C'est de plus en plus n'importe quoi l'usage du téléphone... J'avoue que ce soit en pro ou perso, je ne reçois quasi que des appels de #spam aujourd'hui...

Votre numéro de téléphone est signalé en spam chez les autres ? Découvrez pourquoi et comment y remédier

De plus en plus de Français reçoivent des #SMS de #phishing venant de numéros de téléphone qui, étonnement, appartiennent à des gens honnêtes. Si le vôtre est listé, il est possible d'y remédier, heureusement !

https://www.clubic.com/actualite-557493-votre-numero-de-telephone-est-signale-en-spam-chez-les-autres-decouvrez-pourquoi-et-comment-y-remedier.html

Who is sending those scammy text messages about unpaid tolls?

The latest smishing scam follows a familiar process as ones the industry has seen over the past decade.

https://cyberscoop.com/toll-road-text-message-scam-swells-nationwide-how-to-stop/

Google Cloud (ex. Mandiant): https://cloud.google.com/blog/topics/threat-intelligence/session-stealing-browser-in-the-middle/

Mandiant details in this article Browser-in-the-Middle (BitM) attacks, a sophisticated session stealing technique that bypasses multi-factor authentication. Unlike traditional transparent proxies like Evilginx2 that require extensive customization, BitM offers attackers a streamlined approach to compromise web application sessions with minimal configuration. The article describes Mandiant's internal tool 'Delusion' for performing BitM attacks and demonstrates how attackers can steal authenticated sessions even when protected by MFA. The authors recommend implementing hardware-based MFA solutions like FIDO2 security keys and client certificates as effective countermeasures against these attacks.

Via #LLRX - @psuPete Recommends – Weekly highlights on cyber security issues, March 15, 2025: Four highlight's from this week's column - The 200+ Sites an #ICE #Surveillance Contractor is Monitoring; US cities warn of wave of unpaid parking #phishing texts; #OPM watchdog to investigate #IT risks tied to #DOGE agency access; and A Brand-New Botnet Is Delivering Record-Size #DDoS Attacks. #cybercrime #cyber #security #privacy https://www.llrx.com/2025/03/pete-recommends-weekly-highlights-on-cyber-security-issues-march-15-2025/

Cyberkriminelle nutzen aktuell gefälschte OAuth-Anwendungen, die sich als bekannte Dienste wie Adobe Acrobat, Adobe Drive oder DocuSign ausgeben. Ziel dieser Angriffe ist es, sich Zugriff auf Microsoft-365-Konten zu erschleichen. Im Beitrag erfährst du auch, wie du dich vor solchen Angriffen schützen kannst.

https://teufelswerk.net/achtung-vor-boesartigen-adobe-und-docusign-oauth-apps-so-schuetzt-du-dein-microsoft-365-konto/

Cybercriminals are now exploiting CSS to bypass spam filters & track user actions! Cisco Talos reports attackers use CSS properties like text_indent & opacity to hide content & redirect to phishing pages. Stay safe with advanced filtering & email privacy proxies! #cybersecurity #phishing https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html #newz

A widespread #phishing campaign has targeted nearly 12,000 #GitHub repositories with
fake "Security Alert" issues,
tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.

"Security Alert: Unusual Access Attempt We have detected a login attempt on your GitHub account that appears to be from a new location or device," -- reads the GitHub phishing issue.
All of the GitHub phishing issues contain the same text, warning users that there was unusual activity on their account from Reykjavik, Iceland, and the 53.253.117.8 IP address.

https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/

BSI: Phishing und Datenlecks sind größte Bedrohung für Verbraucher https://www.computerbase.de/news/apps/bsi-phishing-und-datenlecks-sind-groesste-bedrohung-fuer-verbraucher.91802/ #Phishing #Datenlecks #BSI

Seeing what looks like a #phishing attempt using #GitHub Issues.

Be on the lookout for a suspicious login emails or any other emails for issues.

#Coinbase #phishing #email tricks users with fake wallet migration

https://www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/

#Phishing aktuell: Vermeintlich neue Sicherheitsupdates bei der #Commerzbank: https://verbraucherzentrale.nrw/phishing

ClickFix-Phishing: Neue Kampagne richtet sich gegen die Hotellerie
#Datenschutz #ITSicherheit #ClickFixPhishing #CyberkriminalitätimGastgewerbe #HackerangriffaufHotels #Phishing #PhishingSchutz #SocialEngineeringBetrug https://sc.tarnkappe.info/c2ae2c

Ein Dankeschön an die selbstlosen Cyberkriminellen, die mir heute eine Phishing-Mail (Imitat einer Bank) zugesendet haben !! !!
Der enthaltene Link führte mich zu einer nicht vorhandenen Seite "404 - Not found". Beim Wechsel auf die Hauptdomain stieß ich auf öffentlich zugängliche, downloadbare "Index of"-Verzeichnisse mit aktuellen Html- und PHP-Templates, Javascript-Dateien, Telegram-Bots für Phishing-Kampagnen (Banken, Cloud-Dienste, Telekommunikation)
#phishing #spam #scam #cybersecurity

Looks like there is some good human manipulation, er, "social engineering" lately using a pretext of looking for security work and sending links through weird domains that redirect to calendly links for what I assume is an opportunity to continue the con. For now, I would BOLO URIs with ?redirectTo=https://calendly.com/* in the parameters. I can't say they're necessarily malicious, but I would certainly scrutinize them and the domain you see them redirected from, especially if the original subdomain is t or trk.

Na, das wird aber auch Zeit.
Endlich tun die in Brüssel mal etwas gegen meine Armut.

Im Ernst, wer fällt auf so etwas rein?

Noticing many emails into the junk folder that I'd normally report and block that can no longer be reported or blocked, only deleted.

Anyone else seeing that?

Pas op mensen, #DigiD #oplichting per brief. #phishing

Via deorkaan.nl

https://www.deorkaan.nl/opgepast-digid-oplichting-per-brief/

Decent attempt at a phone number validation operation which could lead to phishing or financial scams.

If you are on the fence, check whitepages.com to see which carrier the number belongs to. No Good Samaritan is going to be texting you from a VOIP service you’ve never heard of. Particularly not Onvoy, which the bad guys tend to prefer.

When in doubt, delete and report. And please have these conversations with your parents, and your children.

Phishing-Angriff per Mail: ING-, comdirect-, Volksbank- und Postbank-Kunden im Visier
#Datenschutz #OnlineBetrug #Betrugsmasche #EMailBetrug #OnlineBanking #Phishing #PhishingAngriff https://sc.tarnkappe.info/8a9303