phishing
137,048 views
47 Posts
Hot
Latest
🚨 DON'T GET HACKED!!! UNDERSTANDING SOCIAL ENGINEERING 🚨
🔒 Social engineering attacks exploit trust, emotions, and sometimes ignorance.
🚨 Common Social Engineering Tactics in Crypto
📧 Fake emails, messages, and websites mimic legit crypto platforms, tricking you into revealing private keys or login credentials. Look out for offers of free crypto, urgent security alerts, or limited-time offers.
😈 Scammers pose as trusted representatives, industry figures, or even friends. They use social proof, urgency, and technical jargon to appear legitimate and gain your trust.
💔 Fake profiles on dating apps lure victims into online relationships, eventually asking for crypto under the guise of financial help or investment opportunities.
📉 Attackers spread false info to inflate a crypto's price, then sell off their holdings, causing the price to crash and leaving you with losses.
🛡 How Social Engineering Attacks Work
1. 🔍 Information Gathering: Scammers collect personal details from social media, forums, or direct conversations.
2. 🤝 Establishing Trust: They pose as trustworthy figures, building rapport over time.
3. 💬 Manipulating Victims: Using flattery, empathy, or threats to create urgency or fear.
4. . 🚀 Exploiting Victims: Swiftly transferring funds or stealing info once security is compromised.
🛡 Protect Yourself from Social Engineering Attacks
📰 Educate yourself about common tactics. Recognize the warning signs of scams like unsolicited offers or urgent requests for personal info.
🛡 Use two-factor authentication for an extra layer of security on all crypto-related accounts.
🧩 Create strong, unique passwords for each account and change them regularly.
🔒 Be cautious about what you share on social media and public forums.
💡 If something feels off, it probably is. Double-check and seek expert advice.
@Professor Mende - Founder of BONUZ Project - in Dubai UAE
Stay safe and share this if you care about your friends and the crypto community!
#scamalert #phishing #hacking #security #safety
$BTC $PEPE $SHIB
🔒 Social engineering attacks exploit trust, emotions, and sometimes ignorance.
🚨 Common Social Engineering Tactics in Crypto
📧 Fake emails, messages, and websites mimic legit crypto platforms, tricking you into revealing private keys or login credentials. Look out for offers of free crypto, urgent security alerts, or limited-time offers.
😈 Scammers pose as trusted representatives, industry figures, or even friends. They use social proof, urgency, and technical jargon to appear legitimate and gain your trust.
💔 Fake profiles on dating apps lure victims into online relationships, eventually asking for crypto under the guise of financial help or investment opportunities.
📉 Attackers spread false info to inflate a crypto's price, then sell off their holdings, causing the price to crash and leaving you with losses.
🛡 How Social Engineering Attacks Work
1. 🔍 Information Gathering: Scammers collect personal details from social media, forums, or direct conversations.
2. 🤝 Establishing Trust: They pose as trustworthy figures, building rapport over time.
3. 💬 Manipulating Victims: Using flattery, empathy, or threats to create urgency or fear.
4. . 🚀 Exploiting Victims: Swiftly transferring funds or stealing info once security is compromised.
🛡 Protect Yourself from Social Engineering Attacks
📰 Educate yourself about common tactics. Recognize the warning signs of scams like unsolicited offers or urgent requests for personal info.
🛡 Use two-factor authentication for an extra layer of security on all crypto-related accounts.
🧩 Create strong, unique passwords for each account and change them regularly.
🔒 Be cautious about what you share on social media and public forums.
💡 If something feels off, it probably is. Double-check and seek expert advice.
@Professor Mende - Founder of BONUZ Project - in Dubai UAE
Stay safe and share this if you care about your friends and the crypto community!
#scamalert #phishing #hacking #security #safety
$BTC $PEPE $SHIB
🚨 Phishing Attack Alert: $11.1M Lost in Recent Exploit! 🚨
Approximately 6 hours ago, a major phishing attack resulted in a significant loss of assets.
Details of the Exploit:
1⃣ 3,657 $MKR ($8,766,097) and 2.56M PT Ethena tokens ($2.4M) were stolen.
2⃣ The exploiter sold 3,657 MKR for 2,502 $ETH ($8,766,097), causing a 7.5% drop in the price of #MKR
3⃣ Additionally, 2.56M PT Ethena tokens were swapped for 689 ETH ($2.41M).
