Discover and read the best of Twitter Threads about #Phishing

Most recents (24)

According to the report published in 2022 by Identity Theft Resource Center, 1,789 data breach incidents have been recorded. #WorldPasswordDay
According to the White House Council of Economic Advisers, the United States economy loses approximately USD 57 - USD 109 billion each year to harmful cyber activity.

#cybersecuritytips #WorldPasswordDay2022
In Dec 2021, a huge security breach at Bitmart, a crypto trading platform, resulted in hackers removing about USD 200 million in assets. A stolen private key was the major source of the security compromise, which affected two of its #Ethereum and #Binance smart chain hot wallets.
Read 9 tweets
Hoy toca día de descanso, así que... Dentro 🧶
El #Phishing es uno de los vectores de ataque más comunes en la actualidad y una de las áreas más у populares de la Ingeniería Social. Hoy vamos a ver una serie de recursos útiles con los que te protegerás del phishing.
Read 8 tweets
Andaba navegando por la red, y me encuentro con este sitio web activo de phishing… , y yo me preguntaré cuantos estarán siendo víctima de fraude informático, compras fraudulentas y/o transferencias fraudulentas. 🧵🧵
Al acceder, claro desde una vpn, y de un user-agent distinto a mi dispositivo. Se observa que este sitio web phishing, después de ingresar el número de tarjeta y su clave (obvio, que ingresé datos falsos), me solicitaba el ingreso del Documento Nacional de Identidad.
Después de ingresar el Documento Nacional de Identidad(claro que ingresé datos falsos), vinculado posiblemente a la tarjeta del Banco de la Nación (Banco de Perú), me solicita que ingrese un número telefónico 🙄, posiblemente vinculado a la tarjeta bancaria.
Read 8 tweets
#cybercrime - A🧵- Did you know that losses connected to internet crimes were estimated to be $6.9 billion last year? This is a significant increase from $42.2 billion in 2020.
More than 40 percent of experts surveyed by Allianz Global Corporate & Specialty think that cybercrime and business interruption will be the biggest business risks in 2022.
Data from security firm Blackfog shows that from January to November of this year, 244 ransomware hacks were publicized, an increase of 25 percent compared to the same period in 2020.
Read 9 tweets
Après plusieurs questions reçues, quelques conseils (orientés grand public) pour renforcer sa #Cybersécurité sur Twitter

L’idée est d’une part de protéger son compte et d’autre part de protéger sa vie privée.

1/18 ⬇️
1/ Protéger son compte
L’adresse email : il vaut mieux utiliser une adresse email dédiée à ce réseau social et non utilisée sur un autre réseau ou un magasin en ligne.
Objectif : limiter le risque de se faire avoir par un #Phishing
2/18 ⬇️…
Le mot de passe et l’authentification
Il est fortement recommandé d’utiliser un mot de passe complexe, unique et réservé à Twitter.
En outre et comme Twitter le propose, il faut activer l’authentification à deux facteurs
3/18 ⬇️…
Read 18 tweets
1/7 #Kucoin - How easily you can fall victim of #phishing and find your wallet empty.

A short video on how hackers are still masking and redirecting their phishing URL to legit Kucoin website, loading in malicious cookies/script
@kucoincom @lyu_johnny
2/7 What happens after that?

short answer: hackers activate a master API that bypass login, withdrawal and notifications measures. IP and location are correct. This fools you and the Kucoin security as well. Hackers wipe everything leaving spare change.
@kucoincom @lyu_johnny
3/7 what happened in 8 step:

1. User open phishing website from Google Ads
2. Fake URL Website is instantly masked/redirect to KuCoin .com
3. malicious cookies/script are now saved in your browser
4. You input email, password or QR Code and 2FA
@kucoincom @lyu_johnny
Read 7 tweets

Below are all user(s) CONFIRMED to be scammers. We provide beyond a reasonable doubt that such information is wholly truthful and accurate. Such CAN be confirmed quickly through evidence. Information provided here is not to be used for solicitation or harassment. #habbo
🕵️‍♂️ BEWARE: The user AntFood is a known quick trade scammer, please be cautious while trading with him. He's scammed many & continues to do so. RT to spread awareness.

picture credit: @number24_habbo

#AntFood #habbo #scams #habboscammers #endhabboscams #EHS #scammer #ScamAlert ImageImage
🕵️ BEWARE: The user ashwinb11 many user(s) paid for his "giveaway" and when people started to win he then :kickedall. RT to spread awareness.

picture credit: @ReeceGamingTV

#ashwinb11 #habbo #scams #habboscammers #endhabboscams #EHS #scammer #ScamAlert ImageImage
Read 145 tweets
Bugün sizlere dolandırıcıların kullandığı bir saldırı yöntemi olan #PHISHING hakkında bilgi vereceğim. Lütfen sonuna kadar dikkatli bir şekilde okuyunuz ve dersler çıkartınız.

