ReportWire

Tag: Phishing

  • Microsoft 365 users targeted in sophisticated ‘vishing’ attack – Tech Digest

    [ad_1]

    Share

    Image: Bleeping Computer. https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/

    Hackers have launched a massive campaign targeting Microsoft 365 and Entra ID (formerly Azure AD) users in a phishing and ‘vishing,’ or voice-based social engineering, attack.

    This ongoing operation bypasses standard security measures by exploiting the Microsoft Device Code flow, a feature typically used to authenticate devices, including smart TVs and printers.

    The attack begins with a deceptive phone call or a high-priority email notification. Fraudsters often pose as Microsoft technical support or IT security staff, alerting the victim to a “security breach” or a “blocked login attempt” that requires immediate verification.

    During the conversation, the attacker instructs the user to visit the legitimate Microsoft device login page and enter a specific eight-digit code provided by the hacker.

    Exploiting human trust 

    This method is particularly dangerous because it does not rely on a fake website. Instead, it directs users to Microsoft’s official infrastructure, which creates a false sense of security.

    Once the victim enters the code, they are essentially granting the attacker’s device authorization to access their account. This allows the hacker to bypass multi-factor authentication (MFA) entirely, as the user has “verified” the session through their own trusted device and credentials.

    Targeted are corporate employees and high-level executives within organizations that rely on Microsoft Entra ID for identity management. Because the hackers gain a “primary refresh token,” they can maintain long-term access to the victim’s emails, SharePoint documents and internal chat logs without needing to log in again.

    This level of access is often a precursor to business email compromise (BEC) fraud or the deployment of ransomware within a corporate network.

    To defend against this campaign, cybersecurity experts emphasize that users should never enter a device code provided to them by an unsolicited caller. Microsoft never uses the device code flow for security verification or identity confirmation over the phone.

    Organizations are being urged to implement Conditional Access policies that restrict device code flow to specific, managed devices only. Training staff to recognize that even official-looking login pages can be used for malicious purposes remains the most effective line of defence against this evolving threat.


    For latest tech stories go to TechDigest.tv

    Discover more from Tech Digest

    Subscribe to get the latest posts sent to your email.

    [ad_2]

    Chris Price

    Source link

  • Crypto Users Lose Far Less To Phishing As Losses Drop 83% – Details

    [ad_1]

    Crypto phishing losses plunged in 2025, but experts warn the threat has only changed shape rather than disappeared. Reports show a sharp fall in money stolen by wallet-draining scams, even as attackers tested new tricks tied to recent protocol changes.

    Related Reading

    Scam Sniffer Data Shows Drop

    According to Scam Sniffer’s 2025 analysis, wallet drainer phishing losses fell to about $83.85 million — an 83% decline from roughly $494 million in 2024.

    The number of affected wallets dropped to around 106,000, a fall of about 68% year-on-year. These figures come from the security platform’s annual study and were picked up by major crypto outlets.

    Attackers Shift, Not Stop

    Only 11 incidents topped $1 million in 2025, down from 30 the prior year, signaling fewer headline grabs but a rise in smaller hits. The largest single theft recorded last year was roughly $6.5 million, tied to a malicious Permit signature attack.

    Average losses per victim fell to roughly $790, which suggests attackers moved toward more frequent, lower-value strikes.

    Source: Scam Sniffer

    Market Moves Mattered

    Losses followed market activity. The third quarter logged the highest damage at about $31 million, when Ethereum’s rally brought more users and approvals onchain.

    Monthly peaks included August, which posted about $12.17 million, while December was the quietest with roughly $2 million. That pattern shows fraudsters target busy trading windows.

    Source: Scam Sniffer

    Permit Signatures And New Vectors

    Reports highlighted Permit and Permit2 signature abuses as a major driver of big losses, accounting for a large share of multi-million cases.

    Scam Sniffer also flagged EIP-7702 batch signature techniques that were used in a few complex attacks after network upgrades. Security teams say these methods exploit user approval flows rather than raw smart-contract bugs.

    Total crypto market cap currently at $3.08 trillion. Chart: TradingView

    Why The Drop Happened

    Analysts attribute much of the improvement to better wallet warnings, wider use of approval revocation tools, and more active tracking by onchain monitors.

    Some defenders also point to reduced market froth in parts of the year, which lowered the pool of high-value targets. Still, multiple outlets stress that reduced totals do not equal safety.

    Related Reading

    Based on reports, phishing will likely remain cyclical: losses could spike again during big rallies or when new signing features are introduced.

    Security firms urge users to check approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are watching the trend, but responsibility for many attacks still falls to individual users and wallet software.

    Featured image from Unsplash, chart from TradingView

    [ad_2]

    Christian Encila

    Source link

  • How scammers use the holiday season to steal your money, information

    [ad_1]

    Scammers particularly use the holiday season to steal your money and information.Hoping consumers will let down their guard, or just trying to spoof legitimate businesses, scammers will do everything they can to take advantage of your vulnerability or generosity.Chase and the Baltimore Police Department recently hosted a scam education event to show consumers how to protect themselves. Some of their tips are listed below.Holiday shopping: What to knowShop with trusted retailers: Stick to reputable websites when shopping online. If you’re unfamiliar with a store, search for its name along with terms like “scam,” “complaints” or “reviews” to uncover any red flags.Verify website URLs: Scammers can create fake websites that look like legitimate retailers. Ensure the URL starts with “https://” as the “s” stands for secure. Avoid clicking links from unsolicited emails or texts.Beware of unrealistic deals: Scammers lure buyers by offering massive discounts on popular or sold-out items. If a deal seems too good to be true, it’s likely a scam.How you pay matters: Credit cards and debit cards offer different protections than cash or payment transfer apps, like Zelle and Venmo. Remember, only use apps like Zelle to pay others you know and trust.Shopping on public Wi-Fi: Avoid connecting to public Wi-Fi when making an online purchase. Scammers can intercept your personal information on unsecured networks.Use digital tools: Trusted financial institutions offer credit and identity monitoring, including alerts to inform you when your data is exposed in a data breach or on the dark web.Online deals that are too good to be trueWhen shopping online or on social media, buy only from trusted websites and vendors. If purchasing on a marketplace, stay on the platform to complete transactions and communicate with sellers, as protections often only apply when you use the platform.Use payment methods that offer buyer protection. Never send money to strangers, particularly via payment-transfer apps like Zelle or Venmo, for purchases, especially when you can’t confirm the goods exist. Missed packages or problems with deliveryExpecting a package? Be cautious of phishing messages through email or text message that impersonate delivery services, like the U.S. Postal Service, UPS or FedEx, with links to view “missed deliveries.” These links may lead to fake sign-in pages to capture your actual password or to malware-infected sites.Do not respond to messages requesting personal or financial information, including money or cryptocurrency. Be wary of unexpected packages and avoid scanning QR codes, as they may be attempts to steal your information.Scams: Fake refunds, quishing, phishing/smishing, whalingRefund scams: Another scam doesn’t demand payment. Instead, it dangles a refund, sometimes via text messages posing as official messages from “Department of Taxation,” urging recipients to “click here to claim your refund.” The texts look legitimate at a glance, but they are designed to lure you into tapping a fraudulent link and handing over personal information. Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims. The practice called “quishing” uses a QR code that sends you to a dummy website to get your information — and money.When it comes to phishing, the term is more widely known, but people are still falling for it. Phishing emails or texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file.Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resources and financial offices as well as leadership. Video below: An expert’s tips to avoid falling for QR code scamsGift card scamsBe cautious about buying gift cards from third-party sites. Scammers will pre-save card details or sell expired cards.Don’t respond to an unsolicited email or text message offering you a gift card because it’s often a way to track your online activity.Don’t fall for scammers asking you to pay for services or goods using gift cards.Video below: Guide to selling gift cards securely onlinePhony charitiesThe holidays are also a season of giving, but before you donate money, double-check the contact and payment information for a charity.Beware of text, email or phone call solicitations. Like any other unsolicited message, don’t click on links or open attachments because they may contain malware or try to steal your information.Travel scamsScammers try to mimic or impersonate popular travel websites by recreating familiar branding, logos or company verbiage.As part of your travel research, do scam checks by looking up unfamiliar retail, travel and services websites by searching online for their names along with terms like “scam,” “complaints” or “reviews.”Chase advises using a credit card to book travel so that if an issue arises, you can dispute it.What to do if you fall victim to a scamVideo below: Steps to take immediately after falling for a scamStop communication: Discontinue all contact with the scammer immediately to prevent further damage.Document everything: Take note of all relevant information, including the scammer’s contact details and any information that may be useful when reporting the incident.Contact your bank: Report the incident and verify recent transactions to ensure there is no fraudulent activity on your account.Report the incident: File a police report or an inquiry to the Federal Trade Commission for official documentation.Monitor for identity theft: Sign up for credit and identity monitoring to receive alerts when your personal information has been leaked in a data breach or shows up on the dark web.Change your passwords: Update your online accounts by creating strong passwords, particularly if the scam involved accessing your personal information.Share your experience: Let friends and family know what happened to raise awareness about the signs of scams and help others avoid falling victim. Remember that financial scams can, and do, happen to anyone, so don’t feel embarrassed.Remain on high alert for follow-up scams: Scammers might attempt to target you again, especially if they know you’ve fallen victim before. Be cautious of unsolicited communications.

