How to Lose a Fortune with Just One Bad Click – Krebs on Security

This sounds like highly targeted attacks, but could happen to just anyone, so beware out there…

1 Like

Really interesting stuff…

Griffin didn’t learn this until much later, but the email he received had a real google.com address because it was sent via Google Forms, a service available to all Google Docs users

This feels like something Google could change to make it more obvious to users that another user is sending via Google Forms and that its not an official email.

This article is ripe with confounding policies from companies…

Apparently, Daniel didn’t appreciate having his voice broadcast to the world (or his $1.2 million bitcoin heist disrupted) because according to Junseth someone submitted a baseless copyright infringement claim about it to Soundcloud, which was hosting the recording.

[…]

“In Soundcloud’s instance, part of declaring your innocence is you have to give them your home address and everything else, and it says right on there, ‘this will be provided to the person making the copyright claim.'”

This also seems like a policy that has an obvious need to be looked at.

If you were to see me in real life, I look like a regular child going to school with my backpack and shit, you’d never expect this kid is stealing all this shit.

These scammers could really be anyone these days, disconcerting to say the least.

I believe they do mentioned somewhere in the email that its an automated mail sent from google form. But people being people, they saw @google.com and just yolo disregard their gut feeling.

Few years ago when I’m in a slack channel for a crypto community, scammers and phishers uses similar tool, the slack automated calendar notif to send phishing link. Slack do marked it, got wordings like this is Slack calendar notification.. etc.. etc.. but people jump to clicking the links when the body of the mail got phishers text like You won! and Click to claim!. Obviously the phishing link would ask for wallet master seed. While its common sense to not input the master seed on random site, many did and got their wallet emptied out.

Those scammers doesn’t just rely on user ignorance alone, they introduced urgency, the fight or flight situation. That 1st guy from the article also being caught in bad timing, doesn’t have his mind in the right place with his kid crying, his wife yelling etc.

One bad click

No.

Multiple security mistakes, it wasn’t just initial the phishing.

1 Like

“This sounds like highly targeted attacks, but could happen to just anyone, so beware out there…”

Was my feeling as well …

do trusted device notifications, make any sense where the trade off of convenience / security seems much too high ? In a situation like this, it just seems ripe for things going wrong, and also in the case of multiple devices say, stolen from a hotel room ?
Granted this not the only issue but …

And yet, they are/ can be, main source of notifications for Apple and Google.

Thank you so much, I will keep it in mind.

.

This is a cautionary tale about how sophisticated scams can lead to devastating financial losses. Scammers are using advanced methods like spoofed Google phone numbers and fake security alerts to deceive people into giving up sensitive information. It’s a reminder that even seemingly legitimate calls or emails can be a threat. Always double-check, use two-factor authentication, and stay alert to avoid falling victim to these types of attacks. I was overwhelmed by the thought of writing a dissertation, so I turned to Academized Dissertation Help by Experts Writers at $11.99/page for help. Their dissertation help service was exceptional. The writer was highly experienced in my field and provided me with a well-researched and meticulously written dissertation. The communication was seamless, and they met all my requirements. I’m so grateful for their expertise and would recommend this service to anyone in need.