Search

Items tagged with: Phishing

Update verfügbar: #58 - Deine #Mails, dein digitales Zuhause

Bundesamt für Sicherheit in der Informationstechnik
Der Dreh- und Angelpunkt in unserem digitalen Leben ist unser #EMail-#Account: Über diesen melden wir uns beim #Onlineshopping oder bei Apps und Websiten an.

Und wir hinterlegen ihn, um Benutzerkennwörter zurückzusetzen.

Genau deshalb sind E-Mail-Accounts ein beliebtes Ziel von Hackern.

Wie diese vorgehen und welche #Schutzmaßnahmen es gibt, darüber sprechen Schlien und Hardy mit dem #BSI-Experten Alexander Härtel in dieser Folge von #UpdateVerfügbar.

Ihr erfahrt, wie die neuesten #Phishing-Methoden funktionieren und wie ihr überprüfen könnt, ob eure eigene E-Mail-Adresse missbraucht wurde. Dazu tauchen Schlien und Hardy tief in die dunklen Ecken ihrer eigenen E-Mail-Postfächer ein.
So könnt ihr leicht nachvollziehen, wo die Stolperfallen liegen. Überzeugt euch selbst!

Webseite der Episode: update-verfuegbar.podigee.io/6…

Mediendatei: audio.podigee-cdn.net/2082392-…

@Tutanota
@mailbox_org
@startmail


#58 - Deine E-Mails, dein digitales Zuhause

Der Dreh- und Angelpunkt in unserem digitalen Leben ist unser E-Mail-Account: Über diesen melden wir uns beim Onlineshopping oder bei Apps und Websiten an. Und wir hinterlegen ihn, um Benutzerkennwörter zurückzusetzen.
Update verfügbar
#email #account #Phishing #onlineshopping #mails #schutzmaßnahmen #bsi #updateverfugbar @Tuta @StartMail @mailbox

There's a really disturbing #Paypal #phishing scam happening right now. Obviously this reads like a typical phishing attempt (bad grammar, a malformed phone number to call, etc), but the official Paypal email wasn't spoofed. It came from PayPal's email infrastructure.

Examining the headers shows that SPF, DKIM, and DMARC all pass. If you have a Paypal account, please exercise caution. Don't click links in these emails. Forward them to phishing@paypal.com.

Please boost for visibility.

A phishing email impersonating PayPal, warning of a $599.99 BTC transaction and urging the recipient to call a phone number to stop the payment or log in to their account.
#Phishing #paypal

Dear @thunderbird people ... when viewing my email, I want to be able to hover over a link (1) to figure out if it's obviously dodgy .... please can you make the real url appear in a large font - perhaps as an on hover bubble or something - rather than putting it in small text in the bottom of the window (2) where various other status updates go (and overwrite it), making it hard to see.
#Thunderbird #Phishing
an email from "netflix" .... #phishing
#thunderbird #Phishing @Thunderbird: Free Your Inbox

⚠️⚠️⚠️ À faire tourner, surtout auprès des nouvelles et nouveaux de Mastodon ⚠️⚠️⚠️

Depuis quelques jours, des messages de phishing circulent ici, prétendant être émis par "la modération de Mastodon" et indiquant que "votre compte est suspendu", avec un lien pour "débloquer le compte". ‼️‼️

C'est bien évidemment une arnaque, mais j'ai vu des messages de gens en panique face à ça.
Alors, faites tourner l'info, signalez ces comptes, rassurez les gens 😊😊😊
#arnaque #phishing

#Phishing #arnaque

@Tutanota users!

"jonahrichie09@gmail.com" does 100% *not* work at Tuta.

Do not under any circumstances click on the attached pdf.

#phishing #security #email

PS. The e-mail was forwarded to abuse@tutao.de as well as marked as phishing. DS

Phishing e-mail
#email #security #Phishing @Tuta

#Phishing

#Phishing #machinelearning #cybersec #internetsafety

Important reminder, if you own a domain name and don't use it for sending email.

There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.

Just add these two TXT records to the DNS for your domain:
TXT v=spf1 -all
TXT v=DMARC1; p=reject;

The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.

If you do use your domain for sending email, be sure to add 3 records:
SPF record to indicate which SMTP server(s) are allowed to send your email.
DKIM records to add a digital signature to emails, allowing the receiving server to verify the sender and ensure message integrity.
DMARC record that tells the receiving email server how to handle email that fails either check.

You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.

UPDATE: The spf and the dmarc records need to be appropriately named. The spf record should be named "@", and the dmarc record name should be "_dmarc".

Here's what I have for one domain.

