Beware of the new ATM phishing attack.

Sneak: 100

This is some nevt level phishing. I wrote the guy who was listed in WHOIS an E-Mail, correcting his mistakes.

My classmate just fell for a phishing email from "PayPal."

She was talking about her payment being declined to her friend.

It peaked my attention when she said after logging in, she was lead to a blank page.

I asked if I could see it and it was definitely a phishing email

I will admit, it's one of the most professional phishing email I've ever seen, but the grammar wasn't very professional and the PayPal logo wasn't completely accurate.

Why do these idiots fall for everything?

There's a fine line between phishing and just standing on the shore like an idiot. Steven Wright

Anyone this stupid doesn't deserve a computer.

Hacked a phishing website to phish the domain admin.

Got a phishing email with name-pw sent as get parameters so i did what ever respectable human would have

I hate it when I run out of internets.

Probably the funniest phishing test I've ever seen.

How do I un-idiot my users when it comes to clicking on dodgy email-links??

Got a forwarded email just there from a user who said;

Good afternoon,
Is the below ok to open?
I just tried but got a popup saying I've been blocked from opening it.
I'm not sure who it is coming from and I am not waiting on anything but as it says its from dropbox and is important, i know it's okay.
Can you unblock the link ASAP please?
This is really impeding my work-day as I need to know what it is and act accordingly.
Regards... user.

The Original email came from a random jumble of letters with a subject line of 'important dropbox program' - not only does it look dodgy but its english is horrible! It said;

"Hi tu my freind,

You tu still read a pending verrry important document sent by one of your own contact to be vieweddd.

Install "Highly Confidential english.pdf" by clickinggg here

*insert link leading to something called 'viral-update-trojan.exe'*"

I mean, seriously... help!!! 😢
We have sent emails explaining how to hover over links and to not to click them if it looks wrong.
No one does it.
We hired a company to send fake phishing emails to train users in what to do.
It made no difference!
We now make people 'verify' their email addresses when opening any sort of link to try get them to actually look at what they're opening.
We also strip emails of original attachments and create 'safe' html copies as we can't trust them to look at what they're opening.
Everyone complains about it but Jesus Christ, this is why!!!

Its so exhausting!! What is wrong with people!!! Argh!!! 😤

My mother sits in front of me with her laptop. After a time she asks me, who founded Microsoft. I say: "Bill Gates but why?"
She: "Oh my god, I am winning an iPhone!!!"
I know exactly what's going on, so I go to her and show her the shitty URL and some grammar mistakes in the text and close the tab after explaining that it is phishing.
After that she just looks at me and is sooooo angry about me, because she still thinks that it was real. Only because they "knew which Internet provider we were using and that they just wanted to reward us for being customer!!!". I'm so sad now, because I never thought she would fall for sth. like this... 😔

I’m almost sure it’s a phishing email...

When you thought you are a hacker and try phishing me.😂
Thanks @h3ll for that word "tosserpod"

I just earned 500€ by sending 8 emails and scanning a wordpress site
I talked this company to want basic security training
What i did was scrape their site for email addresses of important people, send all of them a phishing email (Thanks for not configuring SPF)
I got login details of 5 out of 8 high ranking employees

When explaining that you gave your password to me, one dude just said :”so what, i have nothing in there”
🤦‍♂️
Yeah, nothing but a remote access to all workstations, access to company’s shared folders, all customer details and billing system

Needless to say, they got a pretty stern lecture

And the site: 2 known exploits found, unauthorized passworf reset and remote code execution for logged in users

We had a short power outage this morning. 30 min later I got an "urgent" call that someone's "computer" was not working in another branch of our company.

Not one person in that branch could figure this out so after them repeatedly messaging and calling me for around an hour I decided to come over.

I found out that the power wall plug to the monitor has a switch on it which this person accidentally kicked...

I fixed his problem in around 20 seconds. This same employee was one that somehow had his email account previously "hacked" and 8000 phishing emails were sent from his account in 1 hour.

I honestly think it is amazing people like this can even use a computer at all...