    Scammers particularly use the holiday season to steal your money and information.

    Hoping consumers will let down their guard, or just trying to spoof legitimate businesses, scammers will do everything they can to take advantage of your vulnerability or generosity.

    Chase and the Baltimore Police Department recently hosted a scam education event to show consumers how to protect themselves. Some of their tips are listed below.

    Holiday shopping: What to know

    Shop with trusted retailers: Stick to reputable websites when shopping online. If you’re unfamiliar with a store, search for its name along with terms like “scam,” “complaints” or “reviews” to uncover any red flags.

    Verify website URLs: Scammers can create fake websites that look like legitimate retailers. Ensure the URL starts with “https://” as the “s” stands for secure. Avoid clicking links from unsolicited emails or texts.

    Beware of unrealistic deals: Scammers lure buyers by offering massive discounts on popular or sold-out items. If a deal seems too good to be true, it’s likely a scam.

    How you pay matters: Credit cards and debit cards offer different protections than cash or payment transfer apps, like Zelle and Venmo. Remember, only use apps like Zelle to pay others you know and trust.

    Shopping on public Wi-Fi: Avoid connecting to public Wi-Fi when making an online purchase. Scammers can intercept your personal information on unsecured networks.

    Use digital tools: Trusted financial institutions offer credit and identity monitoring, including alerts to inform you when your data is exposed in a data breach or on the dark web.

    Online deals that are too good to be true

    When shopping online or on social media, buy only from trusted websites and vendors. If purchasing on a marketplace, stay on the platform to complete transactions and communicate with sellers, as protections often only apply when you use the platform.

    Use payment methods that offer buyer protection. Never send money to strangers, particularly via payment-transfer apps like Zelle or Venmo, for purchases, especially when you can’t confirm the goods exist.

    Missed packages or problems with delivery

    Expecting a package? Be cautious of phishing messages through email or text message that impersonate delivery services, like the U.S. Postal Service, UPS or FedEx, with links to view “missed deliveries.”

    These links may lead to fake sign-in pages to capture your actual password or to malware-infected sites.

    Do not respond to messages requesting personal or financial information, including money or cryptocurrency. Be wary of unexpected packages and avoid scanning QR codes, as they may be attempts to steal your information.

    Scams: Fake refunds, quishing, phishing/smishing, whaling

    Refund scams: Another scam doesn’t demand payment. Instead, it dangles a refund, sometimes via text messages posing as official messages from “Department of Taxation,” urging recipients to “click here to claim your refund.” The texts look legitimate at a glance, but they are designed to lure you into tapping a fraudulent link and handing over personal information.

    Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims. The practice called “quishing” uses a QR code that sends you to a dummy website to get your information — and money.

    When it comes to phishing, the term is more widely known, but people are still falling for it. Phishing emails or texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file.

    Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resources and financial offices as well as leadership.

    Video below: An expert’s tips to avoid falling for QR code scams

    Gift card scams

    Be cautious about buying gift cards from third-party sites. Scammers will pre-save card details or sell expired cards.

    Don’t respond to an unsolicited email or text message offering you a gift card because it’s often a way to track your online activity.

    Don’t fall for scammers asking you to pay for services or goods using gift cards.

    Video below: Guide to selling gift cards securely online

    Phony charities

    The holidays are also a season of giving, but before you donate money, double-check the contact and payment information for a charity.

    Beware of text, email or phone call solicitations. Like any other unsolicited message, don’t click on links or open attachments because they may contain malware or try to steal your information.

    Travel scams

    Scammers try to mimic or impersonate popular travel websites by recreating familiar branding, logos or company verbiage.

    As part of your travel research, do scam checks by looking up unfamiliar retail, travel and services websites by searching online for their names along with terms like “scam,” “complaints” or “reviews.”

    Chase advises using a credit card to book travel so that if an issue arises, you can dispute it.

    What to do if you fall victim to a scam

    Video below: Steps to take immediately after falling for a scam

    Stop communication: Discontinue all contact with the scammer immediately to prevent further damage.

    Document everything: Take note of all relevant information, including the scammer’s contact details and any information that may be useful when reporting the incident.

    Contact your bank: Report the incident and verify recent transactions to ensure there is no fraudulent activity on your account.

    Report the incident: File a police report or an inquiry to the Federal Trade Commission for official documentation.

    Monitor for identity theft: Sign up for credit and identity monitoring to receive alerts when your personal information has been leaked in a data breach or shows up on the dark web.

    Change your passwords: Update your online accounts by creating strong passwords, particularly if the scam involved accessing your personal information.

    Share your experience: Let friends and family know what happened to raise awareness about the signs of scams and help others avoid falling victim. Remember that financial scams can, and do, happen to anyone, so don’t feel embarrassed.

    Remain on high alert for follow-up scams: Scammers might attempt to target you again, especially if they know you’ve fallen victim before. Be cautious of unsolicited communications.

    [ad_2]

    Source link

  • Phishing scheme tricks people with free roadside kit

    [ad_1]

    TAHLEQUAH, Okla. – A free roadside safety kit is being offered under the auspices of AAA, but it’s actually a phishing scheme that not only levies a “shipping charge,” but uses bank card numbers for unrelated items.

    The Tahlequah Daily Press followed the link provided in a press release received by newsroom staff, preparing to write an article on something that sounded like a good deal for drivers who are members of AAA.

    This page requires Javascript.