One difference that I have is that I'm requesting that email providers email me a weekly aggregated report when they encounter a spoof. gmail and Microsoft send them, but most providers won't, but since most email goes to Gmail, it's enlightening when they come.

#cybersecurity #email #DomainSpoofing #EmailSecurity #phishing

Screenshot of my DNS spf and _dmarc records showing that they are set up with the names "@" and "_dmarc" respectively, as TXT types with the values. The _dmarc record has a "rua" value, not mentioned in the original post, that tells email providers that I'd appreciate that they send me a weekly aggregated report of rejected emails.
#email #cybersecurity #Phishing #emailsecurity #domainspoofing

Na klar, na? Da soll ich also schnellstens mein Online-Banking unter "klarna-verfahren.com" über den Link in der SMS "aktualisieren". Als ob ich freiwillig einen solchen Service überhaupt nutzen würde. Alles Klar, na?

(PS: Hab solche SMS bislang nie bekommen, sehe so etwas also zum ersten Mal aus erster Hand)

🗑️

#scam #sms #phishing

SMS die behauptet, meine "Legitimation" würde morgen enden und ich solle doch schnellstens mein Online-Banking unter "klarna-verfahren.com" über den Link in der SMS "aktualisieren"
#sms #scam #Phishing

Received a #phishing email directed at @Tutanota customers. The email redirects to a login portal. Already reported via the app.
Text of the phishing email: "Dear Tuta User, We emailed you last month to let you know about changes we are making to our Terms of Service and Privacy Policy. These changes are key steps towards creating what's next for our consumers, like you, while empowering them with transparency and controls over how and when their data is used. In order to continue to access your Mail account after August 25, 2024. You will need to confirm and accept the Terms of Service. CLICK HERE TO START Thank you for your time and cooperation. Tuta Team."
Phishing portal for tutanota email
Image of a website in the link in the email. Text of the website: "You’re almost set! Verify your email by tapping the button. Don’t wait, this message is valid for 24 hours."
#Phishing @Tuta

Docela povedený podvodný e-mail. Vypadá skoro stejně jako oficiální zpráva od Hetzneru – nechybí ani profesionální styl a odkaz na konsoleH. Kdyby to nepřišlo na jinou adresu, možná by mě ani nenapadlo zkontrolovat odesílatele.
#phishing
Na obrázku je e-mail, který se jeví jako oficiální zpráva od společnosti Hetzner. Začíná oslovením "Dear Customer" a pokračuje textem, který informuje o nutnosti aktualizace výchozí platební metody pro zajištění pokračující dostupnosti služeb. Odkaz, který je v e-mailu uveden, vede na údajnou konsoleH stránku (https://konsoleh.hetzner.com/acc/orb32), kde uživatelé mají aktualizovat své platební údaje po přihlášení. Vzhled e-mailu je pečlivě navržen, ale jedná se o podvod
#Phishing

#Phishing #emailphishing #preventphishing #phishingtips

@webmontagkiel, und @evawolfangel ist dann tatsächlich in Kiel angekommen. Einen Zug vor mir. Der Vortrag war wirklich witzig. Quitessenz: Jede Person, JEDE, kann Opfer von #phishing werden.
#Retrööt sehr erwünscht, eigener Upload irgendwo nicht erlaubt!
#Sketchnotes
Sketchnotes vom Vortrag über IT-Sicherheit. „Der Mensch ist nicht das Problem“ Einige Passagen: Selbst die besten Sicherheitsmenschen klicken manchmal auf die falschen Links. Es gibt Fishing Awarenesstraining, aber das nutzt die Aufmerksamkeit ab. Außerdem fühlen sich Mitarbeitende betrogen, wenn ihnen der AG misstraut. Phisching-Mails erzeugen Druck und Dringlichkeit. Oft denkt man, dass die in der Mail beschriebene Situation ja gar nicht stimmt. Aber bei manchen Empfänger*innen passt es dann eben doch. Die Masse macht es.
#Phishing #retroot #sketchnotes @Eva Wolfangel @WebMontag Kiel

I think this is the first time I received a #phishing mail with regard to @Tuta
Screenshot of a phishing mail, pretending to come from Tutanota.
#Phishing @Tuta

#cybersecurity #scam #Phishing #cybercrime #labhost

And it's not only google drive, it now also started on #GPhotos 😒
I already reported the completely same #phishing message three times, but a new one from another account appears again...

Conclusion: it does not matter whether you use centralized or decentralized services, spam is always there...

Phishing notification from google photos saying my account will be deactivated
#Phishing #gphotos

#sms #databreach #Phishing #att

#ipv6 #Phishing #mpsv

#security #github #Phishing