HackDig : Dig high-quality web security articles

Tax refund phish logs keystrokes to swipe personal details

There’s been some smart phishing campaigns running over the last few weeks, and this one is particularly sneaky. Bleeping Computer reports that a phishing page is targeting Greek taxpayers with a tax refund scam. The added sting in the tail comes in the form of an embedded keylogger which grabs everything entered onto the page. An untimely tax refund T
Publish At:2022-09-21 22:45 | Read:39218 | Comments:0 | Tags:News tax refund phish phishing scam greece greek javascript

Scammers send fake 'Energy Bills Support Scheme' texts

Watch out for an energy-themed scam being sent out via SMS. The message plays on energy price fears, similar to what we’ve seen previously. Scam alert. I just received this text. Click through and it looks very official. It’s a scam. The £400 energy bill discount is automatic, you don’t need to register or share any details with anyo
Publish At:2022-09-21 22:45 | Read:49880 | Comments:0 | Tags:News scam phish SMS energy fake website £400

Steam account credentials phished in browser-in-a-browser attack

Steam users are once again under threat from a particularly sneaky tactic used to steal account details. As with so many Steam attacks currently, it accommodates for the possibility of users relying on Steam Guard Mobile Authentication for additional protection. It also makes use of a recent “browser within a browser” technique to harvest Steam c
Publish At:2022-09-13 22:45 | Read:66929 | Comments:0 | Tags:News phish phishing steam browser e-sports

Phishers use verified status as bait for Instagram users

Another Instagram phish is doing the rounds, and will appeal to a wide variety of platform users. Bleeping Computer reports that verified status is once again being dangled as bait. The "importance" of being verified Being verified gives the impression of status, or importance, on social media platforms. Often, verification is more about simply confirming th
Publish At:2022-09-05 20:07 | Read:71720 | Comments:0 | Tags:News Scams phish phishing instagram facebook verified email

Phishy calls and emails play on energy cost increase fears

Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line. Sadly this makes the subject valuable material for fraudsters, playing into people’s fears with a dash of social engineering to make them worse off than they were previously. Warnings abound of several energy / cost of living-
Publish At:2022-08-07 07:55 | Read:37350 | Comments:0 | Tags:Cybercrime discount electricity email energy company gas phi

Verified Twitter accounts phished via hate speech warnings

Verified Twitter accounts are once again under attack from fraudsters, with the latest phish attempt serving up bogus suspension notices. Hijacking verified accounts on any platform is a big win for fraudsters. It gives credibility to their scams, especially when the accounts have large followings. This has been a particularly popular tactic to promote NF
Publish At:2022-07-06 11:52 | Read:152761 | Comments:0 | Tags:Social engineering account phish phishing scam twitter verif

Apple’s passkeys attempt to solve the password problem

The recent Apple Worldwide Developers Conference (WWDC) revealed another teasing of what has been referred to as “the end of passwords forever”. Passkeys are a “new biometric sign-in standard”. Biometrics in security circles are used for things like identity cards, building access, and so on. This typically involves scans of your f
Publish At:2022-06-09 09:01 | Read:68329 | Comments:0 | Tags:Privacy Apple biometrics passkey password phish phishing sec

Phishing mail claims a 3D Secure upgrade is required

Today we took a look at a phishing mail pinning its hopes on a QR code linking to a bogus website. Scammers claim that your mail address has “not been registered for the 3D Secure Security Update”. 3D Secure phishing mail The mail reads as follows: Dear Sir / Madam, Our administration has shown that the data linked to this email address
Publish At:2022-06-01 12:59 | Read:39027 | Comments:0 | Tags:Scams 3D Secure fake phish phishing QR code scam

FBI warns of education sector credentials on dark web forums

The FBI is warning academics to be on their guard, as an embattled education sector continues to experience attacks and breaches, with data spilling onto the so-called dark web. The government agency’s Private Industry Notification [PDF] cites US academic credentials up for grabs from a variety of sources. A stepping stone to compromise From the
Publish At:2022-05-31 16:57 | Read:41276 | Comments:0 | Tags:Privacy bitcoin breach credentials Dark Web education phish

Runescape phish claims your email has been changed

A Runescape-themed missive landed in our email inbox today, claiming action is required to secure our account. The malicious email and the scam behind it are perfect examples of one of the more reliable tactics in the world of phishing—fooling a victim into thinking they need to take some action as part of a larger, ongoing process. With this tactic, phi
Publish At:2022-05-31 16:57 | Read:99093 | Comments:0 | Tags:Scams authenticator automated bank pin discord free jagex MM

“Look what I found here” phish targets Facebook users

Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages via SMS, the Messenger app, or just inside regular web chat, it pays to be careful. A wide variety of attacks use bogus messages as their launchpad, and the risk of account compromise is ever-present. Phishing is not the onl
Publish At:2022-05-17 09:01 | Read:176662 | Comments:0 | Tags:Scams bad link chat contacts facebook family friends look wh

OpenSea warns of Discord channel compromise

OpenSea, the primary marketplace for buyers and sellers of non-fungible tokens (NFTs), has reported major problems with its Discord support channel. How major? Well, there’s a “potential vulnerability” which allowed spambots to post phishing links to other users. A problem that lead OpenSea Support to declare “please do not click any
Publish At:2022-05-06 12:48 | Read:81207 | Comments:0 | Tags:Scams compromise cryptocurrency discord NFT opensea phish ph

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats targeting Ukraine, we identified a group we call “Nigerian Tesla” that has been dabbling into phishing and other data theft activities for a number of
Publish At:2022-05-05 12:48 | Read:164383 | Comments:0 | Tags:Threat Intelligence AgentTesla phish phishing scam

The $43 billion Business Email Compromise threat

The FBI has released a public service announcement regarding the ever-present threat of Business Email Compromise (BEC). This comes hot on the heels of an earlier release from the Las Vegas FBI department in April. Losses continue to mount, and we’re currently facing a scam racking up domestic and international losses of $43 billion. What is Busines
Publish At:2022-05-05 12:48 | Read:110166 | Comments:0 | Tags:Scams bec Business Email Compromise CEO ceo fraud CFO CFO fr

Rogue ads phishing for cryptocurrency: Are you secure?

Bad ads are at it again. Rogue Google ads caused no end of misery for cryptocurrency enthusiasts, costing them roughly $4.31 million between the 12th and the 21st of April. This is an astonishing slice of cryptocurrency cash to lose for the sake of clicking on something in a search engine. The bogus links were at the top of results for Terra blockchain pr
Publish At:2022-04-26 08:52 | Read:28222 | Comments:0 | Tags:Scams ads advert Bing cryptocurrency Google organic paid phi

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud