Viele Menschen erkennen so eine SMS vom "Amstgericht" als #Fake. Man soll einen "Sachbearbeiter" wegen eines Pfändungsbeschlusses anrufen.
Viele erkennen den Betrugsversuch aber leider auch nicht. Deshalb warnen wir immer wieder vor aktuellen Gefahren durch #Phishing und #Smishing
– auch hier auf Mastodon mit dem Kanal @phishing_radar.
A few of the MFA lookalike domains we've detected recently. These target a large bank in the Czech Republic (csob[.]sk):
csob-sso-sk[.]net, online-csob-sso-sk-moja[.]com, csob-sso-sk[.]com
If you get a #text message from USPS.USPSGU (or anything similar), DO NOT click the link! #USPS will not send you text updates unless you sign up for them.
You can report these messages by 1) taking a screenshot and emailing it to spam@uspis.gov, and 2) forwarding the text message to 7726 (which reports it to your carrier).
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
Benign (and "good") tools can be used to carry out phishing campaigns, such as this #smishing campaign targeting Canadian users who've placed legitimate orders with legitimate retailers.
Cybersecurity professionals who promote fear are doing harm to overall cybersecurity awareness training efforts.
As an example, I received this inquiry from a person who was unnecessarily afraid to use a legitimate payment system. Read their question and my reply below:
"Hi Bob, I have a tech question for you. I just had my car serviced at the dealer. They offered a pickup and return service (of the car) which I used, so I did not physically have to go there. When they were done they texted me a copy of the bill and there was a link to make the payment. Since I wasn’t sure how safe that was I called and made the payment, but for future reference I thought I’d ask you if it is a safe/secure way to pay.
Thanks"
My reply:
"Yes! It's safe and secure to use a link in a text message, or QR code, given to you directly by a local business. That business is paying a transaction fee to use an online credit card payment services provider."
Instead of fostering fear, teach people how to distinguish between legitimate payment links and payment links from scammers.
Over the past year, I’ve received dozens of spear #phishing/#smishing SMS text messages pretending to be from my employer’s CEO or another executive. Today I got my first one marked as an #iMessage (#Apple’s exclusive messaging service—the “blue bubbles” in your #iPhone Messages app).
This is pretty troubling—it means #scammers are getting past Apple’s defenses in addition to abusing the porous patchwork of SMS providers and networks.