AI6YR Ben

Head's up, the "you must confirm your profile" scam is proliferating on the Fediverse. I wonder if they are trying to gather driver's licenses and credit card numbers? It's a scam.

#scam #MastoAdmin #cybersecurity

Jul 17, 2025 at 7:45pmWeb
Show threadMichaelJul 17, 2025
crap. Thanks for the warning.
Show threadPam CJul 17, 2025
@ai6yr Mastodon dot social again. Glad I blocked that instance weeks ago.
Show threadJake  Jul 17, 2025
@ai6yr of course itโ€™s coming from mastodon.social, their moderation sucks
Show threadRamenCatholic ๐Ÿข๐ŸŒˆJul 17, 2025
@ai6yr confirm your account by sending me $1,000,000 USD.
Show threadKevin RussellJul 17, 2025

@ai6yr

Honestly this is evil enough Mastodon
itself should issue regular warnings.๐Ÿ‘ˆ
Including importantly to new users, ๐Ÿ‘ˆ
during the setup and joining process.๐Ÿ‘ˆ

#Mastodon #coders #johnMastodon #joinMastodon #nubie #noobie #privacy #anonymity #trick #hacking

Show threadJennyJul 17, 2025
@kevinrns @ai6yr @Gargron posted a warning about it last week
Show threadJeri DanskyJul 18, 2025
@ai6yr Yeah, I've suspended two from mastodon.social so far today, and at least two yesterday.
Show threadj-r conlinJul 18, 2025

@ai6yr

yeah, chasing the code using curl is fun. It's some russian script kiddie running through a swedish bank, which makes me wonder how long they'll be active.

I do kinda wonder how resilient their system is to a few hundred thousand requests of straight garbage, but looks like they're mostly just funneling toward the payment site.

Show threadEarthlingJul 18, 2025
@ai6yr I figured most people are on the Fediverse because they would never ask for this info.
Show threadAI6YR BenJul 18, 2025
@earthlingusa Yes!
Show threadFrank Hightower ๐ŸJul 18, 2025
@ai6yr ...wtf is gig dot com?
Show threadAI6YR BenJul 18, 2025
@FrankHghTwr I trimmed the rest of the malware/spam site off there.
Show thread๐ŸŒด Seph ๐Ÿ’ญ ๐Ÿ‘พJul 18, 2025
@FrankHghTwr @ai6yr Hmmm, looking at it, seems to be.. some kinds of service company, online casinos, AI and more.
Show threadKira Jul 18, 2025
@ai6yr I have suspend the account already for violating Rule 8 from our server rules
Show threadAI6YR BenJul 18, 2025
@Kira Apparently there have been a whole series of them on mastodon.social -- hope they have it under control now
Show threadOptimistic MoronJul 18, 2025
@ai6yr
Links to gig.com. Totally legit.
Show threadRastalJul 18, 2025

@ai6yr Can imagine after 25 July this sort of scam will become widespread and targeted at #uk users across social media sites and the fallout from the success of that #phishing will be pretty catastrophic...

#onlinesafetyact #scamalert #infosec

Show threadParalhax ๐Ÿ‘พJul 18, 2025

@Rastal @ai6yr This is how stupid ideas from people who consider themselves security experts end up, people who do nothing but create more vulnerabilities.

#UK

Show threadThe Vampire Fish QueenJul 18, 2025
@Rastal @ai6yr That why AV in the UK is not lasting 2 weeks.
Show thread netbat ๐Ÿฎฒ๐ŸฎณJul 18, 2025
@ai6yr three item bulleted list with each item starting with an emoji followed by word colon explanation โ€‹โ€‹
Show threadNavi  Jul 18, 2025

@ai6yr If only Mastodon could do something against this spam on their flagship instances.

Hmmm. Open signups.

Hmmm. No admin-side filtering.

Hmmm. This sucks.

Add reject pattern to Admin setting by noellabo ยท Pull Request #29247 ยท mastodon/mastodon

It was created to refuse a large amount of spam by malicious attackers. This can be used immediately, but if there is something to improve, please suggest.

GitHub