Hacker News with Generative AI: Phishing

Russian phishing campaigns exploit Signal's device-linking feature (bleepingcomputer.com)
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorized access to accounts of interest.

Cybersecurity, Phishing, Signal, Messaging Apps, Russia

7 points by todsacerdoti 1 day ago | 0 comments

FBI, Dutch police disrupt 'Manipulaters' phishing gang (krebsonsecurity.com)
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.

Cybersecurity, Law Enforcement, Phishing, Malware

157 points by todsacerdoti 20 days ago | 62 comments

We got hit by an alarmingly well-prepared phish spammer (utoronto.ca)
Yesterday evening, we were hit by a run of phish spam that I would call 'vaguely customized' for us, for example the display name in the From: header was "U of T | CS Dept" (but then the actual email address was that of the compromised account elsewhere that was used to send the phish spam). The destination addresses here weren't particularly well chosen, and some of them didn't even exist. So far, so normal.

Cybersecurity, Phishing, Email Security

191 points by epakai 22 days ago | 127 comments

A phishing attack involving g.co, Google's URL shortener (github.com)
g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Cybersecurity, Phishing, Google, URL Shorteners

372 points by zachlatta 28 days ago | 158 comments

Chinese Innovations Spawn Wave of Toll Phishing via SMS (krebsonsecurity.com)
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid.

Cybersecurity, Phishing, Toll Roads, China, SMS

22 points by LinuxBender 34 days ago | 2 comments

Chinese Innovations Spawn Wave of Toll Phishing via SMS (krebsonsecurity.com)
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid.

Cybersecurity, Phishing, SMS, Toll Roads, China

4 points by todsacerdoti 35 days ago | 0 comments

A day in the life of a prolific voice phishing crew (krebsonsecurity.com)
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Cybersecurity, Phishing, Apple, Google, Voice Phishing

298 points by todsacerdoti 44 days ago | 113 comments

Human study on AI spear phishing campaigns (lesswrong.com)
TL;DR: We ran a human subject study on whether language models can successfully spear-phish people. We use AI agents built from GPT-4o and Claude 3.5 Sonnet to search the web for available information on a target and use this for highly personalized phishing messages. We achieved a click-through rate of above 50% for our AI-generated phishing emails.

Artificial Intelligence, Security, Phishing, Human Studies

205 points by DalasNoin 46 days ago | 112 comments

The Psychology of Phishing: Why Smart People Fall for Scams (techsplicer.com)
Do you know that feeling of dread when you realize you’ve clicked on a suspicious link? I know it perfectly.

Psychology, Security, Phishing, Scams

6 points by splicercy 47 days ago | 3 comments

Attacker Has Techdirt Reclassified as Phishing Site (techdirt.com)
Here on Techdirt, we write a lot about content moderation and even did a whole big series of content moderation case studies. However, here’s an interesting one that involves Techdirt itself from a couple weeks ago. It’s also a perfect example of Masnick’s Impossibility Theorem in action and a reminder of how the never-ending flood of spam and scams provides cover for bad actors to sneak through abusive reports.

Content Moderation, Online Security, Phishing, Case Studies, Spam

19 points by hn_acker 70 days ago | 3 comments

Phishers Love New TLDs Like .shop, .top and .xyz (krebsonsecurity.com)
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Cybersecurity, Phishing, Domain Names, Internet Security

170 points by todsacerdoti 79 days ago | 209 comments

Windows infected with backdoored Linux VMs in new phishing attacks (bleepingcomputer.com)
A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Cybersecurity, Phishing, Linux, Virtual Machines, Backdoors

15 points by sandwichsphinx 108 days ago | 0 comments

Russian spies use remote desktop protocol files in unusual mass phishing drive (theregister.com)
Microsoft says a mass phishing campaign by Russia's foreign intelligence services (SVR) is now in its second week, and the spies are using a novel info-gathering technique.

Cybersecurity, Phishing, Russia, Foreign Intelligence, Microsoft

5 points by LinuxBender 112 days ago | 0 comments

Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.

Cybersecurity, Microsoft, Phishing, Honeypots

6 points by mooreds 118 days ago | 0 comments

Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.

Cybersecurity, Microsoft, Phishing, Honeypots

11 points by sandwichsphinx 124 days ago | 0 comments

DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (theregister.com)
The US Department of Justice and Microsoft have seized 107 websites used by Russian cyberspies in a phishing campaign to steal sensitive information from US government agencies, think tanks, and other victims.

Cybersecurity, Government, Russia, Phishing, Microsoft

4 points by LinuxBender 140 days ago | 0 comments

Windows PowerShell Phish Has Scary Potential (krebsonsecurity.com)
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Cybersecurity, Phishing, Malware, Windows, Programming

21 points by todsacerdoti 154 days ago | 13 comments

Using Security Engineering to Prevent Phishing – Doyensec (doyensec.com)
Recently Doyensec was hired by a client offering a “Communication Platform as a Service”. This platform allows their clients to craft a customer service experience and to communicate with their own customers via a plethora of channels: email, web chats, social media and more.

Security Engineering, Phishing, Customer Service, Communication Platforms

3 points by tony-ds 154 days ago | 1 comments

FBI recommends using an ad blocker (2022) (ic3.gov)
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.

Cybersecurity, Government Recommendations, Phishing, Malware

297 points by ysabri 165 days ago | 223 comments

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords (bleepingcomputer.com)

Cybersecurity, Phishing, Malware, Hacking

72 points by nazgulsenpai 168 days ago | 30 comments

When Get-Out-the-Vote Efforts Look Like Phishing (krebsonsecurity.com)

Politics, Cybersecurity, Phishing

11 points by todsacerdoti 176 days ago | 0 comments

New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Creds (securityweek.com)

Security, Mobile Security, Phishing, Cybersecurity, Data Breaches

52 points by LinuxBender 183 days ago | 18 comments

Apple Intelligence beta flagged a phishing email as "Priority" (panic.com)