Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "phishing"
This is some nevt level phishing. I wrote the guy who was listed in WHOIS an E-Mail, correcting his mistakes.17
My classmate just fell for a phishing email from "PayPal."
She was talking about her payment being declined to her friend.
It peaked my attention when she said after logging in, she was lead to a blank page.
I asked if I could see it and it was definitely a phishing email
I will admit, it's one of the most professional phishing email I've ever seen, but the grammar wasn't very professional and the PayPal logo wasn't completely accurate.
Why do these idiots fall for everything?31
Got a phishing email with name-pw sent as get parameters so i did what ever respectable human would have16
How do I un-idiot my users when it comes to clicking on dodgy email-links??
Got a forwarded email just there from a user who said;
Is the below ok to open?
I just tried but got a popup saying I've been blocked from opening it.
I'm not sure who it is coming from and I am not waiting on anything but as it says its from dropbox and is important, i know it's okay.
Can you unblock the link ASAP please?
This is really impeding my work-day as I need to know what it is and act accordingly.
The Original email came from a random jumble of letters with a subject line of 'important dropbox program' - not only does it look dodgy but its english is horrible! It said;
"Hi tu my freind,
You tu still read a pending verrry important document sent by one of your own contact to be vieweddd.
Install "Highly Confidential english.pdf" by clickinggg here
*insert link leading to something called 'viral-update-trojan.exe'*"
I mean, seriously... help!!! 😢
We have sent emails explaining how to hover over links and to not to click them if it looks wrong.
No one does it.
We hired a company to send fake phishing emails to train users in what to do.
It made no difference!
We now make people 'verify' their email addresses when opening any sort of link to try get them to actually look at what they're opening.
We also strip emails of original attachments and create 'safe' html copies as we can't trust them to look at what they're opening.
Everyone complains about it but Jesus Christ, this is why!!!
Its so exhausting!! What is wrong with people!!! Argh!!! 😤16
My mother sits in front of me with her laptop. After a time she asks me, who founded Microsoft. I say: "Bill Gates but why?"
She: "Oh my god, I am winning an iPhone!!!"
I know exactly what's going on, so I go to her and show her the shitty URL and some grammar mistakes in the text and close the tab after explaining that it is phishing.
After that she just looks at me and is sooooo angry about me, because she still thinks that it was real. Only because they "knew which Internet provider we were using and that they just wanted to reward us for being customer!!!". I'm so sad now, because I never thought she would fall for sth. like this... 😔6
We had a short power outage this morning. 30 min later I got an "urgent" call that someone's "computer" was not working in another branch of our company.
Not one person in that branch could figure this out so after them repeatedly messaging and calling me for around an hour I decided to come over.
I found out that the power wall plug to the monitor has a switch on it which this person accidentally kicked...
I fixed his problem in around 20 seconds. This same employee was one that somehow had his email account previously "hacked" and 8000 phishing emails were sent from his account in 1 hour.
I honestly think it is amazing people like this can even use a computer at all...6
I just earned 500€ by sending 8 emails and scanning a wordpress site
I talked this company to want basic security training
What i did was scrape their site for email addresses of important people, send all of them a phishing email (Thanks for not configuring SPF)
I got login details of 5 out of 8 high ranking employees
When explaining that you gave your password to me, one dude just said :”so what, i have nothing in there”
Yeah, nothing but a remote access to all workstations, access to company’s shared folders, all customer details and billing system
Needless to say, they got a pretty stern lecture
And the site: 2 known exploits found, unauthorized passworf reset and remote code execution for logged in users11
Corporate: Phishing Emails are serious. We need you guys to take this awareness training. Please report if you get any suspicious email.
*Sends the awareness training in a format that screams Phishing
Everybody: Wait... is this a test?1
Give a Nigerian Prince an e-mail account and he will scam the net for a day,
Teach him how to phish, and he will prosper for eternity!2
The company I work for have this obsession of sending phishing emails to employees. If you report the email you get a message saying good job. If you fail, and you open it you have to have a meeting with your boss and stuff. They do this multible times a week.
