Luckily, she's not with EE - because it's a pretty convincing text. That domain name is specifically designed to include the day's date.
If you're stood up on a crowded train, with your phone screen cracked, would you notice that a . is where a / should be? A quick look at the URl shows a trusted domain at the start - followed by today's date.
It starts with https:// - that means it's secure, right? Is .info even recognisable as Top Level Domain?
Scammers know these domains get blocked pretty quickly - so there's no point registering a generic name like billing-pdf.biz only to have it burned within a day. By the time I'd fired up a VM to inspect it, major browsers were already blocking the site as suspicious.
Is there any way to stop this? No, not really. Domain names are cheap - you can buy a new .info for a couple of quid. The https://certificate was freely provided by Let's Encrypt. The site was probably hosted somewhere cheap, and whose support staff are asleep when abuse reports come in from the UK.
And that's the price we pay for anyone being able to buy their own domain and run their own secure site.
Money and technical expertise used to be strong barriers to prevent people from registering scam domains. But those days are long gone. There are no technical gatekeepers to keep us safe. We have to rely on our own wits.
With billions of phishing emails sent daily and #AI making social engineering easier, #phishing is the most critical #threat you and your team must be able to recognize.
Vive l'IA, un de mes contacts a reçu un faux mail de l'ANTAI lui demandant de payer une contravention super bien fait, complètement identique aux vrais, avec zéro faute... Heureusement ils se sont plantés dans le délais pour payer ce qui l'a incité à ne pas cliquer.
J'ai demandé à voir le mail. Le nom de domaine de l'expediteur et du faux site pour payer sont enregistrés en France, chez OVH. Est ce que vous savez si j'ai moyen de contacter directement OVH pour leur signaler ?
I like how there's so many products and so much money spent on endpoint defense,
malware detection, incident response, scanning of files, behavioral changes and signals
and all that shit...
but then companies end up losing millions to a simple phishing attack.
I'm doing the SC-200 by Microsoft, and I barely see things that talk about this
Je viens de recevoir un appel d'un numéro belge, une voix robotique s'annonce comme étant PayPal et m'informant que je viens de faire une transaction de 582€.
J'ai raccroché direct, signalé et bloqué le numéro.
My employer lets a private company send fake phishing mails to all staff in order to train them. Now that company, which most personnel do not know, sends an e-mail in its own name to all our staff, asking them to click on a link to follow an anti-phishing training. So it looks like the message they are giving to all our staff is: it's OK to click on links from unknown companies, as long as they tell you that it's anti-phishing training. 🤦♂️ #phishing#infosec
The PDF file attached to this email is malicious. You don’t even have to open it to know it should be deleted immediately. Outlook shows the “from” information, and this email didn’t come from Intuit.
The criminal who sent this email is an amateur. Be aware that the “from” information can be much more deceptive than we see in this email example. Sometimes you have to know how to examine the email header to see where the email is really from.
There are a lot of malicious emails that are of poor quality and easy to identify, like this one. By being informed and on guard, you can save yourself from a lot of trouble.
Phishing scammers now helpfully include the steps you need to take to click on their risky link in their texts. I’m sure ‘tuanosali1981@mailbox.org’ has my best interests in mind and is definitely from “the US Postal team.” I definitely shouldn’t question where they got my phone number from and why USPS wouldn’t just return a package to its sender. #scam#phishing#TrustNoOne
I don't know my own work phone number. I don't share it. I just got a phone call from someone presenting as wanting to send me a publication. They had my phone number, name, and title. Who the hell is leaking my data!?
More or less every company has guidance that users shouldn't click links in emails to prevent phishing and other email based attacks. So why do all email clients enable clickable links? There doesn't even seem to be an option to disable such links from incoming emails. 🤔 #infosec#email#phishing#security