Social Engineering
Germany warns of Signal account hijacking targeting senior figures
Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. The attacks combine social engineering with legitimate features to steal data from politicians, military officers, diplomats, and investigative journalists in Germany and across Europe. The security advisory is based on intelligence collected by the Federal […]
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
An Illinois man pleaded guilty to hacking nearly 600 women’s Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion. 26-year-old defendant Kyle Svara admitted in federal court in Boston to phishing access […]
Data breach at fintech firm Betterment exposes 1.4 million accounts
Hackers stole email addresses and other personal information from 1.4 million accounts after breaching the systems of automated investment platform Betterment in January. Betterment provides a mix of automated investment tools and financial advisory services and is considered a pioneer in the U.S. “robo-advisory” sector. In total, the fintech firm manages $65 billion in assets for more […]
Okta SSO accounts targeted in vishing-based data theft attacks
Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. GeekFeed has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. In a new report released today by Okta, researchers explain that the phishing kits are sold as part of an […]
Microsoft Teams to add brand impersonation warnings to calls
Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. Named “Brand Impersonation Protection,” the new Teams security feature will start rolling out to the targeted release ring in mid-February and will be enabled by default. According to Microsoft, […]
Illinois man charged with hacking Snapchat accounts to steal nude photos
U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. Between May 2020 and February 2021, 26-year-old defendant Kyle Svara allegedly used various social engineering tactics to obtain victims’ emails, phone numbers, and […]
New ErrTraffic service enables ClickFix attacks via fake browser glitches
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions. The platform promises conversion rates as high as 60% and can determine the target system to deliver compatible payloads. ClickFix is a social engineering technique where targets […]
WhatsApp device linking abused in account hijacking attacks
Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device. By doing so, threat actors gain access to the full conversation history and […]
University of Pennsylvania confirms data stolen in cyberattack
The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university’s development and alumni activities and stole data in a cyberattack. In a new statement, Penn confirmed GeekFeed’s reporting that the hackers breached its systems using compromised credentials, stating they were stolen in a social engineering attack. “On October 31, Penn discovered that […]
VC giant Insight Partners warns thousands after ransomware breach
New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. The company disclosed the cybersecurity incident in February, when it said that a threat actor gained access to its network following a “sophisticated social engineering attack.” Two months later, Insight Partners confirmed that the […]