Tony is a 42 year old professional from northern California who started investing in crypto in 2013. One evening, as he was putting his toddlers to bed, he received a message from Google about an account security issue, followed by a telephone call from one Daniel Alexander of Google, who informed him that his account was being accessed by someone in Germany and could he please click “Yes” to a prompt that Google was sending to his phone?
I hope you can see where this is going.
Next Tony receives a phone call from Trezor, a provider of encrypted hardware devices used to store crypto. Apparently his account had been compromised but he could recover it by entering his crypto password at a phishing site. Tony did just that and lost a cool $4.7 million to the ether.
The supposed Google and Trezor reps were part of the same criminal outfit. The most popular attack vector for stealing money passes through your email account. The main defense for such attacks is htt ps://kre bsonse curity.com/2020/ 04/when-in -doubt-han g-up-look-u p-call-back/ .
Yes, it will take a few minutes to get through the voice prompts. Tough. Don’t take telephone calls from financial institutions or your email provider. Or lol Microsoft.
Even urgent ones. Especially urgent ones. I sort of doubt whether email companies need your permission to stop an attack. They would just stop it, then ask for your authorization. If they telephoned you. Which they wouldn’t in all likelihood. After they lock your account, it’s your problem after all.
https ://krebso nse curity.co m/2024/12/how-to-lo se-a-fortun e-with-just-on e-bad- click/