article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 277
article thumbnail

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. That’s down from 53 percent that did so in 2018, Okta found. On that last date, Twilio disclosed that on Aug.

Mobile 299
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

In late September 2018, the REACT Task Force spearheaded an investigation that led to the arrest of two Missouri men — both in their early 20s — who are accused of conducting SIM swaps to steal $14 million from a cryptocurrency company based in San Jose, Calif. . million customers.

Mobile 243
article thumbnail

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

The FBI says BEC scams netted thieves more than $12 billion between 2013 and 2018. However, BEC scams succeed thanks to help from a variety of seemingly unrelated types of online fraud — most especially dating scams. BK: And where are they coming from?

Scams 191