So now we have this situation where a lot of important emails get deleted as collateral damage, as the employees are parnoid of opening them. Fantastic system with no flaws at all.🤔🤔7
Why does every kid developer have a dark theme fetish? I started programming on a Commodore 64. It was dark. It's the quality of the shit you write that defines you assholes, not the color theme of your editor.
Now that that's off my chest, some poos soul has dared to send his resume to me. One of his projects is a website that is being marked by my ENS as a phishing website. I am about to invite him for an interview, and am willing to bet his everything will be dark because he wants to impress me.35
Fucking windows! I am so fucking done with this microsoft bullshit!
Hear me out here, i am a gamer. I need windows because it has the games (and software to aid those games) unlike any other platform. But windows 10 is basically already phishing andmalware at this point. I stuck to win 7 because it had a start menu and didn't totally drive me up the wall.
Just a short list of their bullshits: ads in the explorer window, ads in your taskbar reminders, data mining like it is nobodies business and trying to hide it, sharing my wifi access with friends (wtf), the fucking retarded new start menu, the crappy fullscreen apps which have less functionality than the actual proper desktop applications that you need to config what you want, and even then pushing multiple updates that simply broke peoples pc's. Fuck that, ill stick to 7.
They are making win10 worse by the week making it unlikely i will ever join that hell, and they are also aiming to force me there. Making windows store exclusives and dx12 only games. What am i supposed to do against that?! The current releases don't bother me much but fuck i figure it is a matter of time until the newest katamari game is their exclusive and i nanananana katamari damacy all over their platform.
And well all alternative os's are just out of the question unless vulkan rendering gets the upper hand. Then i'd switch to whatever stable distro and learn about our new penguin based overlords languages.
For now i will just stick to win7, suck on my thumb while in fetal position and hope it just all goes away.59
Me: Dad, what are you doing with my facebook account
Dad: Just seeing your news feed son
Me: you don't know my password
Dad: Yes...you just logged in one of my phishing pages.
Me: But when did you learn these things?...you don't even know how to send a mail
Dad: Go, drink some gelusil son3
I should not have looked at this really interesting Chrome extension.
It tries to prevent phishing links from working by adding attributes to change the behaviour of the browser.
HOW DOES THIS WORK?
Just one simple line:
$('[target="_blank"]').attr("rel", "noopener noreferrer");
But why is this extension so bloated?
It loads the full jQuery library. For an attribute change!
I'd like to refer to this site for further investigations: http://youmightnotneedjquery.com//...
Some of the penguin's finest insults (Some are by me, some are by others):
Disclaimer: We all make mistakes and I typically don't give people that kind of treatment, but sometimes, when someone is really thick, arrogant or just plain stupid, the aid of the verbal sledgehammer is neccessary.
"Yeah, you do that. And once you fucked it up, you'll go get me a coffee while I fix your shit again."
"Don't add me on Facebook or anything... Because if any of your shitty code is leaked, ever, I want to be able to plausibly deny knowing you instead of doing Seppuku."
"Yep, and that's the point where some dumbass script kiddie will come, see your fuckup and turn your nice little shop into a less nice but probably rather popular porn/phishing/malware source. I'll keep some of it for you if it's good."
"I really love working with professionals. But what the fuck are YOU doing here?"
"I have NO idea what your code intended to do - but that's the first time I saw RCE and SQLi in the same piece of SHIT! Thanks for saving me the hassle."
"If you think XSS is a feature, maybe you should be cleaning our shitter instead of writing our code?"
"Dude, do I look like I have blue hair, overweight and a tumblr account? If you want someone who'd rather lie to your face than insult you, go see HR or the catholics or something."
"The only reason for me NOT to support you getting fired would be if I was getting paid per bug found!"
