I'm on ps4 and accidentally left co-op turned on after an incredibly failed attempt at Lord Cryo Regisvine the Impossible during the event.
So I decided to go get some weekly BP challenges done.
About 10 minutes later someone with a character name like BotNingBuilds comes in and immediately starts bragging about his "best" Ning build.
I'm over here watching him get his ass clapped at WL7 and his awesome 59 damage per attack.
He kept asking me to ask him about his "awesome" build.
He tried directing me to a website. This is a classic phishing tactic.
For you younger players out there, NEVER go to websites that someone might suggest unless you know it's legit.
The scam would probably be:
Look up host user ID.
Plug your website which requires registration.
Cross reference the registration with Mihoyo account.
Just wanted to warn everyone about phishing!
Have a happy New Year!
Originalmente me di cuenta de la existencia de esa página en este post, lo que hacía era que copiaba a la página real del IMSS http://imss.gob.mx (tal cual, no tiene https esa página) con un añadido donde remataban automóviles a veces con más de un 40% de descuento de su precio de lista, te pedían llenar un formulario hecho en 123formbuilder y si es similar a otras estafas similares te pedían un adelanto para después desaparecer y/o amenazarte.
Total, me puse revisar los datos del sitio y vi que además del formulario en línea que afortunadamente pude contactara 123formbuilder por chat por lo que suspendieron su cuenta y perdieron la información. Además del formulario vi que usaban a godaddy tanto para registro de dominio como para hosting.
A partir de ahí fue estar mandando correos y llenando el formulario de reporte de abuso de Godaddy casi cada mes, para solo recibir el mensaje genérico de que lo revisarían y entrar otra vez al sitio solo para ver que sigue arriba. Incluso intentaron rehacer el formulario usando nuevamente a 123formbuilder, pero como lo estaba monitoreando rápidamente reporté nuevamente la cuenta y nuevamente la suspendieron, pero el sitio continuaba abierta sin nada que pudiera hacer.
Afortunadamente hace unos días un usuario de /r/opensource me dijo que se pueden hacer reportes directamente al ICANN (la máxima autoridad en cuanto a dominios se refiere) por lo que me di a la tarea de
googlear investigar y encontré este nuevo formularo ahora directamente del ICANN
Es un formulario para cuando compañias de registro de dominio ignoran reportes de abuso, no para hacer el primer reporte.
Llené el formulario el pasado día 27 y adjunté evidencia de todos los reportes que hice hacia Godaddy y ahora poco más de una semana después por fin puedo decir que la página ya no está disponible, si entras en este momento a https://www.imssgob.org lo único que se muestra es que la cuenta está suspendida.
Voy a seguir monitoreando un par de meses esa página para ver si no es solo una suspensión temporal ya que no he tenido retroalimentación ni de Godaddy ni del ICANN pero pues al menos ya no se muestra toda la información falsa.
I thought this was incredibly insensitive and upon examination a failure on how to properly setup a phishing test.
Yes, I understand phishing training is terribly important, and when done correctly it shows the weaknesses in your organization so you can correct it.
We are actively doing Phishing training and testing with clients, but we did warn them weeks ago about certain types of email due to the pandemic. Multiple employees of ours are going through some tough times due to spouses, home life, schooling, children's behavior, but this was a poorly timed and executed test. Personally, $650 bonus as a true apology is needed because even though it might not seem much to the company, the talent that is now going to walk is going to cost so much more. Going forward I would participate in the ABSOLUTE minimum and require everything to be in physical printed writing or USPS because you no longer trust the company.
Lesson: Be aware, be sensitive, but also do the test properly.
I had this idea. I'd like to know why it's not been implemented yet.
So when you sign up to a website like Paypal.com for example you should be generated a random anti-phishing code. When you confirm your email address, the website sends this code to you in the email. Your email client then detects the anti-phishing code in the emails and says 'would you like to import anti-phishing code', you say 'yes, I would love to'; and then the email client adds it to a database of email addresses paired with anti-phishing codes.
Every legitimate email from Paypal will include the text "Anti-phishing code: Xh7mnO22sXiWk92k" for example, and when scammers email to say that 'You have been locked out from your Paypal account, please log in within 12 hours', the email client can check for the anti-phishing code, find it's not there or it's wrong, and send that email to junk.
I want to confirm that emails that contain the correct code would still need to be checked in the usual way; an email shouldn't just get green-lit purely because it contains the correct code, but those without the correct code should end up in junk.
Would this be feasible?
