies by stealing credentials from employee devices used for remote work.

Mobile 109

Mobile Social Engineering Banking Phishing 109

SecureWorld News

MARCH 11, 2022

Famed hacker Kevin Mitnick learned early on to use emotion to manipulate and socially engineer his targets. At the time, his targets were typically sysadmins, and the social engineering started with a phone call. Here's an example of a smishing message that came to an Instagram user on a mobile device.

Social Engineering 97

Social Engineering Engineering Phishing Accountability 97

SecureList

MARCH 1, 2021

In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. Pandemic theme in mobile threats. The mobile malware Trojan-Ransom.AndroidOS.Agent.aq The year in figures. Trends of the year.

Mobile 145

Mobile Malware Adware Banking 145

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 332

Hacking Accountability Scams Media 332

Malwarebytes

AUGUST 9, 2022

Cloud-based communication platform provider Twilio has announced a breach via a social engineering attack on employees. At this site, the attacker could intercept the login credentals and use those to access the compromised accounts. Text messages. Twilio customers. Twilio has notified the affected customers. Protection.

Social Engineering 80

Social Engineering Engineering Accountability Mobile 80

Hot for Security

JUNE 15, 2021

Our mobile devices are not just a means to communicate with others. They’ve evolved into a data storage device, a video and sound recorder, as well as an easy way to access our bank accounts. Today, memory cards for mobile devices offer a large storage capacity for your contacts, messages, files, videos and photos.

Mobile 137

Mobile Banking Phishing Social Engineering 137

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking 276

Banking Passwords Risk Accountability 276

SecureList

FEBRUARY 26, 2024

The most common threat to mobile devices was adware: 40.8% million malicious installation packages, 154,000 of these containing a mobile banking Trojan. The year’s trends Malware, adware, and riskware attacks on mobile devices dipped in February, only to rise steadily until the end of the year. of all threats detected.

Mobile 135

Mobile Malware Adware Banking 135

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. The stolen data reportedly includes highly personal information — names, dates of birth, Social Security numbers, bank account details, and even records of residents’ interactions with city services.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. A month earlier, Dubai and Abu Dhabi Police warned citizens not to share their confidential information, including their account, card details or online banking credentials.

Social Engineering 110

Social Engineering Phishing Banking DNS 110

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. ” LAPSUS$ leader White/Lapsus Jobs looking up the Department of Defense in T-Mobile’s internal Atlas system.

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap , that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021.

Accountability 135

Accountability Social Engineering Malware Media 135

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples.

Accountability 101

Accountability Malware Banking Phishing 101

Malwarebytes

MARCH 19, 2024

Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t). Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. Katz pleaded guilty before Chief U.S.

Social Engineering 143

Social Engineering Computers and Electronics Mobile Identity Theft 143

Pen Test Partners

AUGUST 29, 2024

Secure networks : Avoid using untrusted public Wi-Fi to access social media accounts, instead, use mobile data. This avoids one of the easiest ways attackers get access to your account – you reusing passwords across multiple websites. The idea is that you need to have this physical item with you to access your account.

Media 116

Media Accountability Password Management Passwords 116

Hacker's King

DECEMBER 25, 2024

However, its immense popularity has made it a target for malicious actors seeking unauthorized access to user accounts. Tools designed for password cracking often exploit weak security practices, but understanding these methods is vital for safeguarding your account. This is one of the most prevalent methods of account compromise.

Passwords 52

Passwords Social Engineering Accountability Scams 52

Security Affairs

NOVEMBER 15, 2021

The malware has been active at least since late October 2021, it targeting the mobile users of banks in Italy, the UK, and the US. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. The name comes after one of the domains used for its command and control servers.

Banking 143

Banking Mobile Social Engineering Malware 143

Malwarebytes

APRIL 16, 2023

The email, with an HTML file attachment, contains a short message: Please note: [redacted] <=> For information please continue to check here or use our free mobile=app. As with most solutions for these forms of social engineering, contact the tax entity directly. Updates status are made no more than once a day.

Accountability 98

Accountability Social Engineering Scams Banking 98

SecureWorld News

JUNE 17, 2024

Ezra Graziano, Director of Federal Accounts at Zimperium, emphasized the urgency for defense against such evolving social engineering tactics. This includes educating staff on impersonation scam signs, verifying caller identities, reporting suspicious calls, and integrating mobile threat defense solutions.

Social Engineering 113

Social Engineering Scams Artificial Intelligence Engineering 113

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks.

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174