#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Phishing scam | Breaking Cybersecurity News | The Hacker News

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

Dec 30, 2023 Cryptocurrency / Phishing Scam
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, Dikla Barda, and Roman Zaikin  said . A prominent contributor to this troubling trend is a notorious phishing group called Angel Drainer, which advertises a "scam-as-a-service" offering by charging a percentage of the stolen amount,  typically 20% or 30% , from its collaborators in return for providing wallet-draining scripts and other services. In late November 2023, a similar wallet-draining service known as Inferno Drainer announced that it was  shutting down its operations  for good after helping scammers plunder over $70 million worth of crypto from 103,676 victims sinc
Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes

Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes

Feb 20, 2020
Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information. According to researchers at Group-IB , the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the Year 2020" contest. The development is a reminder that rewards-based social engineering campaigns continue to be an effective means to scam users, not to mention the leveraging the collected data to their financial advantage. Under the "Like of the Year" scheme, users were invited to win a large cash prize, telling them they've been randomly selected after liking a post on social media platforms such as VKontakte. The invites were sent via an email blast by hacking the mail servers of a fiscal data operator , which refers to a legal entity created to aggregate, st
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

Aug 23, 2019
A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For

WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For

Feb 15, 2019
How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if you, like most Internet users, are also relying on above basic security practices to spot if that " Facebook.com " or " Google.com " you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , told The Hacker News that his team recently spotted a new phishing attack campaign "that even the most vigilant users could fall for." Vincent found that cybercriminals are distributing links to blogs and services that prompt visitors to first " login using Facebook acco
3 Nigerian Scammers Get 235-Years of Total Jail Sentence in U.S.

3 Nigerian Scammers Get 235-Years of Total Jail Sentence in U.S.

May 26, 2017
You may have heard of hilarious Nigerian scams. My all time favourite is this one: A Nigerian astronaut has been trapped in space for the past 25 years and needs $3 million to get back to Earth, Can you help? Moreover, Nigerians are also good at promising true love and happiness. But You know, Love hurts. Those looking for true love and happiness lost tens of millions of dollars over the Nigerian dating and romance scams. These criminals spend their whole day trolling the online dating sites for contact emails and then send off hundreds of thousands of fraudulent emails awaiting the victim's response. A US federal district court in Mississippi has sentenced such three Nigerian scammers to a collective 235 years in prison for their roles in a large-scale international fraud network that duped people out of tens of millions of dollars. The three Nigerian nationals were part of a 21-member gang of cyber criminals, of which six, including Ayelotan, Raheem, and Mewase,
'The Fappening' Hacker Reveals How He Stole Pics of Over 100 Celebrities

'The Fappening' Hacker Reveals How He Stole Pics of Over 100 Celebrities

Mar 16, 2016
Almost one and a half years ago after the massive leakage of celebrities' photographs — famous as " The Fappening " or "Celebgate" scandal — a man had been charged with the Computer Fraud and Abuse Act, facing up to 5 years in prison as a result. The US Department of Justice (DOJ) announced on Tuesday that it charged Ryan Collins, 36, of Pennsylvania for illegally accessing the Gmail and iCloud accounts of various celebrities, including Jennifer Lawrence and Kim Kardashian , and leaked their photos onto 4chan. Social Engineering Helped Hacker Stole Celebs' Pics Collins was trapped by the Federal Bureau of Investigation (FBI) and in the process of the trial, the hacker revealed that… The Fappening did not involve Apple's iCloud services being compromised through password cracking or brute-forcing, but rather it was the result of simple Social Engineering , in the form of Phishing Attacks. Yes, The Fappening scandal was the re
'Activate WhatsApp calling feature' Invite Scam Targeting Users with Malware