After years of training, reminders, examples and such that users have basically ignored, the IT department stumbled on a trick that seems to work. About 9 months ago a user submitted a ticket questioning a suspicious email, and IT replied telling them “good job, you get a star!”. An email was sent out to the entire company letting everyone know about the phishing attempt and that the user had been awarded a star (the emoji of a star, nothing else). Since then, users have been reporting every phishing attempt, bragging about how many stars they’ve gotten, debating about how stars should be able to be traded for pay raises or at least Schrute Bucks. It is literally just an emoji in an email, but everyone tries to get them.
I know there was a database breach a long time ago, but I just bought the Ledger X. Is there an inside employee leaking these emails? How can my email have been compromised within two weeks?
I was one of the clients that was part of the Ledger leaks.
I did a little search here in the sub it seems this one isn't documented yet, so I'm expose it here just in case.
This email is trying to impersonate Ledger by saying a new transaction was made in your Ledger Wallet. Here's the email body (I'm blanking part of the URL for obvious reasons): Cm7J10L.png (621×216) (imgur.com)
Once you open the Google Docs link, this is what you'll see: KPaFpWl.png (606×731) (imgur.com)
And once you click "cancel", it redirects you to a fake ledger website: D2RzItM.png (1025×721) (imgur.com)
Once you select the ledger device, it'll ask you to connect and authorize the device: JwRgyAx.png (1118×732) (imgur.com)
I don't really know the method the scam will use to rob you, but I suppose after it connects to your wallet it'll either throw an error and ask for your wallet seed or it'll try to make transactions to transfer as much crypto as possible.
The fake website is very well done and I could see people falling for this, specially people that aren't very techsavy. If you know people that had anything to do with the script kiddies over Ledger be sure to let them know the company fucked up and that they probably will get these kind of emails for a long time.
EDIT: just to confirm how smart these guys are, they even went as far as creating a valid ssl certificate for the phishing website CvZle7U.png (934×548) (imgur.com). For some reason the media, at least here in my country decided to tech the masses just looking for a valid certificate (aka "take a look a the small green lock in the browser") is enough to know if a website is fake or not, this clearly shows it's not enough as anyone can create a valid website.
The email that send the email was [email protected]
I received a phone call yesterday from someone identifying themselves as a nurse working for Ottawa Public Health (OPH). She was reaching out to me because I was in contact with someone that had tested positive for COVID-19. She stated she was doing contact tracing and in order to close my case, she would need my full name, date of birth and home address. My first reaction was this must be another one of these telephone phishing scams under the guise of COVID-19. When I refused to give my personal information, she threatened me with a fine. She then gave me the telephone number for OPH COVID-19 hotline where I could call them directly. I tried calling earlier only to have an automated message asking me to leave my name and phone number so a nurse can call me back.
Very concerning OPH expects Ottawans to just divulge personal information over the telephone from cold calls, no questions asked and to just blindly trust whoever is calling. Instead they should give a call back number where someone actually answers so citizens can ensure it's legitimate call.
This unfortunately is reinforcing Ottawans to just divulge personal information over the phone and it's a dangerous precedent. Stay safe out there.
A bit of context. I use unique email addresses (not the simple '+' trick, but a more complex setup), even for different orders, therefore I have a pretty advanced tracking setup of where things come from. So I am pretty sure this is coming exclusively from Ledger.
While Ledger is busy with their new Black Friday offer, today I received another phishing email. This time it was much more elaborated concept and different approach. It was not coming from Ledger and it didn't even have any ledger connection/association. It was looking like just as any other newsletter email that you might have signed up and forgot.
The sender name was Cointelegraph, and I'm pretty sure that I never signed up to their newsletter, so I got immediately sus. Analyzing further the email, the sender is the
[email protected]. As you can see, a governmental domain. MDHS is the Mississippi Department of Human Services (domain SPF, DKIM, DMARC all PASS).
Obviously, the Mississippi Department of Human Services doesn't send emails in name of Cointelegraph. This is obviously a malicious attempt.
You'd think that's all? Of course not. After diving (again) in the spam filters, I just realized that some days ago I received the same phishing methodology but from another "crypto website" with much less authority, this has been blocked by the spam filters on the contrary of the fake Cointelegraph email.
What are the attackers trying to achieve? The options are two:
What you should do? AKA (email) basic security tips:
- DO NOT OPEN THIS EMAILS. This emails contain some tracking magic that will reveal the attacker if your email is active or not.
