Bloomberg Crypto X account snafu leads to Discord phishing attack

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members. A scammer seized the old Telegram username during this transition. Exploiting the fact that Bloomberg's previous Telegram link remained active, the scammer used it today as part of a phishing scheme. "Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat." Upon entering the Discord server, a bot prompts visitors to use AltDentifier, an authentic Discord Verification Bot. The "Bloomberg Crypto staff team" gives visitors 30 minutes to go to this site and complete the verification process. After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials. "The server administrators have implemented additional security measures on this server, which include the requirement for all accounts to verify their Discord account," the phishing site says. "Once your account is successfully verified, you will be able to freely participate in the server. Please note that administrators have the authority to override the system if necessary." The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet. As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers. These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source. A Bloomberg spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. Update: Revised the article to reflect that Bloomberg's Crypto account led to an old abandoned Telegram channel, hijacked as part of a phishing scheme. FBI shares tactics of notorious Scattered Spider hacker collective. Fraudsters make $50,000 a day by spoofing crypto researchers. Police takes down BulletProftLink large-scale phishing provider. Phishing-as-a-service operation uses double theft to boost profits.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Bloomberg Crypto X account snafu leads to Discord phishing attack

Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
1 year ago Bleepingcomputer.com
Discord adds Security Key support for all users to enhance security - Discord has made security key multi-factor authentication available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users. The popular social platform first highlighted the ...
1 year ago Bleepingcomputer.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
11 months ago Bleepingcomputer.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
10 months ago Techrepublic.com
Protect your Discord account with a Security Key - Users of the chat app Discord may now protect their accounts using security keys. The developers of Discord have added the option to the existing arsenal of multi-factor authentication options that the service supports. Discord users are encouraged ...
1 year ago Ghacks.net
Crypto drainer steals $59 million from 63k people in Twitter ad push - Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they ...
1 year ago Bleepingcomputer.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
11 months ago Bleepingcomputer.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
11 months ago Helpnetsecurity.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
10 months ago Gbhackers.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
11 months ago Bleepingcomputer.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
9 months ago Cyberdefensemagazine.com
The Week in Ransomware - January 20th, 2023 Crypto Exchanges Under Attack - The week of January 20th, 2023 brought yet another wave of ransomware attacks targeting crypto exchanges. Crypto exchanges all around the world have been hit by a barrage of sophisticated and well-planned ransomware campaigns. From high-profile ...
1 year ago Bleepingcomputer.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
7 months ago Hackread.com
Porsche Abruptly Halts NFT Launch, Allowing Phishing Sites to Take Advantage - Porsche abruptly cut its minting of a new NFT collection short after a dismal turnout and backlash from the crypto community, allowing threat actors to fill the void by creating phishing sites that steal digital assets from cryptocurrency wallets. ...
1 year ago Bleepingcomputer.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
The Verge is not interested in interviewing you about crypto - If you get a message from someone at The Verge asking to schedule an interview about cryptocurrency, don't do it. We recently discovered that a bad actor has been impersonating Verge science reporter Justine Calma to carry out this scam. If a victim ...
11 months ago Theverge.com
Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
11 months ago Gbhackers.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
11 months ago Bleepingcomputer.com
Crypto scammers abuse X 'feature' to impersonate high-profile accounts - The website uses the status ID to determine what post should be loaded from the site's database, not bothering to check if the account name is valid. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even ...
1 year ago Bleepingcomputer.com
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts - The website uses the status ID to determine what post should be loaded from the site's database, not bothering to check if the account name is valid. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even ...
1 year ago Bleepingcomputer.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
10 months ago Bleepingcomputer.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
6 months ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)