Mastodon

Scam

A 25-post collection

Thanks FedEx, This is Why we Keep Getting Phished

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. Just as a brief reminder, they look like this: These get through all the technical controls that exist at my telco and they land smack bang in my SMS inbox. However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any parcel delivery service I...

Let's Stop the 5G Hysteria: Understanding Hoaxes and Disinformation Campaigns

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents..."...

When Bank Communication is Indistinguishable from Phishing Attacks

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch [https://www.troyhunt.com/do-you-really-want-bank-grade-security/], but the fact remains that people have high expectations of how banks should commu...

A Scammer Tried to Scare Me into Buying Their Security Services - Here's How It Went Down

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards: > Should I respond? ? pic.twitter.com/lifCZRcICF [https://t.co/lifCZRcICF] — Troy Hunt (@troyhunt) March 20, 2018 [https://twitter.com/troyhunt/status/9760...

The Australian Taxation Office scam call

I actually thought that once I didn’t bother connecting a landline after moving house recently, it would be the end of scam calls. I used to get them all the time – the ones where they’d call up and say you had viruses on your PC – and my recordings of those turned out to be rather popular [https://www.youtube.com/watch?v=kjKjyMKj3n4]. But today I had another call, although this one went a bit differently. First off, I missed a call in the morning from a Sydney landline number which was 02 6064...

The opportunistic and empty threat that is data breach victim extortion

So someone sent me this on the weekend: They asked me to censor the Bitcoin address because as you can see above, it’s unique to them and quite understandably, they don’t want anything that can tie this blackmail attempt back to them going public. Except that the address is a perfect match with this one: > Looks like some people are attempting to capitalize on the @Patreon [https://twitter.com/Patreon] hack/leak. @Troyhunt [https://twitter.com/troyhunt]. Kinda funny to me. pic.twitter.com/8...

The unabating cold call virus scams

Update: Literally an hour after posting this, I had another call running the same scam. As suggested earlier [https://twitter.com/DAkacki/status/584191349836095488], I broadcast this one via Periscope [https://www.periscope.tv/] and you can can go back and watch it via the app. I’ll be more organised next time and have a special machine ready for them :) These things just don’t stop. I had my first seriously nasty one [https://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html]...

This is your bank, please verify your details – No, you verify YOUR details!

The phone rings from a concealed number and you pick up: Hello? Silence. More silence. Eventually a foreign voice enters: Hi, this is your bank, we need you to verify some details. This is the point where you should be disclosing absolutely nothing, at least nothing that is not known already which is probably just your phone number and perhaps your name if they’ve greeted you with it. No, I’m not revealing my address or my account numbers or my password because frankly, I don’t trust you....

Scammer identifies “viruses” in a brand new Windows Azure VM then asks to be bought porn

I thought I’d seen it all when it comes to cold call virus scammers, you know, the guys who call you up from “Windows” because they’ve had reports of viruses from your machine? I’ve recorded their audio [https://www.troyhunt.com/2011/10/anatomy-of-virus-call-centre-scam.html], recorded their video [https://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html], antagonised them [https://www.troyhunt.com/2012/04/type-www-ok-w-w-w-d-o-t-antagonising.html], interviewed one of the blo...

Inside the Facebook Snapchat phishing scam

I’m frequently amused by the sort of stuff my Facebook friends “like”. For example: The more salacious content you find around Facebook often has a hidden agenda, for example the classic She did WHAT in school [https://www.troyhunt.com/2012/10/she-did-what-in-school-mechanics-of.html] scam I wrote about last year. Snapchat [http://www.snapchat.com/] allows you to take a pic or a video and set an expiry date after which it’s “theoretically” destroyed, just the sort of stuff that appeals to sex...