- Disable the image loading in the emails by default (If you use gmail, check this). This will prevent the loading of the tackers in case you open the email.
- Always check the sender name and the sender domain.
- Do not click on the links. Links also will track you and mark your email address as active.
- The most important! NEVER EVER put your passphrase anywhere else beside... keep reading on reddit ➡
This is the best one I’ve seen minus the end where they say to update your seed:
It is from email address:
Email looks like ledger as well
We regret to inform you that Ledger has experienced a security breach affecting approximately 57,000 of our customers and that the wallet associated with your e-mail address is within those affected by the breach.
Namely, on Wednesday, December 23th 2020, our forensics team has found several of the Ledger Live administrative servers to be infected with malware.
At this moment, it’s technically impossible to conclusively assess the severity and the scope of the data breach. Due to these circumstances, we must assume that your cryptocurrency assets are at risk of being stolen.
If you’re receiving this e-mail, it’s because you’ve been affected by the breach. In order to protect your assets, please update your 24-Words Phrase and follow the instructions to set up a new PIN for your wallet.
Button here saying “update now” linking to ledger-supports.com/myEmailAddress
People who got the emails of their customers definitely are taking advantage of scamming you now since they know exactly who to target.
If you want to add addresses to this list, comment below with screenshots. I do not want to add addresses without proof, that they were involved. (Though, if the address is clearly shit and has the word "ledger" in it, I think this is proof enough...)
Please also CTRL+F the address before posting it, to avoid duplicates.
Collecting the addresses in such way does not help a lot, but I think: it's better to have more information than to dismiss it. Nobody gets hurt if we collect this information. It might help at some point, who knows.
Is there likely to be something nasty in my computer? Should I be changing all sorts of passwords, other than the Amazon one which I've already done? I don't think it's a coincidence, since the mails came very shortly after I'd used the website, and I don't use it often.
I lost significant ammount of NANO due to phishing scam attack through my Exodus wallet.
I know it was all my mistake and I shouldn't give anybody my 12 words passphrase, but it is too late for that now.
Can anybody here help me anyhow return my funds? Can transaction be reverted anyhow if I put evidences that it was a fraud.
Yesterday, I received an email from "[email protected]" stating that there was a data breach, for a second there, I believed it and clicked the link to download the new update for Ledger Live "ledger-live-desktop-2.18.0-win"
The site is identical, a true mirror of the original site.
I downloaded the app and clicked it to run but windows popped up with a warning about it, I thought this is weird since when I first downloaded the app from the true ledger site, I did not receive a pop-up warning.
So I went to the original site of the ledger> downloads> ledger live and clicked download but it showed it was the "ledger-live-desktop-2.17.1-win" version. That was when I realized I almost got scammed.
On the ledger true website, there is a warning in orange about phishing, on the copy site there is none.
The copy site has two different letters in the address bar:
The "g" has a point on it and the "e" has a point under it, you might miss it because it looks like spots/specs of dirt on your screen. (picture attached)
Why YSK: By reporting or actually forwarding these messages to the number 7726 they will respond asking for the senders # that it was sent on. A small way to help some unsuspecting person from being scammed.
at my old company we had an outlook plugin called phishme. when a phishing email was sent out, its up to the user to click on it to report it as 'phishing'. Old company also had a learning course in place like every other month to test their acknowledgement on never providing passwords, always locking pc when you walk away from your desk etc....there is a deadline for these courses and when you miss it, it gets reported to your lead and it can be noted down in your performance review etc...
at my new job, we are needing to put something similar in place BUT they do not have the budget to reward the user for correctly reporting the email as phishing.
we need something in place where the user correctly clicked on the phishme button as well as notifying us that the user also opened up the email.
what do you guys have in place? and do the users get any reward in correctly reporting a phishing email.
Was it just us? I'm sitting here drinking away my problems now. Maybe I shouldn't have watched both political town hall broadcasts AFTER today's shit show, but we were hit harder today than I've ever experienced. A MASSIVE surge of spear phishing and just tons of malware emails. We only had ONE user get popped (phishing) but were able to immediately lock them down.
As far as malware, it was an insane amount of W97M/Downldr.IE.gen!Eldorado emails. .doc files, zip, and for everyone else tons of either .html attachments or clever links. Dude the email subjects and body's were SO FUCKING relavant. The payload attachments were named so perfectly. What a shit show.
I spent all day contacting company's IT departments letting them know they've been compromised and are bombarding our email servers. Again, thankfully all malware was caught. Only a couple stupid people fell for clicking on links.