"Go fdisk yourself!"
"You know, I doubt the one braincell you have can ping localhost and get a response." (That one's inspired by the BOFH).
"I say we move you to the blockchain. I'd volunteer to do the cutting." (A marketing dweeb suggested to move all our (confidential) customer data to the "blockchain").
"Look, I don't say you suck as a developer, but if you were this competent as a gardener, I'd be the first one to give you a hedgetrimmer and some space and just let evolution do its thing."
"Yeah, go fetch me a unicorn while you're chasing pink elephants."
"Can you please get as high as you were when this time estimate come up? I'd love to see you overdose."
"Fuck you all, I'm a creationist from now on. This guy's so dumb, there's literally no explanation how he could evolve. Sorry Darwin."
"You know, just ignore the bloodstain that I'll put on the wall by banging my head against it once you're gone."2
So, got yet another one of those, "Ha! Sending this from your own e-mail address is proof I've infected your machine and recorded video of you synced to your browsing history! Send me bitcoin!" e-mails today. Just with a fun twist:
He claims to have infected my computer on November 8th, 2018 (for later readers: 4 days after the e-mail was sent).
Was about to give them points on creativity the other day; got a Japanese translation of it that was actually pretty spot-on all things considered, and then a Korean copy of it again the next day (just in case I couldn't read English or Japanese, I guess?).
But seriously, you're trying to pull this kind of scam, and can't even tell your bot to successfully pick a date *in the past*?5
This is quite interesting and one hell of a find by this guy... Google (and other browser vendors) should reward him:
A work colleague of mine (I had a crush on) built this website she kept boasting about. I fooled around a bit and found out that she hadn't taken any measures against CSRF. (i.e the server wasn't verifying where exactly all the POST and GET requests were coming from). I did mention this to her but she didn't bat an eye.
Assuming she was already logged in to her website, I built a fake login page and got her to type her credentials in it. Since her login session was already active, I got access, we laughed it off and I ended up 'phishing' for a date. Went out on a few more until she moved to another city and it kinda died out.1
Recently I got an E-Mail from PayPal.de with the headline "Your account gets limited". Fun Fact: I don't have a PayPal account.
This Mail got me curious though, as it couldn't be a phishing mail, since I don't have a PayPal account in the first place, so I opened the e-mail just to get greeted by pure emptiness. It was completely empty. I thought to myself "oh no, is this some sort of new trick? Did I get infected by some sort of a weird hacky backdoor trojan already?!"
Original E-mail Address: NULL (never seen this before)
I then realized, that Thunderbird blocked the only content from this mail: a clickable image.
This is getting even more confusing the longer I examine this unique mail. The image is showing me a domain from a site completely unrelated from PayPal, so it was obviously no phishing, but I didn't trust this clickable image, so I looked up its hidden link to find an even more confusing redirection to not a picture upload site like the image suggests, but to a game key reselling site instead, like wtf? What was the whole point of this whole e-mail? Was this a weird try to make advertisements for more than one website? It wasn't even a ref-link or something like that. It was just weird, iunno.9
Oh no, someone hacked my PayPal account, and it seems... PayPal’s too, they can’t spell properly anymore 😰14
My job sends out emails with things like "You won a prize!" In the subject line with embarrassingly vague reasons to click the links in the email. If you do, the links take you to a site where they slap your wrists for clicking an unknown link and teach you about the dangers of phishing.
It's fake spam. Ironically enough, though, it's the ONLY spam I ever get. It's more annoying than real spam because it never gets blocked by the system like an actual phishing attack would...
It is driving me crazy having to delete these stupid messages every day and they're clogging up my otherwise clean inbox! I don't even know who to contact about this bullshit because they're so "haha we got you!" about it, there's no department claiming responsibility. They're creating their own spam trying to prevent spam. What the hell?9
For once they used their brains.
For once they thought about repercussions of clicking on inconspicuous links in emails.
