Women who work in adult chat rooms are called "cam girls". I say the women that work for "wrong number" text message scams should be called "scam girls".

However in the latter case they are not actually behind the scam or significant beneficiaries - they are just tools or "front women" of the orgs that operate them. The send out R rated photos, try to engage respondents and gain their confidence, then ply them with a fraudulent scam.

#scamgirls #camgirls #scams #smishing #phishing #fraud

5 hours ago

Look at the new little #phishing attempt

Who can spot it? #security #infosec

Let us know it wasn’t you luhlllllll 📚
7 hours ago

The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication. #windows11 #passkeys #phishing #passwordless #authentication

9 hours ago

Huch, ich hab mich doch gar nicht für die PhotoTAN registriert. Ich bin ja noch nicht mal Kunde bei der Commerzbank. 🤔

#commerzbank #scam #phishing

SMS-Nachricht: „Lieber Commerzbank Kunde, Ihre Registrierung für die PhotoTAN App läuft ab. Jetzt erneuern: seltsamer Link“

- Banco: Evite caer en estafas, es 🫵 su responsabilidad 🫵 revisar el dominio oficial del banco y no caer en phishing, no entre a páginas fraudulentas que imitan la imagen del banco.

- También el banco: Gane con nuestra promoción, enviada desde otro dominio .com que cualquiera pudo comprar, aquí tiene este usuario y contraseña en texto plano para que lo ingrese en otro sitio web con dominio cualquiera .com 🤦‍♂️


13 hours ago

We've noted a noticeable uptick in #phishing and #smishing campaigns targeting the USPS. Using Iris Investigate and our integration with @maltegohq, we look at IOCs to better understand the scope of this campaign and a possible person of interest.

13 hours ago

Well that’s funny do people actually fall for these also fax.html lmfao it’s 2023 who the hell has a fax even in business besides legal departments and such?
#infosec #phishing #cybersecurity

Gname took the lazy approach and rather than look at the site to see it was a clear phishing scam asked me to submit a report via their "official form." Which I did. So now we wait, again.

I think my email could have been more descriptive. Lesson learned for next time.

The saga continues...

#cybercrime #FightBack #Spam #Phishing #SMSishing

👇 ⬇️

Longer than necessary email reply essentially asking me to fill out a form and include evidence of abuse.
screenshot of a confirmation pop-up noting i was successful in sending my complaint. The english and grammar here is... rough.
17 hours ago

Additionally, the attack employs a file named KB4495667.pkg, code-named DangerAds, which acts as a loader.

#Backdoor #Cybersecurity #DangerAds #Phishing #RedCross

Pyrzout :vrfd:
1 day ago

While we wait... Why bother? Well, glad you asked (no one has... yet)

URLs cost money. Even for big ops they cost a few bucks each. Each time you *quickly* report abuse to the registrar resulting in suspension, the bad guys lose $.

ALSO: You are also saving "Gullible Grandma" who got this text 2 hours ago while at water aerobics and is just now clicking the URL. She gets an error vs handing over her personal information. Be a hero, fight back!

#cybercrime #FightBack #Spam #Phishing #SMSishing

👇 ⬇️

Armed with the registrar's abuse email all we have to do is send a super quick and to the point email with proof of the bad guys using the URL.

So far I've had 100% success in getting the URLs taken down in a day or so.

I have never worked with gname before so now we wait and see.

#cybercrime #FightBack #Spam #Phishing #SMSishing

👇 ⬇️

Quick email to

Please let this serve as notice that [redacted].top for which you are the registrar is being used in SMSishing campaigns. See attached for an example. This URL needs to be suspended.
Aida Akl
2 days ago

Warning: Zero-point font obfuscation is being used to trick #Microsoft Outlook users into believing #phishing emails have been successfully vetted by antivirus scans. #cybersecurity #infosec

Attackers Trick #Outlook into Showing Fake AV Scans @darkreading

So let's see who their registrar is. I go directly to ICANN for this but you can use whatever service you like.

ICANN says the registrant of this URL is... adadasdadasdad. Seems legit!

They also provide contact info for the registrar. The registrar is the company the bad guys bought the URL from. International laws require them to take reports of fraud seriously. Never worked with before. Let's see...

👇 ⬇️

#cybercrime #FightBack #Spam #Phishing #SMSishing

screenshot shows the registrant org is not USPS. It's a random string of letters. The mailing address is simply "Arizona."
screenshot showing the name of the registrar as well as their contact email for abuse.

This is a fun one because it's #iMessage. Rare in my experience, but seems more common lately.

USPS won't randomly SMS or iMessage you. And they won't send you to some garbage .top URL.

Don't reply to troll. That only confirms you are a target and increases the resale value of your info.

Take a screen shot, and then "report junk".

Because this is iMessage, we can't take down their SMS service. I'll have to teach you that some other time.

👇 ⬇️

#cybercrime #FightBack #Spam #Phishing #SMSishing

screen shot of an iMessage pretending to be USPS saying they need address information to complete delivery. The URL ends in .top.
2 days ago

The younger generation is busy rating phishing attempts.

"pitiful ... Not even a number from the US!"

#phishing #HaveToLaugh

I have recently had a lot of fun taking down SMS spam / fraud / SMSishing bad guys. Based on engagement, you all seem to enjoy it, as well.