    Javascript is required for you to be able to read premium content. Please enable it in your browser settings.

    kAm~? $6AE] ab[ E96 C6A@CE6C H2D 492C865 S`c]hd 7@C E96 U=5BF@j7C66UC5BF@j <:E[ 2?5 :E ?6G6C 2CC:G65] p 4964< H:E9 ppp AC@G:56CD C6G62=65 :E H2D 2 D42>] }@E @?=J H2D E96 C6A@CE6CUCDBF@jD 42C5 FD65 E@ E2<6 @FE E96 S`c]hd[ 3FE 2? 255:E:@?2= 492C86 @? $6AE] ah 7@C Sg`]`a H2D E2<6? @FE @7 E96 244@F?E[ 7@C D@>6E9:?8 ?@E @C56C65[ 7C@> E96 D2>6 E9:C5A2CEJ A2J>6?E 92?5=6C] %9:D C6BF:C65 E96 4=@D:?8 @7 E92E 244@F?E 2?5 2 ?6H 42C5 56=:G6C65] %96 A2J66 H2D U=5BF@juF== #9JE9> t49@[UC5BF@j 2?5 92D E96 A9@?6 ?F>36C @7 gggba_hghf[ 😕 r2=:7@C?:2] (96? E96 C6A@CE6C 42==65 E96 ?F>36C[ D96 H2D E@=5 u#t @?=J 92?5=6D A2J>6?ED 7@C C6E2:=6CD[ 2?5 E96 6?E:EJ C67FD65 E@ =@@< 7FCE96C :?E@ E96 EC2?D24E:@?] %96 =:?< DFAA=:65 3J 2 AC6DD C6=62D6 C646:G65 😕 E96 ?6HDC@@> 42>6 7C@> k2 9C67lQ>2:=E@ippp#@25D:56o>=H6DE=@2?D6CG:46D]4@>Qmppp#@25D:56o>=H6DE=@2?D6CG:46D]4@>k^2m[ 2?5 6>2:=D 4@?7:C>:?8 E96 <:E H2D @? E96 H2J 42>6 7C@> k2 9C67lQ>2:=E@i?@C6A=JoEH:E49]EGQm?@C6A=JoEH:E49]EGk^2m]k^Am

    kAm$96==J #@33:?D[ H:E9 #@33:?D x?DFC2?46 p86?4J 😕 %29=6BF29[ D2:5 E96D6 EJA6D @7 D42>D 42? 36 C64@8?:K65 3J A2J:?8 4=@D6 2EE6?E:@? E@ E96 H63D:E6 =:?<]k^Am

    [ad_2]

    By Lee Guthrie | CNHI Oklahoma

    Source link

  • Phishing scheme tricks people with free roadside kit

    [ad_1]

    TAHLEQUAH, Okla. – A free roadside safety kit is being offered under the auspices of AAA, but it’s actually a phishing scheme that not only levies a “shipping charge,” but uses bank card numbers for unrelated items.

    The Tahlequah Daily Press followed the link provided in a press release received by newsroom staff, preparing to write an article on something that sounded like a good deal for drivers who are members of AAA.

    This page requires Javascript.

    Javascript is required for you to be able to read premium content. Please enable it in your browser settings.

    kAm~? $6AE] ab[ E96 C6A@CE6C H2D 492C865 S`c]hd 7@C E96 U=5BF@j7C66UC5BF@j <:E[ 2?5 :E ?6G6C 2CC:G65] p 4964< H:E9 ppp AC@G:56CD C6G62=65 :E H2D 2 D42>] }@E @?=J H2D E96 C6A@CE6CUCDBF@jD 42C5 FD65 E@ E2<6 @FE E96 S`c]hd[ 3FE 2? 255:E:@?2= 492C86 @? $6AE] ah 7@C Sg`]`a H2D E2<6? @FE @7 E96 244@F?E[ 7@C D@>6E9:?8 ?@E @C56C65[ 7C@> E96 D2>6 E9:C5A2CEJ A2J>6?E 92?5=6C] %9:D C6BF:C65 E96 4=@D:?8 @7 E92E 244@F?E 2?5 2 ?6H 42C5 56=:G6C65] %96 A2J66 H2D U=5BF@juF== #9JE9> t49@[UC5BF@j 2?5 92D E96 A9@?6 ?F>36C @7 gggba_hghf[ 😕 r2=:7@C?:2] (96? E96 C6A@CE6C 42==65 E96 ?F>36C[ D96 H2D E@=5 u#t @?=J 92?5=6D A2J>6?ED 7@C C6E2:=6CD[ 2?5 E96 6?E:EJ C67FD65 E@ =@@< 7FCE96C :?E@ E96 EC2?D24E:@?] %96 =:?< DFAA=:65 3J 2 AC6DD C6=62D6 C646:G65 😕 E96 ?6HDC@@> 42>6 7C@> k2 9C67lQ>2:=E@ippp#@25D:56o>=H6DE=@2?D6CG:46D]4@>Qmppp#@25D:56o>=H6DE=@2?D6CG:46D]4@>k^2m[ 2?5 6>2:=D 4@?7:C>:?8 E96 <:E H2D @? E96 H2J 42>6 7C@> k2 9C67lQ>2:=E@i?@C6A=JoEH:E49]EGQm?@C6A=JoEH:E49]EGk^2m]k^Am

    kAm$96==J #@33:?D[ H:E9 #@33:?D x?DFC2?46 p86?4J 😕 %29=6BF29[ D2:5 E96D6 EJA6D @7 D42>D 42? 36 C64@8?:K65 3J A2J:?8 4=@D6 2EE6?E:@? E@ E96 H63D:E6 =:?<]k^Am

    [ad_2]

    By Lee Guthrie | CNHI Oklahoma

    Source link

  • Phishing scheme tricks people with free roadside kit

    [ad_1]

    TAHLEQUAH, Okla. – A free roadside safety kit is being offered under the auspices of AAA, but it’s actually a phishing scheme that not only levies a “shipping charge,” but uses bank card numbers for unrelated items.

    The Tahlequah Daily Press followed the link provided in a press release received by newsroom staff, preparing to write an article on something that sounded like a good deal for drivers who are members of AAA.

    This page requires Javascript.

    Javascript is required for you to be able to read premium content. Please enable it in your browser settings.

    kAm~? $6AE] ab[ E96 C6A@CE6C H2D 492C865 S`c]hd 7@C E96 U=5BF@j7C66UC5BF@j <:E[ 2?5 :E ?6G6C 2CC:G65] p 4964< H:E9 ppp AC@G:56CD C6G62=65 :E H2D 2 D42>] }@E @?=J H2D E96 C6A@CE6CUCDBF@jD 42C5 FD65 E@ E2<6 @FE E96 S`c]hd[ 3FE 2? 255:E:@?2= 492C86 @? $6AE] ah 7@C Sg`]`a H2D E2<6? @FE @7 E96 244@F?E[ 7@C D@>6E9:?8 ?@E @C56C65[ 7C@> E96 D2>6 E9:C5A2CEJ A2J>6?E 92?5=6C] %9:D C6BF:C65 E96 4=@D:?8 @7 E92E 244@F?E 2?5 2 ?6H 42C5 56=:G6C65] %96 A2J66 H2D U=5BF@juF== #9JE9> t49@[UC5BF@j 2?5 92D E96 A9@?6 ?F>36C @7 gggba_hghf[ 😕 r2=:7@C?:2] (96? E96 C6A@CE6C 42==65 E96 ?F>36C[ D96 H2D E@=5 u#t @?=J 92?5=6D A2J>6?ED 7@C C6E2:=6CD[ 2?5 E96 6?E:EJ C67FD65 E@ =@@< 7FCE96C :?E@ E96 EC2?D24E:@?] %96 =:?< DFAA=:65 3J 2 AC6DD C6=62D6 C646:G65 😕 E96 ?6HDC@@> 42>6 7C@> k2 9C67lQ>2:=E@ippp#@25D:56o>=H6DE=@2?D6CG:46D]4@>Qmppp#@25D:56o>=H6DE=@2?D6CG:46D]4@>k^2m[ 2?5 6>2:=D 4@?7:C>:?8 E96 <:E H2D @? E96 H2J 42>6 7C@> k2 9C67lQ>2:=E@i?@C6A=JoEH:E49]EGQm?@C6A=JoEH:E49]EGk^2m]k^Am

    kAm$96==J #@33:?D[ H:E9 #@33:?D x?DFC2?46 p86?4J 😕 %29=6BF29[ D2:5 E96D6 EJA6D @7 D42>D 42? 36 C64@8?:K65 3J A2J:?8 4=@D6 2EE6?E:@? E@ E96 H63D:E6 =:?<]k^Am

    [ad_2]

    By Lee Guthrie | CNHI Oklahoma

    Source link

  • Tourist warns of online scam after brush with convincing fraudster

    [ad_1]

    Tina Nixon’s holiday went from bad to worse after she requested a refund from travel website Booking.com.

