this post was submitted on 27 Mar 2025
691 points (99.0% liked)

Technology

68244 readers
4105 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
691
Have I Been Pwned owner, pwned. (htxt.co.za)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
75 comments fedilink hide all child comments
 
  • A jetlagged Troy Hunt accidentally clicked a link and logged into an account only to realise he had been phished.
  • Despite reacting quickly, attackers were able to export a mailing list for Hunt’s personal blog.
  • Hunt has detailed the attack and warned his subscribers in a timely fashion.
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 week ago (1 children)

Yup, what you're describing sounds inline with how Corey Doctorow fell victim to fraud.

[–] [email protected] 5 points 6 days ago* (last edited 6 days ago) (1 children)

This one?

It's completely different. In that case, they were able to set up a fake business to accept payments, which is way more sophisticated than what happened to me. In my case, they just needed my login name and phone number, and I had reused the login name on several sites, so a number of places could have been involved in a breach. All the scammer had to do in my case was:

  1. check if I have an account at a major banking institution
  2. call me, pretending to be the fraud department
  3. get me to give them my SMS code (they'd trigger through the normal "forgot my password" process)
  4. keep me on the line long enough to link an external account
  5. get me to give them another SMS code ("final authorization" or whatever)

That's it, just two pieces of information, some smooth talking, and a little luck that I don't catch on. Corey Doctorow's situation required quite a bit more setup than that:

  1. get Amex to approve them as a mechart
  2. create a fake online ordering website that gets enough SEO to show up in search results
  3. have someone actually place an order at the vendor so nobody gets wise

That's a lot more sophisticated than what happened to me.

[–] [email protected] 5 points 6 days ago* (last edited 6 days ago) (1 children)

He got scammed again? Damn. Sorry, I was referring this one. And not really the details of the scam, but it was the wrong place / wrong time element that reminded me.

Edit: the article you linked is older, so I guess not "again".

[–] [email protected] 1 points 6 days ago

Oh yeah, that's a lot more similar.