FYSA (For Your Situational Awareness)
If you are a crypto user, you may have heard of people's accounts being closed due to cryptocurrency related transactions.
Some banks may not take kindly to the existential threat that is crypto to their bottom line so this can be expected.
Likewise, there will be scammers that hope to use this as a ploy to obtain your credentials. See the following that I found in my inbox. They were savvy enough to spoof the address so that it appeared to have come from paypal.com to afford an air of "legitimacy" but there is nothing legitimate about it.
Don't fall victim to phishing attacks
Remember, verify the link and SSL Certificate status (Secure Socket Layer - a sort of misnomer as SSL has been deprecated and TLS is standard these days.) to ensure that the site you are visiting is confirmed by a trusted root certificate authority which is generally determimed by your browser but also your operating system configured certificate stores.
Also, make it standard practice to not act on unsolicited request to verify any of your accounts because good chance they are fraudulent. If the application has something to tell you, it should do so when you login, establish a secure channel.
In any case, just wanted to bring this to attention so nobody "gets got" by these scamming sons of guns.
Thank you for coming to my TED talk!
Hey @anthonyadavisii,
if you send me a dm with their link I'll add it to my phishing detection tool: https://hive.blog/hive/@keys-defender/new-feature-phishing-detection-and-auto-reply
Example of autoreply (after I reported the XSS on hiveblocksexplorer): https://hive.blog/hive-133987/@keys-defender/antiphish-keys-defender-bot-1598366785783
Thanks a lot for the warning.
These scammers and spammers get on my nerves too and we decided to strike back.
We send so many false addresses and passwords to the scammers that the criminals can no longer easily find out what is right and what is wrong.
This is how we try to protect the innocent.
Link to the code
A name generator can be found on https://pypi.org/project/names/
To avoid being banned, we disguise our IP via VPN.
Enter the URL of the scanner here
bad_url = "https://chalkwoodhouse.co.za/dss/next.php"Lean back and have fun at the end :-)
It is not an illegal thing, because we have set the counter to a comfortable number for the server. So, it is not Ddos attack.
The code was written by Morpheus. Unfortunately his video is only in german.
That's awesome! Keep up the good work. I reported this one to xfinity. They seemed to have compromised their DNS to redirect to the fake PayPal verification page.
Interestingly, after the first http get and closing, they seemed to have covered their tracks and it no longer redirects.
The associated domain found in the email headers was created 3 days ago. It's interesting to learn of their methodology.
I get these a few times a week xD
I think they finally tied my email to my cryptocurrency interest.
There have been a number of data breaches to include the OPM disclosure which concerns me. I recommend any to invest in ID theft protection as these criminals can be quite crafty.
Often, even with relatively hardened security, it isn't a question of if but I question of when if you have a determined attacker.
Be safe out there!
I dont know what OPM is.
The rules I follow:
Never click on you dont know what is, so dont click anything within an email or a banner or ad or anything.
If you get an email from lets say PayPal, never click the link within the email, also go to the real website and login and check.
Always report as phising :D
OPM...office of personnel management,basically the US governments human resources department.
Thanks!
Joke's on them, I don't even use PayPal.