Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 333

Hacking Social Engineering Phishing Scams 333

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Enable multi-factor authentication (MFA): Implementing MFA adds layer of security to your accounts.

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

Hacking 346

Hacking Cybercrime Phishing Passwords 346

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “These guys were not leet , just damn persistent.” ” HOW DID WE GET HERE?

Social Engineering 294

Social Engineering Phishing Engineering Accountability 294

Security Affairs

APRIL 7, 2025

By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited. Guidebooks are also available to instruct on how to exploit the information obtained, in order to more effectively target victims through social engineering and doxxing campaigns.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. 9, 2024, U.S. Twilio disclosed in Aug.

Social Engineering 359

Social Engineering Mobile Passwords Cybercrime 359

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. On that last date, Twilio disclosed that on Aug. According to an Aug.

Mobile 342

Mobile Phishing Authentication Accountability 342

Bleeping Computer

SEPTEMBER 15, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.]

Social Engineering 141

Social Engineering Authentication Engineering Accountability 141

Malwarebytes

APRIL 19, 2022

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.

Cryptocurrency 143

Cryptocurrency Social Engineering Computers and Electronics Engineering 143

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. It copied both the name and icon of the legitimate app, making it appear authentic to unsuspecting users.

Banking 110

Banking Malware Energy and Utilities Encryption 110

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. Phishing, Social Engineering are Still Problems.

Authentication 113

Authentication Social Engineering Phishing Banking 113

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 277

Mobile Cryptocurrency Accountability Passwords 277

The Last Watchdog

APRIL 14, 2022

The email specifies that the HR manager should include the codes associated with each card, which the scammer behind the scenes then sells online for cash or cryptocurrency. An HR benefits manager receives an email from the department VP asking him to purchase gift cards for a new employee rewards program. Scenario 3.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Malwarebytes

JUNE 9, 2025

Scammers are getting better at social engineering and are using Artificial Intelligence (AI) to sound more authentic and eliminate any spelling errors. Use strong, unique passwords and enable multi-factor authentication (MFA) wherever possible. Unfortunately, people getting scammed online is a frequent event.

Scams 80

Scams Banking Artificial Intelligence Accountability 80

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. As cryptocurrencies continue to grow, this number is only ever going to get larger. million in 2023.

Phishing 80

Phishing Banking Scams Mobile 80

Security Boulevard

MAY 23, 2025

As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. If you hold cryptocurrency or are using Web3 platforms, you need to be careful. Enable multifactor authentication (2FA or MFA) when available on your wallets 2.

Cryptocurrency 59

Cryptocurrency Social Engineering Engineering Password Management 59

Security Affairs

JUNE 4, 2024

These include: Social engineering tactics SIM swapping schemes Banking and credit card fraud” The attackers use various social engineering and spoofing tactics to trick victims into revealing their sensitive information, which supports real-time interaction to abuse and bypass MFA (Multi-Factor Authentication).

Banking 130

Banking Phishing Social Engineering Engineering 130

Security Affairs

MARCH 29, 2025

Notifications & Social Engineering: Posts fake push notifications to trick users. Data Theft: Captures Google Authenticator screen content to steal OTP codes. Crocodilus steals OTP codes from Google Authenticator via Accessibility Logging, enabling account takeovers. ” ThreatFabric concludes.

Banking 69

Banking Mobile Identity Theft Malware 69

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 313

Cryptocurrency Cybercrime Computers and Electronics Scams 313

Malwarebytes

MARCH 19, 2024

For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. He was paid in Bitcoin, which was traced back to Katz’s cryptocurrency account.

Social Engineering 144

Social Engineering Computers and Electronics Mobile Identity Theft 144

Malwarebytes

FEBRUARY 15, 2021

This can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. For that reason, SIM swapping can be used to circumvent two-factor authentication (2FA) that requires a manually-entered code, sent by SMS message.

Social Engineering 143

Social Engineering Cryptocurrency Accountability Authentication 143

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. Social engineering scams leverage psychological manipulation to deceive individuals and exploit the victims’ trust.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 138

Phishing Data breaches Cryptocurrency Social Engineering 138

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Some crypto currency exchanges use an even stronger method, of requiring confirmation both by an SMS to the phone and by email.

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 133

Scams Phishing Cryptocurrency Accountability 133

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Ransomware. Password and info stealers.

Cryptocurrency 110

Cryptocurrency Social Engineering Malware Cybercrime 110

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 98

Cryptocurrency Social Engineering Accountability Media 98

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 135

Cryptocurrency Malware Authentication Banking 135

SecureList

APRIL 21, 2025

Lumma has also been observed using exploit kits, social engineering, and compromised websites to extend its reach and evade detection by security solutions. Fake Telegram channels for pirated content and cryptocurrencies. In this article, we’ll focus mainly on the fake CAPTCHA distribution vector.

Malware 86

Malware Cryptocurrency Software Phishing 86

SecureWorld News

FEBRUARY 27, 2025

billion hack of cryptocurrency exchange Bybit to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group. The company has also publicly called out cryptocurrency exchange eXch for refusing to cooperate with the investigation, hindering efforts to freeze and trace the stolen funds.

Hacking 60

Hacking Cryptocurrency Cybercrime Social Engineering 60

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The hackers used fake collaboration opportunities (i.e. a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators.

Accountability 145

Accountability Malware Phishing Social Engineering 145

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 104

Cryptocurrency Phishing Social Engineering Accountability 104

Webroot

FEBRUARY 13, 2024

Rise in Cryptocurrency Payments : Fraudsters are increasingly asking for payments in cryptocurrency, exploiting its semi-anonymous nature. In 2021, losses to romance scams involving cryptocurrency were reported at $139 million ​​. Expect this to avenue of fraud to consistently escalate as crypto prices and adoption increase.

Scams 122

Scams Cryptocurrency Media Education 122