    Within 15 minutes of making the request via email, Ms Nixon was called by an apologetic man, promising her money would be returned. 

    In a whirlwind of rushed instructions, she handed over the details of her travel bank account containing thousands of dollars.

    Ms Nixon and her husband realised it was a scam before any large amount of money was lost, but she remains suspicious about how the operation gained access to her phone number. 

    The pair had travelled to Western Australia from New Zealand for a holiday in October and used Booking.com to book two nights at a large holiday house in a popular tourist spot, Jurien Bay. 

    Tina and David Nixon realised they were being subjected to a phishing scam before they lost money.  (Supplied: Tina Nixon)

    Accommodation was ‘unsavoury’

    On arrival, she said it was clear the house had not been cleaned after the previous visitors, some amenities were faulty, and the promised hot tub was nowhere in sight. 

    Disappointed with the “unsavoury” experience and unable to contact the owner, Ms Nixon emailed Booking.com’s customer service inbox requesting a refund. 

    Not long after sending the email, Ms Nixon received a call on the messaging app WhatsApp. 

    “Booking.com said someone would contact me, so I wasn’t surprised when I got contacted, but it was quite fast,”

    she said.

    A professional-sounding male voice was on the other end of the call, apologising to Ms Nixon for her sub-par accommodation. 

    “I thought, ‘He sounds pretty decent,’” Ms Nixon said. 

    A text messaging screenshot where a person is asked to give their full name, email, city and booking confirmation.

    A scammer contacted Ms Nixon by WhatsApp and asked for personal information.  (Supplied: Tina Nixon)

    On the man’s request, Ms Nixon filled out a form that asked for her credit card details, including the CVC security code. 

    The man then requested she use a third-party platform to provide personal information, claiming her identity had to be verified for “anti-money laundering reasons”. 

    “That doesn’t surprise me because that happens a lot in New Zealand,” she explained. 

    In this age, you get so used to different platforms that you just don’t think twice.

    Fortunately, Ms Nixon’s husband raised doubts about the man’s credibility and the couple discovered through her banking app that the account she had provided the details for had already been “pinged” multiple times by the identity verification app. 

    Ms Nixon immediately froze her card and moved most of her money to another account.

    When she temporarily unfroze the card the next day, she was charged $11 by Uber Eats in Kenya.  

    “I could’ve lost thousands very quickly,” she said. 

    Tactics for trust

    The former journalist said she should have known better than to be tricked by the scammer, but there were several tactics at play. 

    “They talk really, really fast, and I think this is where they get a lot of older people,” she said. 

    “They’re constantly reassuring you that everything’s right, and you’re thinking you’re going to get your $500 back as a refund.”

    Additionally, Ms Nixon said the phone call appeared to originate from England, where the company has an office.

    Jurien Bay welcome sign

    Jurien Bay is a popular coastal destination in Western Australia.  (ABC News: Chris Lewis)

    Don’t share details 

    Ms Nixon has since continued liaising with Booking.com via the customer service email and was fully refunded for her stay. 

    A spokesperson for Booking.com said it would never ask customers to provide credit card details through text, messaging apps or email, and that it would only request payments via its own platform. 

    Whats app phishing shreenshot 2

    Part of the encounter with the scammer.  (Supplied: Tina Nixon)

    “Should a customer have any concern about a payment message, we ask them to carefully check the payment policy details on their booking confirmation to be sure that any message is legitimate,” they said. 

    However, Ms Nixon remains suspicious that there could have been a data breach on the travel website.

    “I haven’t quite finished working out how they knew exactly how to contact me,” she said. 

    “I want to know, is my information out there as a result of a previous hack?”

    Booking.com did not answer questions about whether there had been any breaches in its security and how it would respond. 

    The regulatory body for data leaks from Booking.com is the Dutch data protection authority.

    The authority said Booking.com had reported several data breaches in the past.

    Phishing dollars climb

    The National Anti-Scam Centre says “phishing,” where scammers contact victims pretending to be from a legitimate business, has swindled victims of more than $17 million in Australia this year, nearly double last year’s losses. 

    Nearly 25,000 phishing scams have been reported to Scamwatch in 2025 to date, with the most common demographic of people reporting scams aged 65 years and over. 

    A National Anti-Scam Centre spokesperson urged people to never provide personal, credit card or online account details after receiving a call claiming to be from their bank or any other organisation. 

    “Ask for their name and contact number and make an independent check with the organisation in question before calling back,” they advised. 

    [ad_2]

    Source link

  • Private Key Leakage Remains the Leading Cause of Crypto Theft in Q3 2025

    [ad_1]

    Based on a report by SlowMist, private key leakage remains the leading cause of crypto theft, accounting for 317 stolen fund reports in Q3 2025.

    Slowmist’s MistTrack’s Stolen Funds Analysis shows that private key leaks remain the most common cause of crypto theft.

    The findings indicate that 317 stolen fund reports were filed between July and September, with assets worth more than $3.73 million successfully frozen or recovered in ten of those cases.

    Private Keys Remain the Core Vulnerability

    The report highlights that most crypto thefts rely on compromised credentials rather than sophisticated attacks. It notes that unauthorized dealers continue to sell fake hardware wallets, which remain a common scam. These devices often contain pre-written seed phrases or have been tampered with to secretly capture recovery information, allowing attackers to access funds once victims deposit assets.

    SlowMist advised users to only  purchase hardware wallets through authorized vendors, create seed phrases on their device, and try tiny transfers before transferring large sums of money. Simple checks, such as verifying packaging integrity and avoiding pre-set recovery cards, can help prevent losses.

    Attackers are also developing new methods using phishing and social engineering. The report examined some occurrences of EIP-7702 delegate phishing, where compromised accounts were linked to contracts that automatically drained assets once a transfer was initiated. In such cases, victims believed they were engaging in regular activity, but hidden authorizations allowed hackers to gain control.

    The analysis shows that social engineering remains a persistent threat, with phishers posing as recruiters on LinkedIn and building trust with job candidates over several weeks before convincing them to install “camera drivers” or other malicious code. In one case, attackers paired the program with a manipulated Chrome extension during a Zoom call, leading to losses of more than $13 million.

    Old Phishing Scams Remain Effective

    Traditional methods also continued to prove effective. Fraudulent Google ads cloned legitimate services such as MistTrack, while spoofed dashboards for decentralized finance platforms like Aave generated over $1.2 million in losses through hidden authorization requests. The exploiters also hijacked unused Discord vanity links left in project folders to trick communities.

    You may also like:

    Another attack vector disguises malicious commands as CAPTCHA verifications, tricking victims into copying code that steals wallet data, browser cookies, and private keys.

    SlowMist explained that Web3 exploits are not about complex tricks but involve hackers taking advantage of everyday actions. That being said, simple actions like slowing down, double-checking sources, and avoiding shortcuts are the best ways to stay safe in a space where threats keep changing.

