Instagram Phishing Scam Exploits Users' Desire to Be Verified, Report Says

Instagram Phishing Scam Exploits Users' Desire to Be Verified, Report Says

If you receive an email about becoming verified on Instagram, be careful, it may well be a scam.

Cybersecurity company Vade reported Thursday that since late July, some users have been receiving a suspicious email from hackers posing as Instagram. The email says the user's profile has been reviewed and selected for verification. 

The email uses the subject line "ig bluebadge info" and comes from the address "ig-badges." Some users might think the email is legitimate, since Instagram and Facebook logos are placed near the top and bottom.

"The hackers hope these tactics disguise the signs of a phishing scam, including the context of the email," Vade wrote.

However, the email includes various misspellings and formatting errors. For example, one part of the email reads, "Thanks, you instagram team."

This is what the suspicious email reportedly looks like.

Vade

A phishing scam is when hackers use bait -- in this instance, the opportunity to be verified on Instagram -- to trick victims into clicking a malicious link or entering personal information into a bogus form. These scams usually take place via emails, so its hard for security software to block or filter them out. 

Instagram writes in its Help Center that the verification process takes place within the app, not over email, and you have to be a public figure, celebrity or a brand to request to be verified.

The best thing to do if you receive this email: Don't click anything in it, and delete it.

Meta, Instagram's parent company, didn't immediately respond to CNET's request for comment.

For more, check out this FBI and House Committee warning about cryptocurrency fraud. And here's how to spot a student loan relief scam.

---

Source

Tags:

• Phishing Page For Instagram
• Phishing Attack For Instagram
• How Does Phishing Scam Work
• What Is Phishing Scam
• Hack Instagram With Phishing
• Phishing Website For Instagram
• Phishing Page For Instagram
• Phishing Attack For Instagram
• Victim Of Phishing Scam
• What Are Phishing Scams
• Instagram Phishing Link
• Instagram Phishing Script Download

Crypto security can be a pain but a few safeguards definition crypto security can be a pain but a few safeguards g4s crypto security can be a pain butter crypto security can be a pain crossword crypto security can be a pain meaning crypto security can be a paint crypto cannabis club crypto security canada crypto candle pattern alert app free crypto security cans top secret crypto security clearance crypto security key

Crypto security can be a pain, but a few safeguards will go a long way

Crypto security can be a pain, but a few safeguards will go a long way

Securing your cryptocurrency might seem like a daunting task. For the uninitiated, the learning curve includes hot and cold wallets, online exchanges and private keys.

Digital security experts warn that you shouldn't skimp on your studies, particularly of the hardware and software wallets used to store data that proves ownership of cryptocurrencies. Unlike a stolen credit card number, which can be an inconvenient but surmountable problem, pilfered cryptocurrency is often simply lost because of the decentralized nature of many digital coins.

If you run into problems, you may have no one to turn to.  

Hackers are attracted to cryptocurrency because it can be stolen over the internet, which means victims are often far away in different countries. Even if identified, hackers can be in countries -- think Russia -- that make extradition difficult, so the threat of punishment is low. And cryptocurrency is hard, though not impossible, to trace.

Cryptocurrency comes with security risks that other kinds of investments don't have, says Don Pezet, co-founder of the online IT training company ITProTV.

"If a hacker steals your funds, they're just gone," said Pezet, a longtime IT professional who also serves as chief technology officer of ITProTV's parent company, ACI Learning.

The best thing you can do, he says, is make sure your cryptocurrency is secured from the get-go, so you don't run into problems down the road. 

Crypto exchanges, where investors can buy and swap one currency for another, are constantly under threat from cybercriminals looking to score big paydays by emptying the vaults.

One of the biggest thefts of all time occurred in August, when cybercriminals exploited a vulnerability in Poly Network, a platform that connects different blockchains, the online software ledgers that record cryptocurrency transactions. Once in, the hackers ransacked Poly for $600 million, though the funds were later recovered.

Read more: What to do if your bitcoin, ether or other cryptocurrency gets stolen

Not all hacks are headline catching. Cybercriminals are also looking to rob individual investor wallets, and they employ many of the same methods used to break in to any other online account. You risk being looted if you give up your credentials in a phishing scam or let your devices get infected with malware.

Though people may worry about being targeted by attackers, in reality they themselves may be the biggest threat to their cryptocurrency's security, says Andrew Gunn, senior threat-intelligence analyst at ZeroFox.

"We can't afford to forget about the human element," Gunn says.

Here's some advice from the experts on how to protect your digital assets.

Use a "cold" wallet for long-term storage. Cold wallets store the data proving ownership of cryptocurrency offline, making them much harder for cybercriminals to get to. Both Pezet and Gunn say cold wallets are the safest option available.

The private keys to your cold wallet can be stored on a device, like a USB drive. You can also print them out on paper and file them away. Either way, an attacker can't get at your cryptocurrency without them.

The downside of this storage method is that the responsibility for securing it falls solely on you. If you lose the USB drive or misplace your file, you can't get your cryptocurrency.

"There is a ridiculous amount of unclaimed crypto out there from these types of situations," Gunn said, adding that some people have sought password crackers to break into their accounts after they've forgotten their credentials. 

Cold wallets also aren't as convenient as hot wallets, which are hosted online, often by a cryptocurrency exchange. It's fine to keep some of your funds in a hot wallet if you use cryptocurrency for day-to-day spending, Gunn says. But he urges everyone to properly secure those accounts to make them more difficult to crack.