Sloganımız neydi? "Önce Güvenlik Sonra Hareket"💪
1⃣ Phishing saldırıları genellikle kullanıcı isimleri, şifreler, kredi kartı bilgileri, ağ kimlik bilgileri gibi hassas ve gizli bilgilere ulaşmak amacıyla yapılan saldırılardır.
2⃣ Siber saldırganlar, telefon/e-posta yoluyla normal bir birey/kurum gibi görünerek mağdurları belirli eylemleri -zararlı bir bağlantıya/eke tıklamak gibi- gerçekleştirmeleri veya isteyerek gizli bilgileri açıklamaları için manipüle etmek üzere sosyal mühendisliği kullanırlar.
Read 44 tweets
🧵 THREAD N°8 : Sécuriser son #wallet

En 2021, 3 milliards de dollars de cryptos ont été volés par des #hackers, soit 500% de plus qu'en 2020.

L'arrivée de débutants a facilité ces vols, mais tout le monde peut se faire avoir.

Voilà 6 conseils pour sécuriser vos cryptos 👇 Image
1/ Préambule : je vous recommande de comprendre comment fonctionne un wallet pour mieux savoir le sécuriser.

J'ai écrit un thread sur le fonctionnement des wallets si besoin :
2/ Si vous savez comment fonctionne un wallet, vous avez compris que le nerf de la guerre est votre clé privée (#seedphrase, une phrase de 12 mots aléatoires).

C'est elle qui signe toutes vos transactions et montre au réseau que c'est bien vous qui en êtes à l'origine.
Read 13 tweets
🧵 Useful Websites

1⃣ Check if your email/ phone number is in a data breach

If yes, change your password immediately
#password #cybercrime
2⃣ Check the SMS Header of text message received on your phone

3⃣ To know how many SIM cards are purchased in your name;

Click here

Read 5 tweets
I'm playing with phishing infrastructure OPSEC topic, hunting gophish on shodan... and found this:
GoPhish servers hosted in Moscow, configurated with same, self-signed "PZU" certificate.
IPs are not resolving for any domain rn, but it might be backend.
#gophish #phishing 1/x
Another interesting thing is that for 2nd IP, the gophish management service is open for the world. emailAddress indicates that someone who deployed this gophish at least know popular Polish services. But take a look on the 'O' and 'OU', 'OOH'. Does this look familiar?
3/x 'OOH' was used as 'Organization' for domains registered in UNC1151 #ghostwriter phishing campaing.
This isn't indicator of course, but it's not usual organization name in SSL, as there are only 3 of them (3rd IP from screen is FP, I'm not into get censys query scheme)
Read 7 tweets
Announcing KIT Intel 📣

🎉A Phishing Kit Intelligence Platform

“Understand the threat actors' playbook and capabilities”


KIT Intel is a tool for phishing kit scale.

📁 Upload, Analyze, Cluster, and Research phishing kits like never before.
🔎 Phishing kits are a wealth of untapped intelligence.

If you deal with phishing you need this tool in your arsenal 👈

KIT Intel gives you the ability to hunt, pivot, and discover new phishing kit activity across our full dataset.
Read 17 tweets
So you want to learn about phishing kits 🧑‍🎓

🧵 In this thread I will highlight threat hunting skills and IoCs within phishing kits to look for ⤵️

Retweets are appreciated ♻️

🔍Follow me for more #phishing intelligence @Jcybersec_
📁What is a phishing kit?

When a threat actor wants to create a phishing page they will create the page on their own machine.
Zipping it up 🤐
And then putting this zip on a website to then deploy 🌐
🥷Building threat actors create these kits and sell them to other threat actors 💰

Deploying / Controlling threat actors put the kits online and then extract the content to instantly upload a working phishing site 🦹
Read 21 tweets
Mini-thread on how hybrid phishing, phone-hooking, malware infecting campaigns look these days: 👇
#infosec #fraud #phishing #CyberSecurity 1/12
A few weeks ago we notice a pattern of new domain signups coming onto the system (we notice this because we manually inspect every single #bitcoin transaction that comes into the system):
They're all for new domains, different accounts, with the pattern XXsupportcare[dot]com, where XX is anything: 1 char, 2 chars, a word ("geek"), etc.
Read 12 tweets
"What’s coming next for crypto fraud".

The following thread is for crypto enthusiasts who use mobile wallets, and crypto journalists who care enough to write about this stuff.

#FluBot #Phishing #Fraud

Crypto enthusiasts with a mobile wallet are now faced with a new security problem that’s worse than anything we’ve seen before.

Hackers are using SMS messages to infect devices with #FluBot malware - it steals all passwords, sends messages to contacts, installs spyware...

#FluBot is spreading across European countries right now. Mobile operators *who are impacted* are looking for a solution.

There's no "Proofpoint for SMS", but worse again, the cybersecurity industry doesn't have a category for SMS, let alone a vendor or solution.