    SPECIAL OFFER (Sponsored)

    Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).

    LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!

    [ad_2]

    Wayne Jones

    Source link

  • Philadelphia revenue department warns of text message phishing scam

    [ad_1]

    Philadelphia residents who receive a suspicious text message claiming to be from the city’s Department of Revenue should not click on any links or provide sensitive information to the sender, city officials said Tuesday.

    The phishing scam — sent out Monday and Tuesday — tells recipients that the revenue department has processed a “refund request” that can be redeemed by following a link to provide payment information. The message claims that failure to submit banking information will disqualify residents from accessing refunds.

    MOREEx-Mayor Michael Nutter helps revive Philadelphia Cycling Classic, saying race will be ‘force for unity’ in 2026

    In a statement Tuesday afternoon, the revenue department confirmed the text messages are fraudulent and said the texts contain malicious links. The department said it would never request bank or refund-sensitive information via text message.

    Officials said there is no evidence that city databases have been breached or that any taxpayer data has been compromised.

    Residents who have shared personal or financial information are advised to report it to the FBI’s 24/7 regional tip line at 215-418-4000. Tips also can be submitted online to the FBI or the federal Internet Crimes Complaint Center.

    City officials said people should always be skeptical about unsolicited requests for sensitive information and report suspicious activity. Only websites with the phila.gov domain should be trusted. The Pennsylvania Office of Attorney General has additional tips on how people can identify and protect themselves from phishing scams.

    [ad_2]

    Michael Tanenbaum

    Source link

  • ICE Has Spyware Now

    [ad_1]

    The Biden administration considered spyware used to hack phones controversial enough that it was tightly restricted for US government use in an executive order signed in March 2024. In Trump’s no-holds-barred effort to empower his deportation force—already by far the most well-funded law enforcement agency in the US government—that’s about to change, and the result could be a powerful new form of domestic surveillance.

    Multiple tech and security companies—including Cloudflare, Palo Alto Networks, Spycloud, and Zscaler—have confirmed customer information was stolen in a hack that originally targeted a chatbot system belonging to sales and revenue generation company Salesloft. The sprawling data theft started in August, but in recent days more companies have revealed they had customer information stolen.

    Toward the end of August, Salesloft first confirmed it had discovered a “security issue” in its Drift application, an AI chatbot system that allows companies to track potential customers who engage with the chatbot. The company said the security issue is linked to Drift’s integration with Salesforce. Between August 8 and August 18, hackers used compromised OAuth tokens associated with Drift to steal data from accounts.

    Google’s security researchers revealed the breach at the end of August. “The actor systematically exported large volumes of data from numerous corporate Salesforce instances,” Google wrote in a blog post, pointing out that the hackers were looking for passwords and other credentials contained in the data. More than 700 companies may have been impacted, with Google later saying it had seen Drift’s email integration being abused.

    On August 28, Salesloft paused its Salesforce-Salesloft integration as it investigated the security issues; then on September 2 it said, “Drift will be temporarily taken offline in the very near future” so it can “build additional resiliency and security in the system.” It’s likely more companies impacted by the attack will notify customers in the coming days.

    Obtaining intelligence on the internal workings of the Kim regime that has ruled North Korea for three generations has long presented a serious challenge for US intelligence agencies. This week, The New York Times revealed in a bombshell account of a highly classified incident how far the US military went in one effort to spy on the regime. In 2019, SEAL Team 6 was sent to carry out an amphibious mission to plant an electronic surveillance device on North Korean soil—only to fail and kill a boatful of North Koreans in the process. According to the Times’ account, the Navy SEALs got as far as swimming onto the shores of the country in mini-subs deployed from a nuclear submarine. But due to a lack of reconnaissance and the difficulty of surveilling the area, the special forces operators were confused by the appearance of a boat in the water, shot everyone aboard, and aborted their mission. The North Koreans in the boat, it turned out, were likely unwitting civilians diving for shellfish. The Trump administration, the Times reports, never informed leaders of congressional committees that oversee military and intelligence activities.

    Phishing remains one of the oldest and most reliable ways for hackers to gain initial access to a target network. One study suggests a reason why: Training employees to detect and resist phishing attempts is surprisingly tough. In a study of 20,000 employees at the health care provider UC San Diego Health, simulated phishing attempts designed to train staff resulted in only a 1.7 percent decrease in the staff’s failure rate compared to staff who received no training at all. That’s likely because staff simply ignored or barely registered the training, the study found: In 75 percent of cases, the staff member who opened the training link spent less than a minute on the page. Staff who completed a training Q&A, by contrast, were 19 percent less likely to fail on subsequent phishing tests—still hardly a very reassuring level of protection. The lesson? Find ways to detect phishing that don’t require the victim to spot the fraud. As is often noted in the cybersecurity industry, humans are the weakest link in most organizations’ security—and they appear stubbornly determined to stay that way.

    Online piracy is still big business—last year, people made more than 216 billion visits to piracy sites streaming movies, TV, and sports. This week, however, the largest illegal sports streaming platform, Streameast, was shut down following an investigation by anti-piracy industry group the Alliance for Creativity and Entertainment and authorities in Egypt. Before the takedown, Streameast operated a network of 80 domains that saw more than 1.6 billion visits per year. The piracy network streamed soccer games from England’s Premier League and other matches across Europe, plus NFL, NBA, NHL, and MLB matches. According to the The Athletic, two men in Egypt were allegedly arrested over copyright infringement charges, and authorities found links to a shell company allegedly used to launder around $6.2 million in advertising revenue over the past 15 years.

    [ad_2]

    Matt Burgess, Andy Greenberg, Lily Hay Newman

    Source link

  • Parenting 101: 5 Lessons to keep kids safe online for the new school year

    [ad_1]

    The back-to-school season is exciting – new knowledge, new digital tools, and new discoveries. But it also brings higher cybersecurity risks for both schools and children. Cybersecurity experts are urging children, parents, and school communities to stay extra alert during this period.

    “The back-to-school period requires additional efforts to keep children and school communities safe online. A new beginning means new digital tools, online searches, and registrations for learning platforms. All of that increases cyber risks that must be taken seriously,” said Karolis Arbačiauskas, head of product at NordPass, in a media release

    A new study by NordPass, in collaboration with NordStellar, reveals a worrying truth: many educational institutions are still using shockingly weak passwords to protect sensitive data. Entries like “123456”, “Edifygroup@1”, and “principal@2021” appeared frequently, showing a widespread reliance on predictable or outdated credentials that are easy for hackers to guess.

    This is why the back-to-school season is the perfect moment to talk to children about cyber hygiene – the dos and don’ts in digital environments – and to help them build strong habits for digital security and privacy. “Learning about cybersecurity can be fun. Many families of cybersecurity professionals make it a game – they host a small party with snacks and guide their children through five simple but essential exercises,” said Arbačiauskas.

    Cybersecurity experts advise to take these steps to preserve your own cybersecurity and that of your family members (it can also be used as inspiration for your family’s Cyber Party):

    • Create strong and unique passwords. Make sure every account in your family – whether it’s yours, your parents’, your significant other’s, or your children’s – uses a strong and unique password. The easiest way to do it? Use a trusted password manager to generate, store, and share them securely.
    • Turn on multi-factor authentication (MFA). Add an extra layer of security wherever you can, especially to access school portals, email accounts, and social apps. MFA helps keep hackers out even if a password gets breached – and they get breached more often than you think. A recent study by NordPass revealed that many educational institutions still use shockingly weak passwords.
    • Update devices and apps. Keep phones, tablets, and laptops up to date with the latest software. Outdated apps can contain vulnerabilities that hackers take advantage of to get backdoor access into your device. Updates patch these security holes so that cybercriminals can no longer exploit them.
    • Talk about phishing. Discuss cybersecurity with your family and why it matters. Teach them to never click suspicious links or open unknown attachments – especially in emails or messages claiming to be from the school. When in doubt, verify with the sender by using a website checker.
    • Adjust privacy settings. Review and tighten privacy settings on social media, online games, and school platforms. Limit what personal info is publicly visible and who can contact your kids online.

