Oh, yeah, this is a good one for my #librarian and #educator colleagues to read! 🧐🎣🎓
"Why QR Codes Are Education's New #Phishing Blind Spot"
https://cybersec.ironscales.com/s/why-qr-codes-are-education-s-new-phishing-blind-spot-24710
Oh, yeah, this is a good one for my #librarian and #educator colleagues to read! 🧐🎣🎓
"Why QR Codes Are Education's New #Phishing Blind Spot"
https://cybersec.ironscales.com/s/why-qr-codes-are-education-s-new-phishing-blind-spot-24710
Une campagne de #phishing sophistiquée usurpe l'identité d'Ameli via des courriels très réalistes. Les escrocs invitent les assurés à commander une Carte Vitale 2026 fictive pour dérober leurs coordonnées bancaires. Indices pour repérer l'arnaque, l'adresse expéditeur finit en .com (l'officielle est .fr) et la carte Vitale n'a pas de date d'expiration. https://www.clubic.com/actualite-594841-une-nouvelle-arnaque-a-la-carte-vitale-circule-aux-couleurs-d-ameli-et-attention-car-elle-est-tres-bien-faite.html
Une campagne de #phishing sophistiquée usurpe l'identité d'Ameli via des courriels très réalistes. Les escrocs invitent les assurés à commander une Carte Vitale 2026 fictive pour dérober leurs coordonnées bancaires. Indices pour repérer l'arnaque, l'adresse expéditeur finit en .com (l'officielle est .fr) et la carte Vitale n'a pas de date d'expiration. https://www.clubic.com/actualite-594841-une-nouvelle-arnaque-a-la-carte-vitale-circule-aux-couleurs-d-ameli-et-attention-car-elle-est-tres-bien-faite.html
Méfiez-vous de ce phishing, ça pourrait être un e-mail légitime ! 🤪
https://www.jeey.net/phishing.html
D'un côté, on nous assomme de messages "faites gaffe à vos mails" à chaque fuite de données,
De l'autre côté, l'administration t'envoie des mails en tout point semblable à du phishing...
Faudrait voir à être sérieux au bout d'un moment...
#Cybersécurité #HygièneNumérique #Phishing #OrNotPhishing #ThatIsTheQuestion
Méfiez-vous de ce phishing, ça pourrait être un e-mail légitime ! 🤪
https://www.jeey.net/phishing.html
D'un côté, on nous assomme de messages "faites gaffe à vos mails" à chaque fuite de données,
De l'autre côté, l'administration t'envoie des mails en tout point semblable à du phishing...
Faudrait voir à être sérieux au bout d'un moment...
#Cybersécurité #HygièneNumérique #Phishing #OrNotPhishing #ThatIsTheQuestion
Telegram recovery model allows permanent lockout after phishing
https://bugs.telegram.org/c/58477
#HackerNews #Telegram #Security #Phishing #Malware #Cybersecurity #Lockout
Dispositif RDV Solidarité : Quand l'administration publique vous envoie un mail qui se fait passer pour du phishing
https://www.jeey.net/phishing.html
#CyberSécurité #Phishing #OuPas
(edit temporaire : comme d'hab à la publication sur masto, ça fait tomber mon NAS. De retour dans quelques minutes)
Dispositif RDV Solidarité : Quand l'administration publique vous envoie un mail qui se fait passer pour du phishing
https://www.jeey.net/phishing.html
#CyberSécurité #Phishing #OuPas
(edit temporaire : comme d'hab à la publication sur masto, ça fait tomber mon NAS. De retour dans quelques minutes)
#CyberSecurity #Infosec #malware #phishing #ClickFix
“ClickFix attacks are increasingly devious, dangerous, and can hack you in an instant
These attacks spoof Windows errors, CAPTCHAs, and real login pages to trick victims into hacking themselves with malware that skirts common cyber defenses.“
Emphasis on the hacking themselves element.
Thanks to @zackwhittaker
https://this.weekinsecurity.com/clickfix-attacks-are-increasingly-devious-dangerous-and-can-get-you-hacked-in-an-instant/
#CyberSecurity #Infosec #malware #phishing #ClickFix
“ClickFix attacks are increasingly devious, dangerous, and can hack you in an instant
These attacks spoof Windows errors, CAPTCHAs, and real login pages to trick victims into hacking themselves with malware that skirts common cyber defenses.“
Emphasis on the hacking themselves element.
