Recent searches

No recent searches

Search options

Only available when logged in.
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Administered by:

Server stats:

877
active users

digitalcourage.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.8

#socialengineering

6 posts5 participants0 posts today
Pyrzout :vm:

Cybercriminals Targeting Payroll Sites schneier.com/blog/archives/202 #socialengineering #Uncategorized #credentials #banking #scams

Schneier on Security · Cybercriminals Targeting Payroll Sites - Schneier on SecurityMicrosoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening. I feel like this kind of thing is happening everywhere, with everything. As we move more of our personal and professional lives online, we enable criminals to subvert the very systems we rely on.
Schneier on Security RSS

Cybercriminals Targeting Payroll Sites

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’... schneier.com/blog/archives/202

Schneier on Security · Cybercriminals Targeting Payroll Sites - Schneier on SecurityMicrosoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening. I feel like this kind of thing is happening everywhere, with everything. As we move more of our personal and professional lives online, we enable criminals to subvert the very systems we rely on.
#socialengineering#Uncategorized#credentials
Schneier on Security RSS

Social Engineering People’s Credit Card Details

Good Wall Street Journal article on criminal gangs that... schneier.com/blog/archives/202

Schneier on Security · Social Engineering People's Credit Card Details - Schneier on SecurityGood Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations. The texts are ploys to get unsuspecting victims to fork over their credit-card details. The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cosmetics. Criminal organizations operating out of China, which investigators blame for the toll and postage messages, have used them to make more than $1 billion over the last three years, according to the Department of Homeland Security...
#socialengineering#Uncategorized#creditcards
Pyrzout :vm:

Social Engineering People’s Credit Card Details schneier.com/blog/archives/202 #socialengineering #Uncategorized #creditcards #China #fraud #scams

Schneier on Security · Social Engineering People's Credit Card Details - Schneier on SecurityGood Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations. The texts are ploys to get unsuspecting victims to fork over their credit-card details. The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cosmetics. Criminal organizations operating out of China, which investigators blame for the toll and postage messages, have used them to make more than $1 billion over the last three years, according to the Department of Homeland Security...
OTX Bot

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

BlueNoroff, a financially motivated threat actor, has been conducting two sophisticated campaigns dubbed GhostCall and GhostHire. GhostCall targets macOS devices of tech executives and venture capitalists through fake Zoom-like meetings, while GhostHire targets Web3 developers through fake recruitment processes. Both campaigns utilize various malware chains, including ZoomClutch, DownTroy, CosmicDoor, RooTroy, and SilentSiphon. The attacks involve social engineering, AI-enhanced images, and multi-stage malware deployment across Windows, macOS, and Linux systems. BlueNoroff has expanded its focus beyond cryptocurrency theft to comprehensive data acquisition, enabling supply chain attacks and leveraging established trust relationships for broader impact.

Pulse ID: 69003b85c217870cc5794cc6
Pulse Link: otx.alienvault.com/pulse/69003
Pulse Author: AlienVault
Created: 2025-10-28 03:41:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BlueNoroff#CyberSecurity#InfoSec
David J. Atkinson

#infosecurity #infosec #bankofamerica

1/n I’ve been #hack ed and it gets worse.
It is fair to say that most, if not all of us, have had our personal information stolen in one or more hacks of institutions we do business with or trust with our personal information. When you combine what has been compromised with the #profiles that internet/web #advertising do, all it may take is a little #socialEngineering or #Phishing to open the door to #IdentityTheft The experience is miserable.

Read on for more info on what is happening to me right now…

(continued)

The DefendOps Diaries

Microsoft Copilot Studio is being hijacked into a phishing trap. Attackers now use legit-looking OAuth consent requests to swipe your session token without you noticing. Curious how this slick new CoPhish attack works?

thedefendopsdiaries.com/cophis

#oauthphishing
#microsoftcopilot
#cophish
#socialengineering
#cybersecurity
#phishingattacks
#infosec
#securityawareness
#cloudsecurity

teufelswerk

LastPass macht seine Kunden auf eine aktuelle Phishing-Kampagne aufmerksam, die sich seit Mitte Oktober gezielt an LastPass-Nutzer richtet und mit Kryptodiebstahl in Verbindung gebracht wird. Diese Phishing-E-Mails werden so getarnt, dass sie von der E-Mail-Adresse „alerts@lastpass[.]com“ stammen und den Betreff „Legacy Request Opened (URGENT If YOU ARE NOT DECEASED)“ tragen. 👇

blog.lastpass.com/posts/possib

blog.lastpass.comPossible CryptoChameleon Social Engineering Campaign Targeting LastPass Customers, Crypto Exchange Customers, Passkeys, and More - The LastPass BlogLastPass would like to alert our customers of a current phishing campaign that began in mid-October targeting our users, which has been associated with crypto theft.
#lastpass#phishing#scam
ResearchBuzz: Firehose

ZDNet: If a TikTok ‘tech tip’ tells you to paste code, it’s a scam. Here’s what’s really happening. “TikTok is being exploited as a delivery platform to spread information-stealing malware and other payloads, with free software acting as the bait. On October 17, Senior ISC Handler Xavier Mertens said in a post published on the SANS Institute’s Internet Storm Center website that the wave of […]

https://rbfirehose.com/2025/10/23/zdnet-if-a-tiktok-tech-tip-tells-you-to-paste-code-its-a-scam-heres-whats-really-happening/

ResearchBuzz: Firehose | Individual posts from ResearchBuzz · ZDNet: If a TikTok ‘tech tip’ tells you to paste code, it’s a scam. Here’s what’s really happening | ResearchBuzz: Firehose
More from ResearchBuzz: Firehose
#malware#onlinesafety#powershell
OTX Bot

Privacy and Prizes: Rewards from a Malicious Browser Extension

A unique phishing campaign has been identified, urging users to install a Chrome extension through an attached file. The threat actor entices victims with the promise of a $50,000 prize and privacy protection. The malicious extension, disguised as a MAC spoofer, actually captures user credentials when logging into various services. The campaign uses social engineering techniques and a seemingly legitimate domain to appear trustworthy. The extension is manually installed, bypassing the Chrome Web Store. Analysis of the extension's files revealed its true purpose of sending captured information to the attacker's server. This case highlights the importance of human analysis in detecting threats that bypass automated security solutions.

Pulse ID: 68f7af567bb994ba492c5941
Pulse Link: otx.alienvault.com/pulse/68f7a
Pulse Author: AlienVault
Created: 2025-10-21 16:05:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Browser#Chrome#ChromeExtension
Pen Test Partners

Payroll diversion scams are still catching people out.

Attackers use LinkedIn to find out who works in payroll, and then they send convincing emails asking to change salary payment details. One forwarded message is all it takes for the fraud to seem real.

Our latest blog post by Dave Wardle explains how these scams work, the internal controls that stop them, and the LinkedIn privacy settings that make you harder to target.

📌Read here: pentestpartners.com/security-b

#cybersecurity#socialengineering#phishing
TrendingLive feeds
About