This incident highlights the critical importance of security in the crypto space. Always remain vigilant and take necessary precautions to protect your assets.
#Crypto #phishing #bitcoin #Binance $BNB
Approximately 6 hours ago, a major phishing attack resulted in a significant loss of assets.
Details of the Exploit:
1⃣ 3,657 $MKR ($8,766,097) and 2.56M PT Ethena tokens ($2.4M) were stolen.
2⃣ The exploiter sold 3,657 MKR for 2,502 $ETH ($8,766,097), causing a 7.5% drop in the price of #MKR
3⃣ Additionally, 2.56M PT Ethena tokens were swapped for 689 ETH ($2.41M).
This incident highlights the critical importance of security in the crypto space. Always remain vigilant and take necessary precautions to protect your assets.
#Crypto #phishing #bitcoin #Binance $BNB
The Sandbox issues phishing alert for new scam
the company said that an unauthorized third party had accessed an employee’s computer and sent a bogus email to the platform’s users.
Source:blockchainreporter.net
#sandbox #crypto2023 #phishing #scams
the company said that an unauthorized third party had accessed an employee’s computer and sent a bogus email to the platform’s users.
Source:blockchainreporter.net
#sandbox #crypto2023 #phishing #scams
Explained : Crypto Scams (Must Read....)
The rise of cryptocurrencies has brought about many opportunities for investors, traders, and businesses. However, it has also opened up a new avenue for scammers to deceive unsuspecting individuals. Crypto scams have become increasingly prevalent in recent years, with new scams emerging all the time. In this article, we will explore the different types of crypto scams and the ways to avoid them.
Fake Crypto Exchanges:
One of the most common crypto scams is fake crypto exchanges. Scammers set up fake websites that look like legitimate exchanges, and lure users into depositing their funds. They often promise low fees and high returns, which can be tempting to investors. However, once the user deposits their funds, the scammers disappear with the money. To avoid falling victim to fake exchanges, users should always verify the authenticity of an exchange before depositing their funds.
Phishing Scams:
Phishing scams are another prevalent type of #crypto scam. Scammers use emails, social media, or other forms of communication to trick users into giving away their private keys or login credentials. Once they have this information, they can access the victim's crypto #wallet and steal their funds. To avoid #phishing #scams , users should always double-check the authenticity of the communication and avoid clicking on suspicious links.
Ponzi Schemes:
Ponzi schemes are fraudulent investment schemes that promise high returns to investors. The returns are paid out of the capital invested by new investors, rather than from any legitimate profits. The scheme eventually collapses when new investors stop joining, and the scammer disappears with the funds. To avoid Ponzi schemes, users should be wary of any investment opportunity that promises unusually high returns and always do their due diligence before investing.
Initial Coin Offering (ICO) Scams:
Initial Coin Offerings (ICOs) are a popular way for cryptocurrency projects to raise funds. However, they are also vulnerable to scams. ICO scams involve scammers creating fake projects and issuing fake tokens to unsuspecting investors. They often promise high returns and claim to have a revolutionary product, but once the ICO is complete, the scammers disappear with the funds. To avoid ICO scams, users should always research the project and the team behind it before investing.
Fake Cryptocurrency Wallets:
Crypto wallets are used to store and manage cryptocurrencies. However, scammers can create fake wallets that look like legitimate ones, and trick users into depositing their funds. Once the funds are deposited, the scammers disappear with the money. To avoid fake cryptocurrency wallets, users should always download wallets from trusted sources and verify the authenticity of the wallet before depositing any funds.
Conclusion:
In conclusion, crypto scams are a growing concern for investors and traders in the cryptocurrency market. As the market continues to grow, scammers will continue to find new ways to deceive unsuspecting individuals. To avoid falling victim to crypto scams, users should always do their due diligence and be cautious when dealing with unfamiliar platforms or projects. Remember, if an investment opportunity sounds too good to be true, it probably is.
Fake Crypto Exchanges:
One of the most common crypto scams is fake crypto exchanges. Scammers set up fake websites that look like legitimate exchanges, and lure users into depositing their funds. They often promise low fees and high returns, which can be tempting to investors. However, once the user deposits their funds, the scammers disappear with the money. To avoid falling victim to fake exchanges, users should always verify the authenticity of an exchange before depositing their funds.
