Questions tagged [social-engineering]
Social engineering is the act of manipulating people into performing actions or divulging confidential information.
201
questions
0
votes
2
answers
200
views
What's the risk of interacting with a social engineer?
I received a WhatsApp message.
I never registed with any recruitment job portal, or even speak Arabic at all
What are the dangers in myself trying to find out what happened (did they send the same ...
- 101
4
votes
1
answer
233
views
Is there any benefit to normalize unicode/utf-8 names that I am overlooking?
Reading how Spotify was normalizing unicode inconsistently, and now I'm questioning if I am overlooking any issue on accepting non-normalized usernames.
From what I can tell, lowercase was first used ...
- 243
3
votes
0
answers
175
views
A paper about putting formally proven secure "fake" vulnerabilities into your software to waste malicious actors' time
I remember seeing a tweet about an infosec research paper a while ago on how one can put a lot of "fake vulnerabilities", which resemble real vulnerabilities but are actually formally proven ...
3
votes
1
answer
814
views
Is FIDO2 authentication vulnerable to a social engineering replay attack?
I'm starting to learn about the FIDO2 standard, and I'm wondering if this scenario is possible...
Victim visits a credential harvesting page and enters their credentials
Credential harvesting backend ...
- 845
1
vote
0
answers
107
views
Should I publish a blog post about scam ideas? [closed]
I have written and was planning on publishing a blog post about scams. The blog post talks about methods used by hackers in their Reconnaissance phase (specifically, researching individual people) and ...
- 111
0
votes
1
answer
327
views
Doesn't 2FA increase the vulnerability of an account?
You create an account on an online service X with login=your email + password. Compare these 2 situations:
No 2FA enabled. The only risk is if your email is compromised: the "I lost my password&...
- 3
1
vote
0
answers
106
views
Is there a standard for fencing email domains to specific use cases?
To my knowledge, there's no common standard for sysadmins to publish trusted domains for specific use cases.
If it exists, I would presume that this might limit phishing attacks. Think of my question ...
- 195
1
vote
1
answer
190
views
Suspicious hyperlinks (all hex URLs) in e-mail
I'm communicating with a job headhunter over LinkedIn and he sent me an e-mail containing information about a position. However, I noticed that all of the hyperlinks in the e-mail (even the one on ...
- 115
3
votes
1
answer
190
views
Would there be any security downside to text-message "verification codes" saying what they're for?
When I log into some web services, I need to send back a verification code contained in a text message that starts out with something to the effect of "You or someone claiming to be you is trying ...
- 2,059
5
votes
0
answers
1k
views
Disturbing/suspicious Google notifications about account recovery and password change
This is similar to Is this Google mail from gaia.bounces.google.com legit?, except a) I have nothing in my life related to the language used (Indonesian), b) these are different notifications (and ...
- 151
1
vote
1
answer
230
views
Can you impersonate someone on a cell phone network if you can get them to enter a magic code?
I just got weird warning on a social network about a scam that is supposedly making the rounds. However the claims were quite outlandish and I'm skeptical if it's even technically possible.
If the ...
- 1,050
2
votes
4
answers
598
views
Why don't bigger companies buy similar domains to their main domain to prevent typosquatting?
One big threat out there is typosquat domains. For example instead of:
steamcommunity.com some malicious actor will register the domain stearncornmunity.com and set up his fake steam login.
Why do ...
- 41
0
votes
1
answer
288
views
Purpose of fraudulent AWS SL/TLS certificate request for my domain
I just received an email from AWS re Certificate request for [my personal domain].
This email asked me to approve this request with a link or forward to a AWS email for validation.
Needless to say ...
- 101
0
votes
0
answers
199
views
How can I protect myself from this simple, yet lethal (SE) WhatsApp hack?
I've been using WhatsApp as well as my current phone number for at least eight years now. As of now, everything went pretty smooth. That's why the message four days ago, 13rd of August 2021, struck me:...
- 101
2
votes
1
answer
567
views
Multiple login attempts made using mobile OTP in multiple customer sites at the same time
We have multiple customer sites which provides login via mobile number OTP option (new & registered users). Recently, we come across an incident where a user received 100+ OTPs with in few minutes ...
