Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 255

Identity Theft Phishing Cryptocurrency Accountability 255

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity 363

Cybersecurity Social Engineering Artificial Intelligence Scams 363

Penetration Testing

MAY 13, 2024

AhnLab’s Mobile Analysis Team has issued an alarm about an insidious new breed of romance scams specifically targeting cryptocurrency enthusiasts.

Social Engineering 96

Social Engineering Cryptocurrency Engineering Penetration Testing 96

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. This stolen booty reportedly included social security numbers, phone numbers, names, home addresses, unique IMEI numbers, and driver’s license information. This was not a sophisticated attack.

Mobile 235

Mobile Data breaches Authentication Accountability 235

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 128

Social Engineering Media Mobile Scams 128

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The agencies said crooks use the vished VPN credentials to mine the victim company databases for their customers’ personal information to leverage in other attacks.

VPN 363

VPN Social Engineering Authentication Engineering 363

SecureWorld News

MARCH 20, 2025

This intersection of sports, money, and digital activity makes for a perfect storm of social engineering attacks. Mobile madness: the sneaky side of cyber scams With fans constantly checking scores, streaming games, and logging into betting apps, mobile devices are a major attack surface.

Scams 86

Scams Social Engineering Mobile Phishing 86

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

SecureWorld News

DECEMBER 10, 2024

Zimperium's zLabs team has uncovered a dangerous new variant of the Antidot banking trojan, dubbed AppLite, that is targeting Android devices through sophisticated mobile phishing (mishing) campaigns. Regular Updates: Ensure mobile security tools and detection parsers are updated to counter evasion techniques.

Mobile 109

Mobile Social Engineering Banking Phishing 109

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. Your mobile device may already have some form of safe message ID enabled without you knowing. Report bogus messages and numbers.

Phishing 134

Phishing Social Engineering Scams Mobile 134

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 328

Hacking Social Engineering Phishing Scams 328

SecureList

FEBRUARY 26, 2024

The most common threat to mobile devices was adware: 40.8% million malicious installation packages, 154,000 of these containing a mobile banking Trojan. The year’s trends Malware, adware, and riskware attacks on mobile devices dipped in February, only to rise steadily until the end of the year. of all threats detected.

Mobile 136

Mobile Malware Adware Banking 136

Malwarebytes

APRIL 1, 2025

To proceed with the update, please scan the QR code below with your mobile device or click the link provided to access the secure tax portal. This update must be completed by 2025-03-16 to avoid any potential penalties or disruptions to your account. Once logged in, follow the prompts to review and confirm your tax information.

Scams 139

Scams Phishing Artificial Intelligence Social Engineering 139

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 207

Social Engineering Malware Engineering Banking 207

Security Affairs

OCTOBER 29, 2024

The group UNC5812 also coordinated influence campaigns to spread narratives and solicit content aimed at weakening the support for Ukraine’s mobilization and military recruitment efforts. The experts noticed that Civil Defense website employs social engineering tactics to trick users into installing APK outside the App Store.

Malware 118

Malware Social Engineering Software Mobile 118

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. In an Aug.

Mobile 341

Mobile Phishing Authentication Accountability 341

Appknox

AUGUST 7, 2022

Unfortunately, because of widespread misconceptions, several businesses still don't understand the true potential of pen testing and refrain from using it to ensure mobile app security. However, this article will clear those myths and help you with a reality check on penetration testing for mobile applications.

Penetration Testing 131

Penetration Testing Mobile Engineering Small Business 131

Krebs on Security

APRIL 6, 2022

The actors used social engineering techniques and, in some cases, posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee.” ” SMASH & GRAB.

Social Engineering 291

Social Engineering Phishing Engineering Accountability 291

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs).

Phishing 131

Phishing Mobile Banking Social Engineering 131

The Hacker News

DECEMBER 2, 2024

These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which

Social Engineering 139

Social Engineering Malware Mobile Engineering 139

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability 358

Accountability Mobile Banking Passwords 358

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Mobile malware Nearly 248,000 users encountered mobile banking malware in 2024 almost 3.6 of all mobile banker attacks. In 2024, the number of users who encountered mobile banking Trojans grew 3.6

Phishing 78

Phishing Banking Scams Mobile 78

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 98

Social Engineering Media Scams Advertising 98

Krebs on Security

JANUARY 29, 2020

leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. Fresh on the heels of a disclosure that Microsoft Corp.

Social Engineering 308

Social Engineering Telecommunications Data privacy Engineering 308

Security Boulevard

APRIL 16, 2024

The post SIM Swappers Try Bribing T-Mobile and Verizon Staff $300 appeared first on Security Boulevard. Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication.

Mobile 132

Mobile Authentication Social Engineering Wireless 132

The Hacker News

JULY 1, 2024

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest.

Spyware 131

Spyware Social Engineering Mobile Engineering 131

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Once the credit card details were entered, cybercriminals used them for much higher charges at the controlled merchants registered on money mules.A

Social Engineering 110

Social Engineering Phishing Banking DNS 110

The Hacker News

NOVEMBER 20, 2023

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.

Social Engineering 132

Social Engineering Banking Government Mobile 132

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. In early July 2018, Ferri was traveling in Europe when he discovered his T-Mobile phone no longer had service.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

SecureWorld News

MARCH 18, 2025

Technological defenses: Utilizing mobile security solutions that can detect and block potential phishing attempts adds an additional layer of protection. Mika Aalto , Co-Founder and CEO at Hoxhunt, said: "We continue to see a significant surge in mobile phishing, or smishing, attacks reported by end-users.

Scams 88

Scams Mobile Phishing Education 88

Security Affairs

DECEMBER 12, 2024

These are the first known mobile malware families linked to the Russian APT. These findings tie the mobile surveillance families to Gamaredons desktop campaigns. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon , Primitive Bear, and ACTINIUM).

Mobile 98

Mobile Malware Surveillance Social Engineering 98

Daniel Miessler

MAY 19, 2021

Top three patterns in breaches were: social engineering, basic web application attacks, and system intrusion. Top three patterns in incidents were: denial of service, basic web application attacks, and social engineering. Interesting to see mobile phone in there. They map to the CIS controls for recommendations.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

SecureWorld News

MARCH 17, 2025

Early findings suggest that the attackers exploited vulnerabilities in the company's rapidly deployed digital platforms, such as its mobile ordering app and cloud-based point-of-sale systems. All those mobile apps, cloud-based POS systems, and online ordering platforms need suitably integrated cybersecurity measures.

Cyber Attacks 113

Cyber Attacks Digital transformation Threat Detection Penetration Testing 113

SecureWorld News

JUNE 17, 2024

Ezra Graziano, Director of Federal Accounts at Zimperium, emphasized the urgency for defense against such evolving social engineering tactics. This includes educating staff on impersonation scam signs, verifying caller identities, reporting suspicious calls, and integrating mobile threat defense solutions.

Social Engineering 113

Social Engineering Scams Artificial Intelligence Engineering 113

Malwarebytes

MARCH 19, 2024

Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t). SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier.

Social Engineering 143

Social Engineering Computers and Electronics Mobile Identity Theft 143