Phishing Scams:
Phishing scams are another prevalent type of #crypto scam. Scammers use emails, social media, or other forms of communication to trick users into giving away their private keys or login credentials. Once they have this information, they can access the victim's crypto #wallet and steal their funds. To avoid #phishing #scams , users should always double-check the authenticity of the communication and avoid clicking on suspicious links.
Ponzi Schemes:
Ponzi schemes are fraudulent investment schemes that promise high returns to investors. The returns are paid out of the capital invested by new investors, rather than from any legitimate profits. The scheme eventually collapses when new investors stop joining, and the scammer disappears with the funds. To avoid Ponzi schemes, users should be wary of any investment opportunity that promises unusually high returns and always do their due diligence before investing.
Initial Coin Offering (ICO) Scams:
Initial Coin Offerings (ICOs) are a popular way for cryptocurrency projects to raise funds. However, they are also vulnerable to scams. ICO scams involve scammers creating fake projects and issuing fake tokens to unsuspecting investors. They often promise high returns and claim to have a revolutionary product, but once the ICO is complete, the scammers disappear with the funds. To avoid ICO scams, users should always research the project and the team behind it before investing.
Fake Cryptocurrency Wallets:
Crypto wallets are used to store and manage cryptocurrencies. However, scammers can create fake wallets that look like legitimate ones, and trick users into depositing their funds. Once the funds are deposited, the scammers disappear with the money. To avoid fake cryptocurrency wallets, users should always download wallets from trusted sources and verify the authenticity of the wallet before depositing any funds.
Conclusion:
In conclusion, crypto scams are a growing concern for investors and traders in the cryptocurrency market. As the market continues to grow, scammers will continue to find new ways to deceive unsuspecting individuals. To avoid falling victim to crypto scams, users should always do their due diligence and be cautious when dealing with unfamiliar platforms or projects. Remember, if an investment opportunity sounds too good to be true, it probably is.
Breaking News-
#Binance users in Hong Kong lose $450K in wave of fraud texts: HK police
Hong Kong’s police force has raised the alarm after 11 #HongKong -based Binance customers were targeted in a wave of #phishing scams sent through text messages.
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”
“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”
Police said that once users clicked the link and supposedly “verified” their personal details, hackers were then able to gain full access to their Binance accounts, where they proceeded to steal all of the assets contained within the users’ wallet.
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 ($3.5 million Hong Kong dollars) in the last two weeks.
The police has asked any users who believe that they’d received a potentially fraudulent message to log the suspicious messages on the “fraud prevention” section of its official website.
#Binance users in Hong Kong lose $450K in wave of fraud texts: HK police
Hong Kong’s police force has raised the alarm after 11 #HongKong -based Binance customers were targeted in a wave of #phishing scams sent through text messages.
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”
“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”
Police said that once users clicked the link and supposedly “verified” their personal details, hackers were then able to gain full access to their Binance accounts, where they proceeded to steal all of the assets contained within the users’ wallet.
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 ($3.5 million Hong Kong dollars) in the last two weeks.
The police has asked any users who believe that they’d received a potentially fraudulent message to log the suspicious messages on the “fraud prevention” section of its official website.
1. #CertiK Skynet warns against fake Rocket Pool #phishing site: CertiK Skynet issued an alert about a #fraudulent website (hxxps://dao-rocketpool.net/) pretending to be Rocket Pool and linked to known scammers.
2. Caution urged to protect assets and personal information: Users are strongly advised not to interact with the fake site to safeguard their digital #assets and avoid potential financial loss and identity theft.
3. Prevention measures to counter phishing attacks: CertiK Skynet reminds users to be vigilant by verifying website addresses, avoiding suspicious links, and ensuring they only engage with legitimate #platforms to minimize the risk of falling prey to phishing tactics.
2. Caution urged to protect assets and personal information: Users are strongly advised not to interact with the fake site to safeguard their digital #assets and avoid potential financial loss and identity theft.
3. Prevention measures to counter phishing attacks: CertiK Skynet reminds users to be vigilant by verifying website addresses, avoiding suspicious links, and ensuring they only engage with legitimate #platforms to minimize the risk of falling prey to phishing tactics.
How to protect yourself from Crypto Phishing Scams☠️?