Here's a fresh one. Let me teach you how I do it, so you can too.

👇 ⬇️

#cybercrime #FightBack #Spam #Phishing #SMSishing
2 days ago

Wow has anyone else seen this scam where an email that pretends to be from GoDaddy is sent from a domain name that uses your own domain prefixed with secureserve- to make it look legit? The return address looks like:



#Phishing #GoDaddy

2 days ago

🚨 Campagna di #phishing ai danni di #Segugio con falso call center!

Una campagna malevola è stata diffusa tramite un dominio AdHoc e nel sito è riportato un falso numero di Segugio.

Così i criminali possono veicolare la frode telefonicamente!


Aloïs Thévenot :verified:
2 days ago

Evilginx Pro - The Future of Phishing - #phishing

2 days ago

Traditionally done as a way to stuff keywords in a resume to bypass AI filters, bad actors have found another use for the tactic.

Now, trusting security scans has come into question. Can't we have anything nice?

#vulnerability #phishing #outlook #microsoft #cybersecurity #security

2 days ago

Cofense reports on malicious HTML attachments that carry out Browser-in-the-Browser (BitB) attacks. BitB attacks can be effective because they abuse modern Single-Sign-On (SSO) mentality and user trust in the URL bar. IOC are provided.

Tags: #bitb #phishing #IOC #browserinthebrowser

Andrea Draghetti 🎣
2 days ago

In these days there is talk about the #ZeroFont technique used to send #phishing emails!

On January 9, 2017 for the first time we saw this technique used in a malicious campaign against PayPal.

The threat actor CaZaNoVa was selling for $30 a #ZeroFont email generator advertised on Facebook and YouTube.

This technique aims to evade spam filters by inserting invisible characters that are mixed with suspicious visible content.

Unfortunately, the YouTube video has been removed.


Steve :verified:
2 days ago

Too many financial institutions don't care about encouraging their customers in dangerous practices.

As phishing fraud hits more and more of us we are rightly warned not to use links in emails to login to our financial services yet so many organisations that should know better continue to do this.

I don't care if they do address me by name and include the last four digits of my account. Their actions encourage bad practice.

Best practice is only to include links that take you to information pages.

#Phishing #Fraud #Banks #FinancialServices #PersonalSecurity

Image of an email from PayPal inviting me to log into my account via a link in their email
Christoph Jüngling
2 days ago

Eine angeblich von Comdirect kommende eMail behauptet mal wieder, ich müsse unbedingt den "Identifikationsprozess" abschließen, und sie hätten vorsorglich mein Konto gesperrt.

Mein NICHTVORHANDENES Konto, versteht sich 😂


2 days ago

Die Bewertungsplattform wird seit 2018 vom Bundesministerium f. #Wirtschaft u. Klimaschutz als Erfolgsgeschichte genannt. Um den Dienst nutzen zu können, müssen Unternehmen sich dort registrieren/anmelden. Trustami pfeifft aber entgegen den eigenen Angaben auf das freiwillige, eigenmächtige Opt-In von Unternehmen. Die melden dich ohne dein Wissen dort an, veröffentlichen deine #Daten und gehen dir mit dreisten, kackfrechen Werbe-Spam und #Phishing auf die Nerven.
#trustami #bmwk

2 days ago

Os leaks dos emails da tap agora tão a lançar campanha de scam de email de alerta da conta do montepio ter sido bloqueada. Tenham cuidado. As do Moey também eram bue legit.

#leaks #tugaleaks #phishing #tugalandia

2 days ago

An updated version of an Android banking trojan called #Xenomorph has set its sights on more than 35 financial institutions in the U.S.
The campaign, according to Dutch security firm #ThreatFabric, leverages #phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the other targeted prominent countries targeted comprise Spain, Canada, Italy, and Belgium.

Oliver D. Reithmaier
2 days ago

Oh this is cool (conceptually only, of course)! Zero-Font was used to actually display fake security messages in #phishing email preview panes.

Zero-Font obfuscation was previously known to be used to split up suspicious keywords that filters and AI are actively looking for. Now someone used it to construct a security message that apparently these filters take at face-value. Wild stuff. And of course, Outlook is involved.

2 days ago

Eine kürzlich gestartete #Volksbank #Phishing-Mail-Kampagne ist ziemlich raffiniert und mit erschreckender Ähnlichkeit zu legitimen Banknachrichten gestaltet.

Avoid the Hack! :donor:
3 days ago

ICYMI: Fake celebrity photo leak videos flood #TikTok with Temu referral codes

Not specifically malicious... yet. Classic baiting.

Tactics like these can easily evolve to direct users to #phishing sites or #malware domains. Be careful what you click!

#cybersecurity #infosec #security

Renée Burton
3 days ago

Malicious actors who leverage DNS heavily to support their activity are often unrecognized and orthogonal to malware actors popularized in much media coverage, but they play a critical role in the online criminal economy. We've decided to publish more about those we track and some of our algorithms. Here's an intro! #dns #infosec #threatintel #malware #phishing #scam #spam

3 days ago

Cofense reports on an social engineering campaign targeting the hospitality industry (primarily luxury hotel chains and resorts) to deliver information stealers. The initial infection vector are emails and instant messages. They use TTPs to bypass email security, then deliver infection URLs in password-protected archives. No IOC.