It's also smart to keep as little cryptocurrency as possible in hot wallets. If your funds get stolen, there isn't much you can do to get them back.

Gunn advises using multiple cold and hot wallets, each protected by its own unique password. That way, if the worst does occur, you're limiting the fallout.

Use strong passwords and multifactor authentication. Securing your cryptocurrency with good passwords is absolutely mandatory, just like it is for all digital accounts. We're talking at least 12 random characters.

Two-factor authentication, which requires a second form of identification such as a fingerprint or a notification pushed to your smartphone, also helps secure accounts. It'll go a long way toward keeping you safe if your password is compromised.

Use only your own device to access your wallets. It may seem convenient, but don't access your cryptocurrency from a public computer, such as one at a library or in a hotel business center. There's no way to tell if they're infected with malware.

Similarly, make sure to take care of your devices. Keep your antivirus software and operating systems up to date. Always use a secure internet connection, preferably bolstered by a VPN, Gunn says.

Do your homework. Larger, more regulated exchanges are generally safer. Make sure the one you use is reputable, especially if you're going to use it for a hot wallet.

Be wary of emails that look like they're coming from the company that holds your cryptocurrency wallet. It could be a phishing email looking to steal your credentials and, ultimately, your funds.

As with emails that look like they're coming from your bank, it's always best to skip any included hyperlinks and to go straight to the company's website.

---

Source

Crypto crash crypto crash today crypto crashing crypto crash news crypto crash 2021 crypto crashing today crypto crash coming crypto crash ftx crypto crash reddit crypto crash game crypto crashed

Crypto Crash Rattles Cybercriminals, Pushing Them Beyond Ransomware

Crypto Crash Rattles Cybercriminals, Pushing Them Beyond Ransomware

What's happening

Crypto prices continue to plunge, but cybercriminals still need the currencies for ransomware attacks.

Why it matters

Some experts say the price drops might be pushing cybercriminals away from ransomware and toward other kinds of cybercrime that involve stealing traditional money.

The collapse of cryptocurrencies is rippling through the world of ransomware, security researchers say, even though bitcoin, ether and other digital tokens remain the payment of choice for cybercriminals locking up corporate computer systems.

Over the past few months, the value of cryptocurrencies has plummeted amid rising inflation, economic shocks caused by the war in Ukraine and falling global stock markets. Hundreds of billions of dollars in value has been wiped out over that period, which is starting to be known as crypto winter. On one day alone, more than $200 billion in value was wiped from the broad crypto market.

The widespread fall has forced cybercriminals to recalculate their ransoms, security professionals say, and has pushed out of business some of the services that handle their ill-gotten gains, such as dark web crypto-swapping marketplaces. It's also accelerating a preexisting shift toward crimes such as malware attacks and corporate phishing scams that target actual dollars, rather than crypto.

 Mark Lance, vice president of cyberdefense and a ransomware negotiator at GuidePoint Security, notes that ransomware demands are generally based on US dollar amounts, so cybercriminals are simply doing the math and asking for greater amounts of crypto. That makes the bitcoin demand look larger, even though ransoms haven't changed much in dollar terms. 

Lance says many ransomware attacks fly under the radar these days because the attacks aren't as novel as they once were. Many ransoms get little attention unless they have the type of consumer fallout that last year's headline-grabbing attack on Colonial Pipeline did.

"Ransomware is still as prevalent as it ever was," Lance said, "and still making a ton of money." 

Business isn't as good at the largely shady crypto exchanges that cater to small-time cybercriminals. Many of those organizations are feeling the chill of crypto winter.

Last year, a team of researchers at Cybersixgill, an Israel-based threat intelligence firm, watched the activities of roughly 30 small dark web exchanges for several months. The exchanges, which the company didn't specifically name, have all been shut down since April.

The reason: Cybercriminals act a lot like many investors. When the values of assets start to tumble, they panic and cash out as fast as possible in hopes of cutting their losses. 

"It's just like what we see when there are bank runs," said Dov Lerner, who runs Cybersixgill's security research. He says the people behind the exchanges are still active in cybercrime even though the exchanges have "just vanished."

Some observers say crypto winter has put a permanent chill on ransomware attacks. 

Not that long ago, cybercriminals could demand $1 million to $3 million in payment after locking up a corporate computer system, notes Sherrod DeGrippo, vice president of threat research at Proofpoint, an email security company.

"But I think those heydays might be over," she said, noting that criminals aren't seeing the same success they once did. She notes that many organizations, along with the US government, have stepped up their ransomware defenses recently, pushing cybercriminals toward other activities.

Her company has seen upticks in attacks involving remote-banking trojans, malware designed to steal credentials or access to financial accounts, along with phishing attacks that scam company officials into paying fake invoices or otherwise send criminals real money. There's even been an uptick in the harvesting of credit card numbers. 

With any of those crimes, the criminals make off with conventional currency, rather than crypto. 

Criminals also like trojans because the malware can sit on systems quietly siphoning money overtime. For example, an attacker might be able to scam a company into paying a fake invoice month after month, or a banking trojan could continue to harvest access to financial accounts over time without the company knowing.

"Getting an organization's payroll, pensions and retirement makes for a massive payday," DeGrippo said. "It's a lot bigger, quieter and easier than ransomware."

---

Source