To protect yourself from crypto phishing scams, follow these precautions:
Verify URLs✅: Double-check website URLs for authenticity, especially before entering any sensitive information. Ensure the website has a secure connection (https://) and matches the official site.
Beware of Unsolicited Emails✉️: Be cautious when clicking on links or downloading attachments from unexpected or suspicious emails. Always verify the sender's identity.
Enable Two-Factor Authentication (2FA)🔒: Use 2FA whenever possible to add an extra layer of security to your accounts. This typically involves a one-time code sent to your mobile device.
Use Official Mobile Apps📱: Only download mobile apps from reputable sources, such as the Apple App Store or Google Play Store.
Be Cautious on Social Media👩💻: Be wary of unsolicited messages or requests for sensitive information on social media platforms.
Educate Yourself📖: Stay informed about common #crypto scams and #phishing techniques. Knowledge is a valuable defense against such threats.
By staying vigilant and taking these precautions, you can reduce the risk of falling #victim to crypto phishing scams and help protect your #cryptocurrency assets.
*Give your helping hand by giving 'tip' if you find my information helpful.
To protect yourself from crypto phishing scams, follow these precautions:
Verify URLs✅: Double-check website URLs for authenticity, especially before entering any sensitive information. Ensure the website has a secure connection (https://) and matches the official site.
Beware of Unsolicited Emails✉️: Be cautious when clicking on links or downloading attachments from unexpected or suspicious emails. Always verify the sender's identity.
Enable Two-Factor Authentication (2FA)🔒: Use 2FA whenever possible to add an extra layer of security to your accounts. This typically involves a one-time code sent to your mobile device.
Use Official Mobile Apps📱: Only download mobile apps from reputable sources, such as the Apple App Store or Google Play Store.
Be Cautious on Social Media👩💻: Be wary of unsolicited messages or requests for sensitive information on social media platforms.
Educate Yourself📖: Stay informed about common #crypto scams and #phishing techniques. Knowledge is a valuable defense against such threats.
By staying vigilant and taking these precautions, you can reduce the risk of falling #victim to crypto phishing scams and help protect your #cryptocurrency assets.
*Give your helping hand by giving 'tip' if you find my information helpful.
What an #unlucky guy!
He got 275,700 $LINK ($4.42M) stolen by a #phishing #attack .
This guy accumulated 290,750 #LINK ($2.26M) at $7.8 from #exchanges between Jun 7, 2022, and Oct 14, 2023, a profit of nearly ~$2.4M currently.
Unfortunately, he accidentally clicked on the phishing link and was deceived into signing the approval transaction.
Ultimately, he lost a profit of $2.4M and a cost of $2.26M, a total loss of $4.66M!
He got 275,700 $LINK ($4.42M) stolen by a #phishing #attack .
This guy accumulated 290,750 #LINK ($2.26M) at $7.8 from #exchanges between Jun 7, 2022, and Oct 14, 2023, a profit of nearly ~$2.4M currently.
Unfortunately, he accidentally clicked on the phishing link and was deceived into signing the approval transaction.
Ultimately, he lost a profit of $2.4M and a cost of $2.26M, a total loss of $4.66M!
See original
Important Update🏮
Check this post before you lose your funds.
As a bull market approaches, beware of phishing scams currently going on in the crypto space. Many scammers are using this market appreciation to send phishing emails and tokens to unsuspecting investors.
• What is a phishing scam?
Phishing scams are deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords or financial details. These scams, usually carried out through fake emails, messages or websites, often impersonate legitimate organizations.
• What you need to do to avoid becoming a victim:
Do not click on unknown links and look for red flags in incoming messages, such as unusual sender addresses, typos or requests for sensitive information.
Verify the legitimacy of requests through official channels by adding an additional layer of protection, such as two-factor authentication.
Do not try to sell random tokens or NFTs that appear in your wallet.
Have a dedicated phone or PC for trading and wallet-related activities.
Remember: Your generous tips ❤️ will empower us to share more valuable content.
#HotTrends #Write2Earn #phishing #cryptoonline
Check this post before you lose your funds.
As a bull market approaches, beware of phishing scams currently going on in the crypto space. Many scammers are using this market appreciation to send phishing emails and tokens to unsuspecting investors.
• What is a phishing scam?
Phishing scams are deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords or financial details. These scams, usually carried out through fake emails, messages or websites, often impersonate legitimate organizations.
