voice phishing

November 10, 2021

SMS About Bank Fraud as a Pretext for Voice Phishing

This post was originally published on this siteMost of us have probably heard the term “smishing” — which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing — blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. KrebsOnSecurity recently heard from a reader who said his daughter received an SMS that said it […]
April 6, 2022

The Original APT: Advanced Persistent Teenagers

This post was originally published on this siteMany organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual “smash and grab” attacks we’ve seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics have put some of the world’s biggest corporations on edge. Since surfacing in late 2021, LAPSUS$ has gained access to the […]
February 26, 2023

When Low-Tech Hacks Cause High-Impact Breaches

This post was originally published on this siteWeb hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. In a filing with the U.S. Securities and Exchange […]