phishing scam - Pwim.Net

Two US Nationals Charged With SIM-Swap Cryptocurrency Theft

The US District Court for the District of Maryland has charged 19-year-old Kyell A. Bryan of Pennsylvania and 21-year old Jordan K. Milleson of Maryland in connection with an alleged phishing fraud and SIM card scheme that led to a theft of thousands of dollars’ worth of cryptocurrency.

According to the US. Attorney for the District of Maryland, Milleson hacked into financial and electronic accounts and computer networks and Bryan participated in helping such deals succeed.

The court documents show that from September 2017 to January 2020, Milleson set up fraudulent websites and internet domains and used phishing techniques to deceive victims into visiting the fraudulent websites and giving their credentials so that he could access their electronic accounts. Bryan and Milleson conspired to take over electronic accounts belonging to people and sent phishing emails to steal cryptocurrencies to enrich themselves.

The court document also alleged that Bryan, Milleson, and others used stolen credentials from employees of wireless service providers to hack into computer networks of those companies and take over customers’ accounts through “SIM swapping”. The culprits used such techniques to give them control over individuals’ phone numbers and other electronic accounts, including social media and cryptocurrency.

In this particular case, Bryan and Milleson reportedly stole over $16,000 from a crypto account after gaining access to the account information of a victim who is an operator of a cryptocurrency investment firm.

The two have been held in custody pending trial. The court charged them with 15 counts, including wire fraud conspiracy, intentional damage to protected computers, wire fraud, aggregated identity, unauthorized access to protected computers to commit fraud, and aggravated identity theft.

If convicted, then Bryan and Milleson face up to 30 years in jail for allegedly stealing cryptocurrency by hacking mobile phones and other electronic accounts and “phishing” emails to steal sensitive or personal information from victims, and other charges leveled against them.

Trezor Wallet Investigating Potential Email Phishing Campaign

In yet another spate of attacks on prominent digital currency entities and hardware wallets, Trezor has warned its community of users about a potential phishing campaign it is currently investigating.

According to Twitter reports from Trezor users, an email that looks very legit was sent out claiming that the targeted victims have been exposed to a form of a data breach. The email was sent as though it came from Trezor support, and it included a call to action prompting users to download the latest version of the supporting application.

In response to a broad-based user’s complaints, Trezor issued a statement on its official Twitter account saying;

“We are investigating a potential data breach of an opt-in newsletter hosted on MailChimp. A scam email warning of a data breach is circulating. Do not open any email originating from noreply@trezor.us, it is a phishing domain,”

As the investigations progressed, Trezor informed its community that MailChimp, where the emails originated from, had been compromised recently.

“MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies.”

As the platform works hard to unravel the root cause and the perpetrators of the hack, the entire community is riled up, bemoaning the insecurities that come with the use of cold wallets that Trezor is supposedly one of the biggest in the industry.

Related data breaches have become frequent in the digital currency ecosystem as cybercriminals explore new avenues to rip users off their hard-earned money. In one of the most recent attacks, BlockFi, an American cryptocurrency platform to buy, sell and earn crypto, confirmed last month that some of its client’s data stored on Hubspot, a Customer Relationship Management platform, was compromised.

While the Trezor and BlockFi data breaches did not result in a known loss in cash, they still did not wade off the need to bolster the entire security infrastructure of the global crypto ecosystem, which hackers have continued to exploit.

Web3 Security CertiK X Account Compromised in Phishing Scam

On January 5, CertiK, a blockchain security and smart contract audit firm, fell victim to a cyber attack. This incident occurred on the company’s official X (formerly Twitter) account, where a phishing link was posted after a bad actor hacked into the protocol’s social media profile. CertiK announced that a “verified account associated with well-known media” managed to hack into one of their employee’s X accounts, which led to the posting of links to phishing scams. The company quickly addressed the breach by removing the phishing link within 14 minutes, and there were no significant losses from the exploit.

The phishing attack was initially detected due to a direct message received by the CertiK employee, which showed signs of being dangerous. Blockchain detective ZachXBT highlighted that the account contacting CertiK had not posted since April 2020, indicating it was likely compromised. CertiK, responding to the incident, encouraged those affected by the exploit to contact them, emphasizing the challenges in combatting phishing attacks that exploit human trust and vulnerabilities.

This security breach is particularly notable given CertiK’s role in blockchain security. Just a day before the incident, CertiK had released its 2023 Hack3D security report, which highlighted a 50% decline in crypto losses, marking it as a significant milestone in blockchain security. The compromised CertiK account posted tweets about a fake vulnerability in Uniswap V3’s smart contract code, directing users to a fraudulent website impersonating Revoke.cash. Revoke.cash confirmed that Uniswap was not compromised, but this incident raised questions about CertiK’s own security practices.

The official CertiK Discord site was also hacked, replaced with a fake Discord promoting phishing links. CertiK subsequently regained control of its account and removed the fake tweets. However, the breach underscores the ongoing vulnerability of the crypto industry to hackers, with stolen funds exceeding $3.8 billion in the last year. CertiK’s investigation into the breach revealed it as part of a “large scale ongoing attack” using social engineering through Calendly, a scheduling app.

The recent hacking of CertiK’s X account, a Web3 security firm, to promote a cryptocurrency wallet drainer, highlights a notable irony and concern in the blockchain security landscape. This breach, achieved through social engineering, utilized a compromised account associated with a prominent media outlet. The attackers, impersonating a journalist, lured a CertiK employee with a phishing link disguised as a scheduling site, ultimately compromising the company’s account. This incident underscores the sophisticated nature of modern phishing scams, which exploit human trust and vulnerabilities, and poses critical questions about the robustness of security measures within blockchain and crypto-related firms.

The use of social engineering in this attack reflects a growing trend in the cyber world, where even security-savvy individuals and organizations are vulnerable. This breach is particularly striking given CertiK’s role in ensuring the security of blockchain technologies. The event not only points to the need for heightened vigilance and advanced security protocols in the Web3 space but also serves as a reminder of the relentless and evolving nature of cyber threats in the blockchain ecosystem. The irony of a Web3 security firm falling victim to such an attack highlights the universal susceptibility to sophisticated cyber threats and emphasizes the importance of continuous improvement in security practices across the industry