HackDig : Dig high-quality web security articles

Watch out for this SMS phish promising a tax refund

Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who don’t read Dutch, the warning reads: Never respond to unusual emails or texts!Fraudsters often send e-mails under the guise of renewing your debit ca
Publish At:2022-04-25 21:04 | Read:1062 | Comments:0 | Tags:Scams banks belgium fake login mail phish phishing refund sm

“Your AppI‌e‌ ‌l‌D‌ ‌‌h‌‌a‌‌s‌‌ ‌‌b‌‌e‌‌e‌‌n‌‌ ‌‌l‌‌ocke‌‌d‌‌” spam email takes you on a website mystery tou

p>Spam which claims your account has been locked out and needs to be fixed are common. They drive people to phishing campaigns on a daily basis. The mail below follows the same pattern with one key difference. It looks like a phish, but goes somewhere else entirely. No, your Apple ID has not been locked The mail claims to be from Apple, and is title
Publish At:2022-04-14 08:52 | Read:913 | Comments:0 | Tags:Scams Apple campaign id locked mail spam URLs

USPS “Your package could not be delivered” text is a smishing scam

p>A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: “[U.S. Postal Service] We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit [bit(dot)ly]“ I’ve never received an SMS from the US Postal Service, but I have to im
Publish At:2022-04-12 08:52 | Read:406 | Comments:0 | Tags:Scams fake mail phish phishing redelivery scam sms USPS

Facebook phish claims “Someone tried to log into your account”

Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient’s sense of panic to respond without thinking about it. The mail looks professional enough, and seeks to imitate what would be a fairly typical looking message from Facebook. As for the panic aspect, the
Publish At:2022-03-21 08:51 | Read:1414 | Comments:0 | Tags:Scams facebook fake mail phish phishing scam

Google takes on Docs notification spammers

Cloud-based document suites have always been a hot target for scammers. When it’s easy to dip in and out for collaboration purposes, or just share things generally, then it’s likely that bad people will want in on the action. In 2019, Google calendar users were wading through endless spam invites/event notifications when spammers worked out how to
Publish At:2022-03-08 08:51 | Read:665 | Comments:0 | Tags:Privacy docs documents Google mail slides spam spammers

FBI server hijacked to send up to 100,000 bogus attack mails

If you received a scary missive from what appears to be from the FBI over the last few days, you’re not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a so
Publish At:2021-11-15 16:40 | Read:1085 | Comments:0 | Tags:Privacy fake fbi law enforcement mail server FBI

ProtonMail hands user’s IP address and device info to police, showing the limits of private email

They say there’s two sides to every story. Depending on your point of view, you may have heard a recent story that’s either about overreaching law enforcement and protestors exposed by organisations happy to hand over revealing data despite saying they won’t. Or: BREAKING: legitimate business complies with legitimate law enforcement reques
Publish At:2021-09-07 11:19 | Read:1822 | Comments:0 | Tags:Privacy court order email hushmail law legal mail protonmail

Ransomware is targeting vulnerable Microsoft Exchange servers

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise: In ten days we’ve gone from “limited and targe
Publish At:2021-03-12 19:36 | Read:1491 | Comments:0 | Tags:Ransomware exchange mail microsoft proxylogon ransomware

myMail Manages Your Mailbox… in a Strange Way!

myMail is a popular (10M+ downloads!) alternative email client for mobile devices. Available for iOS and Android, it is a powerful email client compatible with most of the mail providers (POP3/IMAP, Gmail, Yahoo!, Outlook, and even ActiveSync). Recently, I was involved in an incident that was related to a malicious usage of myMail. I had a closer look at the
Publish At:2021-02-19 08:13 | Read:1782 | Comments:0 | Tags:Mobile Devices Security Software Android Mail Mobile myMail

What Google learned from 1 billion evil email scams

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. “Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk” looked at more than a billion mails. The results were then fed into a presentation at the Internet Measurement
Publish At:2021-02-10 22:00 | Read:1919 | Comments:0 | Tags:Privacy gmail Google mail malware phish phishing presentatio

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox. A full house of spam Whether by accident or design, y
Publish At:2020-11-30 10:36 | Read:1992 | Comments:0 | Tags:Cybercrime Social engineering email mail phish phishing roun

Dutch ISP Ziggo demonstrates how not to inform your customers about a security flaw

“Can you have a look at this email I got, please?” my brother asked. “It looks convincing enough, but I don’t trust it,” he added and forwarded me the email he received from Ziggo, his Internet Service Provider (ISP). Shortly after, he informed me that despite its suspicious aura, he found confirmation that the email was, in fact, legitimate. In the
Publish At:2020-08-12 12:33 | Read:2587 | Comments:0 | Tags:Scams branded firmware corporate communications dutch isp in

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
Publish At:2020-08-06 04:45 | Read:2649 | Comments:0 | Tags:Cybercrime Social engineering bec business cybersecurity Bus

iOS Mail bug allows remote zero-click attacks

On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version of iOS, 13.4.1, is vulnerable.
Publish At:2020-05-03 14:39 | Read:2528 | Comments:0 | Tags:Mac Apple Apple mail iOS iOS mail iOS mail bug iOS mail vuln

Addressing Critical iOS “Zero-Click” Mail Vulnerabilities

Recently, two vulnerabilities were disclosed in the default iOS Mail application that have existed since 2012 (iOS 6). According to the disclosing company, ZecOps, both vulnerabilities allow remote code execution capabilities and enable an attacker to remotely infect a device. ZecOps has also reported that both vulnerabilities were triggered in-the-wild aga
Publish At:2020-05-03 08:10 | Read:2890 | Comments:0 | Tags:Mobile Security iOS mail vulnerability ZecOps zero-click IOS

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3