Mordern Phishing attacks..
(Credits: Hacker News)

Corporate: Phishing Emails are serious. We need you guys to take this awareness training. Please report if you get any suspicious email.

*Sends the awareness training in a format that screams Phishing

Everybody: Wait... is this a test?

Give a Nigerian Prince an e-mail account and he will scam the net for a day,

Teach him how to phish, and he will prosper for eternity!

Survey: Would you sign in to this website?

The company I work for have this obsession of sending phishing emails to employees. If you report the email you get a message saying good job. If you fail, and you open it you have to have a meeting with your boss and stuff. They do this multible times a week.

So now we have this situation where a lot of important emails get deleted as collateral damage, as the employees are parnoid of opening them. Fantastic system with no flaws at all.🤔🤔

Received a phising sms.
Replied back with 2,000 sms

OK I can't deal with this user anymore.

This morning I get a text. "My laptop isn't getting emails anymore I'm not sure if this is why?" And attached is a screenshot of an email purporting to be from "The <company name> Team". Which isn't even close to the sort of language our small business uses in emails. This email says that his O365 password will soon be expiring and he needs to download the attached (.htm) file so he can keep his password. Never mind the fact that the grammar is awful, the "from" address is cheesy and our O365 passwords don't expire. He went ahead and, in his words, "Tried several of his passwords but none of them worked." This is the second time in less than a year that he's done this and I thought we were very clear that these emails are never real, but I'll deal with that later.

I quickly log into the O365 admin portal and reset his password to a randomly-generated one. I set this to be permanent since this isn't actually a password he should ever be needing to type. I call him up and explain to him that it was a phishing email and he essentially just gave some random people his credentials so I needed to reset them. I then help him log into Outlook on his PC with the new password. Once he's in, he says "so how do I reset this temporary password?" I tell him that no, this is his permanent password now and he doesn't need to remember it because he shouldn't ever need to be typing it anyway. He says "No no no that won't work I can't remember this." (I smile and nod to myself at this point -- THAT'S THE IDEA). But I tell him when he is in the office we will store the password in a password manager in case he ever needs to get to it. Long pause follows. "Can't I just set it back to what it was so I can remember it?"

Why does every kid developer have a dark theme fetish? I started programming on a Commodore 64. It was dark. It's the quality of the shit you write that defines you assholes, not the color theme of your editor.

Now that that's off my chest, some poos soul has dared to send his resume to me. One of his projects is a website that is being marked by my ENS as a phishing website. I am about to invite him for an interview, and am willing to bet his everything will be dark because he wants to impress me.

Emails from windows@microsoft.com show up as a phishing scam in Outlook. Huh.

Fucking windows! I am so fucking done with this microsoft bullshit!

Hear me out here, i am a gamer. I need windows because it has the games (and software to aid those games) unlike any other platform. But windows 10 is basically already phishing andmalware at this point. I stuck to win 7 because it had a start menu and didn't totally drive me up the wall.

Just a short list of their bullshits: ads in the explorer window, ads in your taskbar reminders, data mining like it is nobodies business and trying to hide it, sharing my wifi access with friends (wtf), the fucking retarded new start menu, the crappy fullscreen apps which have less functionality than the actual proper desktop applications that you need to config what you want, and even then pushing multiple updates that simply broke peoples pc's. Fuck that, ill stick to 7.

They are making win10 worse by the week making it unlikely i will ever join that hell, and they are also aiming to force me there. Making windows store exclusives and dx12 only games. What am i supposed to do against that?! The current releases don't bother me much but fuck i figure it is a matter of time until the newest katamari game is their exclusive and i nanananana katamari damacy all over their platform.

And well all alternative os's are just out of the question unless vulkan rendering gets the upper hand. Then i'd switch to whatever stable distro and learn about our new penguin based overlords languages.

For now i will just stick to win7, suck on my thumb while in fetal position and hope it just all goes away.

Me: Dad, what are you doing with my facebook account

Dad: Just seeing your news feed son

Me: you don't know my password

Dad: Yes...you just logged in one of my phishing pages.

Me: But when did you learn these things?...you don't even know how to send a mail

Dad: Go, drink some gelusil son

Website phishing in a nutshell

Just started a week vacation.

