I hear crytpotulip based phishing scams are still a thing, so reprising "Your 'Forgotten' Blockchain Account Needing Reactivation? It's a Scam" https://nxdomain.no/~peter/forgotten_blockchain_account_scam.html from 2022 might be useful to some #crypto #cryptocurrency #cryptotulips #phishing #scam #cybercrime #fraud
I hear crytpotulip based phishing scams are still a thing, so reprising "Your 'Forgotten' Blockchain Account Needing Reactivation? It's a Scam" https://nxdomain.no/~peter/forgotten_blockchain_account_scam.html from 2022 might be useful to some #crypto #cryptocurrency #cryptotulips #phishing #scam #cybercrime #fraud
There's a really disturbing #Paypal #phishing scam happening right now. Obviously this reads like a typical phishing attempt (bad grammar, a malformed phone number to call, etc), but the official Paypal email wasn't spoofed. It came from PayPal's email infrastructure.
Examining the headers shows that SPF, DKIM, and DMARC all pass. If you have a Paypal account, please exercise caution. Don't click links in these emails. Forward them to phishing@paypal.com.
Please boost for visibility.
There's a really disturbing #Paypal #phishing scam happening right now. Obviously this reads like a typical phishing attempt (bad grammar, a malformed phone number to call, etc), but the official Paypal email wasn't spoofed. It came from PayPal's email infrastructure.
Examining the headers shows that SPF, DKIM, and DMARC all pass. If you have a Paypal account, please exercise caution. Don't click links in these emails. Forward them to phishing@paypal.com.
Please boost for visibility.
Malwarebytes on why you should not respond to the obvious smishing texts...
"Why you should never respond
Responding confirms your number is active.
It flags you as someone who reads texts and might engage.
The scammer may sell or share your number.
Some groups build long-term “mark profiles” for future scams. Even though you think you’re only providing them with little to none information, scammers often track who replies, how they reply, and how easily they engage. That data becomes part of a “mark profile”, a digital dossier on you that might include your phone number, the time of response (which suggests your schedule or time zone), and any other information you share.
"
https://www.malwarebytes.com/blog/news/2025/07/that-seemingly-innocent-text-is-probably-a-scam
Malwarebytes on why you should not respond to the obvious smishing texts...
"Why you should never respond
Responding confirms your number is active.
It flags you as someone who reads texts and might engage.
The scammer may sell or share your number.
Some groups build long-term “mark profiles” for future scams. Even though you think you’re only providing them with little to none information, scammers often track who replies, how they reply, and how easily they engage. That data becomes part of a “mark profile”, a digital dossier on you that might include your phone number, the time of response (which suggests your schedule or time zone), and any other information you share.
"
https://www.malwarebytes.com/blog/news/2025/07/that-seemingly-innocent-text-is-probably-a-scam
"And most importantly, the key trick is that you can put anything you want in the App Name field in Google"
Le sigh. That's where they put the email text. In the App Name field. Google can fix this by sanitising input better.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
Okta observes Vercel's v0 AI generation tool used to build phishing sites (as predicted by absolutely no one, of course, because how could we have possibly seen this happening?)
https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/
Okta observes Vercel's v0 AI generation tool used to build phishing sites (as predicted by absolutely no one, of course, because how could we have possibly seen this happening?)
https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/
iirc, requiring 2FA is coming as an option, however the compromised accounts look like accounts that wouldn't bother with 2FA (based on the data I have available), so they probably wouldn't bother with passkeys either unless passkeys were the only authentication mechanism, and well, that's a terrible idea for a variety of reasons, and would disproportionately affect marginalized people
The less the browser can tell the user about the identity of the person (or organization) responsible for the website, the bigger the risks for the user when supplying personal information, credit card details or creating an account (passkeys, which have other disadvantages, are indeed useless in such cases).
More info in this thread: https://infosec.exchange/@ErikvanStraten/114886335722813414 (or ask me to elaborate again).
"And most importantly, the key trick is that you can put anything you want in the App Name field in Google"
Le sigh. That's where they put the email text. In the App Name field. Google can fix this by sanitising input better.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
⚠️⚠️⚠️ À faire tourner, surtout auprès des nouvelles et nouveaux de Mastodon ⚠️⚠️⚠️
Depuis quelques jours, des messages de phishing circulent ici, prétendant être émis par "la modération de Mastodon" et indiquant que "votre compte est suspendu", avec un lien pour "débloquer le compte". ‼️‼️
C'est bien évidemment une arnaque, mais j'ai vu des messages de gens en panique face à ça.
Alors, faites tourner l'info, signalez ces comptes, rassurez les gens 😊😊😊
#arnaque #phishing
A space for Bonfire maintainers and contributors to communicate
