phishing
56,087 views
24 Discussing
Hot
Latest
Twenty malicious #npm packages impersonating the #Hardhat #Ethereum✅ development environment have targeted private keys and sensitive data. These packages, downloaded over 1,000 times, were uploaded by three accounts using #typosquatting techniques to trick developers. Once installed, the packages steal private keys, mnemonics, and configuration files, encrypt them with a hardcoded AES key, and send them to attackers. This exposes developers to risks like unauthorized transactions, compromised production systems, #phishing , and malicious dApps.
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
See original
According to security firm Web3 Scam Sniffer, over $127 million in #Criptomonedas was stolen from investors in Q3 2024, with approximately $46 million lost in September to phishing attacks.
In phishing attacks, scammers trick investors into linking their crypto wallets, such as #MetaMask , to fraudulent services. Linking crypto wallets to #phishing websites allows scammers to withdraw#cryptocurrenciesfrom users without further authentication.
In phishing attacks, scammers trick investors into linking their crypto wallets, such as #MetaMask , to fraudulent services. Linking crypto wallets to #phishing websites allows scammers to withdraw#cryptocurrenciesfrom users without further authentication.
#PeckShieldAlert
A #phishingscam address labeled "Fake_Phishing442897," which stole $55.4M in #DAI from a whale's account, has swapped 250K $DAI for 102.6 $ETH & transferred them to a new address 0x2751...fC12
The #phishing address currently holds ~$40.5m worth of cryptos, including ~15.18K $ETH , ~2.8M $DAI & ~327.3 $stETH
A #phishingscam address labeled "Fake_Phishing442897," which stole $55.4M in #DAI from a whale's account, has swapped 250K $DAI for 102.6 $ETH & transferred them to a new address 0x2751...fC12
The #phishing address currently holds ~$40.5m worth of cryptos, including ~15.18K $ETH , ~2.8M $DAI & ~327.3 $stETH
Stay #SAFU on X and other socials.
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
Important Update🏮
Check this post before you lose your funds.
As the bull market approaches, beware of the phishing scams currently taking place in the crypto world. Many fraudsters are using this market appreciation to send phishing emails and tokens to unsuspecting investors.
• What is a phishing scam?
Phishing scams are deceptive attempts to trick individuals into disclosing sensitive information such as usernames, passwords or financial details. These scams, usually perpetrated through fake emails, messages or websites, often impersonate legitimate organizations.
• What you need to do to avoid becoming a victim:
Don't click on unknown links and look for red flags in incoming messages, such as unusual return addresses, typos, or requests for sensitive information.
Verify the legitimacy of requests through official channels by adding additional layers of protection, such as two-factor authentication.
Don't try to sell random tokens or NFTs that appear in your wallet.
Have a dedicated phone or PC for trading and wallet related activities.
Remember: Your generous tips ❤️ will empower us to share more valuable content.
#HotTrends #Write2Earn #phishing #cryptoonline
Check this post before you lose your funds.
As the bull market approaches, beware of the phishing scams currently taking place in the crypto world. Many fraudsters are using this market appreciation to send phishing emails and tokens to unsuspecting investors.
• What is a phishing scam?
Phishing scams are deceptive attempts to trick individuals into disclosing sensitive information such as usernames, passwords or financial details. These scams, usually perpetrated through fake emails, messages or websites, often impersonate legitimate organizations.
• What you need to do to avoid becoming a victim:
Don't click on unknown links and look for red flags in incoming messages, such as unusual return addresses, typos, or requests for sensitive information.
Verify the legitimacy of requests through official channels by adding additional layers of protection, such as two-factor authentication.
Don't try to sell random tokens or NFTs that appear in your wallet.
Have a dedicated phone or PC for trading and wallet related activities.
Remember: Your generous tips ❤️ will empower us to share more valuable content.
