Cryptocurrency Phishing Threat, RomCom Phishing Scheme, OpenSea Scam Arrest – Cybersecurity News [10 July 2023]

email security · Crypto Threat, RomCom Scheme, OpenSea Arrest – Cyb

As the popularity of cryptocurrencies continues to soar, malicious actors are targeting cryptocurrency users through sophisticated phishing attacks . Malicious players are using ever-evolving tactics to victimize unsuspecting users.

While enterprises and organizations are rapidly embracing email phishing protection to draw their line of defense, phishing attack mechanisms are becoming more innovative . This development is a worrying one for enterprises worldwide.

Here is this week’s phishing news for you to check out the key highlights.

Global Cryptocurrency Users Under Threat from Phishing Schemes

A leading cybersecurity organization has uncovered an alarming rise in phishing campaigns aimed at hot and cold cryptocurrency wallets. Thus, cryptocurrency users appear to be the direct target for phishing campaigns.

While

anti-phishing

solutions and ransomware protection largely secure information at the organizational and entrepreneurial levels, individual cryptocurrency account holders remain vulnerable to phishing attacks.

These phishing campaigns have been designed to exploit cryptocurrency users globally. Of late, cryptocurrencies attract investors with their potential upside. However, malicious players are taking advantage of this extensive use of digital assets.

In the spring of 2023, cybersecurity experts intercepted over 85,000 scam emails targeting hot and cold wallets. Their detailed report focuses on the sophistication of these

phishing attacks

through emails.

RomCom Designs New Phishing Campaign Using Word Documents

Microsoft recently warned about a phishing campaign designed by RomCom, a threat actor. This campaign targets defense and government organizations in North America and Europe. Besides, the attackers have also targeted the financial and telecom sectors.

RomCom has exploited a zero-day vulnerability involving specially crafted Microsoft Word documents. Recently, malicious actors used a fake OneDrive loader for phishing campaigns. This RomCom attack is similar to the previous ones. These emails are mostly disguised as invitations to the NATO Summit in Lithuania. Understandably, the

phishing emails

were designed to specifically attack defense and governmental organizations.

This attack also highlights the **need **for government and non-governmental sectors to implement robust

phishing protection

tools.

U.S. Department of Justice Charges Moroccan Man in $450,000 OpenSea Spoofing Scam

The Department of Justice (DOJ) of the U.S. has charged a Moroccan man named Soufiane Oulahyane for designing an online scam involving the spoofing of OpenSea. The fraud consists in operating a fake OpenSea website.

According to the allegations, Oulahyane is believed to have stolen over $450,000 worth of cryptocurrency and NFTs by running the fraudulent website.

He has also been charged for obtaining the login credentials of the victims. It was back in September 2021 that this scam took place. During this incident, Oulahyane victimized a Manhattan-based OpenSea user into divulging private information.

Later, he gained unauthorized access to the victim’s crypto wallet and stole crypto assets. Besides, he has been accused of stealing a valuable Bored Ape Yacht Club NFT worth approximately $92,000 .

 

Rapid Increase in Fake Threads Websites Sparks Phishing Concerns

Cybersecurity experts have expressed concerns over the rapid increase in fake websites targeting Meta’s Threads app. Since the app was launched, it has recorded over 100 million downloads . However, this app has turned out to be a prime target for malicious players.

More than 700 suspicious domain names associated with phishing activities were registered in a single day after it was launched. Cybersecurity experts advise users to caution and download the Threads app only from official sources like Google Play or the App Store.

Users remain vulnerable to online threats if they click links from unverified sources. Besides, downloading the app from untrusted websites poses security risks like identity theft and malware infection.