And naturally it happened when I sent out a legitimate email to stop their shopping sprees.
But then again, I would rather have paranoid users than clicky-go-lucky.3
My university alerts all student and staff any time a phishing email is reported. I've yet to attend one class, and I've received a few dozen emails alerting you of phishing emails being sent. It's sad people can't notice the pattern of the emails, and realize right away "Hey this is a bullshit email" and not rely on the alerts.
It's the 21st century; basic computer competency is a necessity.3
You know you're passionate about computers when your completely immune to scams and phishing attacks but the mention of laptop stickers makes you type a rant about it. ~(￣▽￣)~
Looked into my spam/junk folder and found this. I don't have a C-Panel account, just so you know. I took a look into the link to check it out. It's quite obviously an attempt at phishing. (more screenshots in the comments)8
So some asshole keeps sending phishing emails to every student and prof in our university and the IT department is too pathetic to block it. They all come from the same email and contain the same text yet they cant filter it and just send warnings not to click it.
Im getting sick of recieving 5 of these a day, i scanned and viewed the page and its just a simple form copying the outlook login page with a redirect to the actual page after submission.
Whats the easiest way to write a script that will spam them with thousands of fake accounts? How can i fuck with these guys?8
Now this has take my faith away from any email I receive... Fuck that shit, Suggest me ideas to reverse spam them.9
Meme quoting one of our employees who sent in a ticket asking if something was a "phishing technique without the use of email."
So I just got a mail from a bank.
The email address ended with .gmbh
If people want to make phishing emails then please use at least a fucking viable email address6
CIT: be weary of phishing emails
Also CIT: let's send out a fake phishing mail to see if people are weary of phishing emails7
Haven't been on devRant much lately because of all the urgent problems my clients are throwing at me...2
A couple of weeks ago my work email got hacked, I found out because he/she was sending phishing mails to yahoo emailaddresses, but they couldn't be delivered because they were marked as phishing.
I've immediately changed my password and turned on two-factor authentication, shared my story with my boss and now we use two-factor authentication for every service where it is possible.2
Anybody know what this service running in the background on an android device does?
It sent me a plain text notification, which disappeared and sent me to a phishing site the moment I tried clearing it. I've forced killed the process for now.
A quick search online doesn't reveal much information, except for a dodgy site claiming it's spyware named StealthGenie.22
BT "We'll give you BT Virus Protect, which protects against viruses, phishing and other online attacks."
Or... For a start, let your users provide a good secure password when signing up? More than 8 characters is a bit ambiguous. 20 minutes later and several attempts to find out it can't be longer than 20 characters, only upper and lower case letter and numbers aaaand must start with a letter is a bit s**t. Not to mention LatPass doesn't like it as you can't copy and paste.1
March's Khyber Weather was out of ordinary
Phishing and CEO-scams continued in March with even more activity.
SUPO told in their annual letter that focused attacks are day-to-day deal against Finland and Finnish companies. Positive things being that functionality of communicational services was better than average and there were new guidelines published about IoT-products' minimal requirements in the Great Britain.
Finnish Communication Regulatory Authority
Me: This spam email looks a little weirder than normal.
Phishing team: Its just spam don't waste our time.
*15 min later*
Phishing team: Nevermind. Its trying to take your log in info off your account. Thanks
few hours back I ranted abt tired body and caffeinated mind, I came back from work and I alcoholized my mind. still the bastard is nt allowing me to sleep. I think it is the time for some phishing the people who are using my free wifi.
Fuck you "hackers"! You make my life miserable...
No longer can anyone simply enter their user name and password to enter an online app...
Now we as programmers have to leap from one fiery hoop on the precipice of a death defying cliff to another acidic hoop in some mystical forgotten cavern of the underworld just so our users can log in securely to our app... sigh... I'm looking at you Auth0 and Microsoft SSO / AAD !!!111oneeleven
I mean wtf even is a nonce?!