Security Advisory: Recent Social Engineering Tactics

GSR has observed a social engineering campaign targeting participants in the digital asset ecosystem. The attack involves fraudulent video calls arranged via Telegram, during which users are prompted to install fake “software updates” through convincing pop-ups presented mid-call. This method aligns with techniques detailed in recent FBI advisories and is designed to bypass typical user scepticism by mimicking legitimate workflows.

As ever, strong security hygiene is critical:

- Be wary of messages which create a sense of urgency

- Never install/update software during live calls

- Double-check all links

- Verify unusual requests via a trusted, separate channel

FBI Public Service Announcement: