Duo's Security Blog

DECEMBER 14, 2023

But as it turns out, John was a victim of a phishing scam, a type of social engineering attack where the cybercriminal impersonated John’s IT department to gain his trust and trick him into revealing his login credentials. What is social engineering? If it is, access is granted.

Social Engineering 130

Social Engineering Engineering Phishing Passwords 130

Schneier on Security

JUNE 20, 2018

Sounds like a really good idea, but Andreas Gutmann points out an application where this could become a vulnerability: when authenticating transactions: Transaction authentication, as opposed to user authentication, is used to attest the correctness of the intention of an action rather than just the identity of a user.

Authentication 177

Authentication Banking Social Engineering Mobile 177

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Mobile 338

Mobile Phishing Authentication Accountability 338

The Last Watchdog

JUNE 18, 2018

They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials. Related articles: Hackers revamp tactics, target mobile wallets. VASCO long ago established itself as a leading supplier of authentication technology to 2,000 banks worldwide. Today, it’s all about mobile.

Banking 173

Banking Mobile Social Engineering Authentication 173

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

SecureWorld News

MARCH 20, 2025

This intersection of sports, money, and digital activity makes for a perfect storm of social engineering attacks. Mobile madness: the sneaky side of cyber scams With fans constantly checking scores, streaming games, and logging into betting apps, mobile devices are a major attack surface.

Scams 84

Scams Social Engineering Mobile Phishing 84

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. ” Like LAPSUS$, these vishers just kept up their social engineering attacks until they succeeded.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Security Boulevard

APRIL 16, 2024

Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication. The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 356

Accountability Mobile Banking Passwords 356

eSecurity Planet

NOVEMBER 6, 2024

Rhysida went so far as to publish sample files to verify the authenticity of the data, revealing access to a trove of information, including city databases, employee credentials, cloud management files, and even the city’s traffic camera feeds.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Mobile malware Nearly 248,000 users encountered mobile banking malware in 2024 almost 3.6 of all mobile banker attacks. In 2024, the number of users who encountered mobile banking Trojans grew 3.6

Phishing 83

Phishing Banking Scams Mobile 83

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Fresh on the heels of a disclosure that Microsoft Corp. A redacted screen shot of one Sprint customer support thread exposed to the Web.

Social Engineering 306

Social Engineering Telecommunications Data privacy Engineering 306

The Last Watchdog

APRIL 10, 2019

These smaller institutions, much like the giants, are hustling to expand mobile banking services. Yet, they are much less well equipped to detect and repel cyber attackers, who are relentlessly seeking out and exploiting the fresh attack vectors spinning out of expansion of mobile banking.

Banking 147

Banking Mobile Accountability Artificial Intelligence 147

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems.

Authentication 113

Authentication Social Engineering Phishing Banking 113

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication 124

Authentication Passwords Data privacy Identity Theft 124

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication 104

Authentication Passwords Mobile Accountability 104

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This targeting can occur in at least one of two ways.

Banking 276

Banking Passwords Risk Accountability 276

Duo's Security Blog

FEBRUARY 27, 2024

The choice of which authentication methods to use is individual to every organization, but it must be informed by a clear understanding of how these methods defend against common identity threats. How MFA methods stand up to threats Threat type #1: Physical compromise Many authentication methods use device possession as a factor (i.e.,

Social Engineering 135

Social Engineering Authentication Phishing Engineering 135

Security Affairs

APRIL 23, 2022

Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. ” LAPSUS$ leader White/Lapsus Jobs looking up the Department of Defense in T-Mobile’s internal Atlas system.

Mobile 102

Mobile VPN Social Engineering Telecommunications 102

Malwarebytes

MARCH 19, 2024

Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t). For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message.

