Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft 228

Identity Theft Phishing Cryptocurrency Accountability 228

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. As for the specifics of the phishing tactic deployed, Cuban is reported as saying he may have downloaded a bogus wallet tool via a search engine query.

Cryptocurrency 139

Cryptocurrency Scams Phishing Engineering 139

Malwarebytes

MAY 3, 2022

Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. Is your iPhone about to be Airdrop phished? Fret no more, because we’re going to walk you through an actual Airdrop phish example.

Cryptocurrency 142

Cryptocurrency Phishing Risk Scams 142

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. I had to go through and decline like 100-plus notifications.”

Passwords 362

Passwords Accountability Engineering Phishing 362

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 329

Mobile Phishing Authentication Accountability 329

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 309

Hacking Social Engineering Phishing Scams 309

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court.

Cryptocurrency 354

Cryptocurrency Mobile Accountability Scams 354

CyberSecurity Insiders

NOVEMBER 26, 2021

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers. The post Compromised cloud accounts leading to Cryptocurrency mining appeared first on Cybersecurity Insiders.

Cryptocurrency 131

Cryptocurrency Accountability Passwords Software 131

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency 123

Cryptocurrency Phishing Accountability Passwords 123

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 309

Malware Cryptocurrency Software Phishing 309

Krebs on Security

DECEMBER 18, 2024

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. Unfortunately for Griffin, years ago he used Google Photos to store an image of the secret seed phrase that was protecting his cryptocurrency wallet. I put my seed phrase into a phishing site, and that was it.”

Cryptocurrency 238

Cryptocurrency Accountability Authentication Phishing 238

Security Affairs

JANUARY 28, 2021

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users. SecurityAffairs – hacking, Phishing).

Phishing 145

Phishing Cryptocurrency Passwords Hacking 145

Krebs on Security

NOVEMBER 3, 2020

Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “ vishing ” attacks and “ SIM swapping ,” a form of fraud that involves bribing or tricking employees at mobile phone companies. Milleson , 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A.

Scams 310

Scams Wireless Identity Theft Mobile 310

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 142

Phishing Data breaches Cryptocurrency Social Engineering 142

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 137

Scams Phishing Cryptocurrency Social Engineering 137

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing 138

Phishing Ransomware Security Awareness Authentication 138

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 360

Phishing VPN Social Engineering Media 360

SecureList

JUNE 10, 2024

Although there are quite a few 2FA varieties, most implementations rely on one-time passwords (OTPs) that the user can get via a text message, voice call, email message, instant message from the website’s official bot or push notification from a mobile app. The bot accepts payments in cryptocurrency only. What is an OTP bot?

Phishing 141

Phishing Banking Social Engineering Accountability 141

Krebs on Security

JULY 15, 2024

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network , Compound Finance , Pendle Finance , and Unstoppable Domains. What’s more, Monahan said, Squarespace did not require email verification for new accounts created with a password.

Accountability 294

Accountability Cryptocurrency Passwords DNS 294

Malwarebytes

APRIL 28, 2021

The victim is typically sent to a phishing page where accounts, payment details, identities, or other things can be stolen. We first observed the technique used on gamers back in 2014, and it eventually branched out into bank phishing. No company worth bothering with will ever ask for your password so don’t give them out.

Phishing 139

Phishing Cryptocurrency Accountability Scams 139

Bleeping Computer

APRIL 18, 2024

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [.]

Passwords 122

Passwords Cryptocurrency Hacking Phishing 122

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead. A copy of his complaint is here (PDF).

Mobile 249

Mobile Cryptocurrency Accountability Authentication 249

Malwarebytes

DECEMBER 20, 2022

If you’re a user of the Gemini cryptocurrency exchange, it’s time to be on your guard against phishing attacks. Gemini is now offering security advice and tips to guard against phishing attacks for anyone contained in the data. Breaches in cryptocurrency land are always a major issue.

Cryptocurrency 97

Cryptocurrency Phishing Scams Accountability 97

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself.

Phishing 127

Phishing Scams Accountability Energy and Utilities 127

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” A phishing message targeting FTX users that went out en masse today.

Mobile 207

Mobile Cyber Risk Cryptocurrency Data breaches 207

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 270

Cryptocurrency Cybercrime Computers and Electronics Scams 270

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. The history of scams and phishing. The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at that time. Phishing site with chat support.

Scams 137

Scams Phishing Social Engineering Banking 137

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. “Someone was trying to phish employee credentials, and they were good at it,” Wired reported.

Social Engineering 277

Social Engineering Phishing Engineering Accountability 277

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection. Archive file and its contents.

Cryptocurrency 143

Cryptocurrency Malware Accountability Banking 143

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability 141

Accountability Hacking Cryptocurrency Cybersecurity 141

Malwarebytes

JULY 19, 2022

A new phishing campaign targeting PayPal users aims to get extensive data from potential victims. PayPal phishing sites are a dime a dozen due to the number of people and companies using it as another form of payment method. This was evident after Akamai found an attacker had planted a phishing kit on its WordPress honeypot.

Phishing 130

Phishing Social Engineering Accountability Engineering 130

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. Here are four new phishing trends keeping businesses on their toes. Spear phishing. Phishing via texting.

Phishing 124

Phishing Scams Cybercrime Passwords 124

Security Affairs

AUGUST 19, 2019

Phishing is one of the oldest methods of cyberattacks. People fell prey for these manipulative emails and provide confidential details like passwords and bank information in their negligence. People fell prey for these manipulative emails and provide confidential details like passwords and bank information in their negligence.

Phishing 111

Phishing Accountability Authentication Passwords 111

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S.

Cryptocurrency 106

Cryptocurrency Identity Theft Accountability Media 106

Anton on Security

JULY 7, 2022

this is another gem for me as your security posture may still be solely focused on “critical” assets and data loss, and hence miss the theft of cloud services that you pay for] “In 2022, actors have attempted to commit cloud network resources to mine cryptocurrencies that require network bandwidth. ” [A.C.?—?this

Cybersecurity 246

Cybersecurity Cryptocurrency Ransomware Education 246

Bleeping Computer

JANUARY 21, 2023

Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal passwords, or even cryptocurrency wallets. [.]

Malware 126

Malware Cryptocurrency Phishing Passwords 126