πŸ“£ Post by briankrebs

2024-12-18

Today's story features interviews with two recent cryptocurrency heist victims (one who lost > $4.5M) who were hit by the same scammers. The fraudsters used:
-Google Assistant to automate outgoing calls to victims warning of a security incident with their account, and to press 1 to speak to a rep;
-An email from google.com warning about an email hacking incident, including the name and phone number of the Google rep who will be calling. The alerts were sent via Google Forms, which makes them come from google.com.
-Victims were convinced someone had taken over their accounts when they received an alert pop up on their mobile from Google, asking if they were trying to recover access to their account. By this time, the victims were convinced they were talking with Google, and clicked "yes, it's me" trying to recover access:
How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click β€œyes” to a Google prompt on his mobile device.
krebsonsecurity.com/2024/12/ho…

briankrebs

https://infosec.exchange/@briankrebs/113674057509341068

https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/

https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/674/032/646/679/609/original/1f473d7ad5451fbc.png

πŸ”„ pluralistic

πŸ”„ briankrebs

πŸ’¬ Replies

2024-12-18 12thRITS

@briankrebs How not to lose money on crypto: don't mess with it.

2024-12-18 lopp ┃ 1πŸ”—

@briankrebs
This all tracks.
My co-founder got one of these social engineers to open up and we published the phone call: x.com/Nneuman/status/185927904…

2024-12-18 MattFerrel

@briankrebs crypto is an obvious scam, but this takes it to a new level

2024-12-18 LiquidParasyte

@briankrebs I didn't even realize assistant was useful enough to automate something as complex as a scam like this

2024-12-18 tbortels

@briankrebs
So much silliness because someone was too cheap to spend $50 on a proper fido2 hardware key. (I like the yubi, but there are other options)
[…]

2024-12-18 clintruin ┃ 1πŸ”—

@briankrebs
"Crypto assholes engaging in crypto scam get scammed."

2024-12-18 JGuz

@briankrebs
Thats going to be our Social Security Fund in a few months unless we find a way to stop the Republican Mafia from β€œinvesting” (stealing) OUR hard earned retirement fund πŸ‘€

2024-12-18 gneilyo

@briankrebs I encountered a kindof similar legitimacy-stuffing scam where attackers invite you to MS Teams under the pretense of having won a sweepstakes from Microsoft. The Teams invites […]

2024-12-18 ekknappenberger

@briankrebs anyone dumb and or greedy enough to put real money into crypto deserves to lose it

2024-12-18 obivan ┃ 1πŸ’¬

@briankrebs "In reality, the thieves caused the alert to appear on his phone merely by stepping through Google’s account recovery process for Griffin’s Gmail address." Does this mean they had […]

────

View thread

Next page (10-20)

────

πŸ“‘ Local feed

πŸ•οΈ Communities

πŸ”₯ Hashtags

πŸ”Ž Search posts

πŸ”‘ Sign in

πŸ“Š Status

πŸ›Ÿ Help