#phishingscam — Public Fediverse posts

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: zynowin[.]com
🔍 Analysis at: https://phishdestroy.io/domain/zynowin.com/

#WalletSecurity #FraudDetection #CryptoHacking #PhishingScam #CryptoProtection #CyberFraud #ScamDetection

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: v3-guild[.]xyz
🔍 Analysis at: https://phishdestroy.io/domain/v3-guild.xyz/

#Web3Hacking #ScamPrevention #ScamDetection #PhishingScam #CryptoHacking #WalletHackers #BlockchainSafety

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: timetrakr[.]cloud
🔍 Analysis at: https://phishdestroy.io/domain/timetrakr.cloud/

#PhishingScam #BlockchainFraud #CryptoProtection #BlockchainSafety #fake #CryptoHacking

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: flareclaimnetworks[.]com
🔍 Analysis at: https://phishdestroy.io/domain/flareclaimnetworks.com/

#CryptoThreats #CyberFraud #CryptoHacking #PhishingScam #SecureYourWallet #scamalert

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: divisabolsario-pt[.]live
🔍 Analysis at: https://phishdestroy.io/domain/divisabolsario-pt.live/

#BlockchainSafety #PhishingScam #AntiPhishing #FraudDetection #CryptoThreats #NFT

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: excitedcollegegirls[.]com
🔍 Analysis at: https://phishdestroy.io/domain/excitedcollegegirls.com/

#CryptoSafety #PhishingScam #WalletDrainers #Web3Hacking #WalletSecurity #NFT

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: artrades[.]art
🔍 Analysis at: https://phishdestroy.io/domain/artrades.art/

#PhishingScam #Web3Hacking #NFT

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: t-mobile[.]dmhcua[.]top
🔍 Analysis at: https://phishdestroy.io/domain/t-mobile.dmhcua.top/

#CryptoProtection #AntiPhishing #cybersec #PhishingScam #ScamDetection #NFT #WalletHackers

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: bafkreic5tvubv22nqg24xjzksdmyk4mzmlbfs4yc72w4fsxbf734fzjphm[.]ipfs[.]dweb[.]link
🔍 Analysis at: https://phishdestroy.io/domain/bafkreic5tvubv22nqg24xjzksdmyk4mzmlbfs4yc72w4fsxbf734fzjphm.ipfs.dweb.link/

#BlockchainFraud #BlockchainSafety #Web3Hacking #scam #CryptoHacking #NFT #PhishingScam

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: meta-id17681[.]invoice-ads-manager[.]com
🔍 Analysis at: https://phishdestroy.io/domain/meta-id17681.invoice-ads-manager.com/

#scam #CryptoThreats #Web3Hacking #PhishingScam #Web3Awareness #FraudDetection #NFT

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: sharedmailclouddocuments[.]pro
🔍 Analysis at: https://phishdestroy.io/domain/sharedmailclouddocuments.pro/

#Web3Security #cybersec #CyberFraud #WalletHackers #PhishingScam #NFT #AntiPhishing

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: hypersol-rewards[.]xyz
🔍 Analysis at: https://phishdestroy.io/domain/hypersol-rewards.xyz/

#CryptoProtection #Web3Awareness #PhishingScam #Web3Security #ProtectCrypto #NFT

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: apple-web-clone-with-store-responsi[.]vercel[.]app
🔍 Analysis at: https://phishdestroy.io/domain/apple-web-clone-with-store-responsi.vercel.app/

#Web3Awareness #PhishingScam #CryptoDrainers #BlockchainSafety #fake

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: appsuites-trexrr[.]wixstudio[.]com
🔍 Analysis at: https://phishdestroy.io/domain/appsuites-trexrr.wixstudio.com/

#cybersec #CryptoDrainers #fake #Web3Security #PhishingScam #BlockchainFraud

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: tradedigitalx[.]top
🔍 Analysis at: https://phishdestroy.io/domain/tradedigitalx.top/

#CryptoHacking #PhishingScam #fake #SecureYourWallet

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: skyrimbk[.]com
🔍 Analysis at: https://phishdestroy.io/domain/skyrimbk.com/

#FraudDetection #malware #DigitalFraud #PhishingScam #scamalert #PhishingWarning

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: vexbex[.]com
🔍 Analysis at: https://phishdestroy.io/domain/vexbex.com/

#PhishingScam #Web3Awareness #fake #CryptoAwareness #BlockchainFraud #SecureYourWallet

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: flipcommunity[.]xyz
🔍 Analysis at: https://phishdestroy.io/domain/flipcommunity.xyz/

#BlockchainFraud #FraudDetection #CryptoProtection #PhishingScam

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: app-jitonetwork[.]xyz
🔍 Analysis at: https://phishdestroy.io/domain/app-jitonetwork.xyz/

#CryptoProtection #PhishingScam #fake #PhishingWarning

Scam emails no longer look “obviously fake.”

Attackers now use AI-written messages, fake company branding, and realistic login pages to steal passwords and personal data.

Here are 5 warning signs that instantly expose phishing emails 👇

🔗 https://techputs.com/signs-an-email-is-a-scam/

#CyberSecurity #Privacy #PhishingScam #InternetSafety #Tech #technology

Scam emails no longer look “obviously fake.”

