Are you a big fan of nonfungible token's? OpenSea is the largest marketplace for NFTs.
If you have an account with them, please be aware that they recently disclosed that their network was breached. They also issued a warning to clients asking them to be alert for possible phishing email.
OpenSea's security head, is Cory Hardman. He claims that Customer.io employees downloaded a file containing emails addresses belonging to OpenSea subscribers and users. It was not known how many email addresses the attacker took with him.
Mr. Hardman stated:
"If you shared your OpenSea email in the past, it is likely that you were affected. Customer.io is currently investigating the incident and we have reported it to law enforcement."
OpenSea users are not the only ones being targeted. Threat actors impersonating support staff stole approximately two million dollars worth of NFTs last year. The company fixed a security hole that allowed hackers to steal OpenSea users' cryptocurrency wallets. They lured them to click on maliciously created NFT artwork.
Although the industry is still young, it is growing at an incredible pace. OpenSea is the largest marketplace for NFT. Their 600,000+ users and $20 billion in total transactions make them a prime target for hackers.
Unfortunately, this won't be the last time OpenSea or other NFT markets are in trouble.
Be on high alert if you have an account. There is a good chance that an attacker will attempt to use your email address for malicious purposes.
Voicemail Phishing are Increasing
Although "vishing" is not a new cyber threat it is something that most people aren't aware of. If you don't know what vishing is, it's not a new term.
Vishing is shorthand for phishing via voicemail and is on the rise according to info collected by Zscaler security firm. Attackers are targeting US military installations and tech companies.
It is worth noting that there are no actual voicemails involved. The attackers send links in emails that claim to point to voicemail messages stored on WhatsApp or LinkedIn. The attack's purpose is to encourage the recipient into divulging their Office 365 or Outlook credentials.
The attackers even deployed a CAPTCHA system to make their capture page seem more convincing.
Zscaler's spokesperson had the following to say about Zscaler's recent discovery regarding vishing attacks.
"Voicemail-themed Phishing campaigns are still a popular social engineering strategy for attackers because they can lure victims to open email attachments. The threat actor can use evasion techniques to bypass automated URL analysis tools in order to steal the credentials of the victims."
Zscaler has a point. This type of attack is becoming more popular in certain sectors and not only is it possible, but also common. Make sure your employees are aware of what to look out for. Zscaler's keen-eyed people spotted the trend.
Hackers may still try, but we might not be able stop them. We can stop hackers from trying, but if enough people are aware of the tricks they use, that's a great start.
Awareness is the start but contacting a cybersecurity company like Integrated Technology Systems is the very best way to keep your data safe.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/