#HotTrends #Write2Earn #phishing #cryptoonline
📢📢🎁🎁🎁🎁🎁🎁🎁🎁🎁🎁🎁📢📢
🚀
🚀🌟 Exclusive Alert! 🌟🚀
🎉 EARN 100 USDT
CLICK HERE TO CLAIM IT
1. Follow me for updates and more ways.
2. Like and Share this post to spread the excitement.
3.CLICK MY PINEED POST AND CLAIM THE REWARD
3. Drop a complete in the comments to participate♥️.
🔥 Hurry, For grab your free USDT and join the celebration! 🎁💰 #TrendingTopic #FreeUSDT #giveaway
🚀
🚀🌟 Exclusive Alert! 🌟🚀
🎉 EARN 100 USDT
CLICK HERE TO CLAIM IT
1. Follow me for updates and more ways.
2. Like and Share this post to spread the excitement.
3.CLICK MY PINEED POST AND CLAIM THE REWARD
3. Drop a complete in the comments to participate♥️.
🔥 Hurry, For grab your free USDT and join the celebration! 🎁💰 #TrendingTopic #FreeUSDT #giveaway
What an #unlucky guy!
He got 275,700 $LINK ($4.42M) stolen by a #phishing #attack .
This guy accumulated 290,750 #LINK ($2.26M) at $7.8 from #exchanges between Jun 7, 2022, and Oct 14, 2023, a profit of nearly ~$2.4M currently.
Unfortunately, he accidentally clicked on the phishing link and was deceived into signing the approval transaction.
Ultimately, he lost a profit of $2.4M and a cost of $2.26M, a total loss of $4.66M!
He got 275,700 $LINK ($4.42M) stolen by a #phishing #attack .
This guy accumulated 290,750 #LINK ($2.26M) at $7.8 from #exchanges between Jun 7, 2022, and Oct 14, 2023, a profit of nearly ~$2.4M currently.
Unfortunately, he accidentally clicked on the phishing link and was deceived into signing the approval transaction.
Ultimately, he lost a profit of $2.4M and a cost of $2.26M, a total loss of $4.66M!
#PeckShieldAlert
The #phishing address that drained 55.4M $DAI has transferred 6,958.7 $ETH (worth ~$20m) to 10 addresses
The #phishing address that drained 55.4M $DAI has transferred 6,958.7 $ETH (worth ~$20m) to 10 addresses
🚨 Phishing Attack Alert: $11.1M Lost in Recent Exploit! 🚨
Approximately 6 hours ago, a major phishing attack resulted in a significant loss of assets.
Details of the Exploit:
1⃣ 3,657 $MKR ($8,766,097) and 2.56M PT Ethena tokens ($2.4M) were stolen.
2⃣ The exploiter sold 3,657 MKR for 2,502 $ETH ($8,766,097), causing a 7.5% drop in the price of #MKR
3⃣ Additionally, 2.56M PT Ethena tokens were swapped for 689 ETH ($2.41M).
This incident highlights the critical importance of security in the crypto space. Always remain vigilant and take necessary precautions to protect your assets.
#Crypto #phishing #bitcoin #Binance $BNB
Approximately 6 hours ago, a major phishing attack resulted in a significant loss of assets.
Details of the Exploit:
1⃣ 3,657 $MKR ($8,766,097) and 2.56M PT Ethena tokens ($2.4M) were stolen.
2⃣ The exploiter sold 3,657 MKR for 2,502 $ETH ($8,766,097), causing a 7.5% drop in the price of #MKR
3⃣ Additionally, 2.56M PT Ethena tokens were swapped for 689 ETH ($2.41M).
This incident highlights the critical importance of security in the crypto space. Always remain vigilant and take necessary precautions to protect your assets.
#Crypto #phishing #bitcoin #Binance $BNB
🛑 STOP SCROLLING! WHY KYC CAN BE DANGEROUS!!! 🛑
⛔ Read the full post, as this is an important one:
"KYC is the act of throwing 99 innocent people under the bus in order to make law enforcement's job catching 1 bad guy a little easier. The 99 shouldn't tolerate it."
The picture shows what I recently found on Twitter.
Why should you care and what should/shouldn't you do?
Leaked KYC data makes you vulnerable to attacks like sim-swaps, which allow attackers to bypass your 2FA security, but also comes with even bigger danger.
Leaked documents can lead to scammers opening online bank accounts in your name, taking loans & putting you into a horrible financial situation.
Deepfakes and simple Epson printers with ID card printing features make it possible to even fake real-time online verification processes.
Conclusion:
Be EXTREMELY cautious where you submit your KYC information. If small, not properly secured projects require KYC for crypto allocations and similar, remember that you're making yourself vulnerable the moment you submit your data.
