The DefendOps DiariesSep 24

GitHub notifications trusted you, right? Now imagine them doubling as a gateway for a Y Combinator scam that stole crypto. One subtle typo in a domain and hackers had developers in their sights. Stay vigilant—this one’s a wake-up call!

https://thedefendopsdiaries.com/github-notifications-abused-in-sophisticated-y-combinator-phishing-campaign/

#githubsecurity
#phishing
#cryptotheft
#socialengineering
#infosec
#web3security
#zerotrust
#cybersecurity
#domainspoofing

GitHub Notifications Abused in Sophisticated Y Combinator Phishing Campaign

Explore how attackers exploited GitHub notifications to impersonate Y Combinator, steal crypto, and what developers can do to defend against phishing.

The DefendOps Diaries
Jerry on MastodonDec 15, 2024

Important reminder, if you own a domain name and don't use it for sending email.

There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.

Just add these two TXT records to the DNS for your domain:
TXT v=spf1 -all
TXT v=DMARC1; p=reject;

The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.

If you do use your domain for sending email, be sure to add 3 records:
SPF record to indicate which SMTP server(s) are allowed to send your email.
DKIM records to add a digital signature to emails, allowing the receiving server to verify the sender and ensure message integrity.
DMARC record that tells the receiving email server how to handle email that fails either check.

You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.

UPDATE: The spf and the dmarc records need to be appropriately named. The spf record should be named "@", and the dmarc record name should be "_dmarc".

Here's what I have for one domain.

One difference that I have is that I'm requesting that email providers email me a weekly aggregated report when they encounter a spoof. gmail and Microsoft send them, but most providers won't, but since most email goes to Gmail, it's enlightening when they come.

#cybersecurity #email #DomainSpoofing #EmailSecurity #phishing

MOULE Apr 10, 2024

I love how someone registered http://votwitter.com (so it appears as “vox.com” on Twitter) and had it redirect to this page by @pluralistic  https://pluralistic.net/2023/10/14/freedom-of-reach/

#Twitter #X #DomainSpoofing

Pluralistic: Leaving Twitter had no effect on NPR’s traffic (14 Oct 2023) – Pluralistic: Daily links from Cory Doctorow

ITSEC NewsApr 1, 2020
Top Email Protections Fail in Latest COVID-19 Phishing Campaign - An effective spoofing campaign promises users important information about new coronavirus cases in... more: https://threatpost.com/top-email-protections-fail-covid-19-phishing/154329/ #cofensephishingdefensecenter #worldhealthorganization #covid-19casesinmyarea #secureemailgateways #microsoftoffice365 #socialengineering #whoimpersonation #aptprotections #domainspoofing #cyber-attacks #emailsecurity #emailattacks #proofpoint
Top Email Protections Fail in Latest COVID-19 Phishing Campaign

An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.

Threatpost - English - Global - threatpost.com
ITSEC NewsFeb 4, 2020
Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam - Red Kite said that domain-spoofing and convincing scam emails claiming to be from suppliers were t... more: https://threatpost.com/community-housing-nonprofit-bec-scam/152563/ #businessemailcompromise #communityhousing #domainspoofing #websecurity #$1.2million #highwycomb #nonprofit #redkite #theloss #scam #bec #uk
Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam

Red Kite said that domain-spoofing and convincing scam emails claiming to be from suppliers were the cause.

Threatpost - English - Global - threatpost.com
ITSEC NewsJan 24, 2020
9th Methbot suspect arrested in massive clickfraud ring - How Sergey Denisoff described his early ad-buying ventures: buying BS popup traffic and reselling ... more: https://nakedsecurity.sophos.com/2020/01/24/9th-methbot-suspect-arrested-in-massive-clickfraud-ring/ #domainspoofing #sergeydenisoff #malvertising #mediamethane #clickfraud #law&order #plexious #spoofing #botnets #methbot
9th Methbot suspect arrested in massive clickfraud ring

Naked Security