Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 333

Hacking Social Engineering Phishing Scams 333

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Options like waiting rooms and password-protected meetings can help prevent unauthorized access.

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 9, 2024, U.S. Twilio disclosed in Aug.

Social Engineering 359

Social Engineering Mobile Passwords Cybercrime 359

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. “They were calling up consumer service and tech support personnel, instructing them to reset their passwords.

Social Engineering 294

Social Engineering Phishing Engineering Accountability 294

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 313

Cryptocurrency Cybercrime Computers and Electronics Scams 313

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Simic Bojan Simic , CEO, HYPR The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts. While fully agentic AI malware remains years away, the industry must prepare now.

Risk 173

Risk Threat Detection Technology Phishing 173

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Krebs on Security

AUGUST 30, 2022

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 342

Mobile Phishing Authentication Accountability 342

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 277

Mobile Cryptocurrency Accountability Passwords 277

Security Boulevard

MAY 23, 2025

As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. If you hold cryptocurrency or are using Web3 platforms, you need to be careful. Dont be phished or socially engineered! Avoid browser extensions!

Cryptocurrency 59

Cryptocurrency Social Engineering Engineering Password Management 59

Malwarebytes

JUNE 9, 2025

Scammers are getting better at social engineering and are using Artificial Intelligence (AI) to sound more authentic and eliminate any spelling errors. Secure your accounts Change the passwords on all your online accounts, especially financial and email accounts. Unfortunately, people getting scammed online is a frequent event.

Scams 77

Scams Banking Artificial Intelligence Accountability 77

SecureWorld News

JUNE 17, 2024

The CISA warning explicitly states that its employees "will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret." RELATED: The Impact of AI on Social Engineering Cyber Attacks ] Follow SecureWorld News for more stories related to cybersecurity.

Social Engineering 113

Social Engineering Scams Artificial Intelligence Engineering 113

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 95

Insurance Cryptocurrency Cyber threats Marketing 95

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. As cryptocurrencies continue to grow, this number is only ever going to get larger. million in 2023.

Phishing 77

Phishing Banking Scams Mobile 77

Malwarebytes

MARCH 19, 2024

Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. Katz pleaded guilty before Chief U.S.

Social Engineering 144

Social Engineering Computers and Electronics Mobile Identity Theft 144

Security Affairs

APRIL 7, 2025

“In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” Prosecutors revealed that Urban and co-conspirators stole victims’ personal info and used SIM swapping to reset crypto account passwords and drain funds.

Cybercrime 66

Cybercrime Identity Theft Social Engineering Hacking 66

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. Social engineering scams leverage psychological manipulation to deceive individuals and exploit the victims’ trust. Phishing attacks.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

SecureWorld News

FEBRUARY 14, 2025

Use secure payment methods Avoid wire transfers, prepaid gift cards, or cryptocurrency for online purchases for Valentine's Day. Protect your personal information Valentine's Day scammers take advantage of social engineering and people letting their guard down around February 14th.

Scams 74

Scams Cybercrime Social Engineering Phishing 74

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. The once-broad range of targets, including cryptocurrency wallets, has been abandoned.

Banking 108

Banking Malware Energy and Utilities Encryption 108

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 138

Phishing Data breaches Cryptocurrency Social Engineering 138

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file.

Malware 331

Malware Software Technology Accountability 331

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Some crypto currency exchanges use an even stronger method, of requiring confirmation both by an SMS to the phone and by email.

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

SecureWorld News

MAY 21, 2025

Coinbase, the largest cryptocurrency exchange platform in the U.S., The attack involved the bribery of third- party customer service contractors, enabling unauthorized access to user names, addresses, email addresses, and partial Social Security numbers. No passwords, private keys, or funds were compromised, according to the company.

Ransomware 76

Ransomware Social Engineering Data breaches Cryptocurrency 76

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency 109

Cryptocurrency Social Engineering Malware Cybercrime 109

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Meanwhile, in August 2020, we also released a private report on VileRAT to our threat intelligence customers for the first time.

Cryptocurrency 119

Cryptocurrency Encryption Social Engineering Passwords 119

SecureList

OCTOBER 23, 2024

List of in-the-wild 0-days caught and reported by Kaspersky over the past 10 years Social activity What never ceases to impress us is how much effort Lazarus APT puts into their social engineering campaigns. Is that really all this game has to offer?

Engineering 145

Engineering Social Engineering Accountability Cryptocurrency 145

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 133

Scams Phishing Cryptocurrency Accountability 133

CyberSecurity Insiders

APRIL 5, 2023

According to a study conducted by se-curity firm Mandiant, the group has been in operation since 2018 and has now been tasked with carrying out both espionage and financially motivated attacks such as credential harvesting and social engineering.

Hacking 105

Hacking Social Engineering Cryptocurrency Manufacturing 105

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. “Most of the observed malware was capable of stealing both user passwords and cookies. The hackers used fake collaboration opportunities (i.e.

Accountability 144

Accountability Malware Phishing Social Engineering 144

IT Security Guru

SEPTEMBER 28, 2023

Perpetrators utilise ransomware as a means to extort funds from their targets, typically requesting payment in cryptocurrencies, in exchange for a decryption key or as a condition to prevent the exposure of sensitive information on the dark web or public internet. With that said…Password Attacks are honestly in the past.

Ransomware 134

Ransomware Encryption Backups Social Engineering 134

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 134

Cryptocurrency Malware Authentication Banking 134

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 104

Cryptocurrency Phishing Social Engineering Accountability 104

Approachable Cyber Threats

JULY 7, 2022

The booming market on the Dark Web for passwords and other personal information make it a lucrative business for any cybercriminal - and Raccoon Stealer’s Malware-as-a-Service model makes it even easier for anyone to steal your information to make a profit. DropBox and social engineering. Wait, what is Malware-as-a-Service?”

Social Engineering 99

Social Engineering Cryptocurrency Malware Antivirus 99

Malwarebytes

JULY 19, 2022

Hundreds—if not thousands—of WordPress sites remain vulnerable and easily exploited by scammers because of their poor security and the use of weak passwords. However, Akamai researchers believe that socially engineering PayPal users to let them keep giving away their data is what makes this phishing kit successful.

Phishing 127

Phishing Social Engineering Accountability Engineering 127

Krebs on Security

JULY 22, 2020

According to 4iq.com , a service that indexes account details like usernames and passwords exposed in Web site data breaches, the jperry94526 email address was used to register accounts at several other sites over the years, including one at the apparel store Stockx.com under the profile name Josh Perry. CONSPIRACY.

Hacking 351

Hacking Accountability Scams Media 351