Sunday, April 11, 2021

Amazon Phishing Email with subject Re: Amazon has a surprise for you

For the record, this is Amazon phishing email attempt that is recently going around, with subject "Re: Amazon has a surprise for you"

What to do?  Report them, goto bottom of page. 


From : Welcome <contact@smartlinkshare.com>
Subject : 
Re: Re: A.m.a.z.o.n has a surprise for you











PHISHING LINKs;

Click image by mistake
1. http://masterymail.com/xxxxx.shtml?xxxxxxxxxxxxxxx

How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have received this email take further 

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Wednesday, April 7, 2021

How to check if your info is part of the Facebook 500M+ data leak April 2021














In the biggest April Fools joke, Facebook hackers re-released the personal information for 500M+ Facebook users on a hacking forum, including mobile numbers, name, gender, location, relationship status, occupation, date of birth, and email addresses.

This data was originally sold in private sales after being collected in 2019 using a bug in the 'Add Friend' feature on Facebook. Facebook had closed this vulnerability soon after it was discovered, but threat actors continued to circulate the data until it was finally released practically for free ($2.19) yesterday.

You can check you account with Have I Been Pwned: Check if your email has been compromised in a data breach (https://haveibeenpwned.com/) service which has been updated this hacked info.




Monday, March 29, 2021

PHP Backdoors - the official PHP Git repository suffers software supply chain attack


















From PHP's Git server hacked to add backdoors to PHP source code (bleepingcomputer.com)

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.

Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server.

The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf  and Nikita Popov.

Open source is has serious trust issues.