Discover and read the best of Twitter Threads about #Phishing

Most recents (15)

:: Phishing Hunting Thread ::

This is a thread about how to hunt and find #Phishing sites.
Retweets would be great to help spread the knowledge and please add your own techniques, ideas and suggestions.

Let's go hunting!
Firstly we need a site to use as a pivot. I have attached a number of sources at the bottom of this thread. For demonstration purposes we will use this site ::

hxxp://www.new.froid-guyader.fr/libraries/sharepointcontract/

This is a #Phishing site against Microsoft Office
Initially let's see if there is a #PhishingKit or #OpenDir on the domain. Enumeration on the domain is important. This is a example of sites to load and see ::

- hxxp://www.new.froid-guyader.fr/libraries/
- hxxp://www.new.froid-guyader.fr/
- hxxp://www.froid-guyader.fr/
Read 15 tweets
#BOYCOTTS: Your Quick-Start Guide buff.ly/2JGy9B0

( $BCE shareholders & #Advertisers partnering with #Bell media )
pluspora.com/people/b966681…
TARGET #ADVERTISERS who fund & support #business practices of #Bell Canada #BCE #Telecom #CRTC #elxn43 #partnerships #competition BOYCOTTS are a tool for holding a company accountable for actions against workers, consumers, communities, minorities, animals or the environment. It is marketplace democracy in action. Consumers voting with their money for social and economic change. (BELL MEDIA LOGO) - Lack of public accountability, no adherence to regulations, unfair business practice. WARNING TO ADVERTISERS
Which #Business (paying #Bell Media through #Advertisements on #CTV),
do you think Canadians should #Boycott first?

Here are three that #advertise daily with #Bell_Media
Rewarding $BCE Shares by unethical business practices?
Bell answers to none of their customers. #CHANGE Partnerships and Advertisers that are willing to share their reputation with Bell Canada KIA Canada, JEEP, BluenoseRV Center Bridgewater NS and more
Read 50 tweets
I've got a story to share. Not as exciting as the exploits of @TinkerSec, @HydeNS33k, or @_sn0ww, but a story nonetheless. #DFIR & #BlueTeam in nature. 1/
I worked for a service provider back in the day. And we provided email accounts to customers. 2/
This was back when most places would slap #SquirrelMail or #Horde on top of a #dovecot server. 3/
Read 13 tweets
With the 2020 elections coming on strong already, I think it is important to talk about keeping yourself safe from "hacking".
When you think of hacking, most envision someone using a computer & complex code to break into your computer.
#CyberSecurity
/1
#Hacking can take many forms, many can be done done over the phone or through email messages. These scams are known as #Phishing.
Example: A phone call where someone asks you for information that are common security questions:

Your first car
Mother's maiden name
Birth City
/2
They might pretend to be from your bank, your email or internet service provider, or your mortgage lender. They might pose as someone looking to verify your identity because of "unusual activity". This can come many ways, e.g. via a phone call, text message or email.
/3
Read 13 tweets
Okay, here’s the deal with Security Keys and #phishing, because even some experts don’t really get it. HT @boblord and @runasand for the idea 1/
IN THE BEGINNING, God created passwords. If you knew your password, you could sign in; if you didn’t, the door remained locked. Simple! 2/
Unfortunately, phishers realized that if *they* knew your password, they too could sign in. Relying on a single “knowledge factor” meant if they could make you enter your pwd on their fake login page, they were home scot free. 3/
Read 20 tweets
It's #SaferInternetDay today. Will tweet some tips today.
1. You can't lose what you don't have. Only register an account for a website or app when you really need to. Use a throwaway email address (like Mailinator) and fake as much personal data as possible.
#Security
2. Never reuse passwords. Even not for "low value" accounts. Use a password manager or even a password book if that's most convenient for you to support you in creating unique passwords.
#SaferInternetDay #Security
3. Configure 2FA for your online accounts when possible, even if only SMS based 2FA is available. 2FA is always better than no 2FA. Configure a fallback (2FA backup codes or other recovery mechanism) for when the code cannot be received or generated.
#SaferInternetDay #Security
Read 10 tweets
🔴 ⚠️#ALERTE - Attention, arnaque en cours sur #WhatsApp aux couleurs du #futuroscope : Non le @futuroscope n'offre pas 5 billets gratuits à 500 familles pour son anniversaire !
- Ne cliquez pas
- Ne relayez pas
- Ne donnez aucune info perso ou bancaire
Mention spéciale de félicitations à @futuroscope pour sa réactivité de communication sur cette arnaque sur #WhatsApp 👍
🔴 ⚠️#ALERTE - Campagne d'arnaque en cours sur #WhatsApp aux couleurs de parcs d'attraction : @PuyduFou également concerné (site malveillant supprimé)
france3-regions.francetvinfo.fr/pays-de-la-loi…
#Puydufou
Read 6 tweets
Unpopular opinion of the day: #phishing awareness campaigns and teaching your users to stay frosty is a close to useless endeavour. A waste of resources. Read on to see my point (1/n) /cc @troyhunt @randomdross @sirdarckcat
I know anti-phishing is a business that feeds a lot of people but the way this war is fought today just seems off to me.
First, I differentiate targeted phishing campaigns (usually APTs) from massive or moderately massive phishing. I don't think I need to point out why you can't fight the former with awareness.
Read 27 tweets
Earlier today, I wrote a tweet about another @Twitter promoted tweet #phishing advert and I reminded you that I had written about it a couple of week ago. link.medium.com/UXh4iZtCMR