Tags: #phishing #infostealer #cybercrime #socialengineering

3 days ago

#Phishing #Microsoft #Outlook #OneDrive #gehackt

Wenn Ihr von Geschäftspartner* eine Mail mit 1 QR-Code erhaltet, der zu einem Microsoft-OneDrive führt, wo Ihr Eure eMail-Adresse und Microsoft-Passwort eingeben sollt, um ein Dokument (pdf) abzurufen: Löschen und dem Absender (telefonisch) Bescheid geben.

Das ist optisch sehr gut gemacht. Alarmiert und sensibilisiert Eure Kolleg*innen.

Screenshot von scheinbarer OneDrive-Logon-Maske mit URL einer Barabara aus Brasilien.
3 days ago

Na, supi. Firmenrechner von Freundin wurde wohl gehackt, verschickt via Outlook-Server Phishing-eMails mit QR-Code zu gefaktem Microsoft OneDrive an Kunden. Viele unterschiedliche Betreff-Zeilen.
Gibt's zufällig ein HowToDoNow irgendwo zum Nachlesen? @HonkHase vielleicht?
#Phishing #QRCode #gehackt

4 days ago

The World Sailing Championships were recently spoofed by scammers on #Facebook, who used fake offers of free live streaming to fool victims into sharing private data.
#phishing #cybersecurity #Meta #socialmedia #infosec

The Cybersecurity Librarian :donor:
6 days ago

Have a look at this email I got. Obviously #phishing right? The blurred out parts are weird identifiers. I've never heard of "" and don't have an account with them.

But what if I visit that site. LOL I really wish #MITREEngenuity was here on mastodon (they still hang out on Twixxer)

Because this is relaced to And I do recognize them. #MITRE
This appears to be their assessment provider sending out odd request for people who don't even know they have accounts to update them with weird identifiers. LOL I wouldn't hold it against your MITRE.

A screenshot of an email that appears to be phishing. But is is phishing?
A screenshot of the page the supposed #phishing screenshot lead to. This is legitmate probably and belongs to MIRE Engenuity's assessment platform.
Konstantin :C_H:
6 days ago

I click on links in phishing emails so you don't have to!

Part 1: DHL Delivery 🧵

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Phishing #DHL

RichBartlett :donor:
1 week ago

The amount of organisations who don't have DMARC setup properly and get quarantined as phishing (spoof external domain) is doing my head in. I don't have the time to contact all of them, find out who runs their email, and educate them about a standard that's been pretty mainstream for years. #DMARC #phishing #falsepositives

Markus Schmitt ♻️
1 week ago

Wieder nice. SMS phishing. Domain bei Namecheap in den USA registriert und Hosting über Cloudflare versteckt. So geht das. Na mal schauen 👀 ob Namecheap die offline nimmt oder es das klassische Ergebnis sein wird.

Und klärt die Leute auf. Wichtig. Meine Frau hat die SMS bekommen. Und sie kam zu mir und fragte ob das Phishing ist. 👍

Noch ein Hinweis. Meldet das Phishing hier und immer bei Registrar.


SMS Phishing
Jeff MacKinnon
1 week ago

I have started to get a notable increase in spam and *good* phishing attempts on my work email hosted with Office365. Has anyone else noticed this?

#Office365 #Microsoft365 #Phishing #SPAM

heise Security
1 week ago

Verbraucherzentrale NRW warnt vor Phishing-Mails mit gefälschten Abmahnungen

Die Verbraucherzentrale NRW warnt vor derzeit gehäuft versendeten Phishing-Mails, die Empfänger mit gefälschten Abmahnungen verunsichern.

#Phishing #news

Stíofán MacThomáis
1 week ago

Don't be THAT person that clicks on the button! Check all the things...#SPAM #Phishing

Screen capture of phishing mail pretending to be from Spotify and claiming there was a billing issue with your account, but on showing the email of the sender, and other wording anomalies, is clearly fake.
Mat DJ 🐶 🐕🐕 :donor:
1 week ago

As phishing emails go, this one has a happy little ring to it

#phishing #email

A screenshot of the phishing email, which looks like a bad shared Acrobat PDF. The important bit reads "PDS Document Received From The Rent Fairy"
1 week ago

I just got the weirdest spam email. It is clearly not Walmart as the sender is an address. The email itself contains no links or anything for me to click on and get phished. I don't understand what's the point of this. Can anyone enlighten me?

#spam #phishing

Screenshot of a spam email
Tinker ☀️
1 week ago

So some of you might remember this post (and the subsequent demonstration on national news) of using a voice cloning tool (AI, Audio Deep Fake) by @racheltobac

Link to post:

(If you haven't seen it, go watch it. Rachel is amazing.)

I'd never needed to do a similar attack before, but! I was just tasked yesterday with researching it.

Asked some friends for a turn-key solution to clone voices. Got pointed to a website. Signed up for $1 a month (first month... then it goes to $5 a month thereafter).

Pulled some audio of my target's voice down from a youtube interview (a podcast works great too).

Only needed a minute's worth of audio.

Uploaded it to the website for cloning.

Typed out a quick script for the voice to read.

30 seconds later, I had my cloned audio.