Attackers now use AI-written messages, fake company branding, and realistic login pages to steal passwords and personal data.

Here are 5 warning signs that instantly expose phishing emails 👇

🔗 https://techputs.com/signs-an-email-is-a-scam/

#CyberSecurity #Privacy #PhishingScam #InternetSafety #Tech #technology

Scam emails no longer look “obviously fake.”

Attackers now use AI-written messages, fake company branding, and realistic login pages to steal passwords and personal data.

Here are 5 warning signs that instantly expose phishing emails 👇

🔗 https://techputs.com/signs-an-email-is-a-scam/

#CyberSecurity #Privacy #PhishingScam #InternetSafety #Tech #technology

Scam emails no longer look “obviously fake.”

Attackers now use AI-written messages, fake company branding, and realistic login pages to steal passwords and personal data.

Here are 5 warning signs that instantly expose phishing emails 👇

🔗 https://techputs.com/signs-an-email-is-a-scam/

#CyberSecurity #Privacy #PhishingScam #InternetSafety #Tech #technology

Scam emails no longer look “obviously fake.”

Attackers now use AI-written messages, fake company branding, and realistic login pages to steal passwords and personal data.

Here are 5 warning signs that instantly expose phishing emails 👇

🔗 https://techputs.com/signs-an-email-is-a-scam/

#CyberSecurity #Privacy #PhishingScam #InternetSafety #Tech #technology

I got the most suspicious text "phishing" attempt on Monday morning (early, the day after Easter), supposedly from our priest asking for help with an errand as he was going into a "meeting". 😂 I mean, do priests even work on the day after Easter? 🤔
#PhishingScam

A simple click on a fake link or sharing your PAN details can expose you to fraud. Phishing scams and fake KYC requests are becoming more common in India . Don’t fall victim—stay alert and informed.
👉 Protect yourself now: https://go-infofinance.com/blog/pan-card-fraud-in-india-protection-guide

#OnlineFraud #PhishingScam #PANCard #CyberAwareness #SafeInternet #IndiaSafety

The best phishing text ever:
Even scammers can’t keep Iowa and Idaho straight.
#scam #PhishingScam #Iowa

Vorsicht #N26-User, Phishing-Versuch unterwegs.

#n26 #phishing #phishingscam #fake

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

📬 Hackers Are Literally Mailing You Scam Letters 📬

Threat actors are sending physical letters through postal mail pretending to be from Trezor and Ledger, manufacturers of cryptocurrency hardware wallets. The letters use official-looking branding and urgent language to trick recipients into revealing their wallet recovery phrases on fake websites. The scam represents a sophisticated blend of physical and digital social engineering.

Sources:
• https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/
• https://www.cryptotimes.io/2026/02/16/ledger-and-trezor-users-are-being-tricked-into-giving-away-millions/
• https://crypto.news/crypto-hackers-target-trezor-ledger-users-in-theft/
• https://phemex.com/news/article/scammers-target-ledger-and-trezor-users-with-phishing-letters-60803

#Cryptocurrency #Trezor #Ledger #PhishingScam #HardwareWallet
----------

🤖 Trusted AI Tool Weaponized to Hack Macs 🤖

Threat actors are abusing Claude AI's Artifacts feature and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users. The attacks target users searching for specific technical queries, showing malicious Google Ads that lead to Claude-generated artifacts containing malware. This represents a concerning abuse of AI-generated content for malware distribution.

Sources:
• https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
• https://cyberpress.org/malicious-campaign-uses-claude-artifacts-and-google-ads/
• https://www.rescana.com/post/claude-llm-artifacts-exploited-to-distribute-mac-infostealer-malware-via-clickfix-attack-chain-targe
• https://www.news4hackers.com/clickfix-attack-exploits-claude-llm-artifacts-to-distribute-mac-infostealers/

#Claude #MacMalware #Infostealer #GoogleAds #AI
----------

❄️ ShinyHunters Strikes Again: 600K Records Leaked ❄️

The notorious ShinyHunters data extortion group claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related information. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and investigators have not found evidence of a breach of Canada Goose's own systems. The company is investigating whether the data came from a third-party vendor or partner.

Sources:
• https://www.bleepingcomputer.com/news/security/canada-goose-investigating-as-hackers-leak-600k-customer-records/
• https://securityaffairs.com/188046/data-breach/shinyhunters-leaked-600k-canada-goose-customer-records-but-the-firm-denies-it-was-breached.html
• https://www.techradar.com/pro/security/canada-goose-confirms-data-leak-around-600-000-customers-thought-to-be-affected
• https://vpncentral.com/canada-goose-600k-customer-records-leaked-shinyhunters-claims-third-party-breach/

#DataBreach #CanadaGoose #ShinyHunters #CustomerData #CyberSecurity

🚨 PHISHING DETECTED 🚨

🔗 Suspicious URL: verizon[.]finokdg[.]cc
🔍 Analysis at: https://urlscan.io/result/019be320-ac53-721e-892a-42db734f648b/

#scamalert #SecureYourWallet #PhishingScam

The irony of an attempted scam ON MY CALENDAR being for a Norton Lifelock renewal.

