Thornaby: Woman targeted in £13k train station QR code scam
Rail firm TransPennine Express has since removed QR codes from all of its station car parks.
Crimson Kingsnake: BEC Group Impersonates…
Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.
Man arrested for alleged data breach SMS scam
A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.
Okta customers targeted in social engineering scam
Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.
Sneaky Amazon Google ad leads to Microsoft support scam
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.
Crimson Kingsnake: BEC Group Impersonates…
Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.
Man arrested for alleged data breach SMS scam
A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.
“FleeceGPT” mobile apps target AI-curious to rake in cash
Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
Review and analysis of fake Trezor cryptowallet
Fake hardware cryptowallet, and how bitcoins were stolen from it.
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
"Fobo" Trojan distributed as ChatGPT client for Windows
Attackers are distributing malware disguised as a ChatGPT desktop client for Windows offering “precreated accounts”
Cryptocurrency Scam - Pig Butchering
A recent cryptocurrency scam has highlighted a need for fraud awareness. The new scam - called “pig butchering” - includes a sophisticated new twist that combines a romance scam with an investment spin. According to the Federal Bureau of Investigation (FBI), the term “pig butchering” refers to a time-tested, heavily scripted, and contact intensive process to fatten up the prey before slaughter.
CashRewindo: How to age domains for an investment scam like fine scotch
Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker.
Crimson Kingsnake: BEC Group Impersonates…
Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.
Man arrested for alleged data breach SMS scam
A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.
Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers
Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.
The mechanics of a sophisticated phishing scam and how we stopped it
Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.
The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis
Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.
Scam E-Mail Impersonating Red CrossScam E-Mail Impersonating Red Cross
Earlier today, I received a scam email that impersonates the Ukrainian Red Cross. It attempts to solicit donations via Bitcoin. The email is almost certainly not related to any valid Red Cross effort. There are some legitimate efforts to collect donations for Ukraine using crypto-currencies. This scam may take advantage of these efforts.
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
"Fobo" Trojan distributed as ChatGPT client for Windows
Attackers are distributing malware disguised as a ChatGPT desktop client for Windows offering “precreated accounts”
Cryptocurrency Scam - Pig Butchering
A recent cryptocurrency scam has highlighted a need for fraud awareness. The new scam - called “pig butchering” - includes a sophisticated new twist that combines a romance scam with an investment spin. According to the Federal Bureau of Investigation (FBI), the term “pig butchering” refers to a time-tested, heavily scripted, and contact intensive process to fatten up the prey before slaughter.
CashRewindo: How to age domains for an investment scam like fine scotch
Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker.
Crimson Kingsnake: BEC Group Impersonates…
Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.
Man arrested for alleged data breach SMS scam
A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.
Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers
Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.
The mechanics of a sophisticated phishing scam and how we stopped it
Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.
The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis
Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.