phishing   2683

« earlier    

Common Cybersecurity and Network Security Issues
One of the first steps to keeping your data secure is finding out what threatens it. Here are a couple of the more common threats to your business network!
network  security  phishing  cybersecurity 
2 hours ago by Adventure_Web
How to Easily Generate Hundreds of Phishing Domains « Null Byte :: WonderHowTo
onvincing domain name is critical to the success of any phishing attack. With a single Python script, it's possible to find hundreds of available phishing domains and even identify phishing websites deployed by other hackers for purposes such as stealing user credentials.
How_To  phishing  Hacking  python  Domains 
2 days ago by aiefel
pastebin.com
Favorite tweet:

20/04 (four-twenty!) #phishing part 1https://t.co/KTC5qY3L5e@malwrhunterteam @douglasmun @SwiftOnSecurity @JAMESWT_MHT @ET_Labs pic.twitter.com/8w3pXVClO0

— illegalFawn (@illegalFawn) April 20, 2018
IFTTT  Twitter  phishing 
6 days ago by p3k
The dots do matter: how to scam a Gmail user
Security as a systems problem: interaction between Netflix and Gmail
email  phishing  security 
7 days ago by jcretan
The dots do matter: how to scam a Gmail user
But perhaps this was not a mistake but a scam. I was almost fooled into perpetually paying for Eve’s Netflix access, and only paused because I didn’t recognize the declined card. More generally, the phishing scam here is:

1️⃣️ Hammer the Netflix signup form until you find a gmail.com address which is “already registered”. Let’s say you find the victim `jameshfisher`.
2️⃣️ Create a Netflix account with address `james.hfisher`.
3️⃣️ Sign up for free trial with a throwaway card number.
4️⃣️ After Netflix applies the “active card check”, cancel the card.
5️⃣️ Wait for Netflix to bill the cancelled card. Then Netflix emails james.hfisher asking for a valid card.
6️⃣️ Hope Jim reads the email to `james.hfisher`, assumes it’s for his Netflix account backed by `jameshfisher`, then enters his card `**** 1234`.
7️⃣️ Change the email for the Netflix account to eve@gmail.com, kicking Jim’s access to this account.
8️⃣️ Use Netflix free forever with Jim’s card `**** 1234`!

¶¶

Some blame lies with Netflix, but I believe the main problem lies with Gmail, and specifically Gmail’s “dots don’t matter” feature. The scam fundamentally relies on the Gmail user responding to an email with the assumption that it was sent to their canonical address, and not to some other address from their infinite address set.
by:JamesHFisher  email  security  phishing  Gmail  Netflix  scam 
8 days ago by owenblacker
The dots do matter: how to scam a Gmail user • James Fisher
Fisher got a valid email from Netflix saying it was having trouble with his credit card payment. He was going to update it - but the credit card it had didn't match his own. What gives?
<p>I finally realized that this email is to james.hfisher@gmail.com. I normally use jameshfisher@gmail.com, with no dots. You might think this email should have bounced, but instead it reached my inbox, because “dots don’t matter in Gmail addresses”:

If someone accidentally adds dots to your address when emailing you, you’ll still get that email. For example, if your email is johnsmith@gmail.com, you own all dotted versions of your address:

john.smith@gmail.com<br />jo.hn.sm.ith@gmail.com<br />j.o.h.n.s.m.i.t.h@gmail.com

Netflix does not know about this Gmail “feature”. Externally, jameshfisher@gmail.com and james.hfisher@gmail.com are different identities, and should have their own Netflix accounts. I signed up for Netflix account N1 backed by jameshfisher@gmail.com in 2013. But in September 2017, someone, let’s call her “Eve”, created a new Netflix account N2, backed by james.hfisher@gmail.com.

Eve has access to account N2 because she set its password when signing up, but I also have access to the account because I own james.hfisher@gmail.com, and so I can follow the password reset process for this account. I did so.

Eve loves her TV! She’s watched 587 titles in six months, all from her “Android Device” in Alabama. She watched three seasons of Trailer Park Boys over a single day in October. She consumed nearly every day until 22nd March, when Netflix put her account “on hold” due to payment failure. Eve had paid for these shows. She paid $13.99 every month for her Premium plan, until February when her card **** 2745 (also billed to Huntsville, Alabama) was declined.

Perhaps this was all a mistake? Perhaps Eve is actually one of the twelve James Fishers in Huntsville, AL, and perhaps he typed his email address in wrong when he signed up months ago. Netflix doesn’t do any email address verification when you sign up; you can start watching shows straight away.

But perhaps this was not a mistake but a scam. I was almost fooled into perpetually paying for Eve’s Netflix access, and only paused because I didn’t recognize the declined card.</p>


Google <a href="https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html">is proud of this "feature"</a>, but like Fisher, I think it's a bug. I get tons of scam emails like this.
security  email  phishing  gmail 
14 days ago by charlesarthur

« earlier    

related tags

#fakenews  00000  0day  1password  2fa  acceleratedmobilepages(amp)  account  ai  ai_assisted_fake_porn  analysis  apple  applecommunity  article  audit  authentication  awareness  bank  bec  bitcoin  blacklist  botnet  browser  browsers  by:jameshfisher  ca  card  casestudy  cb  censorship  certificate  certificates  checker  china  chrome  comodo  connection  cryptojacking  cve-2017-11882  cybersecurity  dark_patterns  deepfakes  deepfakesasaservice  design  dns  domain  domains  dopost  dun&bradstreet  e-learning  edtech  email  engineering  ev  exploit  extended-validation  facebook  fireeye  firefox  firewall  fraid  framework  free  gdpr  gfw  gmail  go  golang  google  great  grimmeathook  hack  hacking  hardware  highered  homoglyph  homograph  horrorstories  how_to  howto  https  humor  i18n  idn  ifttt  infosec  infosecurity  internet  irs  isa  isdp  isp  jamesburton  keyword  krebs  lasc  lint  machine_learning  mail  malware  messaging  microsoft  mobilesafari  monitoring  ncsc  netflix  network  networking  office365  otf  personaldata  phone  phone_scam  piratage  plugins  presentation  privacy  proxy  python  q&a  ransomware  redteaming  reference  report  research  reset  reverse  reverseproxy  safari  scam  scams  scanner  security  shopping  sim  social  socialengineering  socialmedia  socialmediaphishing  software  solutions  spam  tax  tax_scam  taxes  technology  tibet  tips  tls  tool  tools  top_ten  training  trolling  tweet  twitter  unicode  url  usb  ux  validation  virus  vishing  vol  w-2  warning  web  webkit  websec  webusb  wi-fi  word  work   

Copy this bookmark:



description:


tags: