eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Enable multi-factor authentication (MFA): Implementing MFA adds layer of security to your accounts.

Scams 123

Scams Malware Phishing Social Engineering 123

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

Hacking 335

Hacking Cybercrime Phishing Passwords 335

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “These guys were not leet , just damn persistent.” ” HOW DID WE GET HERE?

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Security Affairs

APRIL 7, 2025

By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited. Guidebooks are also available to instruct on how to exploit the information obtained, in order to more effectively target victims through social engineering and doxxing campaigns.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. 9, 2024, U.S. Twilio disclosed in Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. On that last date, Twilio disclosed that on Aug. According to an Aug.

Mobile 337

Mobile Phishing Authentication Accountability 337

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.]

Social Engineering 141

Social Engineering Authentication Engineering Accountability 141

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.

Cryptocurrency 140

Cryptocurrency Social Engineering Computers and Electronics Engineering 140

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems.

Authentication 113

Authentication Social Engineering Phishing Banking 113

Security Affairs

JUNE 4, 2024

These include: Social engineering tactics SIM swapping schemes Banking and credit card fraud” The attackers use various social engineering and spoofing tactics to trick victims into revealing their sensitive information, which supports real-time interaction to abuse and bypass MFA (Multi-Factor Authentication).

Banking 128

Banking Phishing Social Engineering Engineering 128

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. As cryptocurrencies continue to grow, this number is only ever going to get larger. million in 2023.

Phishing 83

Phishing Banking Scams Mobile 83

The Last Watchdog

APRIL 14, 2022

The email specifies that the HR manager should include the codes associated with each card, which the scammer behind the scenes then sells online for cash or cryptocurrency. An HR benefits manager receives an email from the department VP asking him to purchase gift cards for a new employee rewards program. Scenario 3.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 269

Mobile Cryptocurrency Accountability Passwords 269

Security Affairs

MARCH 29, 2025

Notifications & Social Engineering: Posts fake push notifications to trick users. Data Theft: Captures Google Authenticator screen content to steal OTP codes. Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers. ” ThreatFabric concludes.

Banking 67

Banking Mobile Identity Theft Malware 67

Malwarebytes

MARCH 19, 2024

For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. He was paid in Bitcoin, which was traced back to Katz’s cryptocurrency account.

Social Engineering 141

Social Engineering Computers and Electronics Mobile Identity Theft 141

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 291

Cryptocurrency Cybercrime Computers and Electronics Scams 291

Malwarebytes

FEBRUARY 15, 2021

This can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. For that reason, SIM swapping can be used to circumvent two-factor authentication (2FA) that requires a manually-entered code, sent by SMS message.

Social Engineering 140

Social Engineering Cryptocurrency Accountability Authentication 140

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. Social engineering scams leverage psychological manipulation to deceive individuals and exploit the victims’ trust.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 137

Phishing Data breaches Cryptocurrency Social Engineering 137

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Some crypto currency exchanges use an even stronger method, of requiring confirmation both by an SMS to the phone and by email.

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

SecureList

APRIL 21, 2025

Lumma has also been observed using exploit kits, social engineering, and compromised websites to extend its reach and evade detection by security solutions. Fake Telegram channels for pirated content and cryptocurrencies. In this article, we’ll focus mainly on the fake CAPTCHA distribution vector.

Malware 88

Malware Cryptocurrency Software Phishing 88

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Ransomware. Password and info stealers.

Cryptocurrency 109

Cryptocurrency Social Engineering Malware Cybercrime 109

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 130

Scams Phishing Cryptocurrency Social Engineering 130

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 98

Cryptocurrency Social Engineering Accountability Media 98

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The hackers used fake collaboration opportunities (i.e. a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators.

Accountability 144

Accountability Malware Phishing Social Engineering 144

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 127

Cryptocurrency Malware Authentication Banking 127

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 104

Cryptocurrency Phishing Social Engineering Accountability 104

Webroot

FEBRUARY 13, 2024

Rise in Cryptocurrency Payments : Fraudsters are increasingly asking for payments in cryptocurrency, exploiting its semi-anonymous nature. In 2021, losses to romance scams involving cryptocurrency were reported at $139 million ​​. Expect this to avenue of fraud to consistently escalate as crypto prices and adoption increase.

Scams 121

Scams Cryptocurrency Media Education 121

Cisco Security

OCTOBER 6, 2021

Mining cryptocurrencies requires large amounts of computing power to solve the cryptographic challenges necessary to acquire new cryptocurrency tokens. With users and the systems they access outside of the traditional office environment, the question of how to authenticate users has become increasingly important.

Cybersecurity 145

Cybersecurity Authentication Passwords Cryptocurrency 145

Security Affairs

JANUARY 23, 2022

The FBI announcement includes tips to protect people from such kind of attacks; feds recommend checking the URL obtained by scanning a QR code to make sure it is the intended site and looks authentic. Threat actors could use a malicious domain name that is similar to the intended URL but with typos or a misplaced letter.

Cryptocurrency 111

Cryptocurrency Social Engineering Malware Scams 111

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm.

Phishing 98

Phishing Social Engineering Scams Identity Theft 98

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 133

Phishing Banking Mobile Scams 133

eSecurity Planet

MARCH 24, 2022

In a blog post detailing its efforts to track and contain the breach, Microsoft described LAPSUS$ as a “large scale social engineering and extortion campaign.” LAPSUS$ doesn’t appear to be using overtly sophisticated intrusion methods but instead relying on social engineering and purchased accounts.

Social Engineering 109

Social Engineering Engineering Data breaches Hacking 109