You can never be sure that your data is encrypted and saved in a secure spot. You just can NEVER be sure.... so IF you submit KYC data, make sure that you don't do it left, right, center wherever you go, but only provide big, trustworthy and well established companies with these kind of details.
You will thank me later.
Follow @Professor Mende - Bonuz Ecosystem Founder for more!
#scamalert #kyc #phishing #scams #hacking
$PEPE $FLOKI $SHIB
⛔ Read the full post, as this is an important one:
"KYC is the act of throwing 99 innocent people under the bus in order to make law enforcement's job catching 1 bad guy a little easier. The 99 shouldn't tolerate it."
The picture shows what I recently found on Twitter.
Why should you care and what should/shouldn't you do?
Leaked KYC data makes you vulnerable to attacks like sim-swaps, which allow attackers to bypass your 2FA security, but also comes with even bigger danger.
Leaked documents can lead to scammers opening online bank accounts in your name, taking loans & putting you into a horrible financial situation.
Deepfakes and simple Epson printers with ID card printing features make it possible to even fake real-time online verification processes.
Conclusion:
Be EXTREMELY cautious where you submit your KYC information. If small, not properly secured projects require KYC for crypto allocations and similar, remember that you're making yourself vulnerable the moment you submit your data.
You can never be sure that your data is encrypted and saved in a secure spot. You just can NEVER be sure.... so IF you submit KYC data, make sure that you don't do it left, right, center wherever you go, but only provide big, trustworthy and well established companies with these kind of details.
You will thank me later.
Follow @Professor Mende - Bonuz Ecosystem Founder for more!
#scamalert #kyc #phishing #scams #hacking
$PEPE $FLOKI $SHIB
Guaranteeing Privacy in Cryptocurrency with Lelantus Spark.
In a period where digital privacy is increasingly under threat, $FIRO emerges as a beacon of hope in the cryptocurrency landscape. FIRO has established itself as a top dog in blockchain privacy technology, offering users a secure and confidential means of conducting transactions.
At the heart of FIRO innovation lies Lelantus Spark, an advance privacy protocol that sets new standards in the ecosystem.
The Need for Privacy in Cryptocurrency
As the cryptocurrency market expands, so do the threats to user privacy. Phishing attacks, where malicious actors attempt to steal sensitive information by posing as legitimate entities, have become alarmingly common. These attacks often target wallets, exchanges, and even initial coin offerings, putting users' funds at risk.
In this context, privacy-focused cryptocurrencies like Firo play a crucial role in safeguarding users' financial information and transactions.
Lelantus Spark
Lelantus Spark, FIRO‘a advanced privacy technology, addresses these concerns head-on. This protocol offers several key advantages:
•Enhanced Anonymity: Lelantus Spark uses a unique one-out-of-many proofs system, making it virtually impossible to trace transactions back to their source.
•Scalability: The protocol is designed to handle a high volume of transactions efficiently, ensuring that privacy doesn't come at the cost of performance.
•User-Friendly: Despite its complex underlying technology, Lelantus Spark is designed with user experience in mind, making privacy accessible to all.
•Auditability: While providing strong privacy guarantees, Lelantus Spark also allows for optional auditability, striking a balance between privacy and regulatory compliance.
How Lelantus Spark Protects Against Phishing
Lelantus Spark's privacy features provide an additional layer of protection against phishing attacks. By obscuring transaction details and user identities, it significantly reduces the amount of useful information an attacker can gain, even if they manage to compromise a user's account.
The Future of Privacy with $FIRO
As digital threats evolve, so too must our defenses. FIRO’s commitment to ongoing research and development ensures that Lelantus Spark will continue to adapt and improve, staying ahead of potential vulnerabilities.
As we move forward in an increasingly connected world, technologies like Lelantus Spark will play a vital role in safeguarding our right to privacy. FIRO and its Lelantus Spark technology represent a significant leap forward in cryptocurrency privacy. By addressing the critical need for secure, private transactions, Firo is not just protecting individual users – it's helping to build a more vigorous and trustworthy cryptocurrency ecosystem for everyone.
#PrivacyMatters #phishing
At the heart of FIRO innovation lies Lelantus Spark, an advance privacy protocol that sets new standards in the ecosystem.