It was so good, that it even included natural voice inflections AND!!! verbal pauses like umm's and uhh's that matched the target's original presentation. I can't tell the difference between the cloned voice and the original person.

Y'all... voice cloning and audio deep fakes are well past the ease of "script-kiddy" level. Anyone can do it.

#infosec #hacking #socialEngineering #scams #deepfake #AI #phishing #vishing

More bad guys sending garbage texts. This is blatant phishing. Maybe spear phishing? The URL was registered yesterday, Friday. Smart, they have all weekend to #cybercrime because many companies typically don’t staff fraud teams on the weekend.

Reported to name silo (registrar) as well as ATT (SMS provider) and the anti phishing working group. (

#FightBack #Spam #Phishing

Text message from today at 4:38 PM:

Costco: We want to hear how we are doing. Help us with some answers so we can better serve you in the future.
Dear Costco Shopper, Thank You and Congratulations!
Please complete the short survev about Costco to select your exclusive offer of up to $100.00 cash value.

This special is available until September 16, 2023
heise online
2 weeks ago

Neue Webinare zum Schutz vor Cyberangriffen

In fünf Webinaren vom 23.10. bis 27.11.2023 lernen IT-Verantwortliche und Admins von den Profis der SySS GmbH, Hackern stets einen Schritt voraus zu sein.

#Cybercrime #Cybersecurity #Datenschutz #Security #Phishing #news

2 weeks ago

📣 We're thrilled to announce the launch of Shira, our anti-phishing tool for human rights defenders, activists, and journalists!! 🚀

🛡️ By using Shira, you can learn to identify and defeat phishing attempts. Shira is:

✅ Self-paced & easy to use
✅ Realistic and customisable, with simulations of phishing attempts on email and messaging apps
✅ Privacy-respecting
✅ Developed with support from digital safety experts
✅ Free & open source

Try it now! #DigitalRights #phishing

2 weeks ago

Es sind wieder phishing Mails unterwegs, die so tun, als wären sie von der Bank Austria (Absendeadresse hier grad: 🤡 )

Darin ein Link zu einer super shady Seite, die dem BA-Login nachempfunden ist (screenshot).

Wer dort Nummer und PIN eingibt, bekommt eine Aufforderung für 2-Faktor-Authentifizierung und wenn diese auch noch eingegeben wird, hat man verloren.

Klickt keine verdächtigen Links an, überprüft immer Absender und im Zweifel meldet euch direkt!


Screenshot einer gefälschten Bank Austria Login-Page, unter dem Login ist ein Hinweis auf gefälschte Bank Austria Mails, die derzeit im Umlauf sind!
Kent Brewster
2 weeks ago

Heads up, folks: scammers are keeping an eye on LinkedIn updates and reaching out directly via text. (Not sure where they got my number but it's definitely out there.) I distracted this one for a couple of hours; not sure if he wised up or his carrier--which I called first thing--shut him down.

#scambaiting #crime #phishing

Very long stitched-together screenshot from Apple Messages, showing a scammer trying to get me to buy him some Apple gift cards.
Pixelcode 🇺🇦🕊️
2 weeks ago

#Bluesky developers literally do not care about #phishing at all. Anyone can manipulate link card previews to read whatever one fucking wants them to read, independent from the actual website URL and content.

#QT @north

Here's more info on phishing, including how to recognise and prevent it:

Dr. Brad Rosenheim
2 weeks ago

#Tech fediverse: I'm looking for the feasibility and security for a university email problem. Our university just decided it would end a policy that alumni have email addresses associated with the university in perpetuity. Fair enough - the resources of this promise have to be immense. But there is one group of alumni that our faculty have recognized as potentially deserving of this promise being kept - former students (mainly grad students) who have published as a first and/or corresponding author of a peer reviewed publication. In that case, they still have a tie to our university and people may want to contact them about their work here. So, I have a few questions:

Shouty person
2 weeks ago

Good news, everybody! Fake Interpol is going to help me get my pretend money back.


Stephanie Sher... R
Active 6m ago
I don't want you to think less of me for falling victim to such scoundrels.
Can you, with the weight of Interpol, really help me?
Replied to you
Can you, with the weight of Interpol, really help me?
Yes madam
We have made countless arrests of these suspects who posed to be someone they're not just to get money from innocent civilians like you
Replied to themselves
Have you send any of these suspects money or card before now?
Oh, thank you. That's great news. How can you help? What do you need from me?
ricardo :mastodon:
2 weeks ago

#Microsoft Warns of New #Phishing Campaign Targeting Corporations via #Teams Messages ⚠️

Jonathan Kamens
2 weeks ago

This phishing message I found in Spam this morning is the most convincing I've seen in a while, at least for people who don't pay attention, but let's talk about all the signs it's fake if you know what to look for.
#infosec #phishing
🧵 1/12

Screenshot of LastPass phishing email with suspicious aspects marked with red lines and arrows. Read the thread to find out what's wrong with it!
Zeljka Zorz
2 weeks ago

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams.

“For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,” the company says.

#cybersecurity #MSTeams #enterprise #phishing

Microsoft Teams logo
Christina Lekati
2 weeks ago

It appears that the ALPHV ransomware group is behind MGM Resorts' cyberattack on Monday. The way they reportedly gained initial access is by looking into the MGM employees on LinkedIn, picking one, and then calling the Help Desk.