Left a sign on my desk saying "Gone phishing".

Some of the penguin's finest insults (Some are by me, some are by others):

Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.

"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."

"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."

"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."

"I really love working with professionals. But what the fuck are YOU doing here?"

"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."

"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"

"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."

"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"

"Go fdisk yourself!"

"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).

"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").

"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."

"Yeah, go fetch me a unicorn while you're chasing pink elephants."

"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."

"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."

"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."

If someone calls me with the thickest indian accent in the world and they tell me that they are Dave or Mark from an American sounding company I eould usually assume I am getting spammed or phishing calls.

If american companies are contracting from India to do these sorts of things I would really like to know the numbers for it, since I would assume that the average tech company would be like "hey wait a minute this sounds fishy af!"

Not hating on my Indian homies, y'all know i got love for ya, but fuuuuck man y'all can't deny that a lot of fake scam calls come from over there. They can come from anywhere really, but i have gotten many from over there

Be careful...

So, got yet another one of those, "Ha! Sending this from your own e-mail address is proof I've infected your machine and recorded video of you synced to your browsing history! Send me bitcoin!" e-mails today. Just with a fun twist:

He claims to have infected my computer on November 8th, 2018 (for later readers: 4 days after the e-mail was sent).

Was about to give them points on creativity the other day; got a Japanese translation of it that was actually pretty spot-on all things considered, and then a Korean copy of it again the next day (just in case I couldn't read English or Japanese, I guess?).

But seriously, you're trying to pull this kind of scam, and can't even tell your bot to successfully pick a date *in the past*?

High quality phishing email.

Fell for it at first glance

wonderful phishing site. Well done developer

Well. No.

Recently I got an E-Mail from PayPal.de with the headline "Your account gets limited". Fun Fact: I don't have a PayPal account.
This Mail got me curious though, as it couldn't be a phishing mail, since I don't have a PayPal account in the first place, so I opened the e-mail just to get greeted by pure emptiness. It was completely empty. I thought to myself "oh no, is this some sort of new trick? Did I get infected by some sort of a weird hacky backdoor trojan already?!"

Name: PayPal.de
Original E-mail Address: NULL (never seen this before)
I then realized, that Thunderbird blocked the only content from this mail: a clickable image.

This is getting even more confusing the longer I examine this unique mail. The image is showing me a domain from a site completely unrelated from PayPal, so it was obviously no phishing, but I didn't trust this clickable image, so I looked up its hidden link to find an even more confusing redirection to not a picture upload site like the image suggests, but to a game key reselling site instead, like wtf? What was the whole point of this whole e-mail? Was this a weird try to make advertisements for more than one website? It wasn't even a ref-link or something like that. It was just weird, iunno.

Oh no, someone hacked my PayPal account, and it seems... PayPal’s too, they can’t spell properly anymore 😰

My job sends out emails with things like "You won a prize!" In the subject line with embarrassingly vague reasons to click the links in the email. If you do, the links take you to a site where they slap your wrists for clicking an unknown link and teach you about the dangers of phishing.

It's fake spam. Ironically enough, though, it's the ONLY spam I ever get. It's more annoying than real spam because it never gets blocked by the system like an actual phishing attack would...

It is driving me crazy having to delete these stupid messages every day and they're clogging up my otherwise clean inbox! I don't even know who to contact about this bullshit because they're so "haha we got you!" about it, there's no department claiming responsibility. They're creating their own spam trying to prevent spam. What the hell?

Dat e-mail address lol
Died at bccisverygood😂😂😂

Users.

For once they used their brains.

For once they thought about repercussions of clicking on inconspicuous links in emails.

And naturally it happened when I sent out a legitimate email to stop their shopping sprees.

But then again, I would rather have paranoid users than clicky-go-lucky.

My university alerts all student and staff any time a phishing email is reported. I've yet to attend one class, and I've received a few dozen emails alerting you of phishing emails being sent. It's sad people can't notice the pattern of the emails, and realize right away "Hey this is a bullshit email" and not rely on the alerts.

