Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms. Don’t be discouraged.

Hacking 278

Hacking Accountability Government Social Engineering 278

Krebs on Security

DECEMBER 29, 2024

The first profiled Cryptomus , a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.

Scams 222

Scams Cybercrime Cryptocurrency Social Engineering 222

Trend Micro

OCTOBER 3, 2022

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

Cryptocurrency 138

Cryptocurrency Social Engineering Engineering Cyber threats 138

Penetration Testing

NOVEMBER 12, 2023

Microsoft has issued a warning about the North Korean hacking group Sapphire Sleet (BlueNoroff), which is deploying a new infrastructure for impending social engineering campaigns on LinkedIn.

Social Engineering 82

Social Engineering Cryptocurrency Engineering Penetration Testing 82

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings. Image: CISA.

Cryptocurrency 329

Cryptocurrency Financial Services Banking Government 329

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime 107

Cybercrime Identity Theft Cryptocurrency Phishing 107

CyberSecurity Insiders

JANUARY 17, 2022

North Korea, the nation that is being led by Kim Jong UN is back into news headlines for stealing cryptocurrency worth millions through cyber attacks. The post North Korea steals $400m cryptocurrency through Cyber Attacks appeared first on Cybersecurity Insiders.

Cryptocurrency 135

Cryptocurrency Cyber Attacks Social Engineering Banking 135

SecureWorld News

JANUARY 20, 2023

Popular email marketing service MailChimp recently fell victim to another data breach, this time caused by a successful social engineering attack on its employees and contractors.

Social Engineering 98

Social Engineering Data breaches Engineering Accountability 98

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Researchers from Gen Digital who discovered the threat, believe it is in its early development phase.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Security Affairs

NOVEMBER 24, 2020

Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy employees into handing over the control of the targeted domains with social engineering attacks.

Social Engineering 105

Social Engineering Engineering DNS Accountability 105

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. AMOS stealer: Specifically targets macOS systems, stealing sensitive data and credentials.

Scams 123

Scams Malware Phishing Social Engineering 123

eSecurity Planet

DECEMBER 21, 2021

Cryptocurrency Fuels Ransomware. One constant in all this will be cryptocurrency, the coin of the realm when it comes to ransomware. Cryptocurrency really is fueling this in a sense. … If you were to take cryptocurrency away from that, they don’t have a convenient digital platform.

Cryptocurrency 140

Cryptocurrency Ransomware Cybercrime Social Engineering 140

Security Affairs

APRIL 7, 2025

By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited. Guidebooks are also available to instruct on how to exploit the information obtained, in order to more effectively target victims through social engineering and doxxing campaigns.

Cybercrime 136

Cybercrime Social Engineering Accountability Government 136

SecureWorld News

SEPTEMBER 9, 2021

Then there was the money laundering, the cryptocurrency, the digital wallets. Business email compromise scheme and social engineering. Social engineering—in person—was the next part of the scheme. Those are some of the highlights, now let's look at a few specifics. Too many do.

Social Engineering 96

Social Engineering Engineering Banking Cybercrime 96

Trend Micro

AUGUST 8, 2021

We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.

Banking 135

Banking Social Engineering Cryptocurrency Engineering 135

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Security Affairs

APRIL 17, 2025

Then the DLL launches a decoy by opening an msedge_proxy window that displays a legitimate cryptocurrency trading website. In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js to deploy malicious payloads. components.

Social Engineering 90

Social Engineering Malware Cryptocurrency Engineering 90

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

The Hacker News

APRIL 3, 2025

The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems.

Social Engineering 127

Social Engineering Cryptocurrency Malware Engineering 127

Naked Security

FEBRUARY 21, 2023

Another day, another "sophisticated" attack. This time, the company has handily included some useful advice along with its mea culpa.

Social Engineering 113

Social Engineering Engineering Cryptocurrency 113

Security Boulevard

APRIL 30, 2021

Are you investing in cryptocurrency or thinking about it? Be sure to listen or watch our April monthly show for our top 3 ways to keep your cryptocurrency safe! ** Links mentioned on the show ** 10 Ways to Keep Your Cryptocurrency Safe [link] Beware of These Top Bitcoin Scams [link] 9 Best Crypto Wallets […].

Cryptocurrency 116

Cryptocurrency Scams Social Engineering Engineering 116

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. ” reads the report published by Insikt Group.

Scams 75

Scams Media Cryptocurrency Cybercrime 75

Threatpost

NOVEMBER 23, 2020

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.

Cryptocurrency 121

Cryptocurrency Social Engineering VPN Engineering 121

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. SecurityAffairs – hacking, cryptocurrency-themed apps). million. .”

Cryptocurrency 128

Cryptocurrency Mobile Hacking Accountability 128

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. ” Like LAPSUS$, these vishers just kept up their social engineering attacks until they succeeded.

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

The Hacker News

NOVEMBER 23, 2024

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period.

Social Engineering 137

Social Engineering Scams Cryptocurrency Malware 137

SecureWorld News

APRIL 21, 2022

Treasury Department warning of a North Korean state-sponsored advanced persistent threat (APT) known as the Lazarus Group targeting cryptocurrency and blockchain companies. The threat actors use social engineering to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems.

Cryptocurrency 98

Cryptocurrency Computers and Electronics Social Engineering System Administration 98

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. 9, 2024, U.S.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.

Cryptocurrency 139

Cryptocurrency Social Engineering Computers and Electronics Engineering 139

Krebs on Security

JUNE 15, 2024

One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

Hacking 333

Hacking Cybercrime Phishing Passwords 333

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Dooley Doug Dooley , COO, Data Theorem In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

Heimadal Security

APRIL 19, 2022

CISA, the FBI, and the US Treasury Department have recently issued a warning that firms in the cryptocurrency and blockchain industries are being targeted by the North Korean Lazarus hacking gang. It seems that the threat actors are using trojanized cryptocurrency applications in this wave of cyberattacks.

Social Engineering 128

Social Engineering Cryptocurrency Engineering Hacking 128

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. As cryptocurrencies continue to grow, this number is only ever going to get larger. million in 2023.

Phishing 81

Phishing Banking Scams Mobile 81

Penetration Testing

SEPTEMBER 4, 2024

The FBI has warned sternly about North Korean state-sponsored hackers employing highly sophisticated social engineering tactics to infiltrate decentralized finance (DeFi) and cryptocurrency companies.

Social Engineering 52

Social Engineering Engineering Cryptocurrency Cybersecurity 52