Here’s your “definitely want to read this one today” piece. Zack Whittaker reports:
The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets.
“This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”
The victim, ignorant of the caller’s malicious intentions, taps into their phone keypad the six-digit code they just received by text message.
“Got that boomer!” a message reads on the attacker’s console.
In one of those punch the air moments, the bad guys had its own breach. Whittaker reports:
But a bug in Estate’s code exposed the site’s back-end database, which was not encrypted. Estate’s database contains details of the site’s founder and its members, and line-by-line logs of each attack since the site launched, including the phone numbers of victims that were targeted, when and by which member.
Read more at TechCrunch.