There was this (blog?) article recently where a security expert analyzed the legit emails of a company (some parcel delivery service?) and found lots of #phishing clues which renders typical "how to spot phishing/scam emails" into useless tips.
Unfortunately, I didn't write down that URL. Can somebody help me here?
It might have even been in German, I don't know any more.
Target.com is a security risk. Someone used my email to create an account so I got emails about it. I suspect if I ever use my email with Target this other person could remain signed in and abuse this access. It did not confirm the email when the account was created and once I reset the password I could not delete the account. I reached out to Abuse@target.com and the reply directed me to a form which requires me to give up a lot of personal details. I am not going to to do that. So I reported an incident to CISA instead. Target should be doing better than this, especially in 2024. #security#phishing#target
Ich hoffe, das Passkeys diesbezüglich nicht betroffen ist so wie Passwort-Manager wie @keepassxc, @bitwarden inklusive 2FA schon einen grösseren Schutz gegenüber der KI ergibt.
»GPT-4 kann eigenständig bekannte Sicherheitslücken ausnutzen:
Forscher haben festgestellt, dass GPT-4 allein anhand der zugehörigen Schwachstellenbeschreibungen 13 von 15 Sicherheitslücken erfolgreich ausnutzen kann.«
🧵 …und nicht nur die vorhin erwähnten Tools nützen als Schutz diesbezüglich, sondern auch das nicht herein fallen gegenüber den "helfende Profis":
[ENG]
«LastPass users targeted in phishing attacks good enough to trick even the savvy:
Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.»
Je viens de recevoir un appel d'un numéro belge, une voix robotique s'annonce comme étant PayPal et m'informant que je viens de faire une transaction de 582€.
J'ai raccroché direct, signalé et bloqué le numéro.
Seems to me that a new role has emerged for those who want a career in cybersecurity: Cybercriminal Troll.
Police around the world are making videos to scare the bejeezus out of scammers and hackers, revealing in a jaunty way how they are about to be busted.
"Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers"
😮
The simpleminded change from the text "X.com" to read "twitter.com" led to embedded URLs being changed from, say, "fedX.com" to "fed...twitter.com" (the ellipsis is mine).
Qui est l'idiot qui vient de cliquer le lien dans un mail de relance Pole Emploi et de saisir son mot de passe malgré l'URL suspecte?
C'est moiiiiiiiii!
Je me suis reconnecté en passant par le vrai site et j'ai modifié mon mot de passe.
J'espère que les malandrins n'ont pas eu le temps de récupérer mes infos.
J'ai appris ma leçon : ne jamais cliquer un lien avant le premier café.
Conventional Email security tools are far from enough these days, You need to attach some sort of AI/ML processing. I know I personally am targeted with very specific and curated phishing attempts as a content creator several times a month. Avanan so far has caught the majority of these to the tune of 95+% accuracy.
This is due to something I call #KoboldLetters. By cleverly (mis)using CSS, attackers can display completely different emails to different recipients.
The problems with HTML and CSS in emails have been known for a long time, but the security implications have usually been underestimated or actively downplayed. That's why I wrote an article explaining how HTML emails can be used to deceive recipients into becoming part of an sophisticated #phishing attack.
The #CooperativeBank is currently running a terrible promotion where you get an email from the bank directing you to a form where you enter your card details for a chance to win a cash prize (https://www.visa.co.uk/campaign/co-operativebank/win-little-help-a-lot/) And as far as I can tell this is all actually completely legit, but this really isn't the sort of behaviour the bank should be encouraging its customers to engage in!
UK police bust worldwide million-dollar crime-as-a-service hub LabHost | TechFinitive (www.techfinitive.com)
Davey Winder provides details of the LabHost bust by British police in partnership with Microsoft - and explains LabHost's modus operandi