ṫẎℭỚ◎ᾔ ṫ◎ℳ1d ago
BrianKrebs

IDK who Deb Eskew is, but I certainly glanced askew when reading this. See how many red flags you can spot. This one seems to have them all:

-unbidden attachment (which couldn't be auto-scanned for malware btw)
-no actual greeting or salutation
-a password needed to unlock the attachment
-relevant (if a bit on-the-nose) social engineering involving a podcast ostensibly focused on fraud;
-Google is clearly glancing askew here, too, but kind of tapping out on a verdict because it ultimately made it through.

Apr 1 at 6:46pmWeb
Show threadAllan Chow1d ago
@briankrebs my first thought was the production company view askew
Show threadThird spruce tree on the left1d ago
@grumpasaurus @briankrebs hey listen if "Kevin Smith" sent me an unbidden attachment and said it was the screenplay of his next movie that he's Kickstarting and its a sequel to Dogma he's aleady got Chris Rock, Charlize Theron, Keanu Reeves and Ian McKelleren onboard and would I want to become an investor I'd be thinkin hard as I hover over that attachment.
Show threadAllan Chow1d ago

@tezoatlipoca @briankrebs time to bring up this gem of a scene

https://youtu.be/lmxAhXYQdmY?si=rVSzYu28npVq5kRF

Matt Damon cameo Jay and silent Bob reboot

YouTube
Show threadThird spruce tree on the left1d ago
@grumpasaurus @briankrebs lol that's quite good.
Show threadAriadne Conill 🐰1d ago
@briankrebs idk but i would not go on anything titled the 'easy prey podcast'
Show threadTaggart1d ago
@ariadne @briankrebs Right? With your host, Nota Badguy
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳ1d ago
@briankrebs she’s clicking looks safe 🤷‍♀️😩
Show threadNate Bartram1d ago

@briankrebs Also used BCC to email you.

"Easy Prey" lmao. Pretty on the nose.

At least all the names and emails match up. I get so much spam from Name A @ email, the actual display name is Name B, then it's signed by Name C @ email2, none of which are even close to each other. 🤷

Show threadCat 🐈🥗 (D.Burch) 1d ago
@briankrebs Their next malware campaign is titled "Low Hanging Fruit"
Show threadcR0w 🏴‍☠️🫈🫍1d ago
@catsalad @briankrebs Low Hanging Plums is an excellent op name.
Show threadCat 🐈🥗 (D.Burch) 1d ago
@cR0w @briankrebs 
Show threadcR0w 🏴‍☠️🫈🫍1d ago
@catsalad @briankrebs How is there no plum emoji? This is outrageous!
Show threadJ4ck1d ago
@cR0w @catsalad @briankrebs 🍇 ?
Show threadSterling1d ago

@briankrebs
I am reminded of this old skit:
https://youtu.be/eY7ZX6ngOSs?t=12

Usually *plenty* of queues before you step in it.

Cheech and Chong- Dog Shit

YouTube
Show threadkatzenberger1d ago

@briankrebs

Quite interesting, since by name, there is an established LinkedIn account for Deb Eskew, the podcast website exists, and they had people like @hacks4pancakes , @pluralistic , @FirewallDragons , Esther Dyson and several others on the show.

I'm not using GMail so I can't tell whether you'd get alerted about DKIM verification failure; and the sending account per se might also have been compromised, anyway.

But if that mail is genuine, it's a sad self-own. What would even be the point of password-protecting an attachment, and then pasting that password into the very same email.

Show threadUSB Type-Steve 1d ago
@briankrebs "Easy Prey" as a name for a podcast anything is a big red flag
Show threadjoat1d ago
@briankrebs Deb Askew is an anagram of Asked Web. Not helpful but mildly apropos.
Show threadoheso1d ago
@briankrebs I'd love to just block password-protected attachments, but Japanese vendors insist on using them for quotations.
Show threadJack the Waterlogged Count1d ago
@briankrebs Someone had a bit of fun coming up with the "podcast" name, and I don't blame them one bit, for that particular element of the criminal enterprise.
Show threadMax L1d ago
@briankrebs

before opening that attachment, time to easy pray...