The ALPHV group is said to be "extremely skilled at social engineering".

Yet finding information on an organization's employees on LinkedIn & and then using it in a vishing attack, often impersonating that individual, is a frequent and rather standard practice in #vishing attacks.

I have seen first-hand that there is a need to improve in a few areas:

🔹 Few organizations are prepared to handle phone-based social engineering. Most companies focus almost entirely on #phishing attack simulations.
That allows blind spots and a lack of processes/preparedness in too many other areas like vishing, social media and SMS-based attacks among other things.

🔹 Having a proper identity verification process in place and training your employees to stick with it often mitigates a lot of vishing/impersonation attacks.
Yet in most cases, there is either a lack of verification process or the employees are not aware of it (they sometimes get trained on it once during onboarding, and then forget all about it).

🔹 Understanding that social engineering is not limited to email attacks. It is a serious threat, and it requires working on a comprehensive social engineering prevention protocol.

We are still waiting for more information on the exact methodology. But it won't be the last time we hear of a similar attack scenario.

News Reporting:

#socialengineering #cybersecuritytraining #cybersecurity #cyberattack #cybernews #infosec #infosectraining #ransomeware

Shouty person
2 weeks ago

I’m not normally one to engage with spammers but this one was just too obvious to resist.

#Phishing #Instascam

Stephanie Sher. § O B
Active 14m ago
Stephanie Sherman stephanie_181gidi • Instagram
933 followers • 3 posts
Follows you
View profile
Sunday 23:22
Hello, I'm Stephanie Sherman and I work for INTERPOL. I am working on a case involving; Identity theft, credit fraud, celebrity romance and scams, investment scams, email phishing, and any cyber-related fraudulent activity.
Have you been contacted by a suspicious account or are you still in contact with someone?
Funny you should ask. I have been contacted by a suspicious account.
How did you know?
Have you send any of these suspects money or card before now?
Tap and hold to react

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #36/2023 is out! It includes the following and much more:

➝ 🇺🇸 ☁️ #Microsoft finally explains cause of #Azure breach: An engineer’s account was hacked
➝ 🎫 🔓 See Tickets says #hackers accessed customers’ payment data — again
➝ 🇳🇱 🔓 Chipmaker NXP Semiconductors confirms #databreach involving customers’ information
➝ 🇬🇧 🔓 #UK election body failed cybersecurity test before hack
➝ 🚮 🔓 #Freecycle confirms massive data breach impacting 7 million users
➝ 🇦🇺 🔓 University of #Sydney data breach impacts recent applicants
➝ 🇷🇺 🇺🇸 Wealthy Russian With #Kremlin Ties Gets 9 Years in #Prison for Hacking and Insider Trading Scheme
➝ 🇺🇸 ✈️ US Aeronautical Organization Hacked via #Zoho, #Fortinet Vulnerabilities
➝ 🇮🇷 🎣 Alert: #Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
➝ 🇺🇦 🇷🇺 #Ukraine's CERT Thwarts #APT28's Cyberattack on Critical Energy #Infrastructure
➝ 🎰 💸 #Crypto #casino loses $41 million to hot wallet hackers
➝ 🇺🇸 🇬🇧 US, UK take action against members of the Russian-linked #Trickbot hacker syndicate
➝ 🚗 👀 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy
➝ 🇬🇧 👀 UK lawmakers back down on encryption-busting ‘spy clause’
➝ 🌏 Hundreds of thousands trafficked to work as online scammers in SE #Asia, says UN report
➝ 🇺🇸 ✍🏻 #CISA Hires @dotmudge to Work on Security-by-Design Principles
➝ 🇬🇧 🛒 Children's snack recalled after its website caught serving porn
➝ 🇸🇪 💰 Insurer fined $3M for exposing data of 650k clients for two years
➝ 🇷🇺 Elon Musk's erosion of safety standards at X is helping #Putin spread Russian propaganda, study finds
➝ 🇰🇵 North Korea-backed hackers target security researchers with 0-day
➝ 🎣 Researchers identify high-grade phishing kits attacking nearly 60,000 #Microsoft365 accounts
➝ 🇮🇳 🤖 #India warns of #malware attacks targeting its #Android users
➝ 🇨🇳 💬 Chinese-Speaking Cybercriminals Launch Large-Scale #iMessage Smishing Campaign in U.S.
➝ 💸 💌 Fake #YouPorn extortion #scam threatens to leak your sex tape
➝ 👤 #Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
➝ 🎣 🛡️ #Google is enabling #Chrome real-time phishing protection for everyone
➝ 📱🧨 Hacking device #FlipperZero can spam nearby #iPhones with #Bluetooth pop-ups
➝ 🩹 🍏 #Apple patches “clickless” 0-day image processing #vulnerability in #iOS, #macOS
➝ 🩹 🔓 #AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure

📚 This week's recommended reading is: "Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter" by Don Murdoch GSE, MSISE, MBA

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

2 weeks ago

what's your favorite resource for #phishing kits? looking for a good, current repo with lots of kits for analysis

#infosec #cybersecurity #phish #spam #threatResearch

heise Security
3 weeks ago

Phishing-Angriffe mit Googles Looker Studio

IT-Forscher haben hunderte Phishing-Angriffe beobachtet, die mit Googles Looker Studio ausgeführt werden.