• What you need to do to avoid becoming a victim:
Do not click on unknown links and look for red flags in incoming messages, such as unusual sender addresses, typos or requests for sensitive information.
Verify the legitimacy of requests through official channels by adding an additional layer of protection, such as two-factor authentication.
Do not try to sell random tokens or NFTs that appear in your wallet.
Have a dedicated phone or PC for trading and wallet-related activities.
Remember: Your generous tips ❤️ will empower us to share more valuable content.
#HotTrends #Write2Earn #phishing #cryptoonline
All You Need To Know To Secure Your Data From Phishing
Phishing measures are becoming increasingly necessary as hackers attempt to steal your personal information and funds online every day.
According to a recent report by Scam Sniffer, in February, about 57,000 victims suffered losses of around $47 million due to crypto phishing scams. They pointed out that “most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts.”
Therefore, to avoid falling into the hands of fraudsters, you need to be able to recognize phishing and know how to protect yourself and your money. In this article, we will discuss this in detail.
Latest Hacker Attack On Exchanges
Cybersecurity company Lookout has announced the disclosure of a new phishing tool called CryptoChameleon. This tool demonstrates a new tactic aimed at some cryptocurrency exchanges such as Binance, Gemini, Coinbase, as well as the US Federal Communications Commission (FCC) via mobile phones. Attackers can create copies of single sign-on (SSO) pages and then use a combination of email and voice calls to obtain user data.
The report notes that CryptoChameleon has attacked employees of the Federal Communications Commission and Binance. In addition, users of Binance, Gemini, ShakePay, and other exchanges were affected. CryptoChameleon uses phone numbers and websites that look legitimate and represent the company’s support service in Gmail, iCloud, Outlook, X, and other services.
Lookout reported that they were able to speak to some of the victims and confirm that a combination of phone calls and messages were used to force the victim to complete the process.
“In one scenario, a victim received an unsolicited phone call that spoofed a real company’s customer support line. The person on the other end of the line was the threat actor, but sounded like a member of the support team from that company.”
Hackers informed the user that their account had been hacked, but they would help them restore it. During a phone conversation with the victim, the attackers would send a message that redirected to a phishing page.
The company’s analysis revealed more than 100 successful phishing attempts and ongoing phishing activity, mostly on Hostwinds, Hostinger, and Russian RetnNet servers. The vast majority of victims are located in the United States.
How Do I Recognize Phishing?
The main goal of phishing is to obtain confidential user information.
Attackers commonly send emails with malicious links on behalf of websites or exchanges. These can be security warnings, account hacking, various surveys, etc. Fraudsters usually emphasize the urgency of action or attract attention by offering a large reward for participation.
Signs that may indicate that the email is fraudulent:
The message uses subdomains, misspelled URLsThe message is written in a way that instills fear or a sense of urgency.The email asks you to confirm personal information, such as financial information or a password.The message is written illiterately and contains spelling and grammatical errors.
There are other verification methods used by companies such as Binance, WhiteBIT, and KuCoin, which have an additional way to verify the authenticity of an email with the Anti-Phishing feature. After activating it, the user has to enter a custom code that will signal that the email came from these companies. After saving the code, every time the user receives a technical email from the exchanges, it will contain this code.
How To Avoid Phishing Scams?
Use strong passwords and enable two-factor authentication: Use a strong and unique password for all accounts. Don’t write them down in an easily accessible place or share them with others. For storing and managing complex passwords, it’s best to use a password manager, such as 1Password, LastPass, Dashlane, and others. Enable two-factor authentication for all accounts to provide an extra layer of security. To do this, you can install a 2FA app on your phone, such as Google Authenticator, Authy, 2FAS, etc.
Don’t ignore update notifications: Security patches and updates are released primarily to address current cyberattack techniques, closing security gaps. Set your software to update automatically to avoid new threats.
Check the website address before entering your information: The URL of a page can often differ from the domain by a single letter and sometimes by case. For example, 1-l, I-l (uppercase “i” and lowercase “l”). It is also not recommended to enter passwords and logins on websites without HTTPS (a lock icon next to it) — it protects the connection and encrypts data.
Do not click on suspicious links: Commonly, scammers use links about winning millions of dollars or gifts as a lure. Therefore, do not click on such links and always check all current sweepstakes and company events.
