Malwarebytes

MARCH 19, 2024

Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. Katz pleaded guilty before Chief U.S.

Social Engineering 136

Social Engineering Computers and Electronics Mobile Identity Theft 136

Bleeping Computer

JULY 20, 2023

GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. [.]

Social Engineering 81

Social Engineering Cryptocurrency Engineering Accountability 81

eSecurity Planet

DECEMBER 21, 2021

Cryptocurrency Fuels Ransomware. One constant in all this will be cryptocurrency, the coin of the realm when it comes to ransomware. Cryptocurrency really is fueling this in a sense. … If you were to take cryptocurrency away from that, they don’t have a convenient digital platform.

Cryptocurrency 129

Cryptocurrency Ransomware Cybercrime Social Engineering 129

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers. Pierluigi Paganini.

Accountability 126

Accountability Malware Phishing Social Engineering 126

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. SecurityAffairs – hacking, cryptocurrency-themed apps). million. .”

Cryptocurrency 104

Cryptocurrency Mobile Hacking Accountability 104

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.]

Social Engineering 139

Social Engineering Authentication Engineering Accountability 139

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. Microsoft researchers warn of a new social engineering campaign aimed at IT job seekers that relied on a new cluster of bogus skills assessment portals. ” warns Microsoft through a series of posts on X.

Social Engineering 117

Social Engineering Cryptocurrency Engineering Malware 117

Malwarebytes

JULY 19, 2022

Together with the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. Stay safe, everyone!

Cryptocurrency 82

Cryptocurrency Mobile Banking Internet 82

Malwarebytes

OCTOBER 27, 2023

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier.

Social Engineering 96

Social Engineering Engineering Ransomware Backups 96

Security Through Education

MARCH 22, 2023

They all use psychology and social engineering skills to convince their victims to take an action that is detrimental to them. Impersonators create fake social media accounts that include the names, images, logos, or other identifying information, of a person, brand, or organization. billion fake accounts in 2021.

Scams 122

Scams Social Engineering Engineering Media 122

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 127

Cryptocurrency Malware Accountability Banking 127

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 253

Hacking Social Engineering Phishing Scams 253

Malwarebytes

JANUARY 20, 2023

A threat actor successfully used compromised employee credentials to gain access to 133 accounts on Mailchimp, the mainstream Intuit-owned email marketing platform, in a security incident that recently came to light. "On The blog further asserts the company's compromise had not affected other Intuit systems or other Mailchimp customer data.

Social Engineering 85

Social Engineering Accountability Cryptocurrency Engineering 85

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering 305

Social Engineering Mobile Cybercrime Passwords 305

Malwarebytes

JULY 19, 2021

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. Folks already involved in cryptocurrency would likely have suspicions raised after reading the below. It’s all about that personal touch in the land of cryptocurrency scams.

Accountability 104

Accountability Scams Cryptocurrency Banking 104

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Members of The Community face charges of wire fraud and aggravated identity theft.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Security Boulevard

AUGUST 2, 2022

Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. It is easy to detect and block things like malicious cryptocurrency apps or crypto-phishing websites.

Cryptocurrency 98

Cryptocurrency Ransomware Government Risk 98

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 94

Scams Phishing Cryptocurrency Social Engineering 94

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 84

Cryptocurrency Social Engineering Accountability Media 84

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. Trezor WARNING: Elaborate Phishing attack.

Phishing 115

Phishing Data breaches Cryptocurrency Social Engineering 115

Security Boulevard

FEBRUARY 12, 2021

A SIM, or Subscriber Identity Module, is the little chip that goes inside a phone and ties that phone to a particular account at a particular mobile provider. If the phone provider believes you have a new phone, they can tell their system, this is the new SIM number that should be linked to your account. Sorry, couldn't resist!)

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 77

Cryptocurrency Phishing Social Engineering Accountability 77

CyberSecurity Insiders

AUGUST 17, 2022

The aim behind the said social engineering attack is simple, one to trap employees with fake job offers and second to lure customers in signing up the page and then steal their currency. But now have spread malware in disguise of a PDF file to employees in reputable positions at Coinbase.

Social Engineering 117

Social Engineering Cryptocurrency Education Cybercrime 117

The Last Watchdog

APRIL 14, 2022

The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers. Scenario 2. Scenario 3. Planned attacks.

Phishing 243

Phishing Accountability Scams Social Engineering 243

Security Affairs

SEPTEMBER 17, 2023

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. The group is also suspected to have recently stolen $31 million from the professional global cryptocurrency exchange CoinEx. The Stake.com and CoinEx exploits account for 78% of September’s total.”

Social Engineering 115

Social Engineering Cryptocurrency Hacking Engineering 115

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. A phishing page (helpdesk-att[.]com)

Phishing 353

Phishing VPN Social Engineering Media 353

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 61

Insurance Cryptocurrency Cyber threats Marketing 61

Malwarebytes

FEBRUARY 15, 2021

This can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. The consequences can be particularly bad if the victim has an online cryptocurrency account protected by SMS 2FA codes sent to their phone.

Social Engineering 119

Social Engineering Cryptocurrency Accountability Authentication 119

Malwarebytes

JULY 19, 2022

In a nutshell, it’s an extensive form of information theft, the likes of which could result in someone’s identity being fully stolen and their financial and other online accounts being taken over. PayPal phishing sites are a dime a dozen due to the number of people and companies using it as another form of payment method.

Phishing 107

Phishing Social Engineering Accountability Engineering 107

Malwarebytes

AUGUST 13, 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. One of the sneakiest ways to grab a code is to jump into customer support discussions on social media. Scammers set up fake customer support style accounts, then direct potential victims to phishing pages hosted elsewhere. Recovery code theft.

Scams 104

Scams Cryptocurrency Social Engineering Media 104

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 276

Mobile Phishing Authentication Accountability 276

eSecurity Planet

NOVEMBER 18, 2022

This involved using an “unsecured group email account as the root user to access confidential private keys and critically sensitive data for the FTX Group companies around the world…” About $740 million in cryptocurrency has been placed into new cold wallets. Also read : The Link Between Ransomware and Cryptocurrency.

Risk 136

Risk Cybersecurity Cryptocurrency Social Engineering 136

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 99

Cryptocurrency Malware Authentication Banking 99

Malwarebytes

MARCH 13, 2023

Within those complaints, cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 There are a number of different methods that cryptocurrency investment fraudsters deploy: Liquidity mining. Hacked social media accounts. billion in 2022, an increase of 183%. Celebrity impersonation. Employment.

Cryptocurrency 60

Cryptocurrency Scams Media Social Engineering 60

Malwarebytes

SEPTEMBER 11, 2023

Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing. The message content aimed to social engineer the recipients into downloading and opening a malicious file hosted remotely.”

Malware 113

Malware Social Engineering Cryptocurrency Cybercrime 113

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. which owns LinkedIn, said in September 2022 that it had detected a wide range of social engineering campaigns using a proliferation of phony LinkedIn accounts.

Malware 266

Malware Software Technology Accountability 266

Malwarebytes

NOVEMBER 6, 2023

The intruder used this to access some of the employee’s accounts, including LinkedIn, as well as their work account. In 2022, Octo Tempest began selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals in order to steal their cryptocurrency.

Ransomware 102

Ransomware Backups Accountability Social Engineering 102