verbraucherzentrale_nrw, 1 month ago to instagramreality German

Viele Menschen erkennen so eine SMS vom "Amstgericht" als #Fake. Man soll einen "Sachbearbeiter" wegen eines Pfändungsbeschlusses anrufen.

Viele erkennen den Betrugsversuch aber leider auch nicht. Deshalb warnen wir immer wieder vor aktuellen Gefahren durch #Phishing und #Smishing
– auch hier auf Mastodon mit dem Kanal @phishing_radar.

Infos zur hier gezeigten Masche: https://www.verbraucherzentrale.nrw/node/67038

@bsi @Bundesverband

InfobloxThreatIntel, 3 months ago to Cybersecurity

A few of the MFA lookalike domains we've detected recently. These target a large bank in the Czech Republic (csob[.]sk):
csob-sso-sk[.]net, online-csob-sso-sk-moja[.]com, csob-sso-sk[.]com

To learn more about MFA smishing check out this blog https://blogs.infoblox.com/cyber-threat-intelligence/how-bad-guys-are-undermining-trust-in-multi-factor-authentication-mfa/

#dns #infoblox #threatintel #cybersecurity #infosec #lookalike #phishing #mfa #smishing

_ohcoco_, 6 months ago (edited 6 months ago) to internet_funeral

#PSA

'tis the season for #smishing #scams!

If you get a #text message from USPS.USPSGU (or anything similar), DO NOT click the link! #USPS will not send you text updates unless you sign up for them.

You can report these messages by 1) taking a screenshot and emailing it to spam@uspis.gov, and 2) forwarding the text message to 7726 (which reports it to your carrier).

I've gotten three this week :o/

tymoteuszjozwiak, 7 months ago to random Polish

28 lipca 2023 roku prezydent Andrzej Duda podpisał ustawę o zwalczaniu nadużyć w komunikacji elektronicznej.

Systemowa walka ze spoofingiem i smishingiem jest potrzebna, więc taki krok to zdecydowanie dobry sygnał. Nowe przepisy pomijają jednak problem, który - wbrew pozorom - nie różni się bardzo od "jawnych" oszustw dokonywanych przez telefon i SMS. Właśnie o tym opowiadam w nowym artykule - https://jozwiak.top/blog/walka-z-oszustwami-w-komunikacji-elektronicznej-nowa-ustawa-a-telemarketerzy?s=fedi

#spoofing #smishing #telemarketerzy #cyberbezpieczeństwo

malware_traffic, 7 months ago to random

2023-10-05 (Thursday): Woke up to an apparent #smishing attempt this morning. URL for a fake USPS site at: hxxps://usps.com-ca[.]store

The domain com-ca[.]store registered on 2023-10-02 through gname.com.

The server has a Let's Encrypt certificate that indicates it was set up yesterday (Wednesday 2023-10-04). Web server in nginx

image/png
image/png
image/png

DomainTools, 8 months ago to random

We've noted a noticeable uptick in #phishing and #smishing campaigns targeting the USPS. Using Iris Investigate and our integration with @maltegohq, we look at IOCs to better understand the scope of this campaign and a possible person of interest. https://www.domaintools.com/resources/blog/return-to-sender-a-brief-analysis-of-a-us-postal-service-smishing-campaign?utm_source=Social&utm_medium=Mastodon&utm_campaign=return-to-sender-a-brief-analysis-of-a-us-postal-service-smishing-campaign

ai6yr, 8 months ago to random

Aha, attempted #pig #butchering #scam

dantemercurio, 9 months ago to Cybersecurity

Just got hit with a #smishing attempt purportedly from the USPS but coming from a UK phone number. Come on scammers, make me work a little at it.

#scams #cybersecurity

avoidthehack, 11 months ago to privacy

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Benign (and "good") tools can be used to carry out phishing campaigns, such as this #smishing campaign targeting Canadian users who've placed legitimate orders with legitimate retailers.

#privacy #cybersecurity #privacymatters #opsec

https://krebsonsecurity.com/2023/06/sms-phishers-harvested-phone-numbers-shipment-data-from-ups-tracking-tool/

@briankrebs

fifonetworks, 1 year ago to random

Cybersecurity professionals who promote fear are doing harm to overall cybersecurity awareness training efforts.

As an example, I received this inquiry from a person who was unnecessarily afraid to use a legitimate payment system. Read their question and my reply below:

"Hi Bob, I have a tech question for you. I just had my car serviced at the dealer. They offered a pickup and return service (of the car) which I used, so I did not physically have to go there. When they were done they texted me a copy of the bill and there was a link to make the payment. Since I wasn’t sure how safe that was I called and made the payment, but for future reference I thought I’d ask you if it is a safe/secure way to pay.
Thanks"

My reply:
"Yes! It's safe and secure to use a link in a text message, or QR code, given to you directly by a local business. That business is paying a transaction fee to use an online credit card payment services provider."

Instead of fostering fear, teach people how to distinguish between legitimate payment links and payment links from scammers.

Empower them.
Don't intimidate them.

#callmeifyouneedme #fifonetworks

#cybersecurity #fintech #scams #phishing #smishing #training

nixfreak, 1 year ago to random

where can I get #smishing samples ?

mjgardner, 1 year ago to infosec

Over the past year, I’ve received dozens of spear #phishing/#smishing SMS text messages pretending to be from my employer’s CEO or another executive. Today I got my first one marked as an #iMessage (#Apple’s exclusive messaging service—the “blue bubbles” in your #iPhone Messages app).

This is pretty troubling—it means #scammers are getting past Apple’s defenses in addition to abusing the porous patchwork of SMS providers and networks.

#infosec #security #cybersecurity #scam #spam