Zum Ablauf des Scams, um ihn vielleicht in Zukunft bei anderen zu verhindern:
Eine Webseiten hat den Computer "aus Sicherheitsgründen" gesperrt. Und man wird aufgefordert eine deutsche Microsoft Support Hotline anzurufen
(Ich vermute dass das "nur" eine Webseite in Vollbild Modus war)
Der Support schaltet sich dann remote auf den Gerät auf (weiß nicht was sie da benutzt haben) und "repariert" das Problem.
Zur Freischaltung muss man aber Geld per Xbox Gutscheinen übermitteln (hier 400€)
Diese Übermittlung gibt dann erst Mal "schief" und man sollte es mit neuen Gutscheinen noch Mal probieren. Das Geld von den ersten Gutscheinen könnte man dann zurückfordern.
(Tipps wie (ob) man Xbox Gutscheine sperren kann sind willkommen)
Hier wurde der Betrug erkannt und kein weiteres Geld übermittelt. Der PC wurde dann wieder "freigegeben".
Der Rechner ist von Netz getrennt und aus. Technische Details weiß ich erst in den nächsten Tagen, wenn ich mit den Rechner angeschaut habe. Durch den remote Zugang können natürlich Daten gestohlen oder Schadenssoftware installiert worden sein
Тиждень тому українці почали отримувати СМС-повідомлення нібито від «Укрпошти» про те, що їх відправлення не доставлять, якщо вони не нададуть свої персональні дані (детальніше про це можна прочитати в матеріалі AIN.UA: https://ain.ua/2023/06/06/ukrposhta-poperedyla-pro-fishyng/).
Це рішення працює на всіх операційних системах (на скріншоті блокування однієї із адрес у браузері Brave для ОС Android). Єдине, що потрібно — додати фільтр Ukrainian Malicious URL Blocklist до свого веб-браузера: https://github.com/braveinnovators/url-blocklist
Саме тому ми створили універсальне правило для фільтра фішингових сайтів Ukrainian Malicious URL Blocklist завдяки якому всі веб-посилання у форматі ukrposhta.xxx.xxx будуть блокуватися автоматично і незалежно від того, які саме доменні імена будуть надалі використовуватися шахраями у цій фішинговій кампанії.
A #phishing email targeting #netcup users is currently going around, be prudent and cautious of any urgent or suspicious emails received relating to your services there!
The spam email came from the domain campusfinances (dot) fr
which is hosted on Hetzner at IPv4 157 (dot) 90 (dot) 176 (dot) 97. The phishing link is hosted on another provider and IP.
You could just as easily find some elaborate method of persuading regular #ChatGPT to help write some convincing #phishing emails, hell just having mostly correct spelling and grammar would be a massive boost to believability and Microsoft Word could help with that as is. https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
Finnish market chain and bank S-Pankki is informing about #phishing attempts. The funny thing is that they are sending their email from: noreply.s-pankki@email.s-pankki.fi
What garbage is that? That is one confusing email address to use to inform about phishing attempts. Can't they come up simpler that is easier to verify by looking at?
Credit to #hetzner for a quick response to a phishing report impacting one of my team's clients. The site was nuked within an hour of them receiving the report.
This is a good reminder that anyone can help defeat phishing sites by looking up their host and registrar. Those providers typically have phishing report forms. #phishing
Cybersecurity professionals who promote fear are doing harm to overall cybersecurity awareness training efforts.
As an example, I received this inquiry from a person who was unnecessarily afraid to use a legitimate payment system. Read their question and my reply below:
"Hi Bob, I have a tech question for you. I just had my car serviced at the dealer. They offered a pickup and return service (of the car) which I used, so I did not physically have to go there. When they were done they texted me a copy of the bill and there was a link to make the payment. Since I wasn’t sure how safe that was I called and made the payment, but for future reference I thought I’d ask you if it is a safe/secure way to pay.
Thanks"
My reply:
"Yes! It's safe and secure to use a link in a text message, or QR code, given to you directly by a local business. That business is paying a transaction fee to use an online credit card payment services provider."
Instead of fostering fear, teach people how to distinguish between legitimate payment links and payment links from scammers.
Simplicity dot com's email server has been hacked. Yesterday I received an email through their domain that is obviously a phishing scam impersonating Harbor Freight. #email#phishing