recentpopularlog in


« earlier   
How to Easily Generate Hundreds of Phishing Domains « Null Byte :: WonderHowTo
onvincing domain name is critical to the success of any phishing attack. With a single Python script, it's possible to find hundreds of available phishing domains and even identify phishing websites deployed by other hackers for purposes such as stealing user credentials.
How_To  phishing  Hacking  python  Domains 
2 days ago by aiefel
Favorite tweet:

20/04 (four-twenty!) #phishing part 1 @douglasmun @SwiftOnSecurity @JAMESWT_MHT @ET_Labs

— illegalFawn (@illegalFawn) April 20, 2018
IFTTT  Twitter  phishing 
5 days ago by p3k
The dots do matter: how to scam a Gmail user
Security as a systems problem: interaction between Netflix and Gmail
email  phishing  security 
6 days ago by jcretan
The dots do matter: how to scam a Gmail user
But perhaps this was not a mistake but a scam. I was almost fooled into perpetually paying for Eve’s Netflix access, and only paused because I didn’t recognize the declined card. More generally, the phishing scam here is:

1️⃣️ Hammer the Netflix signup form until you find a address which is “already registered”. Let’s say you find the victim `jameshfisher`.
2️⃣️ Create a Netflix account with address `james.hfisher`.
3️⃣️ Sign up for free trial with a throwaway card number.
4️⃣️ After Netflix applies the “active card check”, cancel the card.
5️⃣️ Wait for Netflix to bill the cancelled card. Then Netflix emails james.hfisher asking for a valid card.
6️⃣️ Hope Jim reads the email to `james.hfisher`, assumes it’s for his Netflix account backed by `jameshfisher`, then enters his card `**** 1234`.
7️⃣️ Change the email for the Netflix account to, kicking Jim’s access to this account.
8️⃣️ Use Netflix free forever with Jim’s card `**** 1234`!


Some blame lies with Netflix, but I believe the main problem lies with Gmail, and specifically Gmail’s “dots don’t matter” feature. The scam fundamentally relies on the Gmail user responding to an email with the assumption that it was sent to their canonical address, and not to some other address from their infinite address set.
by:JamesHFisher  email  security  phishing  Gmail  Netflix  scam 
7 days ago by owenblacker

Copy this bookmark:

to read