Facebook 2FA phish arrives just 28 minutes after scam domain created

The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Want to know more about this topic or about us? Contact us!
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Don’t leave old accounts lying around where someone sketchy could reactivate them.
Latest episode – listen now!
The company has put out a brief security report that summarises the ‘what’, but not yet the ‘how’ or ‘why’.
by Paul Ducklin Apple patches a raft of serious security holes. Police arrest eight suspects in an online scamming ring. We explain how WhatsApp messages from hacked accounts are helping cybercrooks bypass 2FA. With Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. LISTEN NOW . . . Read more
by Paul Ducklin Here’s our latest Naked Security Live talk, where we answer the thorny question, “What if my password manager gets hacked?” We often recommend password managers, as we did last week in our article Cybersecurity tips for university students. We especially recommend password managers for people who would . . . Read more
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold. Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. . . . Read more
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October. When Dutch ethical hacker Victor Gevers tried to alert Secret Service that he was able to guess the password to President Donald Trump’s Twitter handle last . . . Read more
Fraudulent Facebook messages allege copyright infringement and threaten to take down pages, unless users enter logins, passwords and 2FA codes.
by Paul Ducklin Do you look after any sort of social media content? If so, especially if it’s business related, you’ve probably received your fair share of copyright infringement complaints. No matter how scrupulous you are about correctly licensing and attributing your content, you may be the victim of a . . . Read more