Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims
Romance scammers have used the technique to great effect in recent years
Scams use deception to steal money, credentials, or sensitive data, making them a cybersecurity risk for individuals and organizations.
Search across headline titles and summaries.
Background for this topic.
Scams are deceptive schemes intended to make people surrender money, credentials, sensitive information, or access. In information security, they commonly use phishing messages, impersonation, fraudulent websites, business-email compromise, fake technical support, or malicious attachments. Their defining feature is manipulation: the attacker creates a credible pretext and pressures the target to act before verifying the request.
Security teams should treat scams as an attack surface spanning email, messaging, telephone calls, social media, and payment workflows. Material risks include account takeover through stolen credentials, unauthorized payments, disclosure of personal or company data, and malware execution from deceptive content. Useful controls include phishing-resistant authentication, secure payment-change procedures with independent verification, filtering and domain protections, user training focused on reporting, and rapid review of suspicious messages or transactions. Incident handling may require revoking sessions, resetting credentials, contacting financial institutions, preserving evidence, and notifying affected parties where applicable.
Romance scammers have used the technique to great effect in recent years
The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. [...]
Jack Henry's Rene Perez on How to Tackle Check Fraud as Tactics ChangeCheck fraud, scams and account takeovers dominated the fraud landscape in 2023. Banks and other financial institutions are expected to continue to struggle with account takeovers as fraudsters have changed their modus operandi, making it difficult to track fraudulent proceeds.
A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures
Scum lure folks with promises of good jobs in crypto and then won't let them leave Hundreds of suspected people smugglers have been arrested, and 163 potential victims rescued from servitude, as part of an Interpol-coordinated operation dubbed "Turquesa V" that targeted cyber criminals who lure workers into servitude to carry out their scams.…
Sanctioned Individuals Operated Investment Scams in Myanmar, Cambodia and LaosThe U.K. government has sanctioned 14 individuals and groups that illegally employed human trafficking victims in online crypto and investment scams. Sanctioned individuals include a Chinese national previously targeted by the U.S. Treasury for running a gambling and trafficking business in Laos.
Interpol breaks up Southeast Asian cybercrime rings, rescuing 149 victims of human trafficking, but the agency warns the human cost of cybercrime is mounting across the globe.