Social Engineering 143

Social Engineering Computers and Electronics Mobile Identity Theft 143

The Last Watchdog

JANUARY 31, 2022

Multi-factor authentication, or MFA, methods belong to this category. A popular form of MFA is where a user gets an online password via e-mail and a security code via an SMS on a mobile phone. The authentication procedure is hidden from users. AIS have no emotions and therefore cannot be attacked by social engineering methods.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

eSecurity Planet

MAY 9, 2023

Passkeys are a lot easier to manage and are resistant to phishing , harvesting and other credential attacks, which is why it’s making its way into the mainstream as a more secure and convenient authentication method. How Passkeys Work Passkeys work by using biometric authentication or a unique code to authenticate a user’s identity.

Authentication 109

Authentication Passwords Accountability Password Management 109

NetSpi Executives

OCTOBER 24, 2023

Don’t be afraid of social engineering attacks this Cybersecurity Awareness Month! In the spirit of this year’s theme, we created a parody of the Monster Mash to share social engineering prevention tips far and wide. Turn on Multifactor Authentication Even strong, secure passwords can be exposed by attackers.

Social Engineering 59

Social Engineering Engineering Cybersecurity Passwords 59

eSecurity Planet

FEBRUARY 6, 2025

Single sign-on” (SSO) is an authentication method that allows users to enter one set of authentication credentials to access multiple websites, applications, and services. The goal of SSO is to streamline the authentication process by eliminating the need to enter different usernames and passwords for each resource.

Authentication 57

Authentication Passwords Mobile Encryption 57

CyberSecurity Insiders

MAY 28, 2023

Password Security: Investigate different password security techniques, such as password hashing algorithms, two-factor authentication (2FA), and biometric authentication. Social Engineering: Investigate the human element of cybersecurity by exploring social engineering techniques and tactics used to manipulate individuals.

Cybersecurity 111

Cybersecurity Penetration Testing Social Engineering IoT 111

Thales Cloud Protection & Licensing

MAY 9, 2022

Is the demise of OTP authentication imminent? Reducing the risk from credential compromise is forcing regulators and industry leaders to mandate multifactor authentication (MFA) and re-assess the efficacy of OTP. Historical perspective of strengthening authentication. Which authentication method is suitable or do you need many?

Authentication 71

Authentication Social Engineering Mobile Digital transformation 71

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. Do you really need to do it?

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

SecureWorld News

MARCH 21, 2024

March Madness is a prime opportunity for cybercriminals to deploy phishing lures, malicious apps, and social engineering tactics," warns Krishna Vishnubhotla, VP of Product Strategy at mobile security firm Zimperium. These can be vehicles for delivering malware, committing fraud, or harvesting valuable data.

Cybersecurity 113

Cybersecurity Social Engineering Phishing Mobile 113

Krebs on Security

FEBRUARY 25, 2021

Much of this fraud exploits weak authentication methods used by states that have long sought to verify applicants using static, widely available information such as Social Security numbers and birthdays. to shore up their authentication efforts, with six more states under contract to use the service in the coming months.

Scams 335

Scams Insurance DDOS Authentication 335

Malwarebytes

AUGUST 4, 2023

From these instances the group reaches out through Teams messages and persuades targets to approve multi-factor authentication (MFA) prompts initiated by the attacker. In both cases they require the user to enter a code that is displayed during the authentication flow into the prompt on the Microsoft Authenticator app on their mobile device.

Authentication 98

Authentication Phishing Accountability Small Business 98

Duo's Security Blog

FEBRUARY 15, 2024

Multi-factor authentication (MFA) is a well-known and well-established protection that many organizations rely on. Several common authentication methods include the use of one-time passcodes (OTP). Social Engineering: An attacker logs in with a user’s credentials and the real user gets sent an OTP.

Social Engineering 132

Social Engineering Authentication Passwords Accountability 132

The Last Watchdog

FEBRUARY 3, 2021

The latest twist: mobile network operator UScellular on Jan. We may think we know how to recognize a social engineering attack or phishing email, but with the amount of information available to attackers through open platforms and stolen information, they may know far more about us than we realize.

Phishing 252

Phishing Hacking Accountability Social Engineering 252