![](https://graz.social/system/accounts/avatars/000/002/271/original/553f3cdf3a26a4ac.jpg)
2024-05-22 23:07:59
Ich habe kürzlich zum ersten Mal in meinem Leben bei einem Phishing Angriff Geld verloren und das ging so wie hier im langen 🧵 erzählt.
#expedia #phishing #itsicherheit
There was this (blog?) article recently where a security expert analyzed the legit emails of a company (some parcel delivery service?) and found lots of #phishing clues which renders typical "how to spot phishing/scam emails" into useless tips.
Unfortunately, I didn't write down that URL. Can somebody help me here?
It might have even been in German, I don't know any mo…
I just received a call from “Homeland Security” about a package they seized. A scam obviously. First thing they wanted was to “verify” my name… except that they didn’t say my name — they asked me to provide it. When I declined, they asked why I was so afraid.
I’m guessing a lot of people are tricked by the word “verify” which implies they already know it. Don’t fall for it.
#Phishing <…
Jetzt kommentiere ich schon die Tagesschau…
http://spam.tamagothi.de/2024/05/17/gefaelschte-bank-e-mails-bleiben-oft-unerkannt/
#Phishing
Phishing protections..
Hmmm...
Hardware 2FA
Strong Dmarc filtering? Filter out newly registered domains, flag newly changed ones?
Contextual auth / posture check of endpoint
UEBA / impossible travel, warnings on multiple locations
Cookie specific to browser string (not to IP due to roaming clients)
What else?
#cybersecurity #phishing
@… und @evawolfangel ist dann tatsächlich in Kiel angekommen. Einen Zug nach mir. Der Vortrag war wirklich witzig. Quitessenz: Jede Person, JEDE, kann Opfer von #phishing werden.
A new #phishing-as-a-service (PhaaS) named ‘#Darcula’ uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.
Darcula has been used against various services and organizations, from postal, financial, government, taxation departments, to telcos, airlines, …
Die Umfrage ist ziemlich Bullsh…
Ich meine, ich kriege täglich Mails mit Betrugsversuchen.
Die sind von funktionsunfähig/kaputt, unverständlich, plump bis peinlich falsch so ziemlich in allen Farben.
Einen wirklich guten Versuch habe ich glaub's noch nie gekriegt.
Aber ev. bin ich da einfach technisch zu versiert.
#SPAM
okay, I'm aware of how #U2F and #WebAuthN work at the protocol/implementation level.
I'm not sure someone's given a simple explanation for why #evilginx or similar #phishing #mitm proxies wouldn't work.
there's surely modes you could do FIDO2 that are vulnerable to phishing (kinda like doing JWTs wrong)
#cybersecurity
New #phishing attack.
#Cybercrime #Cyber #Security
#Spam des Tages: »Dringende Bitte: Aktualisieren Sie Ihre Daten bei der IHK, um eine Deaktivierung zu vermeiden«
http://spam.tamagothi.de/?p=25428