Monthly Archives: November 2018

New form of Google banking scam

A novel way of scamming. Make your phone number appear in Google Maps by claiming it. People who clicks on the result of Google Maps gets directed to you. Profit!

When you see any information listed on a website, your first reaction isn’t to immediately question whether or not that information is accurate. It is to blindly trust the technology that has helped you unfailingly countless times in the past. That is precisely why this scam is so potent.

Source: New form of Google banking scam

Story of a failed pentest (threader.app)

Great story based on a true hacking attempt.

Except for the last bit which was dramatized, the author gave a fairly good first-person account of an internal pentesting being carried out. It involves everything from impersonation, social engineering, physical theft, wits and a good amount of luck.

“Good afternoon, Pam. I’m Josh from IT. We’re about to migrate your Citrix instance to a new server. I’m going to send you a 6 digit number. I’ll need you to read that off to me. As a reminder, IT will never ask for your password.”

I already had her password.

She gave a hesitant, “Okay…”

I clicked on the “Click for MFA token” button and stated, “Alright, I’ve sent you the number. You should get a text. Please read it to me.”

She said, “Umm, alright. Got it. It’s 9-0-5-2-1-2.”

Source: A thread written by @TinkerSec