As DeFi continues to grow in popularity and prominence, hackers around the world are uncovering new vulnerabilities and developing new methods to attack organizations.

Today, one of the most prominent categories of DeFi hacking is social engineering attacks. Social engineering refers to a method of manipulating people into revealing information or taking actions that can compromise the security and privacy of systems and networks, such as DeFi wallets. Social engineering attacks accounted for 70-90% of all malicious data breaches in 2023 (Avast Threat Labs)​.

Social engineering attacks are prominent in DeFi right now for a number of reasons. Launching this sort of attack can be relatively easy and cheap for hackers when compared to other types of hack. It relies on human error rather than vulnerabilities in software or systems, so anyone can be a potential target. In addition, the potential impact can be huge, with millions of dollars on the line.

In DeFi, the signing process is a clear point of vulnerability for social engineering attacks. In this blog, we’ll guide you through a few tips for ensuring that you don’t fall victim to a DeFi signing scheme.

Risks that may arise during the signing process

Hackers look to socially engineer victims into signing away their funds using various tools and methods, such as crypto drainers – phishing tools designed to masquerade as Web3 projects, enticing victims into connecting their crypto wallets to the drainer. Drainers are built to literally drain your wallet, but because of how blockchain technology works, hackers will always need your signature to take control of your funds.

Drainers employ asset-specific methods for taking away your funds; in all cases, the drainer social engineers victims into signing a maliciously crafted transaction. Here are some of the most common signature requests threat actors use to trick victims into signing transactions on their behalf:

Transfer transactions

With base assets such as ETH, expect to receive a signature request for a transfer transaction directly to the attacker’s wallet address. This is the most basic way threat actors deploy to get any asset from a victim.

Token approval

Token approval/allowance has legitimate use cases and is required for highly popular dApps like UniSwap to function. They optimize a user’s gas usage with frequently visited dApps. However, the same mechanism is abused by attackers to gain control over victims’ funds.

In a token approval attack scenario, the drainer will request victims to sign a call to an “Approve” method of ERC20/ERC721 tokens. Once you sign it, you are giving the attacker permission to withdraw all your assets.

Once the transaction is approved, the attacker no longer requires any further interaction with you in order to drain these funds as they will have full control, even without access to your private key.

Contract calls signing

Contract calls are a staple of DeFi and on-chain trading. These can include swapping, liquid staking, and other smart contract interactions.

Often, engaging with smart contracts can seem like executing a program that someone else developed – you don’t exactly know what it does, and you rely on the user interface (in this case the dApp), to communicate intent. Attackers leverage this and combine malicious smart contracts with abuse of well-known, legitimate smart contracts.

One method attackers often use is to abuse swap contracts and use them as transfers. When swapping, the expectation is that you will send funds to the swap contract and get back equally valuable tokens, minus fees. Attackers set up fake swapping interfaces and abuse known swap contracts, while sending different RECEIVER parameters to the swap method, making themselves the recipient of the swapped tokens.

Typed message signing

Off-chain/typed messages refer to when you sign a text message and hand it over to the dApp, usually over WalletConnect. The purpose of this is to expand the usage of wallets within Web3 beyond transactions (e.g. for sign-in, or accepting terms & conditions); it also optimizes gas usage by signing meta-transactions and authorizations off-chain, and enabling the dApp to submit a transaction on-chain.

In some cases, a typed message signing request can be a social engineering attack that gives attackers control over your funds. For example, Permit/PermitBatch are a kind of typed message that controls token allowances. One signed message can enable control over multiple assets. This is one of the main vectors attackers use if they’re able to, as it can generate the maximum profit for them.

Protecting from DeFi signing attacks with Fireblocks

Here are some tips for using Fireblocks to defend your business from DeFi signing attacks:

The effectiveness of last weekend’s attack by U.S. forces on three of Iran’s nuclear sites might be a matter of debate, but security experts fear the ramifications of the strikes are a little more certain.

Officials are warning that Iran-linked hackers and other online groups affiliated with the Iranian government could focus attacks on U.S. targets, including businesses. The Department of Homeland Security, earlier this week, issued an alert from its National Terrorism Advisory System, saying attacks could go on through September. “The ongoing Iran conflict is causing a heightened threat environment in the United States,” the alert reads. “Low-level cyberattacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks.” Owners of small and midsize businesses have reason to be uncomfortable with that warning. A 2024 study from Microsoft found SMB cyberattacks are both frequent and costly. “Ninety-four percent of SMBs consider cybersecurity critical, but without the tools and internal expertise to keep people, data, and devices secure, SMBs are vulnerable,” it reads.