It's the 21st century; basic computer competency is a necessity.

This is the last part of the series
(3 of 3) Credentials everywhere; like literally.

I worked for a company that made an authentication system. In a way it was ahead of it's time as it was an attempt at single sign on before we had industry standards but it was not something that had not been done before.

This security system targeted 3rd party websites. Here is where it went wrong. There was a "save" implementation where users where redirected to the authentication system and back.

However for fear of being to hard to implement they made a second method that simply required the third party site to put up a login form on their site and push the input on to the endpoint of the authentication system. This method was provided with sample code and the only solution that was ever pushed.

So users where trained to leave their credentials wherever they saw the products logo; awesome candidates for phishing. Most of the sites didn't have TLS/SSL. And the system stored the password as pain text right next to the email and birth date making the incompetence complete.

The reason for plain text password was so people could recover there password. Like just call the company convincingly frustrated and you can get them to send you the password.

Looked into my spam/junk folder and found this. I don't have a C-Panel account, just so you know. I took a look into the link to check it out. It's quite obviously an attempt at phishing. (more screenshots in the comments)

Be a fellow who's distracted af. You just had a presentation in another city. You're driving home and a light lits up saying you need gas. You stop at the petrol station, pour in some gas, grab a cop of joe while you're at it, pay and leave. You're 15minutes away from the gas stop already and an unknown number is calling you. You pick it up. A male voice says

Voice: "hello, this is police. Did you just leave a gas stop 15 minutes ago?"

You: *wtf, what the fuck did I do now!* "yes, I sure did."

Voice: "you forgot to pay for the fuel"

you: *oh shit, he's right! I remember now - I only paid for the coffee! Shit! I'm in trouble now. *
"oh.. Right, you're right, I forgot... I'll turn around and come back to pay

Voice: "wait, don't rush, I may be able to help you. I'll call you back, keep your phone close" *hangs up*

5 minutes later phone rings again.

Voice: "can you pull over, please? Here's a phone number of that gas stop. Give them a call, I'm sure you'll sort it our. Have a nice day!" *hangs up*

you call that number. A woman picks up.

You: "hello, I forgot to pay you for the gas, gimme a few minutes - I'll turn around and get back to you"

Operator: "do not worry, I think I can help you! You can pay for it at your home town if you like, but I'm afraid they might not be working today. But they will tomorrow! Would that be OK for you?"

you: "umm, yeah, of course! It's my fault - anything is OK for me!"

operator: "ooorrr.. I could pay for you now and you would pay me back. Would that work? Here's my bank account, I'll pay for you when you send me those 50 something €"

a fantasy story? Made up story? Bed time stories? Dysney movie plot? Phishing? Canada?

No. This is Lithuania :) believe it or not, this is a true story, and there are more like this one.
Respect to the police!

You know you're passionate about computers when your completely immune to scams and phishing attacks but the mention of laptop stickers makes you type a rant about it. ~(￣▽￣)~

Who the hell is trying to reset my Chipotle password when I don’t even have one?

Why is it always THIS freaking user??? Yes, this is the same one from my previous rant. ALWAYS emails me with a subject line composed of whatever random, vaguely-related-to-the-topic words happen to be jiggling around in his arsehole at the time of writing, vomited out in no particular order. Email body full of typos, wildly incorrect punctuation, and the actual content is completely nonsensical. Accompanied by a screenshot which is always cropped down so small as to be useless. And from what I can gather from this latest one, it looks like he's fallen for yet another phishing email. I SWEAR if that's what happened again......

browser extension to 100% protect against phishing attacks

I'm the only one who keep receiving phishing emails about not existing Netflix subscriptions from evident scam email addresses on a daily basis?
I tend to have more of those than newsletters I never subscribed to.

Come on, man, at least try harder to steal my data or money.

Why the fuck do I still get these. All. The. Fucking. Time.

So some asshole keeps sending phishing emails to every student and prof in our university and the IT department is too pathetic to block it. They all come from the same email and contain the same text yet they cant filter it and just send warnings not to click it.

