zlacker

[return to "Checkout.com hacked, refuses ransom payment, donates to security labs"]
â—§
1. joshmn+6t[view] [source] 2025-11-13 13:11:12
>>Strang+(OP)
It’s notable that there were ShinyHunters members arrested by the FBI a few years ago. I was in prison with Sebastian Raoult, one of them. We talked quite a bit.

The level of persistence these guys went through to phish at scale is astounding—which is how they gained most of their access. They’d otherwise look up API endpoints on GitHub and see if there were any leaked keys (he wasn’t fond of GitHub's automated scanner).

https://www.justice.gov/usao-wdwa/pr/member-notorious-intern...

◧◩
2. rkozik+GI[view] [source] 2025-11-13 14:44:56
>>joshmn+6t
Generally speaking, humans are more often than not the weakest link the chain when it comes to cyber security, so the fact that most of their access comes from social engineering isn't the least bit surprising.

They themselves are likely to some extent the victims of social engineering as well. After all who benefits from creating exploits for online games and getting children to become script kiddies? Its easier (and probably safer) to make money off of cyber crime if your role isn't committing the crimes yourself. It isn't illegal to create premium software that could in theory be use for crime if you don't market it that way.

◧◩◪
3. aetern+Ip1[view] [source] 2025-11-13 17:57:08
>>rkozik+GI
I'm not sure this is very fair because humans are often not given the right tools to make a good decision. For example:

To gift to a 529 regardless of the financial institution, you go to some random ugift529.com site and put in a code plus all your financial info. This is considered the gold standard.

To get a payout from a class-action lawsuit that leaked your data, you must go to some other random site (usually some random domain name loosely related to the settlement recently registered by kroll) and enter basically more PII than was leaked in the first place.

To pay your fed taxes with a credit card, you must verify your identity with some 3rd party site, then go to yet another 3rd party site to enter your CC info.

This is insane and forces/trains people to perform actions that in many other scenarios lead to a phishing attack.

◧◩◪◨
4. aidenn+Fu2[view] [source] 2025-11-13 23:58:50
>>aetern+Ip1
Don't forget credit checks when you apply for an apartment! "Go to this website sent via e-mail from someone you only know through a craigslist ad and enter all of your PII. On top of that about 2/3 of what is listed actually is phishing attempts and good luck telling the difference"
◧◩◪◨⬒
5. DANmod+r33[view] [source] 2025-11-14 06:31:05
>>aidenn+Fu2
If you apply to living spaces before viewing after emailing or calling,

well, no wonder they’re after you as a demographic.

◧◩◪◨⬒⬓
6. aidenn+fo5[view] [source] 2025-11-14 23:31:02
>>DANmod+r33
Like when you suddenly have to move to a different city due to an unexpected job change and are trying to schedule as many viewings in one weekend as possible?
◧◩◪◨⬒⬓⬔
7. DANmod+HN5[view] [source] 2025-11-15 04:12:52
>>aidenn+fo5
Job asks me for a start date, I tell them tomorrow - if remote,

or a month.

Sooner, if they help with relocation.

[go to top]