#GoogleMail #Google #Kryptowährung #Phishing #news

heise Security
3 weeks ago

Anstieg bei KI-gestützten mehrstufigen Malware- und Phishing-Attacken beobachtet

Ein IT-Sicherheitsunternehmen sieht eine Zunahme an mehrstufigen Phishing- und Malware-Angriffen. Diese seien aufgrund KI-Nutzung bedrohlicher.

#KünstlicheIntelligenz #Phishing #Security #news

Ai(artificial,Intelligence),Concept. Bard, ChatGPT, KI, Chatbot
heise online
3 weeks ago

40 Prozent mehr Spam-Mails: GMX und sehen KI als Grund

1&1 hat sich die Spam-Filter von GMX und angeschaut: Dort landeten 40 Prozent mehr Mails als im Vorjahreszeitraum. Grund ist auch KI.

#EMail #Phishing #Spam #Webde #news

IT News
3 weeks ago

How China gets free intel on tech companies’ vulnerabilities - Enlarge (credit: Wired staff; Getty Images)

For state-sponsore... - #securitydisclosures #uncategorized #syndication #security #phishing #hacking #biz#china

Yaz. K
1 month ago

Millions of #SMBC / #三井住友銀行 account holders (including mortgage accounts like mine) received this email yesterday. However, it was intended to be a *warning from the bank about #phishing.

It made headline news, and social media in #Japan has been abuzz with posts about this 'poorly worded warning'. Or 'brilliant awareness campaign"?😆 (sorry, I couldn't find an English news article) #JapanNews #banking

Autonomie und Solidarität
1 month ago

Gefährlicher Präzedenzfall: Neues Gesetz in #Frankreich will #Browser zur #Zensur verpflichten

"Die französische Regierung will Zensurmechanismen auf Browser-Ebene einführen. #Mozilla, bekannt für seinen Firefox-Browser, fürchtet eine dystopische Technik, die autoritären Regimen die Zensur erleichtert.
„Dass eine Regierung anordnen kann, dass eine bestimmte Website in einem Browser/System überhaupt nicht geöffnet wird, ist Neuland, und selbst die repressivsten Regime der Welt ziehen es bisher vor, Websites weiter oben im Netz (Internetanbieter usw.) zu blockieren“, schreibt Mozilla.
Auch wenn die Technik heute in Frankreich vielleicht nur für #Malware und #Phishing genutzt werden würde, entstünde ein Präzedenzfall und die technische Voraussetzung in Browsern für Zensur. „Eine Welt, in der Browser gezwungen werden können, eine Liste verbotener Websites auf Software-Ebene zu integrieren, die sich weder in einer Region noch weltweit öffnen lassen, ist eine beunruhigende Aussicht, die ernste Bedenken hinsichtlich der Meinungsfreiheit aufwirft“, schreibt Udbhav Tiwari. Mozilla fürchtet, dass das Gesetz es dann in Zukunft Browsern schwer machen würde, solche Anfragen von anderen Regierungen abzulehnen."
#Autoritarisierung #Antireport #Netzpolitik

Eric Woodruff [MS MVP] :donor:
1 month ago

For anyone at @BlueTeamCon who wants to understand why many forms of MFA are not phishing-resistant and why passkeys/FIDO2 are, tomorrow at 12:20pm during lunch in the #unconference room I’ll be delivering an impromptu session on #phishing resistant authentication, including a live demo of #evilginx.

#BlueTeamCon #BlueTeam #blueteamcon2023 #mvpbuzz #infosec
1 month ago

Wie kannst du #Phishing rechtzeitig erkennen und dich schützen? Welche Tricks wenden Betrüger:innen häufig an? Im frei zugänglichen E-Learning gibt es Antworten und interaktive Übungen, um zu testen, wie gut ihr die Anzeichen in Nachrichten erkennt. 🎣📧

Die Frage „Wie erkennt man Phishing?“ als Text. Eine Figur mit Fischkopf ist vor einem Laptop und wird von einem verdächtigen Ninja hinter dem Bildschirm gefischt. Der Ninja hinter dem Bildschirm hält eine Angel mit einem Wurm vor einem verschlossenen E-Mail.
1 month ago

Achtung #Servicehinweis für alle Nutzenden von #tutanota @Tutanota :
Aktuell sind #Phishing-#EMails mit offenen Rechnungsposten unterwegs. Dabei stammt die angezeigte Absenderadresse aus AT (Österreich).

