Weekly Tip! IT or Cybercriminal?
Coinbase, a cryptocurrency platform, was the latest victim of a social engineering attack. Social engineering occurs when cybercriminals manipulate you to try to steal your sensitive information.
In this recent attack, a cybercriminal sent smishing (SMS phishing) messages to Coinbase employees. These messages contained a link directing employees to log in to their company accounts. Shortly after one employee clicked this link, Coinbase saw and prevented the cybercriminal from gaining internal access. Later, the cybercriminal called the same employee and claimed to be from Coinbase’s IT department. The employee thought the call was legitimate, and the cybercriminal stole some sensitive information over the phone.
Follow the tips below to stay safe from similar scams:
In this recent attack, a cybercriminal sent smishing (SMS phishing) messages to Coinbase employees. These messages contained a link directing employees to log in to their company accounts. Shortly after one employee clicked this link, Coinbase saw and prevented the cybercriminal from gaining internal access. Later, the cybercriminal called the same employee and claimed to be from Coinbase’s IT department. The employee thought the call was legitimate, and the cybercriminal stole some sensitive information over the phone.
Follow the tips below to stay safe from similar scams:
- Always be cautious of unexpected text messages.
- Think before you click! Cyberattacks are designed to catch you off guard and make you act impulsively.
- Before you share any sensitive information over the phone, verify that the caller is actually who they say they are.
The KnowBe4 Security Team
KnowBe4.com
KnowBe4.com
Related Articles
Weekly Tip! EvilProxy and URLs
About a week ago, researchers uncovered a new "phishing-for-hire" tool called EvilProxy. The tool sends standard phishing emails to recipients, but it implements some advanced hacking techniques to dramatically increase the odds of taking over your ...Weekly Tip! r/Cybercriminals: Spear Phishing
Reddit, a popular online community, was the latest victim of a spear phishing attack. Spear phishing is a targeted email attack that looks like it’s from a trusted source, but it’s actually from cybercriminals in disguise. In this recent attack, a ...Weekly Tip! Using Attachments
Phishers aren't really as bright as you might think - they just know how to reuse what works. One of their favorite tricks is to attach a file to an email, and trick us into opening the attachment. While it may appear to be a PDF document or a Word ...Weekly Tip! Fraudulent Funds Transfers
Organizations often use email to send their employees invoices that they need to pay. Now, cybercriminals are taking advantage of this process by using fraudulent funds transfer (FFT) scams. In FFT scams, cybercriminals try to manipulate you into ...Weekly Tip! Disaster Relief Scams
When a natural disaster strikes, many people rely on insurance providers for disaster relief to help them pay for damages to property. Unfortunately, cybercriminals can take advantage of this vulnerable situation by manipulating you into sharing ...