    – JC

    [ad_2]

    Source link

  • A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

    A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

    [ad_1]

    When Donald Trump’s presidential campaign publicly stated last week that it had been successfully targeted by Iranian hackers, the news may have initially seemed like a sign that the Middle Eastern country was particularly focused on the candidate whom it perceived to take the most hawkish approach to its regime. It’s since become clearer that Iran has had the Democrats in the sights of its cyber operations, too. Now Google’s cybersecurity analysts have confirmed that both campaigns were targeted not simply by Iran but by the same group of hackers working in service of Iran’s Revolutionary Guard Corps.

    Google’s Threat Analysis Group on Wednesday published a new report on APT42, a group it says has aggressively sought to compromise both the Democratic and Republican campaigns for president, as well as Israeli military, government, and diplomatic organizations. In May and June, APT42, which is believed to be working in service of Iran’s Revolutionary Guard Corps (IRGC), targeted about a dozen people associated with both Trump and Joe Biden, including current and former government officials and individuals associated with the two political campaigns. APT42 continues to target Republican and Democratic campaign officials alike, according to Google.

    “In terms of collection, they’re hitting all sides,” says John Hultquist, who leads threat intelligence at Google-owned cybersecurity firm Mandiant, which works closely with its Threat Analysis Group. Hultquist notes that equal-opportunity cyberspying doesn’t come as a surprise, given that APT42 also targeted both the Biden and Trump campaigns in 2020 as well. APT42’s targeting doesn’t necessarily speak to its preference for a single candidate, he says, so much as the fact that both candidates, Trump and now Vice President Kamala Harris, are of enormous significance to the Iranian government. “They’re interested in both candidates because these are the individuals who are charting the future of American policy in the Middle East,” Hultquist says.

    Only one campaign, however, appears to have had its sensitive files not only successfully breached by the Iranian hackers but also leaked to the press, in an apparent replay of Russia’s 2016 hack-and-leak operation that targeted Hillary Clinton’s campaign. Politico, The Washington Post, and The New York Times have all said they’ve been offered documents allegedly taken from the Trump campaign, in some cases by a source known as “Robert.”

    Whether those files were in fact compromised by APT42 remains unconfirmed. Microsoft noted last week that APT42, which it calls Mint Sandstorm, had in June targeted a “high-ranking official on a presidential campaign” by exploiting a hacked email account of another “former senior adviser” to the campaign. Google in its new report also notes that APT42 “successfully gained access to the personal Gmail account of a high-profile political consultant.”

    While neither company has offered any confirmation of which individual or individuals may have been successfully hacked by the Iranian group, Trump adviser Roger Stone has revealed that he was alerted by Microsoft and then by the FBI that both his Microsoft and Gmail accounts were compromised by hackers.

    [ad_2]

    Andy Greenberg

    Source link

  • USPS Text Scammers Duped His Wife, So He Hacked Their Operation

    USPS Text Scammers Duped His Wife, So He Hacked Their Operation

    [ad_1]

    Smith trawled Reddit and other online sources to find people reporting the scam and find URLs being used, which he subsequently published. Some of the websites running the Smishing Triad’s tools were collecting thousands of people’s personal information per day, Smith says. Among other details, the websites would request people’s names, addresses, payment card numbers and security codes, phone numbers, dates of birth, and bank websites. This level of information can allow a scammer to make purchases online with the credit cards. Smith says his wife quickly canceled her card, but noticed that the scammers still tried to use it, for instance with Uber. The researcher says he would collect data from a website and return to it a few hours later, only to find hundreds of new records.

    The researcher provided the details to a bank that had contacted him after seeing his initial blog posts. Smith declined to name the bank. He also reported the incidents to the FBI and later provided information to the United States Postal Inspection Service (USPIS).

    Michael Martel, a national public information officer at the USPIS, says the information provided by Smith is being used as part of an ongoing USPIS investigation and that the agency cannot comment on specific details. “USPIS is already actively pursuing this type of information to protect the American people, identify victims, and serve justice to the malicious actors behind it all,” Martel says, pointing to advice on spotting and reporting USPS package delivery scams.

    Initially, Smith says, he was wary about going public with his research as this kind of “hacking back” falls into a “gray area”: It may be breaking the Computer Fraud and Abuse Act, a sweeping US computer-crimes law, but he’s doing it against foreign-based criminals. Something he is definitely not the first, or last, to do.

    Multiple Prongs

    The Smishing Triad is prolific. As well as using postal services as lures their scams, the Chinese-speaking group has targeted online banking, e-commerce, and payment systems in the US, Europe, India, Pakistan, and the United Arab Emirates, according to Shawn Loveland, the chief operating officer of Resecurity, which has consistently tracked the group.

    The Smishing Triad sends between 50,000 and 100,000 messages daily, according to Resecurity’s research. Its scam messages are sent using SMS or Apple’s iMessage, the latter is encrypted. Loveland says the Triad is made up of two distinct groups—a small team led by one Chinese hacker that creates, sells, and maintains the smishing kit, and a second group of people who buy the scamming tool. (A backdoor in the kit allows the creator to access details of administrators using the kit, Smith says in a blog post.)

    “It’s very mature,” Loveland says of the operation. The group sells the scamming kit on Telegram for a $200-per month subscription, and this can be customized to show the organization the scammers are trying to impersonate. “The main actor is Chinese communicating in the Chinese language,” Loveland says. “They do not appear to be hacking Chinese language websites or users.” (In communications with the main contact on Telegram, the individual claimed to Smith that they were a computer science student.)

    The relatively low monthly subscription cost for the smishing kit means it’s highly likely, with the number of credit card details scammers are collecting, that those using it are making significant profits. Loveland says that using text messages, which immediately send people a notification, is a more direct and more successful way of phishing, compared to sending emails with malicious links included.

    As a result, smishing has been on the rise in recent years. But there are some tell-tale signs: If you receive a message from a number or email that you don’t recognize; if it contains a link to click on; and wants you to do something urgently, you should be suspicious.

    [ad_2]

    Matt Burgess

    Source link

  • The $11 Billion Marketplace Enabling the Crypto Scam Economy

    The $11 Billion Marketplace Enabling the Crypto Scam Economy

    [ad_1]

    That public nature of the criminal transactions is all the more shocking given that Huione Guarantee is operated by Huione Group, a Cambodian financial conglomerate that includes a company linked to the family of Cambodia’s prime minister, Hun Manet. One of the companies’ directors, in fact, is Hun To, the prime minister’s cousin, who has been linked in an Al Jazeera investigation to an alleged scam compound reportedly owned by Heng He, a Cambodian conglomerate owned by two Chinese nationals.

    Crypto scam researchers say that Huione Guarantee, despite its size, is just one of many money laundering methods that pig butcherers use. Given that much of the pig butchering ecosystem has ties to Chinese organized crime, pig butchering revenue is often laundered in a decentralized way by convincing individual Chinese citizens to accept and hand off cryptocurrency through their personal Alipay accounts for a small fee, notes Gary Warner, director of intelligence at cybersecurity firm DarkTower. Markets like Huione Guarantee, however, offer a path for scammers who don’t already have a laundering network they can rely on or who need to diversify their options for liquidating funds.

