Security News
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements."Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said.
As the FCC planned, the new rule also eliminates the mandatory seven-day waiting period for reporting break-ins to consumers. "Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said of the new rule.
"Bad actors are using AI-generated voices in unsolicited robocalls to extort vulnerable family members, imitate celebrities, and misinform voters. We're putting the fraudsters behind these robocalls on notice," said FCC Chairwoman Jessica Rosenworcel.While currently, State Attorneys Generals can target the outcome of an unwanted AI-voice generated robocall-such as the scam or fraud they are seeking to perpetrate-this action now makes the act of using AI to generate the voice in these robocalls itself illegal, expanding the legal avenues through which state law enforcement agencies can hold these perpetrators accountable under the law.
The Federal Communications Commission has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. In SIM swapping attacks, criminals trick a victim's wireless carrier into redirecting their service to a device controlled by the fraudster.
The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate...
If you plug your phone into a USB outlet that's provided by someone else, how can you be sure that it's only providing charging power, and not secretly trying to negotiate a data connection with your device at the same time? In the words of the FCC:. If your battery is running low, be aware that juicing up your electronic device at free USB port charging stations, such as those found in airports and hotel lobbies, might have unfortunate consequences.
In Brief The Federal Communications Commission plans to overhaul its security reporting rules for the telecom industry to, among other things, eliminate a mandatory seven-day wait for informing customers of stolen data and expand the definition of what constitutes an incident. In a unanimous 4-0 vote, the FCC published a notice of proposed rulemaking that Chairwoman Jessica Rosenworcel said is sorely overdue, as the current rules are more than 15 years old.
US regulators want to fine the operators of a claimed massive robocall operation almost $300 million that made more than 5 billion pre-recorded calls over three months early last year. Those five billion calls went to more than 500 million phone numbers between January and March 2021 in what the Federal Communications Commission called the largest robocall operation it has ever investigated.