phishing
1 in 3 Untrained Employees Will Click on a Phishing Link – New Report
Image sourced from Kaspersky. KnowBe4, one of the world’s largest cyber-security awareness training companies and simulated phishing platform provider, has released the new 2022 Phishing by Industry Benchmarking Report to measure an organisation’s Phish-prone Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or a social engineering scam. With ransomware payments averaging $580,000 in 2021 and business email compromise (BEC) losses topping $1.8 billion in 2020, a cyber attack can wreak havoc on an organisation. Yet, according to the baseline testing conducted for the report, without security training, across all industries globally, 32.4% of employees are likely to click on a suspicious link or comply with a fraudulent request. In some large categ...
Are Phishing Attacks Targeting Crypto on the Rise?
Image sourced from Shutterstock. Experts at Russian cybersecurity company Kaspersky have taken a close look at the phishing pages aimed at potential crypto investors as well as the malicious files that are distributed under the names of the 20 most popular cryptocurrency wallets. Since the beginning of 2022, Kaspersky products detected and prevented almost 200,000 attempts to steal users’ digital currencies and credentials to their wallets via phishing, according to the company. The number of such attempts almost reached 50,000 in April, which is half of the indicators for the first quarter of 2022. Crypto wallets are the primary target for scamming and malicious activity. With the boom in digital currencies observed over the past five years, Kaspersky has seen various new cybercriminal ta...
The Great Phishing Fail
Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa. In 2021, phishing attacks increased by 7.3% according to the ESET Threat Report, and the Cisco 2021 Cybersecurity threat trends report revealed that around 86% of organisations had at least one person click a phishing link. This echoes the findings of recent KnowBe4 Security Awareness Research that found people keep clicking – on fake emails from HR, the business and IT. As Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, points out, the majority of top email categories that people fall for are those that fit in to everyday life – invoices, purchase orders, shared files, and COVID-19 related topics. “As our quarterly report on the top-clicked phishing tests shows, the emails that catch people are t...
CertiK shares security tips following third BAYC security compromise in six months
On June 4, the popular nonfungible token, or NFT, project Bored Ape Yacht Club (BAYC) suffered its third security compromise this year. Nearly 142 Ether (ETH) ($250,000) worth of NFTs was stolen after hackers gained access to the Discord account of a BAYC community manager and posted a message with a link to a fake website. The link advertised a limited-time free-NFT giveaway to users who connected their wallets, which were then drained of NFTs. During two prior occasions in April, hackers breached BAYC’s Discord and Instagram pages and managed to siphon 91 NFTs, worth over $1.3 million at the time of the second attempt, via a phishing link. As told by blockchain security firm CertiK, hackers quickly moved stolen funds to obfuscation platform Tornado Cash, making it imposs...
Yuga Labs’ BAYC, OtherSide Discord groups breached, over 145 ETH stolen
Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing. OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs. BAYC & OtherSide discords got compromised‼️ Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W — OKHotshot (@NFTherder) June 4, 2022 According to OKH...
STEPN impersonators stealing users’ seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user’s dashboard where they may connect their stolen wallets to their own or “claim” a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic....
New Phishing Report Shows the Top Email Headlines to Beware Of
Image sourced form Broad Media. KnowBe4, provider of one of the world’s largest security awareness training and simulated phishing platforms, today announced the results of its Q1 2022 top-clicked phishing report. “In our latest quarterly phishing report, we found that holiday-themed emails were the most tempting for employees to click on,” said Stu Sjouwerman, CEO, KnowBe4. “HR-related messages such as a change in the schedule for the holidays likely piqued interest from employees to see if they would receive an extra day off or shortened work schedule due to the holidays. It is important to remember that cybercriminals utilize various tactics such as preying on people’s emotions when executing their malicious scams. Remaining vigilant and adopting a heightened sense of suspicion around e...
Understanding the Risks to Cryptocurrency Trading
Sourced from Hacker Noon. Alongside self-fertilizing crops and low-carbon shipping, cryptocurrencies have made the World Economic Forum (WEF) list of top tech trends in 2022 bolstered by research by the Thomson Reuters Foundation that describes it as moving from the ‘fringes of finance to the mainstream’. Perceptions around cryptocurrencies have shifted, with several countries adopting it as legal tender, banks looking to create their own forms of digital currency, and consumers putting their savings into crypto wallets instead of traditional financial institutions. Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa. Countries are either considering or are already partially using Central Bank Digital Currency (CBDC), which essentially allows for companies and individuals...
BlockFi confirms unauthorized access to client data hosted on Hubspot
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, March 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and phone numbers. Historically, bad actors have used such information for conducting phishing attacks and gaining access to acc...
OpenSea customer service migrating from Discord to Metalink to more adequately protect its community
On Tuesday, nonfungible token, or NFT, platform OpenSea launched a server on Metalink to give the verified owners of its collections a direct channel for support, feedback and updates. In addition, OpenSea said it would no longer offer customer support over Discord DMs. Metalink is a collaboration app for NFT communities that offers users a place to view their collection’s value and monitor its associated real-time transaction feed. In addition, channels hosted on Metalink are token-gated, meaning that proof of ownership of an NFT or social token is required to access the content. According to OpenSea, the platform is making the switch after fraudsters began impersonating support associates on its Discord page. As one crypto enthusiast, @seanbonner writes: “[It happens li...
Hong Kong NFT project Monkey Kingdom loses $1.3M in phishing hack, launches compensation fund
On Tuesday, Solana nonfungible token (NFT) project Monkey Kingdom, which has received notable backing from American DJ Steve Aoki, announced via Twitter that hackers made off with $1.3 million of the community’s crypto funds through a security breach on Discord. According to its developers, the hack first occurred with the breach of Grape, a popular solution for verifying users on Solana. Hackers then used the exploit to take over an administrative account, which posted a phishing link in the Monkey Kingdom Discord’s announcement channel. Users who followed the link connected their wallets expecting they would receive an NFT but instead were drained of their SOL tokens by the scammer. Announcement on the discord hack pic.twitter.com/1r7svjlZcB — Monkey Kingdom (@MonkeyKin...
