New phishing leverage to target crypto users, sms and voicemail, be on alert

[cryptomaniac_xxx]

I might as well report this here, as there could be more attacks like this in the future, criminals. They are leveraging Federal Communications Commission (FCC) employees pages for Okta that appear similar to the original.

Code:

 fcc-okta[.]com

However, for us, this criminals already uses the same method to target and impersonate okta and uses phishing page for Binance, Coinbase, Kraken and Gemini.



Here is a sample message potential victims received from the groups.



And with that, I think the success of this kind of phishing attempts is very complicated but could be base on the following.

- they uses well crafted phishing URL that really looks similar to the original
- then the psychology of "sense of urgency", in SMS or voice calls from this threat actor.

https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit

So it's better safe than sorry, as we need to be very cautious not only in email, now the attacks is thru SMS and voice mail.

[1714748539]

1714748539

[1714748539]

1714748539

[1714748539]

1714748539

[Ambatman]

Social engineering.The thing is how was the private information of the victim leaked.
This is why many are been warned against KYC but feel their security and privacy is worth a couple of bucks.
Their first victory is gaining access to the victims phone number /email
The Other steps just need minor work.
Many people tend to be SMS from reputable firms and won't even consider it a scam because of the formality of the text and the name attached.

[un_rank]

This is not new, scammers have for a very long time been using this as a means to get unsuspecting users to slip up and grant them access. This is why you should always stay calm in any situation. Panic is the top tool that scammers rely on. Do not also allow easy access to your contact details, if they do not have those details, scammers have no way of sending you phishing links.

- Jay -

[Amphenomenon]

Data breach online is highly common and so we always have to be cautious of the type of platform we give access to our contact and email, since both are the two most common ways this type of phisping scam occur but it's quite ironic how many doesn't bother to check what kind of accessibility they give to apps or sites online and if it's possible will allow accessibility to every area on their device in order to avoid those pop up about giving these platforms access to any area of their device since they don't even read at first and this is the reason is alot to get a complete information about others online.

This scam is really common and I think only few people still fall from this scam since majority, if not all platforms especially exchanges specifically tell their customers they will never send messages relating to this. Though we can't just sleep on this since Hackers are also becoming more creative in every of their attempts to victimized others in anywhere possible.

[NotATether]

This scam is really common and I think only few people still fall from this scam since majority, if not all platforms especially exchanges specifically tell their customers they will never send messages relating to this. Though we can't just sleep on this since Hackers are also becoming more creative in every of their attempts to victimized others in anywhere possible.

Believe me when I say there way more dumb people on the planet now, who will fall for literally anything you tell them, even if you say something absurd like the sky is falling.

That's basically the reason why losses and health scares like depression and suicide have gone up among crypto users. Also most hackers are deploying punycode domains which are hard to distinguish from the real site.

[Husires]

Stopping using SMS and voice mail as an additional layer of security may be necessary to protect your account because SMS can easily be swapped and many successful phishing attacks have occurred due to this.
Using two-factor authentication using a separate phone that is not connected to the Internet with an open source app is much better than securing accounts using SMS messages, which many  should stop relying on.

[Alphakilo]

And with that, I think the success of this kind of phishing attempts is very complicated but could be base on the following.

- they uses well crafted phishing URL that really looks similar to the original
- then the psychology of "sense of urgency", in SMS or voice calls from this threat actor.

So it's better safe than sorry, as we need to be very cautious not only in email, now the attacks is thru SMS and voice mail.

I almost fell a hybrid phishing attack once. I was required to call a number provided via text but that is not the focus of this discussion.

In the digital world we are constantly being attacked and everyone should take a defensive position by being on high alert with their security infrastructure.

In addition, you do not need to wait for a phishing attack or attempt to happen to you or someone you know before adopting a zero-trust mindset. Get educated on the latest phishing tricks and use secure web gateways to block malicious links and sites.

[Taskford]

This scam is really common and I think only few people still fall from this scam since majority, if not all platforms especially exchanges specifically tell their customers they will never send messages relating to this. Though we can't just sleep on this since Hackers are also becoming more creative in every of their attempts to victimized others in anywhere possible.

This is classic attempt and the only people will fall for it are those who didn't experience the worst thing to happen if they believe on such scammers trying to target them by on any of those methods.

Also even if the exchange have certain warning regarding on that there are still lazy people fail to realize that they are dealing something illegal and realize when late when they are already been compromised.

That's the reason its better for people to do their own diligence upon dealing on what they receive thru mails or anything that can contact them and always think about verified first if those notice or warnings they read is legitimate or it is something illegal that should not meant to open.