July 3, 2024 at 12:48PM An unsecured Twilio API endpoint allowed threat actors to access millions of Authy users’ phone numbers, potentially making them vulnerable to smishing and SIM swapping attacks. ShinyHunters leaked a CSV file with 33 million phone numbers. Twilio has secured the API and urged users to update their Authy apps for … Read more
May 27, 2024 at 09:06AM Microsoft has highlighted a cybercrime group, Storm-0539, responsible for sophisticated email and SMS phishing attacks, primarily aimed at stealing and selling gift cards. The group targets large retailers and utilizes tactics to evade detection, such as using cloud infrastructure and legitimate platforms. Microsoft advises companies to implement additional security measures … Read more
April 16, 2024 at 01:58PM The FBI has issued a warning about a widespread smishing campaign targeting people with messages claiming they have unpaid tolls to resolve, aiming to steal credentials and defraud them. The campaign, affecting at least 3 US states and over 2,000 people, prompts users to click a link and enter sensitive … Read more
April 12, 2024 at 03:02PM The FBI issued a warning about a large-scale SMS phishing attack targeting Americans, with scammers posing as road toll collection services. The attacks, ongoing since March 2024, have received over 2,000 complaints. The phishing messages claim recipients owe unpaid tolls and include fake links. Several toll services and law enforcement … Read more
January 19, 2024 at 03:28PM Many Payoneer users in Argentina woke up to find their 2FA-protected accounts hacked, with funds stolen after receiving SMS OTP codes while sleeping. Suspected hacking methods include a potential Movistar data leak or a breached SMS provider. Payoneer has not provided specific answers but acknowledged the fraud and advised users … Read more
December 20, 2023 at 05:57AM Chinese-speaking threat actors, known as Smishing Triad, have impersonated the UAE Federal Authority for Identity and Citizenship to send malicious SMS messages aimed at gathering sensitive information. They utilize URL-shortening services and fake websites. The group also offers smishing kits for sale and engages in Magecart-style attacks. Another disclosure involves … Read more
October 26, 2023 at 10:06AM Scattered Spider, a prolific threat actor, is impersonating new employees in targeted firms to infiltrate organizations worldwide. Microsoft describes the group, also known as Octo Tempest, as a dangerous financial criminal group that utilizes SMS phishing, SIM swapping, and help desk fraud to carry out their attacks. Their tactics include … Read more
October 16, 2023 at 09:15AM The Android banking trojan, SpyNote, has been analyzed, revealing its various information-gathering capabilities. Spread through SMS phishing campaigns, the malware tricks victims into installing it by clicking on embedded links. It hides its presence on the device, seeks accessibility permissions, and can record audio, phone calls, and keystrokes. The malware … Read more