'Activate WhatsApp calling feature' Invite Scam Targeting Users with Malware

Mar 09, 2015
While WhatsApp is very reserved to its new calling feature, cyber scammers are targeting WhatsApp users across the world by circulating fake messages inviting users to activate the new ' WhatsApp calling feature for Android'  that infects their smartphones with malicious apps. If you receive an invitation message from any of your friend saying, "Hey, I'm inviting you to try WhatsApp Free Voice Calling feature, click here to activate now —> https://WhatsappCalling.com" ,  BEWARE! It is a Scam . The popular messaging app has begun rolling out its much-awaited Free Voice Calling feature — similar to other instant messaging apps like Skype and Viber — to Android users which allows users to make voice calls using Internet. However, for now, the free WhatsApp calling feature is invite-only and only appears to work for people running the latest version of WhatsApp app for Android on a Google Nexus 5 phone running the latest Android 5.0.1 Lollipop . H
Real Ghost Caught on Camera! New Facebook Scams Lure Users to Download Malware

Real Ghost Caught on Camera! New Facebook Scams Lure Users to Download Malware

May 10, 2014
If your Facebook wall offers you any horror videos that claim to be of a real ghost spotted, don't dare to click on them, as it may be hoaxes, malwares or scams contained within which are the real horror for the online users. We have seen a lot of Facebook scams spreading through the Facebook timeline in wild that encourages users to click on it and fall victim, and this time some new horror scam campaign is going viral on Facebook. Christopher Boyd from the security firm Malwarebytes has discovered an epidemic of hoaxes making their way around Facebook with paranormal themes, including: Alleged footage of an "actual" ghost attack a video featuring the Aswang that is described as "a mythical shape-shifting were-dog/vampire/terrifying thing from the Philippines" a video of Mermaids claiming they are back! Video of a huge great white shark tearing apart a sea captain. Facebook has become one of the most popular social networking website with more than one billion
Holiday deals can really be hiding hacker surprises

Holiday deals can really be hiding hacker surprises

Dec 17, 2012
It is that time of year which everybody loves. It is the holiday season and you will start to see a lot more people express good attitudes and wish everyone else a happy new year. As a matter of fact it may be hard to think that with all of this much goodwill in the air there is someone out there who is trying to take advantage of that. But the fact is no matter what time of year it is there are always going to be bad guys around every corner and they will try to stalk their prey at anytime. It does not matter what time of year it is, the bad guys like to work all year round and you always have to be on the lookout for them. As a matter of fact this time of year is a very good time when it comes to black hat hackers . This is because there are so many people online around this time and they are looking for a bunch of deals for their Christmas shopping. The retailers really go full throttle around this time of year and they want to be able to make as much money as they can. This t
TripAdvisor travel website infected with Gamarue malware, infect 2% Indian Internet Users

TripAdvisor travel website infected with Gamarue malware, infect 2% Indian Internet Users

Nov 27, 2012
TripAdvisor Inc., a hotel-review website, recently became a victim of the bug, said Trend Micro Inc., an Internet security solutions provider. Many of TripAdvisor's users received spam mail with booking confirmations for hotels they had checked out on the website , 1.89% of Indian Internet Users have already been affected. The email purporting to be in the name of one of the Hotels has a similar theme to its English counterpart as it contains confirmation and details on an alleged booking reservation.  TripAdvisor, which is among India's top five travel brands as per digital market research firm ComScore Inc., globally has 60 million unique monthly visitors and 2.4 million unique users per month in India. Gamarue is a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user. Trend Micro reported that one of their manager received the spam at his personal e-mail address but the addres
Alert : Phishing scam targeting CloudFlare Customers

Alert : Phishing scam targeting CloudFlare Customers

Nov 12, 2012
From Yesterday CloudFlare Security team receiving various reports of a Phishing Scam, which is targeting customers by saying that " you have exceeded bandwidth ". In a blog post , CloudFlare said, " Some CloudFlare customers are currently being targeted with a phishing email that was not sent by CloudFlare. Please do not click on the links in the email. " Scammer asking users to visit a phishing link (removed from sample for readers security). In case you open the URL, we request you to do not enter your username and password in the URL. Please choose a strong password for CloudFlare to save your Domains.
Cybersecurity Resources