The attacks may have already started on a small scale. Iranian-aligned hackers claimed responsibility last week for a denial of service attack on Trump’s Truth Social platform that made it inaccessible for a period of time. “Both hacktivists and Iranian government-affiliated actors routinely target poorly secured U.S. networks and internet-connected devices for disruptive cyberattacks,” the DHS warning reads. A hacker’s goal in attacking a business can vary. Retail-facing companies can be targeted for the personal and credit card information of customers. Some businesses are hit with a malware attack that initially does nothing, but can transform a company’s systems into “zombie computers,” which can be used unwittingly in a larger attack. Some hackers use security lapses at smaller companies as backdoor entries into larger partner corporations.

Ransomware demands, which force business owners to pay to retrieve locked data, remain an especially big threat to small and midsize companies. Ransomware reached a historic high in the first quarter of this year, according to a report from NordStellar, a London-based threat exposure management platform. Companies with $10 million to $50 million in annual revenue and about 51 to 200 employees were the most frequently attacked. “Many SMBs rely on third-party IT providers, cloud platforms, and managed services, creating multiple attack vectors,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Weaker cybersecurity defenses due to limited budgets and an ‘it won’t happen to us’ mindset make SMBs low-hanging fruit to cybercriminals.” So what can founders do to protect their businesses? Experts recommend to avoid using shared passwords and to change passwords every three months. Consider implementing multifactor authentication or using authentication software. Only give employees access to the specific data systems that they need for their jobs. And no workers outside of your IT department should be able to install software on company devices without permission.

Also, to protect against ransomware, regularly back up the data on all computers, especially word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Keep that offsite or on a cloud server. Staff support is also critical, such as teaching employees to safeguard against phishing, spam, and malware attacks as well as how to secure their mobile devices. Eight in 10 business owners told Microsoft a lack of staff security awareness was a concern. That’s an easily solvable problem. Ensure, of course, that all of your systems are running the most recent software version. And never assume that you’re too small to get attacked or that just because you’ve been hacked before, you won’t be again (something a surprising 44 percent of the business owners told Microsoft they believed).

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse.

If your company is exploring or already using AI agents, you need to ask: Are they secure?

AI agents work with sensitive data and make real-time decisions. If they’re not protected, attackers can exploit them to steal information, spread misinformation, or take control of systems.

Join Michelle Agroskin, Product Marketing Manager at Auth0, for a free, expert-led webinar — Building AI Agents Securely — that breaks down the most important AI security issues and what you can do about them.

What You’ll Learn:

What AI Agents Are: Understand how AI agents work and why they’re different from chatbots or traditional apps.

Understand how AI agents work and why they’re different from chatbots or traditional apps. What Can Go Wrong: Learn about real risks — like adversarial attacks, data leakage, and identity misuse.

Learn about real risks — like adversarial attacks, data leakage, and identity misuse. How to Secure Them: Discover proven methods and tools to protect your AI agents and earn user trust.

This is not a sales pitch. It’s a practical, no-fluff session with real strategies you can use today. Whether you’re already building with AI or just getting started, this webinar will help you stay ahead of threats.

Secure your free registration ➜

By Brown Bolzy Gari

In today’s digital world, cybersecurity is no longer just an IT issue—it is a business survival issue. Companies in Papua New Guinea (PNG), from small businesses to large corporations, are increasingly being targeted by cybercriminals.

With the rise of online banking, digital payments, and cloud storage, businesses handle more sensitive customer and financial data than ever before. Unfortunately, many PNG businesses lack strong security measures, making them easy targets for hackers, data breaches, and financial fraud.

A single cyberattack can lead to financial loss, damage to customer trust, and even legal consequences. So, how can PNG businesses protect themselves from cyber threats?

1. The Biggest Cyber Threats to Businesses in PNG

? Phishing Attacks

Phishing is one of the most common cyber threats. Hackers send fake emails or messages pretending to be banks, government agencies, or business partners. These messages trick employees into sharing login details or financial information.

Example: An employee receives an email that looks like it’s from their bank, asking them to “verify” their account by clicking a link. If they do, hackers steal their login details.

? Ransomware Attacks

Ransomware is a type of malware that locks a company’s files until a ransom is paid. Many businesses pay the ransom but never get their data back.

Example: A PNG business loses access to all its customer records after an employee opens an infected email attachment. Hackers demand payment in cryptocurrency to unlock the files.

? Data Breaches

Weak security measures allow hackers to steal customer information, such as credit card details, personal IDs, and business secrets. Data breaches can lead to lawsuits and loss of customer trust.

Example: A retail store’s unsecured database is hacked, exposing customers’ credit card information.

? Insider Threats

Sometimes, employees or former staff leak or misuse sensitive company data—either by accident or intentionally.

Example: A disgruntled employee shares confidential business files with a competitor before leaving the company.

