Whoa, that Google phishing scam was pretty wild, wasn't it? Seriously, DKIM replay *and* abusing Google Sites... somebody got *really* creative there.

Look, we all know phishing isn't new. But the ingenuity attackers are showing lately? It's genuinely getting a bit unnerving. And the real kicker? Too many companies still think a simple automated scan has their back. Spoiler: it doesn't. Catching sophisticated stuff like this often takes a proper penetration tester who knows where to look.

It's always a good feeling when we help clients spot these things before they blow up. Honestly, though, security really needs to be driven from the top and actually get the budget it deserves.

Makes you think, huh? How long 'til we see the first wave of AI-driven phishing attacks that are *scarily* good? Gives me the chills!

Heutiges #Phishing: Kontosperrung aufgrund ungewöhnlicher Aktivitäten im Namen von #Amazon: https://www.verbraucherzentrale.nrw/phishing

#Windows #NTLM hash leak flaw exploited in #phishing attacks on governments

https://www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/

The Witcher 4 Scam-Alarm: Phishing-Falle tarnt sich als Beta-Test-Einladung
#Gaming #OnlineBetrug #BetaTest #CDProjektRed #FakeEinladung #Phishing #Scam #Witcher4 https://sc.tarnkappe.info/301b0a

Is this website legit? https://www.macaissedepargnehautsdefrancemerepond.fr/

At first glance, the domain name looks suspicious. But when we checked Passive DNS data, it turns out the domain has existed for over two years and has been seen before. Was it taken over, or has it always been active?

Interestingly, there’s no login form on the page, which might suggest it’s not part of a phishing campaign.

So… could it actually be legit? Again PassiveDNS helps a lot but sometime creativity in domain creation makes everything uncertain.

LookyLoo https://lookyloo.circl.lu/tree/79f3d4f0-3e98-426b-a5df-e4b79398200a

Russians lure European diplomats into #malware trap with wine-tasting invite - https://www.theregister.com/2025/04/16/cozy_bear_grapeloader/ "Vintage #phishing varietal has improved with age"

Abnormal published a intel like report for a newer AI/Vibe platform used in phishing, but withheld any useful indicators or patterns for building detections or policies.

Fine, I'll do it myself.

Dev console: gamma.app

Websites: {pagename}-{guid}.gamma.site

Documents/Slides: gamma.app/docs/{docname}-{guid}

Email notifications (add collaborator): notifications@gamma.app

Email Invitation URL: gamma.app/invitations/docs/{guid}?{params}

API: api.gamma.app

i am highly amused (and this is a warning to all user of the intertubz, because i know some of you are not paying proper attention.)
i recently received a phishing SMS message about alleged overdue ezpass fees (not uncommon these days). the link i was supposed to click is in the .xin top level domain (in theory a peer of .com, .org, .net, etc...). this is obviously suspicious to anyone who pays more than cursory attention. but wait, there's more. 1/ #phish #phishing

Polizei warnt vor Betrug bei britischer Einreiseerlaubnis – mit falscher URL

Für Reisen nach Großbritannien braucht man eine elektronische Erlaubnis. Bei einer Warnung vor einer Betrugsmasche unterläuft der Polizei selbst ein Fehler.

https://www.heise.de/news/Polizei-warnt-vor-Betrug-bei-britischer-Einreiseerlaubnis-mit-falscher-URL-10356319.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Bankbetrug durch KI: Rentner im Visier digitaler Betrüger
#ITSicherheit #OnlineBetrug #CindyTriest #Cybercrime #HaraldKiesewetter #Kreditkartenbetrug #KünstlicheIntelligenz #Phishing https://sc.tarnkappe.info/c1816c

Benutzer von Outlook müssen wirklich seeehr geduldig sein.

Meiner Meinung nach einer der miesesten #EMail-Clients (aber leider der beste #Groupware-Client) und dann noch die ständigen #Cloud-Zwänge, das Abschnorcheln der Passwörter durch #Microsoft (iOS/Android/neues #Outlook), quasi optimiert als Einfallstor für #Phishing und #Malware und dann noch solche Kleinigkeiten:

Fehler in Microsoft Outlook kann das System massiv verlangsamen
https://www.derstandard.at/story/3000000266163/fehler-in-microsoft-outlook-kann-das-system-massiv-verlangsamen

Leute, ich frage mich ernsthaft, warum die Menschen nicht scharenweise zu zumindest #Thunderbird wechseln, wo man fast alle Outlook-Nachteile mit einem Schlag verliert. Auch bei Benutzung via #Exchange.

#Phishing: Kontaktverifizierung erforderlich bei der #Targobank: https://verbraucherzentrale.nrw/phishing

heise+ | Vertrauenswürdige E-Mail: Spoofing-Schutz über DNS einrichten

Domain-Inhaber können E-Mail-Spoofing deutlich erschweren, wenn sie über das Domain Name System (DNS) standardisierte Informationen zur Verfügung stellen.

https://www.heise.de/hintergrund/Vertrauenswuerdige-E-Mail-Spoofing-Schutz-ueber-DNS-einrichten-10331860.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

New #ClickFix scam targets US users with fake MS Defender and CloudFlare pages.
The scam page is hosted on a domain registered back in 2006, pretending to be the Indo-American Chamber of Commerce.
The #phishing page loads only for US-based victims, as observed during analysis with a residential IP in #ANYRUN Sandbox.

Analysis session: https://app.any.run/browses/50395c46-41f5-4bb3-8205-61262ef4e63d/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice

URL: iaccindia[.]com
The page hijacks the full-screen mode and displays a fake “Windows Defender Security Center” popup.

It mimics the Windows UI, locks the screen, and displays urgent messages to panic the user.

Victims are prompted to call a fake tech support number (+1-…), setting the stage for further exploitation.

The phishing page may also display a fake CloudFlare message tricking users to execute a #malicious Run command.
Take a look: https://app.any.run/tasks/e83a5861-6006-4b1d-aba8-8536dcaa8057/?utm_source=mastodon&utm_medium=article&utm_campaign=clickfix_scam&utm_term=160425&utm_content=linktoservice

#IOCs:
supermedicalhospital[.]com
adflowtube[.]com
knowhouze[.]com
ecomicrolab[.]com
javascripterhub[.]com
virtual[.]urban-orthodontics[.]com

Streamline threat analysis for your SOC with #ANYRUN
#ExploreWithANYRUN

#SMS #SPAM #SCAM #PHISHING #BETRUG

Diese SMS hatte ich heute morgen auf meinem Smartphone.

Dabei hab‘ ich gar kein Konto bei der Sparkasse

Ist wohl ne üble Betrugsmasche. Die Rufnummer schon als Gefahr gelistet. Am besten (als Spam) melden und ab in die

#MidnightBlizzard deploys new #GrapeLoader #malware in embassy #phishing

https://www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/

#Phishing aktuell: Vermeintliche Aktualisierung der Zahlungsmethode bei #Netflix erforderlich: https://verbraucherzentrale.nrw/phishing

I've written a blog post about my recent experience of a phishing attempt through booking.com in relation to two Slovakian hotel bookings.

Have a look here at what happened and what I did, and didn't do

https://gaylers.me/travel/2025/04/phishing

Be careful what you click! Fake PDF converter sites mimicking #PDFCandy, a legit website, is spreading malware via Google Ads. It tricks users with a realistic interface and installs info-stealing malware.

https://hackread.com/fake-pdfcandy-websites-spread-malware/