This morning a new PHISHING campaign started:
Do NOT click on it and as general rule do not click on any suspicious giveaway and never ever enter your owner key anywhere.
As usual, I’ll spam their DB with thousands of fake credentials and add updates to this post for new flavors of phishing waves that the attacker will use in the next few days (it’s likely always the same group and they operate this way - PS. confirmed).
Do your part and report suspicious links with the !PHISHING command in comments anywhere on Hive.
Could it be that they chose the worst timing for me on purpose because they knew I’m busy preparing the launch of the @farmingtales game early next week? 🤔
- The attacker has been using another url shortener service that has now been added to the urls that kd automatically unwraps.
Update2: (10/11/21 2:44am NY time)
- New phishing wave with different accounts
- The attackers (as usual) changed the endpoint where the stolen credentials are submitted and my script automatically detected the new endpoint scraping their webpage.