Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms. Don’t be discouraged.

Hacking 296

Hacking Accountability Government Social Engineering 296

The Hacker News

MAY 8, 2025

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.

Cryptocurrency 105

Cryptocurrency Engineering Phishing Cybersecurity 105

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime 112

Cybercrime Identity Theft Cryptocurrency Phishing 112

Krebs on Security

DECEMBER 29, 2024

The first profiled Cryptomus , a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.

Scams 244

Scams Cybercrime Cryptocurrency Social Engineering 244

Malwarebytes

APRIL 26, 2022

Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The design of the phish page is quite similar to many that we’ve seen. Bad ads are at it again.

Cryptocurrency 135

Cryptocurrency Phishing Engineering Mobile 135

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings. Image: CISA.

Cryptocurrency 346

Cryptocurrency Financial Services Banking Government 346

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications.

Scams 123

Scams Malware Phishing Social Engineering 123

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. As for the specifics of the phishing tactic deployed, Cuban is reported as saying he may have downloaded a bogus wallet tool via a search engine query.

Cryptocurrency 135

Cryptocurrency Scams Phishing Engineering 135

Krebs on Security

JUNE 15, 2024

One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Hacking 345

Hacking Cybercrime Phishing Passwords 345

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 333

Hacking Social Engineering Phishing Scams 333

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. “Targeting of Cryptocurrency Users and Influencers: Crazy Evil explicitly victimizes the cryptocurrency space with bespoke spearphishing lures.”

Scams 86

Scams Media Cryptocurrency Cybercrime 86

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Security Boulevard

APRIL 14, 2023

Cryptocurrency-related phishing attacks are on the rise, with a report from Kaspersky recording an increase of 40% in 2022 compared to the previous year. The post Cryptocurrency Phishing Threats Luring New Victims appeared first on Security Boulevard.

Cryptocurrency 98

Cryptocurrency Phishing Threat Reports Social Engineering 98

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Dooley Doug Dooley , COO, Data Theorem In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

CyberSecurity Insiders

JANUARY 17, 2022

North Korea, the nation that is being led by Kim Jong UN is back into news headlines for stealing cryptocurrency worth millions through cyber attacks. The post North Korea steals $400m cryptocurrency through Cyber Attacks appeared first on Cybersecurity Insiders.

Cryptocurrency 135

Cryptocurrency Cyber Attacks Social Engineering Banking 135

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency 132

Cryptocurrency Cybercrime Education Scams 132

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 342

Mobile Phishing Authentication Accountability 342

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering 359

Social Engineering Mobile Passwords Cybercrime 359

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 139

Phishing Data breaches Cryptocurrency Social Engineering 139

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 80

Phishing Banking Scams Mobile 80

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 133

Scams Phishing Cryptocurrency Social Engineering 133

Security Boulevard

MARCH 15, 2024

In the ever-evolving landscape of cybersecurity, a fresh menace has emerged, targeting crypto enthusiasts through a sophisticated phishing kit. Learning how to avoid crypto phishing is crucial […] The post Crypto Phishing Kit Impersonating Login Pages: Stay Informed appeared first on TuxCare.

Phishing 105

Phishing Cryptocurrency Mobile Engineering 105

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. The bot accepts payments in cryptocurrency only. What is an OTP bot?

Phishing 145

Phishing Banking Social Engineering Accountability 145

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. “Someone was trying to phish employee credentials, and they were good at it,” Wired reported.

Social Engineering 294

Social Engineering Phishing Engineering Accountability 294

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts. .

Banking 132

Banking Phishing Social Engineering Engineering 132

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord.

Scams 135

Scams Phishing Social Engineering Banking 135

Security Boulevard

APRIL 30, 2021

Are you investing in cryptocurrency or thinking about it? Be sure to listen or watch our April monthly show for our top 3 ways to keep your cryptocurrency safe! ** Links mentioned on the show ** 10 Ways to Keep Your Cryptocurrency Safe [link] Beware of These Top Bitcoin Scams [link] 9 Best Crypto Wallets […].

Cryptocurrency 116

Cryptocurrency Scams Social Engineering Engineering 116

Malwarebytes

AUGUST 26, 2021

In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. They are not available for every cryptocurrency. We can’t answer the first question for you.

Cryptocurrency 127

Cryptocurrency Banking Hacking Engineering 127

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Boulevard

JULY 18, 2024

A crypto phishing campaign has been identified in which a threat actor employs AI-generated content to create 17,000 phishing lure sites impersonating more than 30 major cryptocurrency brands, including Coinbase, Crypto.com, Metamask and Trezor.

Phishing 103

Phishing Cryptocurrency Social Engineering Engineering 103

Malwarebytes

APRIL 28, 2021

The victim is typically sent to a phishing page where accounts, payment details, identities, or other things can be stolen. We first observed the technique used on gamers back in 2014, and it eventually branched out into bank phishing. This is aided by imitation accounts modelled to look like the genuine organisation’s account.

Phishing 135

Phishing Cryptocurrency Accountability Scams 135

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 81

Malware Cryptocurrency Encryption Engineering 81

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 313

Cryptocurrency Cybercrime Computers and Electronics Scams 313

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 359

Passwords Accountability Engineering Phishing 359

Malwarebytes

JUNE 23, 2022

This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine arrests, 24 house searches, and the seizure of firearms, ammunition, jewelry, electronic devices, cash, and cryptocurrency. The group was involved in fraud, money laundering, phishing, and scams.

Phishing 118

Phishing Banking Cryptocurrency Scams 118