#fake-websites — Public Fediverse posts on home.social

Erik van Straten @[email protected] · 2025-12-03 · 19:05 UTC

@chazh : no, my proposal is unrelated to passkeys.

For example, if Troy Hunt had been warned that he had never visited https://mailchimp-sso.com before, he probably would not have fallen for their trap (https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/).

If a website unexpectedly sends a new certificate to the browser, this *could* be a red flag if the site used an OV or EV certificate before, and suddenly a DV cert - in that case you have no way to tell who the (current) owner is of a domain name (and website).

Be my guest if you want to use a DV cert for your home NAS (where you *know* the domain name, regardless what it looks like) or for some dumb webshop. As a visitor of the latter there's no way to know who to sue in case you get deceived.

Authenticity requires knowing, with an amount of certainty (always < 100%), who the owner is. It's all about risk management.

@cendyne @soatok

#Phishing #FakeWebsites #Authenticity #Authentic #Passkeys

#phishing #fakewebsites #authenticity #authentic #passkeys

Erik van Straten @[email protected] · 2025-11-20 · 15:12 UTC

@timcappalli : and IMO it's a HUGE problem that paskeys are advertised using BULL SHIT.

What makes passkeys phishing resistant is that (the most important part of) the domain name stored with the passkey's private key on your device must match the domain name shown in the browser's address bar *AND* https must be in use.

And typically passkeys *do not* "stay" on your device as they are usually backed up to cloud storage.

#Phishing #Passkeys #PasskeyCreation #FakeWebsites

#phishing #passkeys #passkeycreation #fakewebsites

Erik van Straten @[email protected] · 2025-11-20 · 14:49 UTC

@timcappalli : you (and Capital One) forgot to mention the most important thing:

WHEN CREATING A PASSKEY: TRIPLE-CHECK THAT YOU'RE ON A WEBSITE USING THE *CORRECT* DOMAIN NAME!

There is ZERO phishing-resistance while CREATING a passkey.

#Phishing #Passkeys #PasskeyCreation #FakeWebsites

#phishing #passkeys #passkeycreation #fakewebsites

Crypto News @[email protected] · 2024-12-09 · 06:17 UTC

Crypto-stealing scam targets Web3 workers with fake meeting apps - Cado Security Labs says scammers use AI to make fake but real-looking co... - https://cointelegraph.com/news/crypto-stealing-scammers-target-web3-workers-fake-meeting-apps #socialengineering #malwarecampaign #fakemeetingapp #realststealer #fakewebsites #cryptotheft #cyberscams. #spoofing

#spoofing #cyberscams #cryptotheft #fakewebsites #realststealer #fakemeetingapp

Crypto News @[email protected] · 2024-10-18 · 17:37 UTC

Fake Coinbase website leads to $20M fraud, 5-year sentence - A phishing scam netted a fraudster luxury cars and foreign vacations, an... - https://cointelegraph.com/news/chirag-tomar-sentenced-coinbase-fraud-fake-websites #cryptocurrencyfraud #coinbasescam #fakewebsites #phishingscam #chiragtomar #cryptocrime #coinbasepro #usattorney #wirefraud

#wirefraud #usattorney #coinbasepro #cryptocrime #chiragtomar #phishingscam

Matt Hodgkinson @[email protected] · 2024-05-08 · 11:38 UTC

CW: Retail scams, China

If an online store selling discounted goods looks too good to be true, it's probably a fake Chinese website that'll steal your money and harvest your information.

https://www.theguardian.com/money/article/2024/may/08/chinese-network-behind-one-of-worlds-largest-online-scams

#FakeWebsites #OnlineScams #Discounts #ChinaCrimes #OrganizedCrime #DealsOnline #DealsAndDiscounts #Scams #Fraud