GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

2020-11-23 21:08

A recent social-engineering "Vishing" attack on domain registrar GoDaddy temporarily handed over control of cryptocurrency service sites NiceHash and Liquid to fraudsters, exposing personal information of users.

"A routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information," the statement read. "Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees."

Security researcher Brian Krebs reported that he was able to use Fairsight Security to find domain name changes across GoDaddy over the past week and that he found similar cryptocurrency sites Bibox, Clecius.network and Wirex.

In March, a GoDaddy customer service employee was fooled into giving malicious actors access to domain settings for several customers, Krebs on Security reported, adding that the domain registrar also disclosed in May, 28,000 customer accounts were compromised in Oct. 2019, although it wasn't discovered until April 2020.

"It's really about teaching employees to have healthy skepticism, and making that culturally acceptable, even encourage, in your organization. With all the emphasis on speed and getting things done, employees often get the message that there isn't time to slow down just enough to make sure the person calling you really is who they say they are, or that the email or text really is coming from the person you think it is."

News URL

https://threatpost.com/godaddy-employees-tricked-compromise-cryptocurrency/161520/

#cryptocurrency #godaddy