A fraudulent popup appeared on several famous websites, including CoinGecko, Etherscan, DeFi Pulse, and others, encouraging users to connect their MetaMask wallets to use on the site.

Its targets are car manufacturers and dealers in Germany, the threat actors behind it managing to duplicate genuine sites belonging to various companies for the purpose of registering lookalike domains.

Researchers discovered a new campaign running an NFT scam via a series of YouTube videos. Cybercriminals would append malicious links in a video’s description that lead victims to download RedLine Stealer from a GitHub link.

The National Cyber Security Centre, part of spy agency GCHQ, said the new offering would share real-time threat data with internet service providers (ISPs), enabling them to instantly block access to known fraudulent sites.

A new credit card stealing service, called Caramel, is growing in popularity. Launched by a Russian cybercrime organization named CaramelCorp, the skimmer-as-a-service can allow any low-skilled threat actors to get started with financial fraud. 

“Frappo” is actively advertised on the Dark Web and on Telegram, where it has a group with over 1,965 active members – there cybercriminals discuss how successful they’ve been at attacking the customers of various online services.

This service supplies subscribers with a skimmer script, deployment instructions, and a campaign management panel, which is everything a threat actor needs to launch their own credit card stealing campaign.

The fraudsters made more than $1.3 million after re-streaming an edited version of an old live panel discussion on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ? Word” conference.

One of Ferrari's subdomains was hijacked to host a scam promoting a fake Ferrari NFT collection. The Ethereum wallet associated with the cryptocurrency scam appears to have collected a few hundred dollars before the hacked subdomain was shut down.

Regardless of the script they’re following, scammers will say you’ll receive a link on your phone via SMS. They will then ask you not to click the link but merely take a screenshot and send the image back to them.