By @edent · bank CyberSecurity phishing scam security · 8 comments · 500 words · read ~3,356 times.
You receive a call on your phone. The polite call centre worker on the line asks for you by name, and gives the name of your bank. They say they're calling from your bank's fraud department. "Yeah, right!" You think. Obvious scam, isn't it? You tell the caller to do unmentionable things to a goat. […]
Continue reading →By @edent · CyberSecurity phishing Responsible Disclosure · 1 comment · 300 words · read ~108 times.
Suppose you are sent a link to a website - e.g. https://example.com/page/1234 But, before you can access it, you need to log in. So the website redirects you to: https://example.com/login?on_success=/page/1234 If you get the password right, you go to the original page you requested. Nice! But what happens if someone manipulates that query string? Suppose […]
Continue reading →By @edent · phishing scam sms spam · 3 comments · 650 words · read ~609 times.
Earlier this week, my holiday was interrupted by a sophisticated SMS scam. Rude! Let's take a look at it. Let's take a look at all the ways we can tell it is a scam. Firstly, and most obviously, I am not a customer of Lloyds Bank! But these scammers send out to multiple people hoping […]
Continue reading →By @edent · fraud phishing sms spam · 16 comments · 550 words · read ~4,004 times.
The UK is facing an epidemic of SMS fraud. Scammers know that we're all at home eagerly waiting for deliveries. So they send out phishing messages saying "Sorry we missed you" or "You need to pay a delivery fee". If you click on the link they send, you'll go to a very convincing website which […]
Continue reading →By @edent · fraud phishing scam security twitter · 4 comments · 400 words · read ~1,265 times.
My mate Dom was moaning to his ISP on Twitter. They sent him a private message so they could look into his account. Blimey! Thankfully, that was a pretty brazen and inept attempt at phishing. Anyone asking for all your card details like that should set the alarm bells ringing. Of course, phishers often target […]
Continue reading →By @edent · phishing scam spam · 21 comments · 300 words · read ~27,836 times.
Yesterday, January 2nd, my wife received a billing alert from her phone provider. Luckily, she's not with EE - because it's a pretty convincing text. That domain name is specifically designed to include the day's date. If you're stood up on a crowded train, with your phone screen cracked, would you notice that a . […]
Continue reading →By @edent · phishing spam twitter · 4 comments · 450 words · read ~875 times.
Ever had a moan at your bank on Twitter? You're not alone - it's one of the most popular ways to interact with large companies. But how can you be sure that you're actually talking to the real customer services team? There's been a worrying rise in the number of fake accounts which attempt to […]
Continue reading →By @edent · passwords phishing security twitter · 2 comments · 300 words · read ~1,583 times.
Companies face a complicated choice. Make things easy for the customers, or make things secure for them. Convenience seems to take priority most of the time. This forces companies to get their customers to risk their own security. In this example, we see Verizon Wireless asking their customers to type their passwords into Twitter for […]
Continue reading →By @edent · Amazon bit.ly phishing security · 3 comments · 650 words · read ~345 times.
Phishing is the devious practice of tricking users into giving away their usernames and passwords to fraudulent sites. It is big business, and the best defence against it is constant vigilance. I'm going to walk you, step-by-step, through a scam that targetted me today. Along the way we'll see how to avoid falling prey to […]
Continue reading →By @edent · email phishing scam security spam · 5 comments · 500 words · read ~2,481 times.
Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is. Early one morning, I received this email from someone I know (details redacted by me). It came from his email, it has his signature at the bottom. This […]
Continue reading →