Im getting sick of recieving 5 of these a day, i scanned and viewed the page and its just a simple form copying the outlook login page with a redirect to the actual page after submission.

Whats the easiest way to write a script that will spam them with thousands of fake accounts? How can i fuck with these guys?

Now this has take my faith away from any email I receive... Fuck that shit, Suggest me ideas to reverse spam them.

Meme quoting one of our employees who sent in a ticket asking if something was a "phishing technique without the use of email."

My first copy pasted php code. #IYKWIM

So I just got a mail from a bank.
The email address ended with .gmbh

If people want to make phishing emails then please use at least a fucking viable email address

CIT: be weary of phishing emails

Also CIT: let's send out a fake phishing mail to see if people are weary of phishing emails

I hate phishing texts...

Collective phishing scam

"Of course you aren't a gag. How could I..?"

Uhm. Ok Google v2

missing those day's
when 000hosting was parking area for phishing.

Someone is trying to get into my shit. Mail Accounts and my phone is receiving lots of. Spam calls and phishing messages...

Fucking bastards..

We all get phishing shit but if it’s targeted it makes me feel awkward..

Little fucking bastards.. I think I even know who it is.. that useless piece of junk that got fired because of my honest feedback. Not many others know my current nr, emails etc..

Haven't been on devRant much lately because of all the urgent problems my clients are throwing at me...

A couple of weeks ago my work email got hacked, I found out because he/she was sending phishing mails to yahoo emailaddresses, but they couldn't be delivered because they were marked as phishing.

I've immediately changed my password and turned on two-factor authentication, shared my story with my boss and now we use two-factor authentication for every service where it is possible.

I worked 2012-2016 for a big telco company in my country and there was this HTTPS webpage with an iframe rendering any url you passed over the ?url query param plus a header with the company's logo.

I was on a meeting with some friends in charge of social media and they found it for a user report.

Unbelievable 🤷🏻‍♂️ I remember I tried the page's url itself and it rendered a loop of the header with the company's logo 😂

Head hunters reaching out with a "position that might intrest you".. with a stack of skills that are not on my CV at aaaaall

Also Headhunters after answering back: oh you have only 1 year experience with that tool? They want at least 3, goodbye.

All just a phishing scam to get u to give them an updated CV version.. no real "relevant position" in sight. Smh.

BT "We'll give you BT Virus Protect, which protects against viruses, phishing and other online attacks."

Or... For a start, let your users provide a good secure password when signing up? More than 8 characters is a bit ambiguous. 20 minutes later and several attempts to find out it can't be longer than 20 characters, only upper and lower case letter and numbers aaaand must start with a letter is a bit s**t. Not to mention LatPass doesn't like it as you can't copy and paste.

Anybody know what this service running in the background on an android device does?

It sent me a plain text notification, which disappeared and sent me to a phishing site the moment I tried clearing it. I've forced killed the process for now.

A quick search online doesn't reveal much information, except for a dodgy site claiming it's spyware named StealthGenie.

Ever been phished?? 😉😉

Me: This spam email looks a little weirder than normal.
Phishing team: Its just spam don't waste our time.

*15 min later*

Phishing team: Nevermind. Its trying to take your log in info off your account. Thanks

...Jerks

Me : Hey what are you doing there? (Asking the Mr.X who is sitting near the pond)

Mr.X : I was fishing..

Me : But I don't see any fishing tackle there.

Me : out of curiosity, I walked over to him and asked how many he had caught.

Mr.X : I collected 2 of my friends creds

Me : what 🤔!!

Me : Finally I reached near to the pond and found that he was really "phishing"

few hours back I ranted abt tired body and caffeinated mind, I came back from work and I alcoholized my mind. still the bastard is nt allowing me to sleep. I think it is the time for some phishing the people who are using my free wifi.

48 hrs when I work on security issue fixes

Learned HTML in 7th from my sister's web designing book(she was doing some course from institute), then in 10 class met with C++, Sql because they were in the course, in college first year met with PHP as my roommate was searching how to do phishing attack, then met C++ and after that Java, Javascrip, Android development, Javascript and many more all because of various projects i did.... glad that i took those projects. 😊