Tycoon 2FA: Phishing Platform Back Online

Despite recent law enforcement actions, the Tycoon 2FA phishing platform is active again with an upgraded infrastructure. This Phishing-as-a-Service (PhaaS) allows attackers to bypass two-factor authentication (2FA) by stealing session cookies. The new version employs sophisticated traffic-cloaking methods and rotates malicious domains faster to evade security filters. Users are advised to be extremely cautious with email links and, where possible, use hardware security keys instead of SMS codes for authentication. Source: MKD CIRT https://mkd-cirt.mk/tycoon2fa-fising-platformata-povtorno-aktivna-po-neodamnesnata-policiska-akcija/ Bleeping Computer – Tycoon2FA phishing platform returns after recent police disruption Bleeping Computer

Europol-led Operation Downs Tycoon 2FA

In a major international law enforcement operation led by Europol, the infrastructure of Tycoon 2FA was dismantled. This platform was linked to over 64,000 phishing attacks worldwide. The action resulted in server seizures and the arrest of key individuals involved in maintaining this criminal service. While this is a significant blow to the cybercrime ecosystem, experts warn that such platforms often reappear quickly under different names. Source: MKD CIRT https://mkd-cirt.mk/operacija-predvodena-od-europol-go-urna-tycoon-2fa-phishing-as-a-service-povrzan-so-64-000-napadi/ The Hacker News – Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks The Hacker News

Fake Cryptocurrency Scam Abusing Gemini Brand

Criminals are exploiting the popularity of Gemini AI to promote a fake cryptocurrency. The scam spreads via social media and fraudulent ads claiming Google is launching its own token. Victims are directed to professional-looking websites to invest funds that subsequently disappear. It is important to remember that tech giants rarely launch cryptocurrencies this way; always verify through official channels. Source: https://mkd-cirt.mk/izmama-ja-zloupotrebuva-gemini-za-da-gi-ubedi-lugjeto-da-kupat-lazna-kriptovaluta/ DarkReading – Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto DarkReading

Security tips for home & work

Change default passwords. Devices and accounts often come with preset, default passwords. Be sure to change them during the set-up process. Do not use the same password for all of your accounts which could create a single point of failure. Create a strong password. Use at least 12-character long passwords that contain uppercase letters, lowercase letters, special characters (@, #, $, %, etc.), and numbers.. Don’t use personal information in your passwords or security questions. Whenever possible choose Multi-factor Authentication (MFA). Do not ever save your passwords in your browser or applications. Sign out of your accounts once you are no longer using them. Review all your devices and applications for privacy and security permissions. If access to content (e.g., contacts, location, camera, microphone, etc.) is not needed to deliver the service, do not accept the use of it, or turn it off to better protect your privacy. Manage the privacy and security setting on your devices, online services, and applications. Only share information that’s required, and nothing more. Avoid bad actors Verify the requester before sharing any personal data. • Check email addresses • Beware of embedded links or attachments • Never provide personal information via email or phone • Go directly to the company’s website to follow up on a message instead of replying through an internal link • Stay vigilant and use caution when asked to do something new, unusual, or different • Slow down and think carefully before you act Don’t share your phone with others. Use blurred virtual backgrounds or privacy screens to hide personal information. Update software regularly. Keep your software up to date-it’s one of the most effective security tools you have.