Thanks to @zackwhittaker
https://this.weekinsecurity.com/clickfix-attacks-are-increasingly-devious-dangerous-and-can-get-you-hacked-in-an-instant/
SECURITY ALERT: Phishing attack heads up.
Today I received two separate party invitations from two unrelated people I've not had dealings with for years.
One invitation arrived from one person at one email address & the other invitation arrived from the other person at a different email address.
Both invitations were supposedly generated by "Punchbowl." Apparently, this is a known phishing attack.
DO NOT CLICK ANY LINK IN THE EMAIL!
TIL in the UK it's easy to report scam #phishing calls by texting 7726 "Call [paste number here]"
Anything else texted to 7726 is taken as a spam sms report.
SECURITY ALERT: Phishing attack heads up.
Today I received two separate party invitations from two unrelated people I've not had dealings with for years.
One invitation arrived from one person at one email address & the other invitation arrived from the other person at a different email address.
Both invitations were supposedly generated by "Punchbowl." Apparently, this is a known phishing attack.
DO NOT CLICK ANY LINK IN THE EMAIL!
TIL in the UK it's easy to report scam #phishing calls by texting 7726 "Call [paste number here]"
Anything else texted to 7726 is taken as a spam sms report.
41 geoshitties (free and commonly abused web hosting) were added this December.
https://github.com/BadSamuraiDev/bs-lists/
10001mb[.]com
22web[.]org
2kool4u[.]net
4everland[.]app
66ghz[.]com
a0001[.]net
builderallsite[.]com
bytehost7[.]com
carrd[.]co
created[.]app
fast-page[.]org
framer[.]website
getresponsesite[.]com
grweb[.]site
html-5[.]me
humorme[.]info
hyperphp[.]com
iblogger[.]org
is-best[.]net
is-great[.]net
is-great[.]org
joomla-host[.]org
kit[.]com
likesyou[.]org
loveslife[.]biz
my-board[.]org
mybluehost[.]me
mydiscussion[.]net
my-style[.]in
nichesite[.]org
replit[.]app
social-networking[.]me
synergize[.]co
talk4fun[.]net
tilda[.]ws
totalh[.]net
usluga[.]me
web1337[.]net
webcindario[.]com
weblium[.]site
webnode[.]page
WhatsApp users targeted in account takeover attack dubbed GhostPairing
The "GhostPairing Attack" is a social engineering campaign that exploits WhatsApp's device pairing feature by tricking victims into entering WhatsApp authentication codes via fake Facebook pages, authorizing attackers' browsers as linked devices with full access to messages and contacts. Most victims remain unaware that they have been compromised and their WhatsApp account becomes a vector to scam others.
**Never trust unexpected cryptic messages on your messaging platforms, even from contacts you trust, especially if they have links or phone numbers to call. They are most probably phishing. Check your WhatsApp Settings → Linked Devices and remove any sessions you don't recognize.**
#cybersecurity #infosec #scam #phishing #activephishing
https://beyondmachines.net/event_details/whatsapp-users-targeted-in-account-takeover-attack-dubbed-ghostpairing-n-a-y-8-j/gD2P6Ple2L
WhatsApp users targeted in account takeover attack dubbed GhostPairing
The "GhostPairing Attack" is a social engineering campaign that exploits WhatsApp's device pairing feature by tricking victims into entering WhatsApp authentication codes via fake Facebook pages, authorizing attackers' browsers as linked devices with full access to messages and contacts. Most victims remain unaware that they have been compromised and their WhatsApp account becomes a vector to scam others.
**Never trust unexpected cryptic messages on your messaging platforms, even from contacts you trust, especially if they have links or phone numbers to call. They are most probably phishing. Check your WhatsApp Settings → Linked Devices and remove any sessions you don't recognize.**
#cybersecurity #infosec #scam #phishing #activephishing
https://beyondmachines.net/event_details/whatsapp-users-targeted-in-account-takeover-attack-dubbed-ghostpairing-n-a-y-8-j/gD2P6Ple2L
Phishingversuch bei Outfittery: Datenleck beim Kleiderversand?
Der Berliner Kleidungsversand bat Kunden um eine Aktualisierung ihrer Zahlungsdaten. Der Link in der E-Mail führte jedoch auf eine Phishing-Seite.