Summary
Understanding phishing schemes and their signs is the most important thing in the fight against this type of fraud.
By knowing how to recognize harmful attacks and what methods attackers use, users can better protect their personal data. And by following the above recommendations, they can reduce the likelihood of theft.\
#security #phishing #guide
According to a recent report by Scam Sniffer, in February, about 57,000 victims suffered losses of around $47 million due to crypto phishing scams. They pointed out that “most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts.”
Therefore, to avoid falling into the hands of fraudsters, you need to be able to recognize phishing and know how to protect yourself and your money. In this article, we will discuss this in detail.
Latest Hacker Attack On Exchanges
Cybersecurity company Lookout has announced the disclosure of a new phishing tool called CryptoChameleon. This tool demonstrates a new tactic aimed at some cryptocurrency exchanges such as Binance, Gemini, Coinbase, as well as the US Federal Communications Commission (FCC) via mobile phones. Attackers can create copies of single sign-on (SSO) pages and then use a combination of email and voice calls to obtain user data.
The report notes that CryptoChameleon has attacked employees of the Federal Communications Commission and Binance. In addition, users of Binance, Gemini, ShakePay, and other exchanges were affected. CryptoChameleon uses phone numbers and websites that look legitimate and represent the company’s support service in Gmail, iCloud, Outlook, X, and other services.
Lookout reported that they were able to speak to some of the victims and confirm that a combination of phone calls and messages were used to force the victim to complete the process.
“In one scenario, a victim received an unsolicited phone call that spoofed a real company’s customer support line. The person on the other end of the line was the threat actor, but sounded like a member of the support team from that company.”
Hackers informed the user that their account had been hacked, but they would help them restore it. During a phone conversation with the victim, the attackers would send a message that redirected to a phishing page.
The company’s analysis revealed more than 100 successful phishing attempts and ongoing phishing activity, mostly on Hostwinds, Hostinger, and Russian RetnNet servers. The vast majority of victims are located in the United States.
How Do I Recognize Phishing?
The main goal of phishing is to obtain confidential user information.
Attackers commonly send emails with malicious links on behalf of websites or exchanges. These can be security warnings, account hacking, various surveys, etc. Fraudsters usually emphasize the urgency of action or attract attention by offering a large reward for participation.
Signs that may indicate that the email is fraudulent:
The message uses subdomains, misspelled URLsThe message is written in a way that instills fear or a sense of urgency.The email asks you to confirm personal information, such as financial information or a password.The message is written illiterately and contains spelling and grammatical errors.
There are other verification methods used by companies such as Binance, WhiteBIT, and KuCoin, which have an additional way to verify the authenticity of an email with the Anti-Phishing feature. After activating it, the user has to enter a custom code that will signal that the email came from these companies. After saving the code, every time the user receives a technical email from the exchanges, it will contain this code.
How To Avoid Phishing Scams?
Use strong passwords and enable two-factor authentication: Use a strong and unique password for all accounts. Don’t write them down in an easily accessible place or share them with others. For storing and managing complex passwords, it’s best to use a password manager, such as 1Password, LastPass, Dashlane, and others. Enable two-factor authentication for all accounts to provide an extra layer of security. To do this, you can install a 2FA app on your phone, such as Google Authenticator, Authy, 2FAS, etc.
Don’t ignore update notifications: Security patches and updates are released primarily to address current cyberattack techniques, closing security gaps. Set your software to update automatically to avoid new threats.
Check the website address before entering your information: The URL of a page can often differ from the domain by a single letter and sometimes by case. For example, 1-l, I-l (uppercase “i” and lowercase “l”). It is also not recommended to enter passwords and logins on websites without HTTPS (a lock icon next to it) — it protects the connection and encrypts data.
Do not click on suspicious links: Commonly, scammers use links about winning millions of dollars or gifts as a lure. Therefore, do not click on such links and always check all current sweepstakes and company events.
Summary
Understanding phishing schemes and their signs is the most important thing in the fight against this type of fraud.
By knowing how to recognize harmful attacks and what methods attackers use, users can better protect their personal data. And by following the above recommendations, they can reduce the likelihood of theft.\
#security #phishing #guide
"Crypto phishing attacks rose by 40% in 2022, reaching over 2 billion attempts, warns Kaspersky Lab. Fraudsters use fake websites and messages to trick investors into sharing private keys and accessing their crypto wallets." #cryptocurrency #phishing #cybersecurity
FBI Warns of Account Hijackers Targeting NFT and Crypto Enthusiasts ✉️
The FBI issued a warning about criminals #hijacking social media accounts and posing as legitimate figures in the NFT and crypto space.
