I thought I’d recap some fun that @c0ldbr3w & I had yesterday interacting with a fraudster. I posted to Craigslist an add for furniture that we’re selling. I then received a text from a fraudster who asked me to provide the code that he just sent to “prove” I’m a real person. /1
The fraudster used my email address & phone # to reset my Google pw & Google sent me a 2 factor authentication code to verify that I made the request. He wanted me to “share the code” with him. This type of social engineering methodology via text message is known as SMiShing. /2