On 2/2/2021 11:34 AM, John Hardin wrote:
On Tue, 2 Feb 2021, John Hardin wrote:
On Tue, 2 Feb 2021, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
Valentijn Sessink wrote:
On-list: the only thing in the last QR-code phishing mail I received
that actually makes it a phishing mail is the followi
Pedreter,
> I already did that ... it collects URLs, Email boxes and BTC wallets from QR
> (despite the full image is
> a QR code or the image 'contains' a QR) and injects them back into SA
>
> If there is interest in the community, maybe i can make it a standalone
> plugin and send it to Kevin
Does anyone have a copy of the netflix phishing that they could forward to me
at amitch...@isipp.com, including the body of it?
TIA!
Anne
> On Feb 2, 2021, at 1:04 AM, Benny Pedersen wrote:
>
> On 2021-02-02 03:25, Kevin A. McGrail wrote:
>> Since it's already hitting 8.9, why do more?
>
> t
On Tue, 2 Feb 2021, John Hardin wrote:
On Tue, 2 Feb 2021, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
Valentijn Sessink wrote:
On-list: the only thing in the last QR-code phishing mail I received
that actually makes it a phishing mail is the following part:
<=
DEFANGED_IMG alt=3D"QR Code
On Tue, 2 Feb 2021, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
Valentijn Sessink wrote:
On-list: the only thing in the last QR-code phishing mail I received
that actually makes it a phishing mail is the following part:
<=
DEFANGED_IMG alt=3D"QR Code - Bevestigen aanvraag" style=
=3D"displ
On Tue, 2 Feb 2021, Valentijn Sessink wrote:
On 02-02-2021 03:37, Kevin A. McGrail wrote:
Nothing I'm aware of. Contact me off-list if you have any spamples.
I have. I hope it passes your filter :-)
I'd appreciate a spample too.
--
John Hardin KA7OHZhttp://www.impsec
On 2 Feb 2021, at 10:30, Valentijn Sessink wrote:
On 02-02-2021 14:48, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
src=3D"https://pr=
oxy.duckduckgo.com/iu/?u=3Dhttps://chenoneproduction.s3.ap-southeast-1.amaz=
onaws.com/static/a0fd.png" width=3D"184">
So the QR code is remote. If you fetch it
On 02-02-2021 14:48, RW wrote:
On Tue, 2 Feb 2021 10:47:49 +0100
src=3D"https://pr=
oxy.duckduckgo.com/iu/?u=3Dhttps://chenoneproduction.s3.ap-southeast-1.amaz=
onaws.com/static/a0fd.png" width=3D"184">
So the QR code is remote. If you fetch it could look like the recipient
read the email, enco
On 2021-02-01 16:39, Valentijn Sessink wrote:
Just very recently, I saw several phishing mails using QR codes to
direct readers to phishing sites. No "a href" stuff, just a "please
point your phone's camera to our QR code" - and fill out our malicious
form.
this phishing mails sent via sendgri
On Tue, 2 Feb 2021 10:47:49 +0100
Valentijn Sessink wrote:
> On-list: the only thing in the last QR-code phishing mail I received
> that actually makes it a phishing mail is the following part:
>
> =3D"display:block;border:0;outline:none;text-decoration:none;-ms-interpolat=
> ion-mode:bicubic"
On 2021-02-02 11:28, Pedro David Marco wrote:
I already did that ... it collects URLs, Email boxes and BTC wallets
from QR (despite the full image is a QR code or the image 'contains' a
QR) and injects them back into SA
If there is interest in the community, maybe i can make it a
standalone plu
I already did that ... it collects URLs, Email boxes and BTC wallets from QR
(despite the full image is a QR code or the image 'contains' a QR) and injects
them back into SA
If there is interest in the community, maybe i can make it a standalone plugin
and send it to Kevin for consideration..
Hi,
On 02-02-2021 03:37, Kevin A. McGrail wrote:
Nothing I'm aware of. Contact me off-list if you have any spamples.
I have. I hope it passes your filter :-)
On-list: the only thing in the last QR-code phishing mail I received
that actually makes it a phishing mail is the following part:
On 2021-02-02 09:29, Olivier wrote:
What about doing a proper SA plugin that find the DR in an image,
decodeds it and injects the associated text/URL as a document part to
be
parsed by SA?
i remember there was a ExtractText plugin that could do multiple jobs
depending on attachments, but si
Benny Pedersen writes:
> On 2021-02-02 03:37, Kevin A. McGrail wrote:
>> Nothing I'm aware of. Contact me off-list if you have any spamples.
>> Maybe there are other indicators.
>
> +1
>
>> On Mon, Feb 1, 2021 at 10:39 AM Valentijn Sessink
>> wrote:
>
> i like samples aswell
>
>>> (I.e. checked
On 2021-02-02 03:37, Kevin A. McGrail wrote:
Nothing I'm aware of. Contact me off-list if you have any spamples.
Maybe there are other indicators.
+1
On Mon, Feb 1, 2021 at 10:39 AM Valentijn Sessink
wrote:
i like samples aswell
(I.e. checked against blocklists et al)
the images can b
On 2021-02-02 03:25, Kevin A. McGrail wrote:
Since it's already hitting 8.9, why do more?
too much phishing in winter half year to my taste
i just google report urls now, and still add to phishtank, hopefully
phishers get a real life
you can safely add 1.5 more to KAM_SENDGRID, if it contin
17 matches
Mail list logo