The Need for Privacy in Cryptocurrency
As the cryptocurrency market expands, so do the threats to user privacy. Phishing attacks, where malicious actors attempt to steal sensitive information by posing as legitimate entities, have become alarmingly common. These attacks often target wallets, exchanges, and even initial coin offerings, putting users' funds at risk.
In this context, privacy-focused cryptocurrencies like Firo play a crucial role in safeguarding users' financial information and transactions.
Lelantus Spark
Lelantus Spark, FIRO‘a advanced privacy technology, addresses these concerns head-on. This protocol offers several key advantages:
•Enhanced Anonymity: Lelantus Spark uses a unique one-out-of-many proofs system, making it virtually impossible to trace transactions back to their source.
•Scalability: The protocol is designed to handle a high volume of transactions efficiently, ensuring that privacy doesn't come at the cost of performance.
•User-Friendly: Despite its complex underlying technology, Lelantus Spark is designed with user experience in mind, making privacy accessible to all.
•Auditability: While providing strong privacy guarantees, Lelantus Spark also allows for optional auditability, striking a balance between privacy and regulatory compliance.
How Lelantus Spark Protects Against Phishing
Lelantus Spark's privacy features provide an additional layer of protection against phishing attacks. By obscuring transaction details and user identities, it significantly reduces the amount of useful information an attacker can gain, even if they manage to compromise a user's account.
The Future of Privacy with $FIRO
As digital threats evolve, so too must our defenses. FIRO’s commitment to ongoing research and development ensures that Lelantus Spark will continue to adapt and improve, staying ahead of potential vulnerabilities.
As we move forward in an increasingly connected world, technologies like Lelantus Spark will play a vital role in safeguarding our right to privacy. FIRO and its Lelantus Spark technology represent a significant leap forward in cryptocurrency privacy. By addressing the critical need for secure, private transactions, Firo is not just protecting individual users – it's helping to build a more vigorous and trustworthy cryptocurrency ecosystem for everyone.
#PrivacyMatters #phishing
See original
🚨$7.8 Million SolvBTC Lost Due to Phishing Scam🚨
A user has lost $7.8 million worth of SolvBTC after falling for a phishing scam. The incident, detected by Scam Sniffer, occurred within a span of 34 minutes, highlighting the security risks in the cryptocurrency world. What additional measures do you think should be implemented to protect users from these scams? 🤔🔒💰
#Criptomonedas #SeguridadOnline #Phishing
$VET $VTHO $VANRY
A user has lost $7.8 million worth of SolvBTC after falling for a phishing scam. The incident, detected by Scam Sniffer, occurred within a span of 34 minutes, highlighting the security risks in the cryptocurrency world. What additional measures do you think should be implemented to protect users from these scams? 🤔🔒💰
#Criptomonedas #SeguridadOnline #Phishing
$VET $VTHO $VANRY
(@sell9000 )
PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.
Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.
PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.
Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.
Anti-phishing code🛡
Do not reveal your password or verification codes to anyone, including Binance Support.🛡
#phishing
Do not reveal your password or verification codes to anyone, including Binance Support.🛡
#phishing
@lookonchain
Someone lost 12,083.6 $spWETH (worth $32.33M)! due to a #phishing attack!
According to #ArkhamIntel , the wallet may be related to DiscusFish (@bitfish1).
To avoid being phished, please do not click on any unknown links and do not sign any unknown signatures.
Always double-check when signing signatures.
(trxn# 0xf7c00f18175cdea49f8fdad6a1d45edeb318f18f3009f51ab9f4675171c1d8fb)
#phishingattack
Someone lost 12,083.6 $spWETH (worth $32.33M)! due to a #phishing attack!
According to #ArkhamIntel , the wallet may be related to DiscusFish (@bitfish1).
To avoid being phished, please do not click on any unknown links and do not sign any unknown signatures.
Always double-check when signing signatures.
(trxn# 0xf7c00f18175cdea49f8fdad6a1d45edeb318f18f3009f51ab9f4675171c1d8fb)
#phishingattack
🚨 DON'T GET HACKED!!! UNDERSTANDING SOCIAL ENGINEERING 🚨
🔒 Social engineering attacks exploit trust, emotions, and sometimes ignorance.
