4 matches found
CVE-2022-31127 Improper handling of email input in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...
Fake Royal Mail chatbot offers up…a new iPhone?
Royal Mail scams are always popular techniques for people up to no good. We’ve covered them several times over the last year or so. A quick reminder: Your parcel is waiting for delivery This is the go-to tactic for fake Royal Mail phishing attacks. You receive a text claiming there’s a parcel in...
Hotel staff bust Hermes SMS scammer with suspiciously large number of cables
If you’re in the UK, you’ve likely received a fake delivery SMS at this point. The original big driver for this over the pandemic was a non-stop wave of Royal Mail phishing scams. As that article mentions, most if not all of our interactions with organisations is done by mobile. I receive medical...
Suspicious Link Redirection Mail Phishing Attempt
Several mail phishing campaigns use embedded redirection links to lure the victim user to download malicious files...