How to Lose a Fortune with Just One Bad Click – Krebs on Security

This sounds like highly targeted attacks, but could happen to just anyone, so beware out there…

Really interesting stuff…

Griffin didn’t learn this until much later, but the email he received had a real google.com address because it was sent via Google Forms, a service available to all Google Docs users

This feels like something Google could change to make it more obvious to users that another user is sending via Google Forms and that its not an official email.

This article is ripe with confounding policies from companies…

Apparently, Daniel didn’t appreciate having his voice broadcast to the world (or his $1.2 million bitcoin heist disrupted) because according to Junseth someone submitted a baseless copyright infringement claim about it to Soundcloud, which was hosting the recording.

[…]

“In Soundcloud’s instance, part of declaring your innocence is you have to give them your home address and everything else, and it says right on there, ‘this will be provided to the person making the copyright claim.'”

This also seems like a policy that has an obvious need to be looked at.

If you were to see me in real life, I look like a regular child going to school with my backpack and shit, you’d never expect this kid is stealing all this shit.

These scammers could really be anyone these days, disconcerting to say the least.

I believe they do mentioned somewhere in the email that its an automated mail sent from google form. But people being people, they saw @google.com and just yolo disregard their gut feeling.

Few years ago when I’m in a slack channel for a crypto community, scammers and phishers uses similar tool, the slack automated calendar notif to send phishing link. Slack do marked it, got wordings like this is Slack calendar notification.. etc.. etc.. but people jump to clicking the links when the body of the mail got phishers text like You won! and Click to claim!. Obviously the phishing link would ask for wallet master seed. While its common sense to not input the master seed on random site, many did and got their wallet emptied out.

Those scammers doesn’t just rely on user ignorance alone, they introduced urgency, the fight or flight situation. That 1st guy from the article also being caught in bad timing, doesn’t have his mind in the right place with his kid crying, his wife yelling etc.

One bad click

No.

Multiple security mistakes, it wasn’t just initial the phishing.

1 Like