Hacker News with Generative AI: Phishing

Chinese Innovations Spawn Wave of Toll Phishing via SMS (krebsonsecurity.com)
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid.

Cybersecurity, Phishing, Toll Roads, China, SMS

4 points by LinuxBender 2 hours ago | 0 comments

Chinese Innovations Spawn Wave of Toll Phishing via SMS (krebsonsecurity.com)
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid.

Cybersecurity, Phishing, SMS, Toll Roads, China

4 points by todsacerdoti 1 day ago | 0 comments

A day in the life of a prolific voice phishing crew (krebsonsecurity.com)
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Cybersecurity, Phishing, Apple, Google, Voice Phishing

296 points by todsacerdoti 10 days ago | 113 comments

Human study on AI spear phishing campaigns (lesswrong.com)
TL;DR: We ran a human subject study on whether language models can successfully spear-phish people. We use AI agents built from GPT-4o and Claude 3.5 Sonnet to search the web for available information on a target and use this for highly personalized phishing messages. We achieved a click-through rate of above 50% for our AI-generated phishing emails.

Artificial Intelligence, Security, Phishing, Human Studies

205 points by DalasNoin 13 days ago | 112 comments

The Psychology of Phishing: Why Smart People Fall for Scams (techsplicer.com)
Do you know that feeling of dread when you realize you’ve clicked on a suspicious link? I know it perfectly.

Psychology, Security, Phishing, Scams

6 points by splicercy 13 days ago | 3 comments

Attacker Has Techdirt Reclassified as Phishing Site (techdirt.com)
Here on Techdirt, we write a lot about content moderation and even did a whole big series of content moderation case studies. However, here’s an interesting one that involves Techdirt itself from a couple weeks ago. It’s also a perfect example of Masnick’s Impossibility Theorem in action and a reminder of how the never-ending flood of spam and scams provides cover for bad actors to sneak through abusive reports.

Content Moderation, Online Security, Phishing, Case Studies, Spam

19 points by hn_acker 36 days ago | 3 comments

Phishers Love New TLDs Like .shop, .top and .xyz (krebsonsecurity.com)
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Cybersecurity, Phishing, Domain Names, Internet Security

170 points by todsacerdoti 46 days ago | 209 comments

Windows infected with backdoored Linux VMs in new phishing attacks (bleepingcomputer.com)
A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Cybersecurity, Phishing, Linux, Virtual Machines, Backdoors

15 points by sandwichsphinx 74 days ago | 0 comments

Russian spies use remote desktop protocol files in unusual mass phishing drive (theregister.com)
Microsoft says a mass phishing campaign by Russia's foreign intelligence services (SVR) is now in its second week, and the spies are using a novel info-gathering technique.

Cybersecurity, Phishing, Russia, Foreign Intelligence, Microsoft

5 points by LinuxBender 79 days ago | 0 comments

Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.

Cybersecurity, Microsoft, Phishing, Honeypots

6 points by mooreds 85 days ago | 0 comments

Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them.

Cybersecurity, Microsoft, Phishing, Honeypots

11 points by sandwichsphinx 91 days ago | 0 comments

DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (theregister.com)
The US Department of Justice and Microsoft have seized 107 websites used by Russian cyberspies in a phishing campaign to steal sensitive information from US government agencies, think tanks, and other victims.

Cybersecurity, Government, Russia, Phishing, Microsoft

4 points by LinuxBender 106 days ago | 0 comments

Windows PowerShell Phish Has Scary Potential (krebsonsecurity.com)
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Cybersecurity, Phishing, Malware, Windows, Programming

21 points by todsacerdoti 120 days ago | 13 comments

Using Security Engineering to Prevent Phishing – Doyensec (doyensec.com)
Recently Doyensec was hired by a client offering a “Communication Platform as a Service”. This platform allows their clients to craft a customer service experience and to communicate with their own customers via a plethora of channels: email, web chats, social media and more.

Security Engineering, Phishing, Customer Service, Communication Platforms

3 points by tony-ds 121 days ago | 1 comments

FBI recommends using an ad blocker (2022) (ic3.gov)
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.

Cybersecurity, Government Recommendations, Phishing, Malware

297 points by ysabri 131 days ago | 223 comments

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords (bleepingcomputer.com)

Cybersecurity, Phishing, Malware, Hacking

72 points by nazgulsenpai 134 days ago | 30 comments

When Get-Out-the-Vote Efforts Look Like Phishing (krebsonsecurity.com)

Politics, Cybersecurity, Phishing

11 points by todsacerdoti 142 days ago | 0 comments

New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Creds (securityweek.com)

Security, Mobile Security, Phishing, Cybersecurity, Data Breaches

52 points by LinuxBender 149 days ago | 18 comments

Apple Intelligence beta flagged a phishing email as "Priority" (panic.com)