🚨 Common Social Engineering Tactics in Crypto
📧 Fake emails, messages, and websites mimic legit crypto platforms, tricking you into revealing private keys or login credentials. Look out for offers of free crypto, urgent security alerts, or limited-time offers.
😈 Scammers pose as trusted representatives, industry figures, or even friends. They use social proof, urgency, and technical jargon to appear legitimate and gain your trust.
💔 Fake profiles on dating apps lure victims into online relationships, eventually asking for crypto under the guise of financial help or investment opportunities.
📉 Attackers spread false info to inflate a crypto's price, then sell off their holdings, causing the price to crash and leaving you with losses.
🛡 How Social Engineering Attacks Work
1. 🔍 Information Gathering: Scammers collect personal details from social media, forums, or direct conversations.
2. 🤝 Establishing Trust: They pose as trustworthy figures, building rapport over time.
3. 💬 Manipulating Victims: Using flattery, empathy, or threats to create urgency or fear.
4. . 🚀 Exploiting Victims: Swiftly transferring funds or stealing info once security is compromised.
🛡 Protect Yourself from Social Engineering Attacks
📰 Educate yourself about common tactics. Recognize the warning signs of scams like unsolicited offers or urgent requests for personal info.
🛡 Use two-factor authentication for an extra layer of security on all crypto-related accounts.
🧩 Create strong, unique passwords for each account and change them regularly.
🔒 Be cautious about what you share on social media and public forums.
💡 If something feels off, it probably is. Double-check and seek expert advice.
@Professor Mende - Bonuz Ecosystem Founder
Stay safe and share this if you care about your friends and the crypto community!
#scamalert #phishing #hacking #security #safety
$BTC $PEPE $SHIB
🔒 Social engineering attacks exploit trust, emotions, and sometimes ignorance.
🚨 Common Social Engineering Tactics in Crypto
📧 Fake emails, messages, and websites mimic legit crypto platforms, tricking you into revealing private keys or login credentials. Look out for offers of free crypto, urgent security alerts, or limited-time offers.
😈 Scammers pose as trusted representatives, industry figures, or even friends. They use social proof, urgency, and technical jargon to appear legitimate and gain your trust.
💔 Fake profiles on dating apps lure victims into online relationships, eventually asking for crypto under the guise of financial help or investment opportunities.
📉 Attackers spread false info to inflate a crypto's price, then sell off their holdings, causing the price to crash and leaving you with losses.
🛡 How Social Engineering Attacks Work
1. 🔍 Information Gathering: Scammers collect personal details from social media, forums, or direct conversations.
2. 🤝 Establishing Trust: They pose as trustworthy figures, building rapport over time.
3. 💬 Manipulating Victims: Using flattery, empathy, or threats to create urgency or fear.
4. . 🚀 Exploiting Victims: Swiftly transferring funds or stealing info once security is compromised.
🛡 Protect Yourself from Social Engineering Attacks
📰 Educate yourself about common tactics. Recognize the warning signs of scams like unsolicited offers or urgent requests for personal info.
🛡 Use two-factor authentication for an extra layer of security on all crypto-related accounts.
🧩 Create strong, unique passwords for each account and change them regularly.
🔒 Be cautious about what you share on social media and public forums.
💡 If something feels off, it probably is. Double-check and seek expert advice.
@Professor Mende - Bonuz Ecosystem Founder
Stay safe and share this if you care about your friends and the crypto community!
#scamalert #phishing #hacking #security #safety
$BTC $PEPE $SHIB
🚨 IMPORTANT: Ledger Users Targeted in New Phishing Scam
Do you use a Ledger? If yes, you MUST read this!
A new wave of phishing emails is targeting Ledger users, posing a serious threat to cryptocurrency holdings. The scam attempts to trick users into activating a fake security feature called “Ledger Clear Signing,” claiming that action is required by October 31 to continue using their devices.
These emails — not sent from official Ledger addresses — direct recipients to a malicious link, urging them to activate the so-called security feature. The phishing email warns:
"To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated.”
These scam emails are well-disguised, playing on users’ fears of phishing attacks to ironically lure them into a phishing trap. Once users follow the link, they are prompted to share sensitive information, which scammers use to drain their accounts.
Stay Vigilant:
Do not click suspicious links or engage with emails not from official Ledger sources.