    A listing on Huione Guaranteed for electrified GPS-tracking shackles for detaining enslaved scam laborers.

    Courtesy of Elliptic

    It’s perhaps no surprise that Huione Guarantee began operating in 2021, given that crypto scams surged during the Covid-19 pandemic. Sophos’ Gallagher notes that in Cambodia, pig butchering operations are largely run out of hotels and resorts that struggled with plummeting tourism in 2020 and 2021. “They were financed heavily or outright owned by Chinese companies in connection with special economic zones and other development tied to Belt and Road,” he says. Gallagher’s research indicates that laborers working on pig butchering in Cambodia—often against their will—are typically not citizens but have come from the surrounding region. “These facilities follow the same playbook as far as taking people’s passports and then using electrical shocks, cattle prods, and other physical punishment for not following the rules.”

    As disturbing as it may be that a service enabling billions of dollars annually in crypto scam industry transactions is being run in the open—and with links to one of Cambodia’s most powerful families—Elliptic’s Robinson suggests that brazenness offers an opportunity to disrupt a keystone of that criminal industry: He proposes international sanctions targeting Huione’s leadership.

    “This has the hallmarks of a darknet marketplace, but it’s run by a large Cambodian conglomerate, which has documented links to the ruling family there,” Robinson argues. “There is surely scope to impose sanctions on a business such as this, to hinder this type of marketplace from operating.”

    [ad_2]

    Andy Greenberg, Lily Hay Newman

    Source link

  • How to Spot a Business Email Compromise Scam

    How to Spot a Business Email Compromise Scam

    [ad_1]

    So this is the first step: Take control of your emotions. Yes, it can be difficult if you work in a demanding field. But it’s your best first defense, and your employer will thank you for it (or, at least, they should).

    Always Confirm Through a Second Channel

    Now that you’re skeptically questioning the legitimacy of the urgent request, check to make sure the email is coming from the person it claims to be from. The best way to do this is to ask—just be careful.

    “If you received an email like this, it’s important to pick up the phone and call the number you know to be legitimate,” says Larson, adding a caveat. “Do not rely on a phone number in the email itself—it will be owned by the threat actor.”

    This is a crucial point: Any contact information in the email itself is likely compromised, and sometimes cleverly so. Use the phone number you’ve already saved in your phone for the person in question, or look up the phone number on an official website or in an official company directory. This applies even if the number in the email looks correct, because some scammers will go through the trouble of getting a phone number that’s similar to that of the person they’re impersonating, all on the hopes that you’ll call that number instead of the real one.

    “I’ve seen phone numbers off two digits from the actual phone number,” says Tokazowski.

    Call the person who supposedly emailed you—using a number you are 100 percent sure is real—and confirm the request is authentic. You could also use some other secure communication channel like Slack or Microsoft Teams, or, if they’re in the office, just ask them face to face. The point is to confirm any urgent request somewhere outside of the initial email. And even if the person is your boss or some other bigwig, do not worry about wasting their time.

    “The person that is being impersonated would so much rather have someone take the time to confirm than to lose thousands or a million dollars in a malicious transaction,” says Larson.

    Check the Email Address

    Getting in touch with the supposed sender isn’t always an option. If not, there are a few tricks you can use to spot whether an email is real or fake. The first: check the email address and make sure it’s from the company domain.

    “Always check the domains that you’re receiving emails from,” says Larson. Sometimes this will be obvious; your CEO likely isn’t emailing you from a Gmail account, for example. Sometimes it will be more subtle—fraudsters have been known to purchase domains that look similar to that of the company they’re attempting to defraud, all in the hopes of appearing legitimate.

    It’s also worth checking to see if the email signature matches the address the email is coming from. “If you look in the footer, they’ll use the actual domain of the company to make it look legitimate, but that won’t match the email address,” says Larson. Just keep in mind that the difference might be subtle. “Look-alike domains are very common: Someone will do a slight variation, like an ‘l’ instead of an ‘i’, to make it look legitimate.” One way to test that, if you’re suspicious, is to copy and paste the domain half of the address into a browser. If you don’t get a website, you’re probably dealing with a fake.

    [ad_2]

    Justin Pot

    Source link

  • Tether CEO Alerts: Email Newsletter Provider for Crypto Companies Might Be Compromised

    Tether CEO Alerts: Email Newsletter Provider for Crypto Companies Might Be Compromised

    [ad_1]

    Paolo Ardoino, CEO of Tether, has issued a warning about a possible security breach involving a prominent email vendor frequently used by cryptocurrency companies.

    CoinGecko’s co-founder and COO, Bobby Ong, supported the caution, noting that the cryptocurrency data platform’s newsletter service might also be affected.

    Email Vendor Compromise

    In a post on X, Ardoino stated that they had received two independent confirmations indicating that a prominent vendor commonly used by crypto companies to manage mailing lists might have been compromised.

    He added that they are not disclosing the vendor’s name until the investigation is complete, but advised caution regarding any emails suggesting crypto-airdrops received in the past 24 hours.

    CoinGecko’s co-founder and COO, Bobby Ong, corroborated the warning in a public service announcement on X. He alerted the community to an ongoing supply chain email breach attack, indicating a potential impact on CoinGecko’s newsletter service. Ong emphasized the broader implications, noting that various crypto companies could be affected by email blasts promoting fraudulent token launches.

    Email Phishing Threats

    Email-related security breaches are not new to the crypto industry. Last year, blockchain-based metaverse company The Sandbox reported a similar incident where a security breach led to an email phishing campaign. The breach allowed unauthorized access to email addresses, which were then targeted with phishing messages falsely claiming to be from the project itself.

    The Sandbox claimed that an unauthorized third party gained access to an employee’s computer and used the obtained information to send the fake emails. Other prominent crypto firms, including Nansen, Celsius, OpenSea, and Ledger, have also experienced similar exploits in recent years.

    Phishing is a technique used by hackers to lure a victim into clicking on a malicious link sent via emails or messages that appear to be from trusted companies. The goal is to trick individuals into disclosing personal information, like passwords and credit card numbers.

    As investigations continue, both Tether and CoinGecko have advised users to exercise heightened caution with email communications, especially those promising crypto-airdrops or new token launches.

    SPECIAL OFFER (Sponsored)

    Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).

    LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!

    [ad_2]

    Wayne Jones

    Source link

  • X (Formerly Twitter) Remains a Haven for Scammers as Phishing Incidents Claim $104M

    X (Formerly Twitter) Remains a Haven for Scammers as Phishing Incidents Claim $104M

    [ad_1]

    X (formerly known as Twitter) has been a popular hook for scammers for over a decade now. However, the tactics employed in these schemes continuously evolve.

    What’s concerning is that many victims are still falling for scams because of misleading comments made by fake X accounts, leading them to phishing websites.

    X Fakes Fuel Phishing Frenzy

    According to Scam Sniffer’s February Phishing Report, a significant portion of the victims fell prey to such scams via X. Deceptive comments from impersonated X accounts were used as a means to lure unsuspecting individuals to phishing websites, where they subsequently became victims of such schemes.

    A staggering 57,000 individuals succumbed to crypto phishing scams, resulting in collective losses of around $47 million. Surprisingly, this marks a significant decrease of 75% in the number of victims, losing over $1 million compared to the previous month.

    Meanwhile, Ethereum mainnet accounts for the majority, comprising 78% of the total thefts, with ERC20 tokens being the primary assets targeted, making up 86% of the stolen funds. The thefts of ERC20 tokens were predominantly facilitated through phishing signatures like Permit, IncreaseAllowance, and Uniswap Permit2.

    Additionally, many Wallet Drainers have begun utilizing Safe or Account Abstraction wallets as token approval spenders, further exacerbating the phishing issue.

