Un SIM swap dura minuti: un addetto corrotto o un'ingegneria sociale al supporto, e l'attaccante riceve ogni OTP via SMS della banca, email ed exchange crypto. Tracciamo le regioni con picchi 2024-2025 e le firme SS7.
Email/SMS dice che l'account Amazon è bloccato per 'attività sospetta' e chiede di confermare password + carta di credito su link. Una variante recente usa Amazon Music/Prime in scadenza con rinnovo...
Truffatore compromette la casella email del tuo fornitore (phishing/credential stuffing) e da lì invia fattura/richiesta di pagamento con IBAN cambiato. La email PROVIENE realmente dal fornitore...
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you into visiting the real...
Email accounts are a top target because they control password resets for nearly every other online service you use. With a single compromised inbox, attackers can intercept banking codes, impersonate...
The false report scam is a pure social engineering attack targeting Reddit and Discord users. A stranger claims someone reported your account (or that they accidentally reported you), then sends a...
A new active malware campaign is spreading through WhatsApp Web and Desktop, using hijacked user accounts to send malicious VBScript (.vbs) files to contact lists worldwide. Victims receive a message...
Meta's AI-powered support chatbot was tricked by attackers into changing the email addresses on Instagram accounts, effectively handing over account control. The bot failed to verify the true owner's...
Scammers are sending fake "You're invited" texts and emails tied to graduation and summer party season. The message pressures you to enter your email address and password (or a one-time passcode) to...
Hackers are exploiting Meta's new AI customer-support chatbot to hijack Instagram accounts, including high-profile handles like the Obama White House and a US Space Force chief. The trick: an...
Attacker bribes / social-engineers a T-Mobile / AT&T / Verizon rep (or uses insider) to port the victim's number to attacker's SIM, then resets bank, exchange (Coinbase, Kraken) and email passwords...
Attackers compromise legitimate LinkedIn recruiter accounts (often via session-cookie theft from infostealer) to post fake jobs targeting devs / sales. Candidates do 'interviews' (sometimes...
Attacker initiates Telegram login on YOUR number, receives login code via Telegram cloud (in-app message). They social-engineer you (or a hacked friend asks) to share the code. With code, attacker...
Attacker initiates WhatsApp registration on YOUR number on attacker's device. WhatsApp SMS sends a 6-digit OTP to your phone. Attacker then DMs you (from a compromised contact) saying 'sorry I sent...
Attacker socials a telco call-center agent (sometimes bribed insider) to port victim's number to attacker's eSIM/SIM. Victim's number now receives all SMS-2FA. Attacker then resets bank, email,...
A senior member of the Scattered Spider cybercrime group has pleaded guilty to orchestrating SMS phishing attacks that led to SIM-swapping thefts, stealing at least $8 million in cryptocurrency from...