Never share your recovery phrase or personal information through any email or message.
Why Ledger Users Are a Prime Target:
Ledger hardware wallets are among the most trusted in the industry, making them prime targets for scammers. This “clean Ledger scam” was flagged by Thomas Roccia, a senior threat researcher at Microsoft, who confirmed that the phishing URL has no relation to Ledger.
Phishing attacks like these are becoming more sophisticated every day. Protect your assets by ensuring that you only use official communication channels and verify the authenticity of any request.
Stay safe, Ledger users! Like and share this, so people don't lose their money!
#LedgerSecurity #phishing #SCAMalerts #scam #warning
$PEPE $SHIB $FLOKI
Do you use a Ledger? If yes, you MUST read this!
A new wave of phishing emails is targeting Ledger users, posing a serious threat to cryptocurrency holdings. The scam attempts to trick users into activating a fake security feature called “Ledger Clear Signing,” claiming that action is required by October 31 to continue using their devices.
These emails — not sent from official Ledger addresses — direct recipients to a malicious link, urging them to activate the so-called security feature. The phishing email warns:
"To continue using your Ledger device securely, activating Clear Signing is mandatory starting November 1, 2024. This feature is essential in protecting your assets from phishing attacks and fraudulent activities that are becoming more sophisticated.”
These scam emails are well-disguised, playing on users’ fears of phishing attacks to ironically lure them into a phishing trap. Once users follow the link, they are prompted to share sensitive information, which scammers use to drain their accounts.
Stay Vigilant:
Do not click suspicious links or engage with emails not from official Ledger sources.
Never share your recovery phrase or personal information through any email or message.
Why Ledger Users Are a Prime Target:
Ledger hardware wallets are among the most trusted in the industry, making them prime targets for scammers. This “clean Ledger scam” was flagged by Thomas Roccia, a senior threat researcher at Microsoft, who confirmed that the phishing URL has no relation to Ledger.
Phishing attacks like these are becoming more sophisticated every day. Protect your assets by ensuring that you only use official communication channels and verify the authenticity of any request.
Stay safe, Ledger users! Like and share this, so people don't lose their money!
#LedgerSecurity #phishing #SCAMalerts #scam #warning
$PEPE $SHIB $FLOKI
See original
🚨 Attacks on Solana wallets: Scammers are using third-party domains, such as expired DAPPs, and exploiting XSS vulnerabilities to evade blacklists. A recent theft of over $2.2 million in Solana assets highlights the growing security concerns. Always exercise caution when connecting your wallet. 🛑🔐 #Solana #CryptoSecurity #Phishing $SOL $PNUT
🚨_Crypto Scam Alert: August's Mixed Bag_🚨
August brought a rare glimmer of hope in the crypto scam landscape, with losses totaling a relatively low $4.8 million - the lowest since January 2021! 🙌 However, this progress is overshadowed by two terrifying phishing cases that cost users a staggering $293 million. 😱
The Good News:
After $10 million was returned to Ronin Network, August's losses were significantly lower than previous months. This is a step in the right direction, but we must remain vigilant.
The Bad News:
Two massive phishing scams shook the crypto community, resulting in devastating losses. These scams are a harsh reminder that vigilance is key when dealing with cryptocurrencies.
Stay Safe, Stay Informed:
Remember, knowledge is power. Stay up-to-date with the latest security measures and best practices to protect your assets.
Don't let scammers get the best of you!
#CryptoScamAlert #phishing #StaySafeCryptoFam #StayInformed
The Good News:
After $10 million was returned to Ronin Network, August's losses were significantly lower than previous months. This is a step in the right direction, but we must remain vigilant.
The Bad News:
Two massive phishing scams shook the crypto community, resulting in devastating losses. These scams are a harsh reminder that vigilance is key when dealing with cryptocurrencies.
Stay Safe, Stay Informed:
Remember, knowledge is power. Stay up-to-date with the latest security measures and best practices to protect your assets.
Don't let scammers get the best of you!
#CryptoScamAlert #phishing #StaySafeCryptoFam #StayInformed
See original
be careful if this message appears on your account, there is a Phishing attack, please be careful, secure your account.
#PhishingAttack
#phishing
#PhishingScams
#PhishingAttack
#phishing
#PhishingScams