FYI scams can attempt to scam you via your calendar. There is a spot under your apps permissions to turn off permission for literally anyone on the planet with the skills, to place a scam on your phone.

I was supposed to call, and follow their directions to give away the farm.

I HATE these events. They are traumatizing.

#PhoneScam
#CalendarScam
#Phishing
#PhishingScam

Got a call from 888-373-1969 claiming to be the Chase fraud department? Trust but verify should be your principle to avoid phishing scam! https://hackernoon.com/anyone-can-be-a-victim-to-a-phishing-scam-heres-mine #phishingscam

Ledger Confirms Global-e Breach, Warns Users of Phishing Attempts https://hackread.com/ledger-global-e-breach-phishing-attempts/ #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #databreach #Security #Globale #Privacy #Crypto #Ledger #Wallet #Fraud #Scam

How to Avoid Phishing Incidents in 2026: A CISO Guide https://hackread.com/how-to-avoid-phishing-incidents-2026-ciso-guide/ #Cybersecurity #PhishingScam #Security #Phishing #Sandbox #ANYRUN #CISO #Scam

https://linuxallday.com/tails-os-review-2025-privacy-guide/

The Portable Fortress: How to Be Invisible Online Without a Single Command

#linux #opensource #privacy #security #webdev #programming #coding #torbrowser #infosec #privacymatters #cybersecurity #privacyfirst #software #phishingScam #databreach #phishing #osint

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks https://hackread.com/scammers-e-signature-phishing-emails/ #Cybersecurity #PhishingScam #CyberAttack #SharePoint #Security #DocuSign #Mimecast #Phishing #Privacy #Fraud #Scam

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks https://hackread.com/scammers-e-signature-phishing-emails/ #Cybersecurity #PhishingScam #CyberAttack #SharePoint #Security #DocuSign #Mimecast #Phishing #Privacy #Fraud #Scam

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks https://hackread.com/scammers-e-signature-phishing-emails/ #Cybersecurity #PhishingScam #CyberAttack #SharePoint #Security #DocuSign #Mimecast #Phishing #Privacy #Fraud #Scam

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks https://hackread.com/scammers-e-signature-phishing-emails/ #Cybersecurity #PhishingScam #CyberAttack #SharePoint #Security #DocuSign #Mimecast #Phishing #Privacy #Fraud #Scam

SimpleX Chat X Account Hacked, Fake Site Promotes Crypto Wallet Scam https://hackread.com/simplex-chat-x-account-hacked-fake-site-wallet-scam/ #PhishingScam #CryptoWallet #SimpleXChat #SocialMedia #Security #ElonMusk #Privacy #SimpleX #twitter #Crypto #Fraud #Scam #X

wow this is a new one on me

anybody want to join the ILLUMINATI?

i'm just _oh wow_ on _so_ many levels. i mean. honestly. who would bite on this? xD

#spam #fraud #holyshit #DoNot #comedy #illuminati #recruitment #phishing #phishingScam

Please report this URL to Cloudflare for phishing. My MIL fell for it and these morons blasted out emails to her contacts. After changing her password, Google decided to suspend her account. Fill out their logins with bogus crap. Report it to Cloudflare. Shut them down!

hxxps://imessagegreetins[.]de/Tuin/AcrobatN
#phish #phishing #PhishingScam #cloudflare #abuse #infosec

Fake 0-Day Exploit Emails Trick Crypto Users Into Running Malicious Code https://hackread.com/fake-0-day-exploit-emails-crypto-malicious-code/ #ScamsandFraud #Cybersecurity #PhishingScam #CyberAttack #GoogleDocs #BlasterAI #Security #Phishing #Swapzone #Malware #Crypto #0day

New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins https://hackread.com/phishing-emails-offer-jobs-steal-facebook-logins/ #SublimeSecurity #Cybersecurity #PhishingScam #Security #Facebook #Phishing #RedBull #Fraud #Scam #KFC

KI: Fluch oder Segen? In diesem Fall: Fluch. Betrügerische Werbung für "sichere" Online-Investments zockt Nutzer:innen ab.

@netzpolitik_feed berichtet hier https://netzpolitik.org/2025/angebliche-online-investments-eine-automatisierte-betrugsmaschine/

#AI #DeepFake #Phishing #PhishingScam

Fake Google Job Offer Email Scam Targets Workspace and Microsoft 365 Users https://hackread.com/fake-google-job-offer-email-scam-workspace-microsoft-365/ #GoogleWorkspace #Cybersecurity #PhishingScam #Microsoft365 #Security #Phishing #Privacy #Google #Fraud #Scam

New Yorkers, watch out! Scammers are sending fake 'Inflation Refund' texts that look just like official state alerts. Could this be your next target? Find out how to stay safe.

https://thedefendopsdiaries.com/fake-inflation-refund-texts-target-new-yorkers-in-sophisticated-smishing-scam/

#smishing
#phishingscam
#identitytheft
#cybersecurity
#newyork
#infosecurity
#fraudprevention
#socialengineering
#taxscam