Darren
Hey friends! I'm doing a little end of year consumer security talk where I cover 101 sec, but has anyone seen any interesting maybe novel consumer scams?
Doesn't have to be critical mass, emerging is totally fine. Say, for just an example, browser notification phishing. I'm only just kicking off research. Thanks!!
Nov 18, 2022 at 2:30amWeb
Show threadmrbenchungNov 18, 2022
@Darrenpauli I've heard of a few cases of people's digital wallet being somehow cloned or otherwise accessed. ie CC setup on someone else's phone. Have to call the Bank to contest charges etc.
Show threadDarrenNov 18, 2022
@mrbenchung oh sweet, thank you!!
Show threadRich Lafferty 🐀Nov 18, 2022

@Darrenpauli there's a set of common-to-the-subreddit scams in /r/scams that probably don't seem novel to you or me, but would seem novel to random people

instagram "influencer" "free" stuff and cartel blackmail are good ones IMO

https://www.reddit.com/r/Scams/wiki/index/automoderator

index/automoderator - Scams

Online, offline, email, or postal. If you think someone is trying to scam you, this is the place to ask about it. Post your questions here and...

Show threadDarrenNov 18, 2022
@mendel legend!!
Show threadRich Lafferty 🐀Nov 18, 2022
@Darrenpauli reading that subreddit sorted by “new” could get you some good stories/examples, too!
Show threadDarrenNov 18, 2022
@mendel good idea!
Show threadbarunickNov 18, 2022
@Darrenpauli sms spam seems to be on the up and up. The spoofed numbers are associated with area codes where the recipient geographically reside even if their phone number is from a different geographical area implying it’s from some leaked db (prob some PAC’s open S3 bucket)
Show threadDarrenNov 18, 2022
@barunick Dominos pizza here in aust def had some sorta breach a while back. I was getting specific pizza related SMSes (forget the pretext now) that pointed clearly to it :D
Show threadDestiny Nov 18, 2022
@Darrenpauli you’ve probably already got these but - fake account security emails / texts (“we’ve noticed unusual login activity, click here to check”), and have been seeing a lot of recruiting scams which are pretty involved (victim went through actual rounds of “interviews”, gets to stage with HR where they give over bank info for direct deposit)
Show threadDarrenNov 18, 2022
@thisiscarlsagan oh shit i havent seen the recruiter interviewer one. That's bleak :(
Show thread4dw@r3  🦬Nov 18, 2022
@Darrenpauli we've seen an uptick in hijacked legit corporate emails being used on our contact us form. They'll then try to get you to download file off Dropbox.
Show threadDarrenNov 18, 2022
@witch_of_winter yikes, thanks!
Show thread4dw@r3  🦬Nov 18, 2022
@Darrenpauli Luckily our IDR program locked down the file the first time it happened and all other instances were stopped because of the trainings we gave as a response.
Show threadkemuri 🦀Nov 18, 2022
@Darrenpauli Discord Nitro gift phishing
Show threadDarrenNov 18, 2022
@kemuri thanks!
Show threadJ. R. DePriest    :EA DATA. SF:Nov 18, 2022
@Darrenpauli SMishing using a copy of the official logo but with some random URL shortener.
Show threadEINGFOAN  Nov 18, 2022

@Darrenpauli dont know how old / new

Bigger retail brands are often used „offering“ vouchers for credential / data stuffing. As a plus you might also be tricked in a subscription scam.

Show threadWalskiNov 18, 2022
@Darrenpauli ill ask around the office - gov normally sees some interesting stuff..
Show threadDarrenNov 18, 2022
@walski Ah awesome, thank you!!