? Weak Passwords & Unprotected Systems

Many businesses fail to update passwords and security settings, making it easy for hackers to break into company accounts.

Example: A business uses “password123” for all its accounts, making it easy for hackers to gain access.

2. How PNG Businesses Can Protect Themselves from Cyberattacks

✅ Train Employees on Cybersecurity

Educate staff on how to spot phishing emails, fake websites, and suspicious attachments.

Encourage employees to report suspicious messages before clicking on links.

Conduct regular cybersecurity awareness training.

✅ Use Strong Passwords and Multi-Factor Authentication (MFA)

Require strong, unique passwords (e.g., “B1z@rre$ecureP@ss” instead of “password123”).

Enable Multi-Factor Authentication (MFA), which requires an extra verification step (like a text message code) before logging in.

Regularly update antivirus software, operating systems, and security patches to fix vulnerabilities.

Use firewalls and encryption to protect business networks.

✅ Back Up Important Business Data

Store backups of critical data in a secure location (e.g., external hard drives or cloud storage).

Test backups regularly to ensure they can be restored in case of a cyberattack.

✅ Control Employee Access to Sensitive Information

Not all employees should have access to financial records or customer data.

Limit access based on job roles to reduce insider threats.

✅ Secure Business Emails & Communications

Use official company email accounts instead of free services (e.g., Gmail, Yahoo) for business transactions.

Be cautious when sharing financial information—always verify requests by phone first.

✅ Develop a Cybersecurity Policy

Create a clear IT security policy for employees, outlining safe online practices.

Establish a cyber incident response plan so the business knows what to do if hacked.

3. What to Do If Your Business is Hacked

1️⃣ Disconnect affected devices from the internet to prevent further damage.

2️⃣ Report the attack to your IT team, bank, or a cybersecurity expert.

3️⃣ Notify affected customers if their data has been leaked (this builds trust and may be legally required).

4️⃣ Investigate the breach to understand how it happened and strengthen security.

5️⃣ Avoid paying ransoms—there’s no guarantee hackers will return your data.

4. Why Cybersecurity is Good for Business

? Protects Customer Trust

Customers are more likely to do business with companies that keep their data safe. A single breach can destroy years of trust.

? Prevents Financial Losses

Cyberattacks can cost businesses millions in recovery expenses, legal fees, and lost revenue.

? Ensures Business Continuity

A secure business can operate smoothly without disruption from hackers.

Final Thought

Cybercrime is a real and growing threat in Papua New Guinea. Businesses that fail to take cybersecurity seriously risk losing money, data, and customer trust.

Protect all your devices, without slowing them down.

Search engines help us find information quickly, but they can also be misused by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to push harmful websites to the top of search results.

This method isn’t just a risk for individuals—it can impact businesses, too. For example, scams can involve fake e-commerce stores that promise discounts but never deliver the products. Others hijack traffic from legitimate websites, damage reputations, or spread false information.

Understanding SEO poisoning helps small business owners protect their brand, secure their online presence, and prevent cybercriminals from exploiting their customers.

What Is SEO Poisoning?

SEO poisoning is a cyberattack method where criminals manipulate search engine rankings to push harmful websites to the top of search results. These sites often look trustworthy but are designed to steal login credentials, spread malware, or trick users into financial scams.

This tactic preys on the assumption that top search results are the most reliable. Many people don’t double-check links before clicking, making it easier for attackers to deceive them. Once a user lands on a poisoned website, they may unknowingly enter sensitive information, download malware, or fall victim to fraud.

Why SEO Poisoning Matters for Small Business Owners

For small business owners, SEO poisoning is more than just a cybersecurity threat—it can directly impact your business, customers, and reputation. When attackers exploit SEO poisoning to hijack your brand name, product keywords, or industry-related searches, they can redirect potential customers to fraudulent websites that mimic your business. These fake sites may scam users, steal sensitive information, or infect their devices with malware, ultimately damaging your credibility and trustworthiness.

Furthermore, if your own website is compromised and unknowingly hosts malicious content or redirects, search engines may penalize or blacklist your site. This can make it more difficult for customers to find you online, leading to lost revenue, decreased traffic, and a lengthy recovery process to rebuild trust.

Related: Small Business Reputation Attacks – Why They Spike in Q1 and How to Stay Safe

SEO Poisoning Tactics: How Cybercriminals Manipulate Search Results

SEO poisoning is a constant battle between cybercriminals and search engines. Attackers use a mix of deceptive techniques to push harmful websites to the top of search results, making them appear safe and legitimate. Here are some of the most common tactics criminals use:

1. Keyword Manipulation (Keyword Stuffing)

Attackers flood their fake websites with trending keywords to trick search engines into ranking them higher. They often mimic legitimate topics, industries, or frequently searched questions. This makes their sites appear relevant, but instead of useful information, visitors are met with scams, fake downloads, or phishing attempts.

