A Day in the Life of a Prolific Voice Phishing Crew

KrebsOnSecurity has authored an extensive report on the growing issue of voice phishing, and in particular the activities of a group of cyber criminals known as Crypto Chameleon, believed to be behind the recent theft of $4.7m from a cryptocurrency investor.
Crypto Chameleon is said to be behind the recent uptick in Multi-Factor Authentication bombing attacks targeting Apple users.
Multi-Factor Authentication bombing attacks typically involve a bad actor attempting to log in to a user’s account while the user is logged in, repeatedly bypassing authentication checks by repeatedly resetting the user’s password, thus repeatedly sending authentication prompts to the user.
Such attacks work unless the user notices the flurry of authentication prompts and intervenes.
In this most recent incident, Crypto Chameleon abused both Google and Apple’s voice services to trick the victim into thinking the fraudulent website purporting to be apple was legitimate.

Fast Feed