π βοΈ π π How can friends and family can keep their online accounts secure during the holiday and travel season? This article does an outstanding job of explaining what really keeps accounts safe vs hacklore. π
More info: https://www.hacklore.org/ π
π’ Spread the word! π’
@boblord I kinda disagree about the QR codes and the NFC.
There is plenty of NFC-relaying malware for Android.
You mention yourself the "QR code in a parking lot" scenario but your advice is useless. "Examine the page carefully" doesn't work because the attacker will use an exact copy of a legitimate page. On mobile devices (which is what is usually used to scan QR codes) the URL and the domain part of it are not as easily visible as on a PC. And people tend to trust info posted on public places (like a parking lot) more than info received via e-mail spam anyway.
@bontchev Regarding NFC attacks, which make/model/versions are most vulnerable? Is this how a significant percentage of devices/accounts are compromised?
Regarding QR codes, there are many ways to get social engineered, so it's important to be skeptical regardless of the method of delivery. If there are documents that recommend UI improvements for the device makers, this is a great time to surface those.
@boblord Here's a good article about NFC relaying malware:
Doesn't mention models - just that apps doing this were discovered. These attacks were very popular in China but didn't get much attention. However, they later spread in huge waves to Russia, Czechia, Poland, and so on. It's definitely a problem.
Regarding QR codes, there have been several cases when attackers slapped a QR code pointing to a phishing site over a legitimate QR code in a public place, like a parking meter:
https://www.cnbc.com/2025/07/27/cybersecurity-scams-quishing-qr-code-consumer-risks-hackers.html
Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months.
@bontchev Thanks for the link! I saw a similar article and it also focused on the malware and not which phones/devices were vulnerable. It's a common framing problem. We admire what the villains did right, and what the victims did wrong. We need to move the focus to the vendors and what they are doing about these problems, even if they are rare. It's odd that reporters never seem to call the manufacturers for comment.
I've seen several references to parking meter scams. Some of those stories seem hyped by security companies selling services and lack details, almost like they are repeating things they heard but don't have first-hand knowledge of. And that's also odd since it should be simple for law enforcement to partner with the credit card companies to understand who the criminals are and where the money went.
π
A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia. https://www.bleepingcomputer.com/news/security/man-behind-in-flight-evil-twin-wifi-attacks-gets-7-years-in-prison/
Somewhat CTI Jim
Bob Lord π 
VessOnSecurity
prl