2. Hijacking Trusted Websites

Cybercriminals target reputable sites—such as government, university, or business websites—and exploit security weaknesses to insert malicious links or redirects. This method is particularly dangerous because users trust these websites and may not notice when they are redirected to a harmful page.

3. Malvertising (Malicious Advertising)

Instead of relying only on organic search rankings, criminals pay for fake ads that appear alongside legitimate search results. These ads often mimic well-known brands or services, leading users to phishing sites or malware downloads. While traditional malvertising used to involve banner ads, attackers now use sponsored search results to lure victims.

4. Typosquatting (Lookalike Domains)

Typosquatting involves registering slightly misspelled versions of popular website domains (e.g., “amaz0n.com” instead of “amazon.com”). Cybercriminals use these fake domains to trick users into entering sensitive information or downloading malware.

5. Fake Business Listings (Local SEO Poisoning)

Scammers create fraudulent local business listings on Google Maps and other directories, making it appear as though they are legitimate businesses. Unsuspecting users who search for nearby services might be redirected to fake customer service numbers, phishing sites, or scam operations.

6. Social Media Boosting

Attackers use social media to spread links to their poisoned websites, often disguised as trending topics or urgent news. The more these links are shared and clicked on, the more search engines may recognize them as relevant, boosting their rankings.

7. Link Farms and Fake Traffic Networks

Cybercriminals use link farms and bot networks to artificially inflate a website’s popularity in search engine rankings. These networks consist of hundreds or thousands of low-quality websites that link to each other or direct traffic to a malicious site. Some attackers also employ bots or paid users to visit these sites repeatedly, tricking search engines into believing they are popular and trustworthy.

Related: How Scammers Trick You into Compromising Your Own Security—and How to Stop Them

How to Protect Your Business from SEO Poisoning

Fighting SEO poisoning requires a mix of cybersecurity tools and safe online habits. Here’s how you can protect your company:

1. Secure Your Website and Online Presence

Cybercriminals can target your own website in an SEO poisoning attack. Keep your website safe with:

Regular security checks – Audit your website for vulnerabilities, especially outdated software that hackers can exploit.

– Audit your website for vulnerabilities, especially outdated software that hackers can exploit. SSL certificates and web security tools – Use SSL encryption, web application firewalls (WAFs), and content security policies (CSPs) to prevent unauthorized access.

Related: What Is An SSL Certificate And 6 Reasons Why Your Small Business Website Needs One

Monitoring search rankings – Sudden drops in your website’s search rankings or unusual traffic changes could signal an SEO attack. Google Search Console can help you track these shifts.

Bitdefender Ultimate Small Business Security offers advanced protection against impersonation attacks, scams, and fraudulent ads. Features like Scam Copilot and Digital Identity monitoring provide instant alerts, allowing businesses to take action before customers are misled or exposed to cyber threats. By staying one step ahead, you can protect both your business and your customers from falling victim to SEO poisoning tactics.

Check out our plans for small businesses.

3. Strengthen Your Cybersecurity Culture

Even with strong security tools, human error remains a weak spot. Educate employees on safe browsing habits and how to spot suspicious search results.

Train your team – Teach employees how to recognize phishing websites and fake ads. Use phishing simulations to test awareness.

– Teach employees how to recognize phishing websites and fake ads. Use phishing simulations to test awareness. Encourage safe browsing – Avoid clicking on unfamiliar ads or links, even if they appear at the top of search results. Always double-check URLs before entering login details.

You can do it easily with Bitdefender Link Checker

FAQs

How can I tell if a search result is part of an SEO poisoning attack?

SEO-poisoned websites often look legitimate but may redirect you multiple times, ask for downloads, or display excessive ads and pop-ups. A misspelled or unfamiliar domain name can also be a red flag. To stay safe, always verify URLs before clicking and use security tools that detect suspicious links.

Can SEO poisoning affect all search engines?

SEO poisoning can target any search engine, including Google, Bing, and Yahoo. While larger search engines invest in security measures to detect and remove harmful results, cybercriminals constantly evolve their tactics to bypass filters.

Even if you don’t visit malicious sites, your business can still be impacted. Cybercriminals may create fake websites impersonating your company, tricking customers into scams or phishing attacks. If attackers compromise your website, search engines may lower its ranking or blacklist it, making it harder for customers to find you.

What steps can I take to protect my business from SEO poisoning?

Keeping your website secure, monitoring search rankings for unusual activity, and training employees to recognize fake search results are key defenses. Using real-time cybersecurity tools like Bitdefender Ultimate Small Business Security can help detect impersonation attempts and fraudulent websites before they cause harm.