"I'm not the only person for whom a detailed knowledge of scams created immunity from being scammed. Troy Hunt is the proprietor of HaveIBeenPwned.com, the internet's most comprehensive and reliable breach notification site. Hunt pretty much invented the practice of tracking breaches, and he is steeped – saturated – in up-to-the-minute, nitty-gritty details of how internet scams work.

Guess who got phished?
(...)
Hunt had just gotten off a long-haul flight. He was jetlagged. He got a well-constructed, plausible counterfeit email from Mailchimp telling him that his mailing-list – which he absolutely relies upon – had been frozen after a spam complaint, and advising him to click on a link to contest the suspension. He was taken to a fake login screen that his password manager didn't autopopulate, so he manually pasted the password in (Mailchimp doesn't have 2FA). It was only when the login session hung that he realized he'd been scammed – and by then, it was too late. Within minutes, his mailing list had been exported by the scammers.

In his postmortem of the scam, Hunt identifies the overlapping factors that made him vulnerable. He was jetlagged. The mailing list was important. Bogus spam complaints are common. Big corporate sites like Mailchimp often redirect their logins through different domains, which causes password manager autofill to fail. Hunt had experienced near-identical phishing attempts before and spotted them, but this one just happened to land at the very moment that he was vulnerable. Plus – as with my credit union scam – it seems likely that Mailchimp itself had been breached (or has an insider threat), which allowed the scammers to pad out the scam with plausible details that made it seem legit."

https://pluralistic.net/2025/04/05/troy-hunt/#teach-a-man-to-phish

#Scams #Phishing #CyberSecurity

The Controversy Surrounding USSD Calls and Privacy Concerns in India.

https://aliyesha.com/sub/articles/news/display/al_controversy_surrounding_ussd_calls

#india #news #press #telecom #ussd #governance #scams #jio #airtel #vi #vodafone #exodus #ExodusPrivacy #android

Enjoy tracker free reading with us. #privacy #privacymatters

Spoiler: It's not your mum.
---
'Hi Mum' scam continues to trick parents three years on from first texts reported in Australia https://www.abc.net.au/news/2025-03-26/hi-mum-scam-texts-rise-public-education/105095266

#scam #scams

New #Blog: My Scammer Girlfriend: Baiting A Romance Fraudster
Author: Ben Tasker

https://www.bentasker.co.uk/posts/blog/security/seducing-a-romance-scammer.html?utm_source=rss

#infosec #osint #scams #security

"-Financial records in the leak show that, in four years, two groups of call centers based in Israel, Europe, and the country of Georgia raked in about $275 million from would-be investors.

- These operations have all the hallmarks of a massive scam: The call center agents use false identities, forged paperwork, and deceptive advertising; “investors” were systematically prevented from withdrawing their money; and almost all of the investment “products” on offer were unlicensed and had official warnings from authorities.

- Over 20,000 hours of leaked phone calls between scammers and their victims across dozens of countries give unprecedented insight into the brutality, efficiency, and global reach of the investment scam industry.

- Many victims are left penniless; some express suicidal thoughts. But the scammers — who adopt false identities and use software that can be manipulated to create illusory profits — keep coming back for more.

- The leaked files show the call centers are professionally run, with HR departments, corporate parties, and offices in slick office buildings. Marketing firms, payment service providers, and software companies enable their operations.

- The call centers have twisted corporate strategies, running leaderboards for top scammers and issuing performance-related bonuses — including a Rolex watch awarded after a particularly lucrative swindle."

https://www.occrp.org/en/project/scam-empire/scam-empire-inside-a-merciless-international-investment-scam

#Scams #Scammers #Fraud #CallCenters

Hundreds of people who are believed to have been trafficked across the Myanmar border to work in online scam centers have been rescued by Thailand’s army and will return to their home countries. Read more from @ABCNews@flipboard.com
https://flip.it/T6K0zo
#Myanmar #Thailand #Scams #HumanTrafficking #Asia

LA Fire Scams Are Rampant. Here's how to actually help those in need. See my YouTube or SoundCloud channels for links to worthy charities helping LA right now.

#LAFire #LAFires #Scams

https://youtu.be/mq5PwS3P2Xk

Daily podcast: LA Fire Scams Are Rampant. Here's how to actually help those in need. See my YouTube or SoundCloud channels for links to worthy charities helping LA right now.

#LAFire #LAFires #Scams #Charity

https://soundcloud.com/nickaesp/lar

😎"Sick of people calling everything in #crypto a #Ponzischeme. Some #cryptoprojects are #pumpanddump schemes, while others are #pyramidscheme. Others are just standard issue #fraud. Others are just #middlemen #skimming off the top. Stop glossing over the #diversity in the industry."😂

#BTC #Bitcoin #BitcoinFraud #CryptoScams #scams

Well, maybe they should not have given away how to easily fake a screenshot yourself, but still some useful tips to keep in mind. It helps to know what to zoom in on to look at.

I did not know about the Forensically app, which is a web based app that can analyse any image in depth and create heatmaps of stuff that’s been edited in.

See https://www.howtogeek.com/how-to-check-if-a-screenshot-has-been-photoshopped
#Blog, #forensics, #scams, #technology

Hot on the heels of today’s report about some incredibly weak passwords that South Africans are using online, and then re-using across other websites, comes this warning now about very realistic looking fake online shopping sites that closely resemble the real brand.

We have Black Friday coming up, as well as the festive season, so everyone is looking out for bargains. We should never be clicking on links we receive over instant messengers or e-mails, but now you want to be doubly sure you are actually on Takealot, or whatever site you expect to be on.

I’d suggest you check the URL carefully before making purchases, and rather use your saved bookmarks to access sites you regularly use. Your password manager refusing to show a login, is also a sign you may be on a fake site.

See https://mybroadband.co.za/news/security/570114-online-shopping-syndicate-warning-in-south-africa.html
#Blog, #scams, #southafrica, #technology