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #33/2023 is out! It includes the following and much more:

➝ 🇬🇧 👮🏻‍♂️ #Norfolk and #Suffolk police: Victims and witnesses hit by #databreach
➝ 💬 🔓 confirms breach after hacker steals data of 760K users
➝ 🇺🇸 🏥 #Health plan provider PH TECH joins MOVEit victim list, 1.7 million exposed
➝ 🌍 👮🏻‍♂️ #Interpol arrests 14 suspected cybercriminals for stealing $40 million
➝ 🇮🇷 #Iran and the Rise of Cyber-Enabled Influence Operations
➝ 🎣 📨 Major U.S. energy org targeted in QR code #phishing attack
➝ 🦠 💸 Jon DiMaggio’s demystifying #LockBit’s Secrets in his latest Ransomware Diaries Vol. 3
➝ 🔓 🎠 Approximately 2000 #Citrix NetScalers backdoored in mass-exploitation campaign
➝ 🇮🇷 Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks
➝ 🇺🇸 💸 #FBI warns of increasing #cryptocurrency recovery scams
➝ 🇵🇱 👮🏻‍♂️ #LOLEKHosted admin arrested for aiding Netwalker ransomware gang
➝ 🇷🇺 👨🏻‍⚖️ #Russia slaps #Reddit, #Wikipedia with fines
➝ 🇨🇳 ⚡️ #Tesla reassures Chinese users on #datasecurity amid spying concerns
➝ 🇮🇱 🇺🇸 #Israel, US to Invest $4 Million in Critical Infrastructure Security Projects
➝ 💸 🐈‍⬛ New #BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
➝ 🦠 🦝 Raccoon Stealer #malware returns with new stealthier version
➝ 💸 🐧 Monti #Ransomware Returns with New #Linux Variant and Enhanced Evasion Tactics
➝ 🏴‍☠️ 💻 Over 120,000 Computers Compromised by Info Stealers Linked to Users of #Cybercrime Forums
➝ 🤖 🌪️ Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
➝ 🔑 #Google Introduces First #Quantum Resilient #FIDO2 Security Key Implementation
➝ 🐮 👀 Cult of the Dead Cow releases #Veilid: A secure open-source Peer-to-Peer network for apps that flips off the surveillance economy
➝ 📱 Threat actors use beta apps to bypass mobile app store security
➝ 🛰️ ☠️ How a hacking crew overtook a #satellite from inside a Las Vegas convention center and won $50,000
➝ 🃏 🔓 How to hack #casino card-shuffling machines
➝ 🇫🇷 🏧 Iagona ScrutisWeb Vulnerabilities Could Expose #ATM's to Remote Hacking

📚 This week's recommended reading is: "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" by Clifford Paul "Cliff" Stoll

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

1 month ago

ATTENTION - important fake #ZOOM #phishing attempt.

Citing EU #GDPDR rules and looking like a standard notification of ToS, the #cybercriminal has invested a lot of work in the quite authentic looking website.
Block the domain and inform your IT security.
Good luck!

Also; ZOOM changed its Terms of Service on 04/01/2023. - You have now agreed that they may use all your data generated while using their app, including the training of LLMs. Check the ToS, Sect.10

screenshot from phishing mail regarding zoom
Preview of the phishing website
1 month ago

🐟 How to Prevent Phishing Attacks? Your Ultimate Guide to Staying Safe Online

#privacy #cybersecurity #phishing

John Scott-Railton ☕
2 months ago

4/ #Phishing is a numbers game & difficulty + cost of faking a voice, have limited the use certain presumably effective themes (e.g. call from your lawyer or mom).

Those same factors have led to some companies going going hard on "my voice is my password" #authentication.

I'm glad my job doesn't include protecting financial institutions #fintech & consumers from #deepfake speech.

Or handling their #insurance .

Because the next few years are going to be a bloodbath.

#cybersecurity #fraud

John Scott-Railton ☕
2 months ago

3/ What I find scary is the super-additive combination of good deepfakes & creative fraudsters.

I think of phone fraud & #phishing as having exceptionally tight feedback loops.

Nature of the operation is to instantly learn what works & fails.

And then refine.

You can patch a phone, but not a person.

Which leaves human behavior littered with foreverday vulnerabilities.

Urgency, fear, curiosity, greed, authority ..

Fraud & #phishing constantly refine how to exploit them.

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #31/2023 is out! It includes the following and much more:

➝ 🐛 ✂️ Researchers Uncover New High-Severity #Vulnerability in #PaperCut Software
➝ 🇮🇱 🦠 #Israel cybersecurity agency says no breach after senior official self-infects home PC with #malware
➝ 🇺🇸 CISA’s strategic plan adheres to overall Biden administration direction on cybersecurity
➝ 🩹 ❌ Top 12 vulnerabilities list highlights troubling reality: many organizations still aren’t #patching
➝ 🐬 🔓 Hacking tool #FlipperZero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid
➝ 🔥 🔓 Hundreds of #Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack
➝ ⚡️ 🔓 Researchers jailbreak a #Tesla to get free in-car feature upgrades
➝ 🏭 📊 Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
➝ 🇷🇺 👥 Russian hackers target govt orgs in #Microsoft Teams #phishing attacks
➝ 🩹 🔓 #Rapid7 found a bypass for the recently patched actively exploited #Ivanti EPMM bug
➝ 🙈🔓 #Tenable CEO accuses Microsoft of negligence in addressing security flaw
➝ 🎣 📨 Hackers exploited #Salesforce zero-day in #Facebook phishing attack
➝ 🇺🇸 ☁️ US internet hosting company appears to facilitate global #cybercrime, researchers say
➝ 🇨🇳 🇪🇺 #China's #APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe
➝ 🦠 💸 Schools Are Now the Leading Target for Cyber Gangs as Ransom Payments Encourage Attacks
➝ 🇺🇸 🇨🇳 Possible Chinese Malware in US Systems - a ‘Ticking Time Bomb’
➝ 🇮🇹 🏦 Cybercriminals Renting #WikiLoader to Target Italian Organizations with Banking Trojan
➝ 🇺🇸 🇨🇳 Microsoft downplays damaging report on Chinese hacking its own engineers vetted
➝ 🇯🇴 💬 #Jordan adopts cybercrime law seen as threat to #freespeech
➝ 🇪🇬 🏥 Hacker Claims to Have Stolen Sensitive Medical Records from #Egypt's Ministry of Health
➝ 🔓 💰 #BankCard USA surrenders and pays #ransom

