phishing

Recompartilho um desabafo de alguns meses atrás:

A dificuldade de educar usuários contra phishing causada pelas próprias instituições 🎣

#InfoSec #rastreadores #phishing #tecnologia #blog #Brasil

Hello all.

Mastodon does NOT solicit paid verification.

Looks like there’s a new version of the fake ‘Mastodon Team’ phishing attempts that are targeting new users by replying to Introduction posts.

Again, please alert new users, and please report and block this fraudulent account.

#Fediblock #Phishing #Mastodon #Introduction #Bluesky

Phishing targets LastPass & Bitwarden users with fake breach alerts, pushing malware that installs remote access tools 🔐

LastPass confirms no hack; attackers exploit social engineering and outdated app fears ⚠️
Users should verify alerts on official sites and avoid unsolicited downloads. 🛡️

Syncro MSP platform abused, but not compromised 🤔

🔗 https://www.bleepingcomputer.com/news/security/fake-lastpass-bitwarden-breach-alerts-lead-to-pc-hijacks/

#TechNews #Cybersecurity #Phishing #DataSecurity #PasswordManager #Privacy #UserSafety #Infosec #OnlineSecurity #SecurityAwareness

Une étude américaine le confirme : malgré les millions dépensés, les formations anti-phishing ne fonctionnent pas.
👉 La clé ne serait donc pas seulement dans la formation, mais dans des solutions technologiques plus robustes.
#Cybersécurité #phishing #Sensibilisation #SécuritéNumérique
https://www.generation-nt.com/actualites/phishing-formation-entreprise-cybersecurite-inefficace-etude-2063205

The Russians aren't coming, they are already here. Without most anyone realizing, they've created an entire malicious adtech industry whose story is just as complex as the Chinese organized crime we're now realizing from their ventures into pig butchering.

VexTrio is just one Russian organized crime group in the malicious adtech world, but they are a critical one. They have a very "special" relationship with website hackers that defies logic. I'd put my money on a contractual one. all your bases belong to russian adtech hackers.

Today we've released the first piece of research that may eventually prove whether I am right. This paper is hard. i've been told. I know. We've condensed thousands of hours of research into about 30 pages. @briankrebs tried to make the main points a lot more consumable -- and wrote a fabulous complimentary article : read both!

There's so much more to say... but at the same time, between ourselves and Brian, we've released a lot of lead material ... and there's more to come. I've emphasized the Russian (technically Eastern European) crime here, but as Brian's article points out there is a whole Italian side too. and more.

We've given SURBL, Spamhaus, Cloudflare, Domain Tools, several registrars, and many security companies over 100k domains. They are also posted on our open github.

Super thanks to our collaborators at Qurium, GoDaddy Sucuri Security, and elsewhere.

#threatintel #scam #tds #vextrio #cybercrime #cybersecurity #infosec #dns #infoblox #InfobloxThreatIntel #malware #phishing #spam

https://blogs.infoblox.com/threat-intelligence/vexing-and-vicious-the-eerie-relationship-between-wordpress-hackers-and-an-adtech-cabal/

https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

:ciladaBino: Os caras mandam mensagem de phishing alegando que "Sua assinatura do Amazon Prime foi cancelada", mas com ligação para estrutura concorrente ... Se rodassem o sistema da cilada na AWS, seria mais verossímil! 😹

#InfoSec #Phishing

#PSA #Romancelandia @romancelandia @bookstodon

Via Victoria Dahl aka Victoria Helen Stone: "ALERT! If you get an email from someone claiming to be me and wanting to “chat with fellow writers” or “talk about your writing journey” IT IS NOT ME! It’s a phishing scam. BLOCK & REPORT. Some clues: I don’t have a gmail account & I never want to chat. I’ve reported to Google, so fingers crossed."

Please boost and share!

#Scam #Phishing #Impersonation

🚨 Scam Alert: "Verify your Fedi account" Phishing Attempt 🚧

Attention everyone on Mastodon! There's a scam making the rounds where malicious actors impersonate moderators or admins. They send private messages or make posts that mimic notifications, claiming that your account needs verification. These messages often include a link for you to "complete the verification process."

⚠️ This is a Scam!

Your server admin will never ask you to click a link to verify your account.
No other admin from any other server will either, even if they appear to be part of the main Mastodon team.
If your account is suspended, you won't receive a message about it. Instead, you'll see a notification upon logging in that your account is temporarily suspended.

How to Identify the Scam:

Fake admin accounts often use names containing "moderator" or "admin," but this doesn't mean they are legitimate.
Legitimate admins or instance owners usually have a badge or marking on their profile indicating their role.

What to Do:

If you receive a message or post urging you to click a link to verify your account, report it immediately.
If you have any doubts about your account status, contact your server admin or moderation team directly.
To verify the authenticity of an admin or instance owner, visit the "About" page of your instance. This page typically lists contact information for the real team administering your instance.
Always be cautious when interacting with accounts claiming to be from Mastodon or your instance's admin team.

Important Reminder:

Mastodon does not perform age verification. If you receive a message or post claiming to be from Mastodon or your instance's admin team, always verify its authenticity before taking any action.

Reporting the Scam:

If you encounter this scam, report it to your instance's admin team and use relevant tags, such as #FediBlock, to help raise awareness.

Personal Note:

I'm not a cybersecurity expert, but I find this new scam in the Fediverse quite interesting. If you feel like sharing your experiences with me, I would appreciate it! I'm looking to collect cases and get a broader view of this phishing attack. Maybe I'll even try to write a report about it. Feel free to tag me in any relevant posts.

Let's stay vigilant and help each other stay safe online!

#Mastodon #Fediverse #ScamAlert #Phishing #CyberSecurity #OnlineSafety #FediBlock #StaySafe #TechCommunity #SocialMedia #ScamAwareness #SecurityTips #ReportScams #VerifyBeforeYouTrust