Ein SIM-Swap dauert Minuten: ein bestochener Carrier-Mitarbeiter oder Social Engineering — und der Angreifer erhaelt jeden SMS-OTP. Wir verfolgen die Regionen mit 2024-2025-Spitzen.
Betrueger uebernehmen die Mobilfunknummer per SIM-Swap (Anruf beim Provider mit gefaelschtem Ausweis), loggen sich dann in N26 ein und genehmigen Ueberweisungen ueber die Push-TAN-App selbst. Schaden...
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you into visiting the real...
Email accounts are a top target because they control password resets for nearly every other online service you use. With a single compromised inbox, attackers can intercept banking codes, impersonate...
The false report scam is a pure social engineering attack targeting Reddit and Discord users. A stranger claims someone reported your account (or that they accidentally reported you), then sends a...
A new active malware campaign is spreading through WhatsApp Web and Desktop, using hijacked user accounts to send malicious VBScript (.vbs) files to contact lists worldwide. Victims receive a message...
Meta's AI-powered support chatbot was tricked by attackers into changing the email addresses on Instagram accounts, effectively handing over account control. The bot failed to verify the true owner's...
Scammers are sending fake "You're invited" texts and emails tied to graduation and summer party season. The message pressures you to enter your email address and password (or a one-time passcode) to...
Hackers are exploiting Meta's new AI customer-support chatbot to hijack Instagram accounts, including high-profile handles like the Obama White House and a US Space Force chief. The trick: an...
Attacker bribes / social-engineers a T-Mobile / AT&T / Verizon rep (or uses insider) to port the victim's number to attacker's SIM, then resets bank, exchange (Coinbase, Kraken) and email passwords...
Attackers compromise legitimate LinkedIn recruiter accounts (often via session-cookie theft from infostealer) to post fake jobs targeting devs / sales. Candidates do 'interviews' (sometimes...
Attacker initiates Telegram login on YOUR number, receives login code via Telegram cloud (in-app message). They social-engineer you (or a hacked friend asks) to share the code. With code, attacker...
Attacker initiates WhatsApp registration on YOUR number on attacker's device. WhatsApp SMS sends a 6-digit OTP to your phone. Attacker then DMs you (from a compromised contact) saying 'sorry I sent...
Attacker socials a telco call-center agent (sometimes bribed insider) to port victim's number to attacker's eSIM/SIM. Victim's number now receives all SMS-2FA. Attacker then resets bank, email,...
A senior member of the Scattered Spider cybercrime group has pleaded guilty to orchestrating SMS phishing attacks that led to SIM-swapping thefts, stealing at least $8 million in cryptocurrency from...