Join/Login and make your voice heard Connect With Other Naijatipsland Members

Phishing Scam Targeted Decrypt Newsletter Subscribers

Early in the morning of March 27, hackers impersonating Decrypt sent an email to our newsletter subscribers announcing a fictitious token airdrop. As soon as we got wind of the phishing attempt, we sent a follow-up email notifying our readers of the scam. 

However, in our haste to warn our subscribers, and because of a similar phishing attempt that occurred in January, we incorrectly blamed our email service provider, MailerLite, for this attack. In fact, the hackers had apparently obtained our password key to the service from someone on Decrypt’s side—MailerLite was not at fault. 

Due to security reasons, MailerLite does not store information on API keys, therefore, it is not possible to access it in MailerLite’s admin panel or the account in general,” a MailerLite spokesperson told us today. “It means that even though Decrypt Media’s account was affected during the data breach that happened at MailerLite on the 23rd January, 2024, perpetrators were not able to access API keys that could lead to sending of phishing campaigns on 27th March, 2024.”

So shame on us for jumping to the wrong conclusion, and we sincerely apologize to MailerLite.

We’ve been digging into what happened and will be working with law enforcement. According to MailerLite, “the phishing campaigns were orchestrated via the MailerLite API, originating from the IP address “69.4.234.86” and utilizing the user agent “python-requests/2.31.0.” After the intruders accessed our email list, they removed any addresses that ended in decrypt.co or decryptmedia.com so that our staffers wouldn’t be immediately alerted, and sent out their bogus email.

Luckily, the vast majority of our readers are wary of these sorts of phishing attempts; only one person attempted to connect their wallet to the bogus address.

But that is one too many. As mentioned in our earlier email, crypto scams are all too prevalent in our industry, and getting more sophisticated all the time. Decrypt, along with nearly every other crypto firm, has been impersonated or otherwise used as an attack vector. Hackers have even gone as far as to set up entirely separate websites, fake Discord servers, and social media accounts impersonating our staff. (Note that we have only two domains: decrypt.co and decryptmedia.com—if someone directs you to another domain, beware!)

So please be careful out there. And we will, too. Thank you as always for reading Decrypt.

Source link

0 0 votes
Article Rating
Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Nigeria's Fast-Growing Online Forum
Logo
Verified by MonsterInsights
situs togel sydneylotto situs toto toto slot https://sih3.kepriprov.go.id/berita/ https://fast.indihome.web.id/slot/ https://uninus.ac.id/ togel online terpercaya bento4d situs toto situs toto bento4d