Ledger phishing scam was just an ordinary phishing campaign with leaked emails IMO. ...

Why Nostr? What is Njump?

npub1yp…ha52w

2024-01-24 22:37:31

in reply to nevent1q…4mec

Ledger phishing scam was just an ordinary phishing campaign with leaked emails IMO.
This one looks much more sophisticated, because you really cannot tell if phishing or not beside the links inside a mail.

Have seen the same coming from booking.com a week ago that happened to my parents. They received a phishing mail from their servers. (Verify credit card with a phishing link). Seems to be a new schema to compromise the mail infrastructure and to send "real Mails"

Here is an extract of the mail my parents received:
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=bk header.b=qg05XoWJ;
spf=pass (google.com: domain of [email protected] designates 37.10.30.4 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=booking.com
Return-Path: <[email protected]>
Received: from mailout-202-r3.booking.com (mailout-202-r3.booking.com. [37.10.30.4])
by mx.google.com with ESMTPS id m18-

Author Public Key

npub1yptpz34agws3z95dqxgvyhwnhkulav5vueryjpzrl32p57euwteqwha52w

Show more details

Published at

2024-01-24 22:37:31

Kind type

1 Short Text Note

Event JSON

{ "id": "35f6207018e1ae29d43d245222297eef3b3ce54d0b646a56fea040e4bb207aee", "pubkey": "20561146bd43a111168d0190c25dd3bdb9feb28ce646490443fc541a7b3c72f2", "created_at": 1706132251, "kind": 1, "tags": [ [ "e", "69f8e41f7601269733c484c40269458d354dbce2dae05bbec12af0965e712f3e", "", "root" ], [ "e", "062340b47cfdb4cad4afcbae6da43d4e768a5ca90d4388d5d636f305ff98c908", "", "reply" ], [ "p", "20561146bd43a111168d0190c25dd3bdb9feb28ce646490443fc541a7b3c72f2" ], [ "p", "bb807c744e2b723e3ba0b391e96fd0f586151abf8104f3702dcd7d085b025e52" ], [ "r", "booking.com" ], [ "r", "mx.google.com" ], [ "r", "[email protected]" ], [ "r", "[email protected]" ], [ "r", "37.10.30.4" ], [ "r", "smtp.mailfrom" ], [ "r", "[email protected]" ], [ "r", "header.from" ], [ "r", "booking.com" ], [ "r", "\[email protected]" ], [ "r", "mailout-202-r3.booking.com" ], [ "r", "mailout-202-r3.booking.com." ], [ "r", "37.10.30.4" ], [ "r", "mx.google.com" ] ], "content": "Ledger phishing scam was just an ordinary phishing campaign with leaked emails IMO. \nThis one looks much more sophisticated, because you really cannot tell if phishing or not beside the links inside a mail.\n\nHave seen the same coming from booking.com a week ago that happened to my parents. They received a phishing mail from their servers. (Verify credit card with a phishing link). Seems to be a new schema to compromise the mail infrastructure and to send \"real Mails\"\n\nHere is an extract of the mail my parents received:\nARC-Authentication-Results: i=1; mx.google.com;\n dkim=pass [email protected] header.s=bk header.b=qg05XoWJ;\n spf=pass (google.com: domain of [email protected] designates 37.10.30.4 as permitted sender) [email protected];\n dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=booking.com\nReturn-Path: \[email protected]\u003e\nReceived: from mailout-202-r3.booking.com (mailout-202-r3.booking.com. [37.10.30.4])\n by mx.google.com with ESMTPS id m18-", "sig": "70d1f628fafd92821d23d1d5d746e2880211cee7ca01065bb8a3d54c76bbdeeb43d8a925364aef16b3cc5b4232bce4b046e80b370623719abd0a26b2f049972a" }