Read 20 tweets
Abro hilo sobre nuestro estudio de montos y entidades afectadas por #fraudes y #phishing en Argentina 💲💰💸🇦🇷.

Según #UFECI las denuncias por estafas crecieron en un 3.000% durante el 2020 y el 28% de los argentinos fue estafado a través del correo.

#CortemosConElFraude RT
Según los datos de ODILA @odilatam y Usuarios Consumidores Unidos (UCU @CabaUcu) el análisis es el siguiente:

- Reportes analizados: 226
- Inicio de muestra: 02/01/2021
- Fin de muestra: 07/06/2021
- Reportes recibidos por día: 1,45

#CortemosConElFraude RT
- Monto mínimo reportado: AR$ 1.500
- Monto máximo: AR$ 4.900.000
- Monto total: AR$ 69.831.976
- Promedio de fraude por víctima: AR$ 308.991

- Zona geográfica: todas las provincias
- Top de bancos afectados: Galicia, BBVA, Santander, BAPRO, BNA

#CortemosConElFraude RT
Read 6 tweets
Hello @YouTube @YouTubeArabia
Can you add these options in youtube ads reporting :
Phishing/Scam and offensive
And edit inappropriate option to
As there are many phishing ads and some times inappropriate ads on your platform that are getting approved somehow
I will make a thread filled with screenshots of phishing and scamming ads on @YouTube until I get a reply
Let's start with this scam using @PUBGMOBILE name to scam users to enter phone number and subscribe in useless sms services that take money from the user's phone weekly
Scam ad on @YouTube using @PUBG name to get users' phone number and subscribe them in you sms services that takes money of the users weekly
Read 38 tweets
Thread de mes #threads sur les arnaques en tout genre

faux sms, fausse promesse de téléphone à 1 euro, phishing, fausses pubs, etc.
J'évoque dans ce thread les faux SMS qui sont là pour vous faire croire que vous avez reçu un colis, sauf que c'est une arnaque. le "faux" répond au fait que ce n'est pas dans le but de vous surveiller.

Un exemple de #phishing

Le compte piraté Instagram a été supprimé il y a quelque temps, mais ça a pris du temps à faire... Revoici mon thread a ce sujet avec plein d'info à ce sujet qui j'espère vous seront utile et pas uniquement pour Instagram

Read 6 tweets
Hi @MFTnhs, I received an SMS from an unknown number purporting to be "From Manchester University Foundation Trust". It may be a phishing attack. But there are hints it might be genuine. A thread. #Phishing #SMishing 1/20
@MFTnhs Yesterday, I received an SMS from 07860 039092: Here's a screenshot (with personal details redacted)... 2/20 Image
@MFTnhs This looks to be taken verbatim from page 2 of the playbook of how to scam an unwary person. #MadeUpBook but you get my point. See e.g.… 3/20
Read 48 tweets
Parlons un peu de #Cybersécurité
Tout le monde connait le #Phishing mais connaissez-vous le #SMiShing ?
Explications ⬇️
A l'origine, le phishing ou hameçonnage est une technique utilisée par des escrocs pour obtenir des renseignements personnels dans le but de réaliser diverses fraudes à l’identité ou des escroqueries. ⬇️…
Le mode opérateur repose sur le fait de faire croire à la victime qu’elle s’adresse à un tiers de confiance (banque, administration diverse, etc) afin de lui soutirer des données personnelles. ⬇️
Read 8 tweets
🏦 Phishing targeting #Brazilians #Banco #Itau #Phishing #Domain

😡 Collects: account, agency, phone, 6-digits pass

👿 meu.appitauitoken[.].com ➡️ https://meu.appitauitoken[.]com/f8175578-9fbd-11eb-80c4-de1c0c70a00b/itau/GRIPNET/login.dll Redirects ➡️ Itau[.].com[.]br
Hey @threadreaderapp unroll this threat.
Last access using South American VPN:

April 17th, 2021 9:18pm UTC
Read 3 tweets
Japanese shoppers are currently being phished with spoofed Amazon emails. 99% of this spam is being emitted from IPs originating from ASN 4134: CHINANET backbone @chinateleglobal. Read the thread for more detail. #chinese #botnet #phishing Image
Recently we've observed a huge spam run with the subject line "お支払い方法の情報を更新." Google translates this as "Updated payment method information." The message contents are phishing emails, spoofing Amazon, targeting Japanese shoppers.
The spam run continues as we tweet, but Spamhaus subscribers in Japan and worldwide are no longer seeing it in their inboxes.
Read 4 tweets
This thread brings together all my #infographics until today (2years of work).

These are all infographics about #infosec 🔐

Feel free to share this tweet if you think it may be useful for your #community 📚

Follow me ➡ @SecurityGuill fore more about #security #hacking #news ImageImageImageImage
How does an #Antivirus works? Image
Quick presentation of the different #Bluetooth Hacking Techniques Image
Read 44 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!