Listen to this blog post below

As the popularity of cryptocurrencies continues to soar, malicious actors are targeting cryptocurrency users through sophisticated phishing attacks. Malicious players are using ever-evolving tactics to victimize unsuspecting users.

While enterprises and organizations are rapidly embracing email phishing protection to draw their line of defense, phishing attack mechanisms are becoming more innovative. This development is a worrying one for enterprises worldwide.

Here is this week’s phishing news for you to check out the key highlights.

 

Global Cryptocurrency Users Under Threat from Phishing Schemes

A leading cybersecurity organization has uncovered an alarming rise in phishing campaigns aimed at hot and cold cryptocurrency wallets. Thus, cryptocurrency users appear to be the direct target for phishing campaigns.

While anti-phishing solutions and ransomware protection largely secure information at the organizational and entrepreneurial levels, individual cryptocurrency account holders remain vulnerable to phishing attacks.

These phishing campaigns have been designed to exploit cryptocurrency users globally. Of late, cryptocurrencies attract investors with their potential upside. However, malicious players are taking advantage of this extensive use of digital assets.

In the spring of 2023, cybersecurity experts intercepted over 85,000 scam emails targeting hot and cold wallets. Their detailed report focuses on the sophistication of these phishing attacks through emails.

 

cybersecurity measures

Image sourced from twitter.com

 

RomCom Designs New Phishing Campaign Using Word Documents

Microsoft recently warned about a phishing campaign designed by RomCom, a threat actor. This campaign targets defense and government organizations in North America and Europe. Besides, the attackers have also targeted the financial and telecom sectors.

RomCom has exploited a zero-day vulnerability involving specially crafted Microsoft Word documents. Recently, malicious actors used a fake OneDrive loader for phishing campaigns. This RomCom attack is similar to the previous ones. These emails are mostly disguised as invitations to the NATO Summit in Lithuania. Understandably, the phishing emails were designed to specifically attack defense and governmental organizations.

This attack also highlights the need for government and non-governmental sectors to implement robust phishing protection tools.

 

U.S. Department of Justice Charges Moroccan Man in $450,000 OpenSea Spoofing Scam

The Department of Justice (DOJ) of the U.S. has charged a Moroccan man named Soufiane Oulahyane for designing an online scam involving the spoofing of OpenSea. The fraud consists in operating a fake OpenSea website.

 

 

According to the allegations, Oulahyane is believed to have stolen over $450,000 worth of cryptocurrency and NFTs by running the fraudulent website.

He has also been charged for obtaining the login credentials of the victims. It was back in September 2021 that this scam took place. During this incident, Oulahyane victimized a Manhattan-based OpenSea user into divulging private information.

Later, he gained unauthorized access to the victim’s crypto wallet and stole crypto assets. Besides, he has been accused of stealing a valuable Bored Ape Yacht Club NFT worth approximately $92,000.

 

Rapid Increase in Fake Threads Websites Sparks Phishing Concerns

Cybersecurity experts have expressed concerns over the rapid increase in fake websites targeting Meta’s Threads app. Since the app was launched, it has recorded over 100 million downloads. However, this app has turned out to be a prime target for malicious players.

More than 700 suspicious domain names associated with phishing activities were registered in a single day after it was launched. Cybersecurity experts advise users to caution and download the Threads app only from official sources like Google Play or the App Store.

 

threat actor

 

Users remain vulnerable to online threats if they click links from unverified sources. Besides, downloading the app from untrusted websites poses security risks like identity theft and malware infection