    The latest revelations from Scam Sniffer are consistent with SlowMist’s investigation, which uncovered widespread theft driven by phishing tweets. The security team reported numerous instances of theft, discovering that a significant portion of these incidents were facilitated by misleading comments under tweets from reputable projects.

    In fact, about 80% of comments under tweets from such projects were identified as phishing scam accounts.

    Malicious Crypto Ads on X

    Despite Elon Musk’s promises to curb bots on the platform, not much has changed since his controversial takeover and the subsequent updates. Several reports suggest that cybercriminals are increasingly exploiting X advertisements to promote websites that result in crypto drainers, fake airdrops, and other scams.

    In 2023, X’s revenue dropped by 22% compared to the previous year, reaching $3.4 billion. The decline is primarily attributed to a significant decrease in advertising income over the last two years. Despite efforts, revenue from subscriptions and data licensing hasn’t compensated for this loss.

    SPECIAL OFFER (Sponsored)

    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

    [ad_2]

    Chayanika Deka

    Source link

  • UK Authorities Strike Back: 43 Fraudulent Web Domains Blocked in Cybercrime Crackdown

    UK Authorities Strike Back: 43 Fraudulent Web Domains Blocked in Cybercrime Crackdown

    [ad_1]

    Phishing attacks have wreaked havoc in the crypto industry. In a recent move to combat cyber fraud, the National Fraud Intelligence Bureau (NFIB) in the United Kingdom announced the blocking of 43 web domains associated with fraudulent activities.

    Spearheaded by the City of London Police, this crackdown follows the discovery of a spoof email address masquerading as the legitimate crypto site blockchain.com.

    43 Suspicious Web Domains Blocked

    According to Pete O’Doherty, the temporary commissioner of the City of London Police, 42 additional suspicious web domains, such as “actionfraud.info” and “department-fraud.com,” were blocked upon detection.

    The NFIB highlighted the importance of promptly reporting cybercrimes through their official channels and hotline, urging victims to come forward.

    As of December 2023, the NFIB has already removed nearly 300,000 malicious websites, demonstrating the scale of the ongoing threat.

    Among the various fraudulent schemes, some attempts even resort to claiming unsuspecting recipients have won prizes like a Tupperware set, highlighting the diverse tactics used by cybercriminals.

    Even with proactive actions taken, phishing continues to pose a persistent threat in the industry. However, following best practices for cold wallet usage, protecting seed phrases, conducting regular security audits and updates, refraining from clicking on unfamiliar links and staying vigilant can help in safeguarding assets.

    Increasing Phishing Attacks

    Scam Sniffer’s latest analysis indicated an increase in phishing attacks in January coinciding with heightened activity within crypto communities following a series of airdrops in the previous month.

    Data reveals that scammers set up more than 11,400 phishing websites in January, posing as platforms like Manta Network, Frame, SatoshiVM, AltLayer, Dymension, zkSync, Pyth, OpenSea, Optimism, Blast, and others.

    These efforts yielded substantial gains as cybercriminals managed to steal nearly $55 million worth of digital assets across Ethereum Virtual Machine-based networks, with the top seven victims collectively losing $17 million.

    A similar analysis by SlowMist’s security team revealed that nearly 80% of comments under tweets of prominent projects were phishing scam accounts.

    SPECIAL OFFER (Sponsored)

    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).



    [ad_2]

    Chayanika Deka

    Source link

  • 80% of Comments on Major Project Tweets Revealed as Phishing Scams: SlowMist

    80% of Comments on Major Project Tweets Revealed as Phishing Scams: SlowMist

    [ad_1]

    The SlowMist Security team revealed receiving numerous reports of theft. Upon investigation, they found that a significant portion of these thefts were facilitated by deceptive comments under tweets from well-known projects.

    As such, approximately 80% of comments under tweets from such projects were identified as phishing scam accounts.

    SlowMist Exposes Phishing Tactics

    SlowMist also observed multiple Telegram groups engaged in the sale of Twitter accounts, offering some with varying follower counts, post numbers, and registration dates to cater to different buyer preferences. Most of the accounts sold in these groups were related to the crypto industry or belonged to influencers.

    Additionally, dedicated websites specializing in the sale of Twitter accounts were discovered, featuring such from different years and offering options for purchasing accounts with usernames closely resembling legitimate ones, such as the example of “Optimlzm” imitating “Optimism.” These websites commonly accept cryptocurrency payments.

    Upon acquiring existing accounts, phishing groups utilize promotional tools to enhance their credibility by purchasing followers and interactions. These tools, which also accept cryptocurrency payments, provide services like likes, shares, and follower boosts across major international social platforms.

    A platform catering to such services claimed to have processed over 1.3 million orders, with 20,000 individuals having utilized their offerings.

    Armed with these resources, phishing groups proceed to mimic the information and appearance of legitimate projects, making it challenging for users to differentiate between authentic and fraudulent accounts. The next essential steps in their phishing operation include:

    • Automated bots track prominent projects’ activities.
    • Phishing group bots quickly comment on project tweets to gain prime visibility.
    • Users who mistake the posts for legitimate ones are more vulnerable. They may click on phishing links promising airdrops from fake accounts, leading to inadvertent authorization of malicious transactions and financial losses.

    Security First

    Countermeasures include the optimization of anti-phishing plugins. This involves plugins and browsers that can promptly warn users upon accessing phishing pages, averting deceitful signature requests and thwarting potential risks.

    Wallet signature verification and interaction safety features include wallets equipped with signature detection and transparent display of authorization details that offer a protective shield. Users can verify transaction specifics, minimizing the risk of falling victim to scams.

    Lastly, personal security consciousness is crucial. Despite supportive tools, users must scrutinize links, authorizations, and signatures, mitigating the risk of coin loss or deception.

    SPECIAL OFFER (Sponsored)

    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

    [ad_2]

    Chayanika Deka

    Source link

  • Victim Loses $4.2 Million to Yet Another Phishing Attack: Report

    Victim Loses $4.2 Million to Yet Another Phishing Attack: Report

    [ad_1]

    An unidentified individual recently suffered a significant loss of aEthWETH and aEthUNI, totaling $4.2 million, falling victim to a crypto phishing attack that leveraged a falsified ERC-20 permission signature.

    According to the Web3 security firm Scam Sniffer, the victim unwittingly signed approvals for multiple transactions using an ERC-20 authorization manipulated by an opcode contract to bypass security alerts.

    This deceptive tactic involved generating new addresses for each signature and redirecting the funds from the victim to an unauthorized address before the transactions were executed.

    For the uninitiated, opcode malware, a type of malicious software exploiting operation codes in scripting languages of different platforms, is at the core of such attacks.

    Its ability to reroute funds, authorize unauthorized expenditures, and immobilize assets within smart contracts makes it a potent threat, often eluding traditional security measures and complicating detection and removal efforts.

    Experts suggest that opcode malware can seize command over a victim’s CPU, memory, and system resources by capitalizing on weaknesses in the operating system, applications, or other software operational on the victim’s computer.

    Upon infiltrating the system, the malware can initiate a sequence of instructions presented as machine code, enabling it to carry out malicious activities.

    Opcode malware can also use system resources to mine cryptocurrency or launch distributed denial-of-service (DDoS) attacks.

    There has been a consistent monthly rise in phishing activities over the past year, marked by phishing scammers adopting increasingly advanced tactics to circumvent security measures.

    Even crypto whales with substantial market-influencing holdings have fallen prey to fraudsters, losing millions of funds in the process.

    SPECIAL OFFER (Sponsored)

    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

    [ad_2]

    Chayanika Deka

    Source link