These fraudsters promote new NFT releases with urgent phrases and share #phishing links to spoofed websites. Victims are tricked into connecting their wallets to claim NFTs but end up losing their funds to drainer smart contracts.
Even without wallet connection, people have reported losing valuable NFTs due to spoofed websites, with #malware or hidden wallet links suspected as possible causes.
Google's search results also featured fake NFT marketplaces, aggravating the problem. The FBI urged vigilance and advised vetting websites before clicking on them to safeguard against such scams.
#Binance
#crypto2023
The FBI issued a warning about criminals #hijacking social media accounts and posing as legitimate figures in the NFT and crypto space.
These fraudsters promote new NFT releases with urgent phrases and share #phishing links to spoofed websites. Victims are tricked into connecting their wallets to claim NFTs but end up losing their funds to drainer smart contracts.
Even without wallet connection, people have reported losing valuable NFTs due to spoofed websites, with #malware or hidden wallet links suspected as possible causes.
Google's search results also featured fake NFT marketplaces, aggravating the problem. The FBI urged vigilance and advised vetting websites before clicking on them to safeguard against such scams.
#Binance
#crypto2023
All about phishing scams☠️☠️?
Crypto #phishing scams are a type of online fraud that targets individuals and organizations involved in the cryptocurrency space. These scams are designed to trick people into revealing their sensitive information, such as private keys, #wallet addresses, or login credentials, with the intention of stealing their #Cryptocurrencies or gaining unauthorized access to their accounts.
Phishing scams typically involve the following tactics:
Deceptive Websites🕸️: Scammers create fake websites or clone legitimate cryptocurrency platforms, wallets, or exchanges to trick users into entering their private information.
Phishing Emails📩: Scammers send emails that appear to be from a trusted source, such as a popular cryptocurrency exchange or wallet provider. These emails often contain links to fake websites and may ask recipients to provide their login credentials, private keys, or other sensitive information.
Social Engineering👩💻: Scammers use social engineering techniques to manipulate and deceive individuals into revealing sensitive information. They may impersonate customer support representatives, friends, or family members to gain the victim's trust.
Fake Mobile Apps📱: Scammers create counterfeit mobile applications that mimic legitimate cryptocurrency wallet or exchange apps, which can be downloaded from app stores. These apps can steal login credentials or private keys when used.
Malware☠️: Malicious software can be used to infect a user's computer or device, allowing scammers to steal cryptocurrency-related data or manipulate transactions.
I will be very thankful to myself if you like the information. Hope this information will help you in understanding phishing scams in crypto and also help you in saving yourself from such scams.
#dyor
Crypto #phishing scams are a type of online fraud that targets individuals and organizations involved in the cryptocurrency space. These scams are designed to trick people into revealing their sensitive information, such as private keys, #wallet addresses, or login credentials, with the intention of stealing their #Cryptocurrencies or gaining unauthorized access to their accounts.
Phishing scams typically involve the following tactics:
Deceptive Websites🕸️: Scammers create fake websites or clone legitimate cryptocurrency platforms, wallets, or exchanges to trick users into entering their private information.
Phishing Emails📩: Scammers send emails that appear to be from a trusted source, such as a popular cryptocurrency exchange or wallet provider. These emails often contain links to fake websites and may ask recipients to provide their login credentials, private keys, or other sensitive information.
Social Engineering👩💻: Scammers use social engineering techniques to manipulate and deceive individuals into revealing sensitive information. They may impersonate customer support representatives, friends, or family members to gain the victim's trust.
Fake Mobile Apps📱: Scammers create counterfeit mobile applications that mimic legitimate cryptocurrency wallet or exchange apps, which can be downloaded from app stores. These apps can steal login credentials or private keys when used.
Malware☠️: Malicious software can be used to infect a user's computer or device, allowing scammers to steal cryptocurrency-related data or manipulate transactions.
I will be very thankful to myself if you like the information. Hope this information will help you in understanding phishing scams in crypto and also help you in saving yourself from such scams.
#dyor
(@sell9000 )
PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.
Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.
PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.
Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.