Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer
CrowdStrike warned it had observed a phishing campaign impersonating the firm’s recruitment process to lure victims into downloading cryptominer
Impersonation attacks mimic trusted people or services to trick users into sharing credentials, sending money, or bypassing security controls.
Search across headline titles and summaries.
Background for this topic.
Impersonation is the deliberate presentation of a person, organization, account, device, or service as another trusted identity. In information security, attackers use stolen credentials, look-alike domains, caller-ID or email spoofing, forged messages, and social engineering to persuade users or systems to accept that false identity. The aim may be account takeover, unauthorized access, fraudulent transactions, or disclosure of sensitive information.
Impersonation commonly targets identity providers, email and messaging systems, help desks, executives, suppliers, and customer-support channels. Useful controls include phishing-resistant multi-factor authentication, least-privilege access, email authentication and domain monitoring, and independent verification of unusual requests—especially changes to payment details or credentials. Detection and response depend on examining authentication logs, device and session context, reported fraudulent messages, and newly registered look-alike domains; compromised accounts should be revoked or reset promptly and impersonated parties notified where appropriate.
CrowdStrike warned it had observed a phishing campaign impersonating the firm’s recruitment process to lure victims into downloading cryptominer
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process
CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). [...]
Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems