Michał "rysiek" Woźniak · 🇺🇦
boosted
jcfrog ✊ 🎸 🤘 ☮️ :anar: 🖥️
boosted
⚠️⚠️⚠️ À faire tourner, surtout auprès des nouvelles et nouveaux de Mastodon ⚠️⚠️⚠️
Depuis quelques jours, des messages de phishing circulent ici, prétendant être émis par "la modération de Mastodon" et indiquant que "votre compte est suspendu", avec un lien pour "débloquer le compte". ‼️‼️
C'est bien évidemment une arnaque, mais j'ai vu des messages de gens en panique face à ça.
Alors, faites tourner l'info, signalez ces comptes, rassurez les gens 😊😊😊
#arnaque #phishing
Tristan Nitot✓
boosted
🔔🔔 Complément d'informations sur la moderation 🔔🔔
Mastodon moderation team et Mastodon support team n'existent pas.
Personne ne modère Mastodon dans son intégralité.
La modération est opérée par chaque instance, selon ses règles propres.
Si d'aventure votre compte devait être suspendu, VOUS SERIEZ AVERTI PAR MAIL, et non via un message sur Mastodon
#arnaque #phishing
Etienne / Tek
boosted
#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch
ClickFix lures users by displaying bogus error messages followed by quick fix instructions, including copy-pasting malicious code. Running the code in the victim’s command line interpreter delivers malware such as #RATs, infostealers, and cryptominers.
Between H2 2024 and H1 2025, ESET’s detection for ClickFix, HTML/FakeCaptcha, skyrocketed by 517%. Most detections in ESET telemetry were reported from Japan (23%), Peru (6%), and Poland, Spain, and Slovakia (>5% each).
What makes #ClickFix so effective? The fake error message looks convincing; instructions are simple, yet the copied command is too technical for most users to understand. Pasting it into cmd leads to compromise with final payloads, including #DarkGate or #LummaStealer.
While #ClickFix was introduced by cybercriminals, it’s since been adopted by APT groups: Kimsuky, Lazarus; Callisto, Sednit; MuddyWater; APT36. NK-aligned actors used it to target developers, steal crypto and passwords from Metamask and #macOS Keychain.
#ClickFix uses psychological manipulation by presenting fake issues and offering quick solutions, which makes it dangerously efficient. It appears in many forms – error popups, email attachments, fake reCAPTCHAs – highlighting the need for greater vigilance online.
Read more in the #ESETThreatReport:
🔗 https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025
ClickFix lures users by displaying bogus error messages followed by quick fix instructions, including copy-pasting malicious code. Running the code in the victim’s command line interpreter delivers malware such as #RATs, infostealers, and cryptominers.
Between H2 2024 and H1 2025, ESET’s detection for ClickFix, HTML/FakeCaptcha, skyrocketed by 517%. Most detections in ESET telemetry were reported from Japan (23%), Peru (6%), and Poland, Spain, and Slovakia (>5% each).
What makes #ClickFix so effective? The fake error message looks convincing; instructions are simple, yet the copied command is too technical for most users to understand. Pasting it into cmd leads to compromise with final payloads, including #DarkGate or #LummaStealer.
While #ClickFix was introduced by cybercriminals, it’s since been adopted by APT groups: Kimsuky, Lazarus; Callisto, Sednit; MuddyWater; APT36. NK-aligned actors used it to target developers, steal crypto and passwords from Metamask and #macOS Keychain.
#ClickFix uses psychological manipulation by presenting fake issues and offering quick solutions, which makes it dangerously efficient. It appears in many forms – error popups, email attachments, fake reCAPTCHAs – highlighting the need for greater vigilance online.
Read more in the #ESETThreatReport:
🔗 https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025
Cress 🏴 🌻
boosted
@beardedtechguy So “people would notice a link to mybank.com going to hahapwned.com but not to 89.72.4.2?”
People are more likely, not less, to smell something fishy if they see a random string of digits when they expect the name of a site they trust.
If this is the only argument against certificates for IP addresses, I think we’re good.
@aral Great point — and I agree that most users would be suspicious if they saw an IP address like 89.72.4.2 instead of a familiar domain like mybank.com. The concern raised in the article, though, was more about scenarios where users don’t see the link clearly — such as in emails, PDFs, or messaging apps where URLs may be masked behind anchor text or shortened links. For example, a phishing email might show a link that says “View Invoice” but actually points to https://203.0.113.10/login.
Experienced users like you and I know to hover over links, check certificate info, or inspect the address bar. But many users don’t do that — or worse, they click links without verifying anything. According to the Verizon DBIR and other phishing studies, this is still one of the top attack vectors today.
Also, I don’t think the article was arguing against IP certs outright — just highlighting that, like with any new capability, there's potential for abuse that the broader public (and infosec community) should be aware of.
Tim Chambers
boosted
If you get an email from a big company saying you're a match for a job, and then asks you to log in using Facebook, you're staring down the barrel of a scam. https://www.pickr.com.au/news/2025/scammers-turn-to-fake-job-emails-and-fake-facebook-what-to-do #howto #news #online #internetsecurity #mcafee #phishing #scams