📚 This week's recommended reading is: "Art of Software Security Assessment, The: Identifying and Preventing Software Vulnerabilities" by Mark Dowd, John McDonald, and Justin Schuh

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

Avoid the Hack! :donor:
2 months ago

Salesforce #Email Service Zero-Day Exploited in #Phishing Campaign

- phishing email comes from Salesforce domain, which is a legitimate domain

- phishing link appears to point to a Facebook domain, another legitimate domain

- if you click the provided link and enter your Facebook credentials, the attacker now has them… because the phishing site is actually hosted on Facebook’s app platform.

#cybersecurity #infosec #security #0day #vulnerability

Claudius Link
2 months ago

Received a quite well made #CEOFraud #Phishing

The attacker posed as an (real) #EY employe. and claimed to have a private mandate from the CxO.

Reacting on a faked email of said CxO. Using a valid looking EY signature but using as the mail domain (which isn't EY)


2 months ago

I use Firefox Focus as default browser, so my online data and accounts are safe.

But I'm worried about exploits and remote code execution.

#cybersecurity #exploits #phishing #infosec

2 months ago

I think I'm being target of a phishing attack to my cellphone sent through "Flash SMS".

I frequently receive a message that's automatically displayed in my screen about having won a TV, with yes/no buttons underneath. No matter what I do, a web page automatically opens. The URL points to qrl[.]adc[.]bz/[...]. To mitigate this, I put my phone in airplane mode as quick as possible.

Does anyone here have information about these attacks?

Please boost for visibility.

#cybersecurity #phishing

2 months ago

Krijg je een mail, app, telefoontje of sms van ‘de Belastingdienst’ waarin gevraagd wordt een belastingschuld te betalen?

Dan kun je er donder op zeggen dat het #phishing is.
We vragen je nooit op die manier om een betaling te doen. En er zitten ook nooit links in onze mails.

Krijg je een phishing-bericht? Je helpt ons enorm als je 'm doorstuurt, dan kunnen we met de (meta)informatie hopelijk de oplichters opsporen. Meer info:

Bedankt voor je oplettendheid alvast!

David O'Brien
2 months ago

#Phishing emails are getting so sophisticated.


A phishing email telling me I''m owed $41,942 and – nice touch – 34c, with a nice big NEXT button. Which I am not going to click.
Steffen Voß
2 months ago

Ich wäre gerade fast auf #Phishing hereingefallen. Die Mail passte zu gut zu Sachen, die ich gerade gemacht habe. Ich war nur zu faul, meine Zugangsdaten für den falschen Login rauszusuchen. Als ich zurück in die Mail-App gewechselt bin, ist es mit dann aufgefallen. Ja, aber wenn das in einer von einer Millionen Fälle funktioniert, kann man damit wohl genug ergaunern, dass es sich lohnt.

heise Security
2 months ago

LKA Niedersachsen warnt vor Phishing und Abofallen mit iCloud- und Google-Mails

Derzeit versenden Betrüger Mails, laut denen Apple iCloud- oder Google-Speicherplatz volllaufe. Davor warnt das LKA Niedersachsen.

#Apple #Google #GoogleOne #iCloud #Phishing #Security #news

Angus McIntyre
2 months ago

There's a #phishing scheme popular on #Facebook, which involves hijacking someone's account & then posting a message to selected friends saying "Look who died, in an accident I think you know him so sorry.”

The accompanying link, of course, takes you to a Facebook look-alike login page where you can enter your credentials & get phished in turn.

Reporting these posts to Facebook gets you a little auto-homily about how this content is "not in violation of Community Standards”.

Nice to know.

Danny Garside
2 months ago

Well this is heckin hilarious to me:

My work does regular "#phishing tests", where you're supposed to recognise a phishing email and report it.

I just reported one, not thinking much of it, and then got an email from IT saying that no: that was a _real_ email alert from #MicrosoftTeams. They just look _that_ janky! 😆

Doug Levin
3 months ago

"Manchester Schools Scammed Out Of $1.2M; Supt. Resigns."

"According to the school board, Wieland 'personally and solely' paid nearly $1.2 million to the fraudulent email through electronic payment, even though all legitimate payments to Hagerman Construction had been by check."

Here's the kicker: "Indiana superintendent who resigned over $1.2 million in fraud payments gets special role in district" #edtech #BEC #phishing @PogoWasRight @brett @funnymonkey

heise online
3 months ago

Auf Phishing reingefallen: Landesministerium überweist Kriminellen 225.000 Euro

Sachsens Gesundheitsministerium hat eine betrügerische Rechnung bezahlt und Kriminellen 225.000 Euro überwiesen. Vor der Masche hat das LKA schon 2016 gewarnt.

#Kriminalität #Cybercrime #Phishing #news