In this video we explore phishing attacks.
- How phishing scams are performed and
- Why are they so effective.
- Demonstrating techniques used by hackers and phishers.
- Plus SMShing and vishing!
Add a header to begin generating the table of contents
Referances
LIVE PHISHING LINKS
https://www.openphish.com/
EXAMPLE XSS ATTACK
https://www.stationx.net/gossamer-threads-links-sql-login-xss-vulnerability/
Homograph attack using internationalized domain name
https://hethical.io/homograph-attack-using-internationalized-domain-name/
Thank you for the great information and public service, God Bless, Nathan…
Thanks for sharing!
Nice post! Need to be vigilant to avoid getting trapped.
Thank you for the productive information.
I just fell for a crypto scam and lost $8,000. I thought I knew better, but nope. Youtube video had fake “live” interview with the founder of Ethereum, Vitalik Buterin. The video background text was offering an exchange for ETH. For every coin you sent, they sent another. 1 ETH would net 2 ETH, 2 would net 4, and so on. You would go to a website (getether21.org). They had a wallet address 0x36A2Ed5440Ec026f80fC8326D5D0Dfb65807dC41 (not sure of zero vs cap). I sent 1.8 ETH worth close to 8k. While the transaction was pending in my Coinbase account, I kept clicking cancel for the longest time, but it would never cancel. It finally went through. I filed a complaint a the Federal Trade Commission website but will likely never get my money back. I’m 63 and retired. This just makes me feel so bad… I would like to see these types of people get what’s coming to them, jail.
I have started telling my correspondents to use plain text E-mails only unless there is a *special* case which requires something else. However, many times that *special* case could be a page on a web site, and the E-mail message would simply be “Use your browser to go to MY-URL-HERE”.
More and more of our corporate resources are going towards phishing security as this is currently our highest risk category.
Firewall rules: Deny all and then allow only what you want.
This could soon be our public e-mail stance. Deny all. And allow only whitelisted e-mails. We have not pulled the trigger yet on this policy, but we are very close. It’s funny because in the early days of internet we were all excited about being able to be in contact with anybody. And now … not so much. The risk can be greater than the reward.
So how would new people contact us? Only if we want their e-mail. The easy way to implement it is: We send an e-mail to the new sender’s e-mail. We tell them this is so they get our e-mail accurately. And while that’s true, sending e-mail to someone whitelists them in our system so they can send e-mail back. Otherwise they’d be blocked. We could be seeing this change within the year. Trying to work out some exception cases.
I am personally seeing SMShishing as well. The primary one I see is “Thank you from (cell phone provider) for paying your December bill. Please click to claim your reward.”. I do not have a solution for this yet, and I’m quite open to ideas on how to stop this.
I will like you to add cloud pentesting course