Well, guess what has happened since this morning...?

#security #scam
Amazingly, there had been another one today, @twitter!

This time, @farahmenswear is the main hacked account and the supporting account for this #phishing #scam is incredible...
Amazingly, the supporting accounts for this #phishing #scam include @EuroParlPress - the European Parliament Press Office. This is now off-the-scale!

Maybe @guyverhofstadt or @GabrielMariya can look into what is going on?

link.medium.com/UXh4iZtCMR
Read 4 tweets
I wrote a piece about #phishing adverts on @Twitter a couple of weeks ago. @TwitterSupport had put it about that they had it under control. Here’s the article...

link.medium.com/UXh4iZtCMR

#security #digitaladvertising
Incredibly, it’s still going on. This is a #safety and #privacy issue that is not being addressed by @TwitterSupport.

This time @capgemini_aust are the main target and it is EXACTLY the same promoted advert that I highlighted in my article. link.medium.com/UXh4iZtCMR
The accounts used to legitimise the #scam this time are

@BenAllenCA @azariarachel @ARTNIGHTLDN @AKIpress_com and @67Kelechi.

Once again, all of them are @verified accounts. And this is still live over half an hour after it was posted.

#security #privacy
Read 5 tweets
It’s Time Twitter Cleaned Up The #Phishing Ads

I’ve just written this. I’m passionate about Twitter - always have been. I love how it is tackling fake accounts and hoping to reduce the amount of extremism online. But these adverts should be a priority.

link.medium.com/gCqRV3BVAR
Today’s scam has roped in @patheuk, @swansladies, @sarahscoop, @angola2411, @bookmyshow_sup - last time it was @monsterjobs, @GeoffroyDidier, @wsu_womensgolf, @CarteNoireUK and @rpsgmavericks - all without their knowledge and all trying to scam people out of their #bitcoin.
Each of the accounts used in the scams are @verified and, last time this happened, I copied in @TwitterSupport so they knew it was happening. It looks like it takes about 30 mins-1 hour to take down these scams but that is long and the damage to innocent accounts lasts longer.
Read 5 tweets
This is THE most incredible #scam on @Twitter yet and it raises all sorts of questions for @twitter, @verified and @jack (there goes my chance of ever getting my blue tick!!)

It starts with a promoted tweet...
You’ll notice that, on the #promoted tweet, the account name is Elon Musk and it has a blue tick... so it’s got to be legit, right?
But, if we need proof that this is a genuine offer from Elon Musk, we just have to click on that account and see his other tweets to make sure it’s him...
Read 12 tweets
This is how bad guys can reset (and later resell) your stolen iPhone. The average Joe stands *no chance*, here is why (Thread)
This is a recent text message someone provided to me.
You receive a message from "Apple" to your recovery phone. In your native language, perfectly spelled. This looks legit, and you're happy because you might have a chance to get back your lost phone, right?
Domain name looks like an official icloud service, you know how this ends for most people. This is a very simple #phishing, yet very effective.
Read 5 tweets
ICYMI: Test Your #VPN's Anti #Phishing Protection .@planetscape .@ALT_uscis .@COPicard2017 .@IndivisibleNet #InfoSec
When #Ransomware 1st Appeared, .@FoolishIT Issued #CryptoPrevent - Is Free, Now Updated. Recommended! foolishit.com/cryptoprevent-… #InfoSec
Read 13 tweets
1/ If there's a 1% inequality problem in #cybersecurity it's not the ability to hire skilled employees
forbes.com/sites/groupthi…
2/ despite increasingly damaging #cyberattacks and billions invested into new technologies, most are only accessible to the 1% of companies.
3/ #infosec professionals are mission driven. Working on big, interesting problems in #cybersecurity is not exclusive to the G2000
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!