HackDig : Dig high-quality web security articles

Apple’s passkeys attempt to solve the password problem

The recent Apple Worldwide Developers Conference (WWDC) revealed another teasing of what has been referred to as “the end of passwords forever”. Passkeys are a “new biometric sign-in standard”. Biometrics in security circles are used for things like identity cards, building access, and so on. This typically involves scans of your f
Publish At:2022-06-09 09:01 | Read:250 | Comments:0 | Tags:Privacy Apple biometrics passkey password phish phishing sec

Phishing mail claims a 3D Secure upgrade is required

Today we took a look at a phishing mail pinning its hopes on a QR code linking to a bogus website. Scammers claim that your mail address has “not been registered for the 3D Secure Security Update”. 3D Secure phishing mail The mail reads as follows: Dear Sir / Madam, Our administration has shown that the data linked to this email address
Publish At:2022-06-01 12:59 | Read:310 | Comments:0 | Tags:Scams 3D Secure fake phish phishing QR code scam

FBI warns of education sector credentials on dark web forums

The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and breaches, with data spilling onto the so-called dark web. The government agency’s Private Industry Notification [PDF] cites US academic credentials up for grabs from a variety of sources. A stepping stone to compromise From the
Publish At:2022-05-31 16:57 | Read:268 | Comments:0 | Tags:Privacy bitcoin breach credentials Dark Web education phish

Runescape phish claims your email has been changed

A Runescape-themed missive landed in our email inbox today, claiming action is required to secure our account. The malicious email and the scam behind it are perfect examples of one of the more reliable tactics in the world of phishing—fooling a victim into thinking they need to take some action as part of a larger, ongoing process. With this tactic, phi
Publish At:2022-05-31 16:57 | Read:310 | Comments:0 | Tags:Scams authenticator automated bank pin discord free jagex MM

“Look what I found here” phish targets Facebook users

Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages via SMS, the Messenger app, or just inside regular web chat, it pays to be careful. A wide variety of attacks use bogus messages as their launchpad, and the risk of account compromise is ever-present. Phishing is not the onl
Publish At:2022-05-17 09:01 | Read:631 | Comments:0 | Tags:Scams bad link chat contacts facebook family friends look wh

OpenSea warns of Discord channel compromise

OpenSea, the primary marketplace for buyers and sellers of non-fungible tokens (NFTs), has reported major problems with its Discord support channel. How major? Well, there’s a “potential vulnerability” which allowed spambots to post phishing links to other users. A problem that lead OpenSea Support to declare “please do not click any
Publish At:2022-05-06 12:48 | Read:1070 | Comments:0 | Tags:Scams compromise cryptocurrency discord NFT opensea phish ph

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call “Nigerian Tesla” that has been dabbling into phishing and other data theft activities for a number of
Publish At:2022-05-05 12:48 | Read:968 | Comments:0 | Tags:Threat Intelligence AgentTesla phish phishing scam

The $43 billion Business Email Compromise threat

The FBI has released a public service announcement regarding the ever-present threat of Business Email Compromise (BEC). This comes hot on the heels of an earlier release from the Las Vegas FBI department in April. Losses continue to mount, and we’re currently facing a scam racking up domestic and international losses of $43 billion. What is Busines
Publish At:2022-05-05 12:48 | Read:855 | Comments:0 | Tags:Scams bec Business Email Compromise CEO ceo fraud CFO CFO fr

Rogue ads phishing for cryptocurrency: Are you secure?

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The bogus links were at the top of results for Terra blockchain pr
Publish At:2022-04-26 08:52 | Read:298 | Comments:0 | Tags:Scams ads advert Bing cryptocurrency Google organic paid phi

Watch out for this SMS phish promising a tax refund

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who don’t read Dutch, the warning reads: Never respond to unusual emails or texts!Fraudsters often send e-mails under the guise of renewing your debit ca
Publish At:2022-04-25 21:04 | Read:1062 | Comments:0 | Tags:Scams banks belgium fake login mail phish phishing refund sm

Watch out for Ukraine donation scammers in Twitter replies

The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works. These scams can also be found on social media. Faking donations on Twitter Some users of social media have become very well-known for their tweets inside affected regions. Others
Publish At:2022-04-19 12:48 | Read:1221 | Comments:0 | Tags:Social engineering donations invasion phish phishing scam sc

USPS “Your package could not be delivered” text is a smishing scam

p>A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: “[U.S. Postal Service] We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit [bit(dot)ly]“ I’ve never received an SMS from the US Postal Service, but I have to im
Publish At:2022-04-12 08:52 | Read:406 | Comments:0 | Tags:Scams fake mail phish phishing redelivery scam sms USPS

Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users

p>Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words that act as the literal keys to your digital crypto kin
Publish At:2022-04-08 08:52 | Read:1281 | Comments:0 | Tags:Privacy crypto cryptocurrency ledger phish phishing recovery

Beware Ukraine-themed fundraising scams

p>Unfortunately scammers continue to focus on the invasion of Ukraine to make money. A flurry of bogus domains and scam techniques are spreading their wings. They appear to focus on donation fakeouts but there’s a few other nasty surprises lying in wait too. The lowest of the low There are few lower tactics than fake fundraising during times of crisis.
Publish At:2022-04-06 08:52 | Read:1168 | Comments:0 | Tags:Scams cryptocurrency donate donation phish phishing scam ukr

Phishers make a date with your calendar apps

p>Calendars are a rich source of bad behaviour for scammers and spammers. They’re one of the most prolific tools the workplace has for collaborative actions and general cross-purpose messaging. They’ve been misused by bad actors for many years now, most commonly spamming unwary potential victims and leading them to bad times ahead. A brief history of cale
Publish At:2022-03-31 16:43 | Read:450 | Comments:0 | Tags:Malwarebytes news calendar calendly microsoft phish phishing

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3