This will be a quick post. We have received a phishing mail to our info@lemmy.world mail address telling that they are “lemmy.world Security Team”, telling that they will “disconnect” your account from our instance. This is ofc, not us. Do not fall for it! The attached image is how the mail looks like.
~Lemmy World Team.
Isn’t it a waste of time trying these scams on lemmy.
I could be wrong here but I would argue the vast majority of users are somewhat tech proficient since it’s not reached mass adoption and the user base is well, just us nerds?
Tech folks still fall for phishing. It takes a momentary lapse, failure to caffeinate, it happens.
Lemmy is currently full of newly registered domains with weird suffixes, the kind that traditionally have been a phishing indicator. Lemmy.world is going to be harder to phish than some of the other ones where you have to read closely.
I guess hubris can be a factor too.
I’m not “ignoring your emails” and “never responding”, I’m just security conscious
This is the story how my Steam account got hacked:
I was talking to a friend of mine at a party and I just bought a new game (forgot which one). He told me that he thought about buying the game as well and asked if I could let him try it out one time. I said “sure, just message me and you can log into my account and test it”. 2 days later, he wrote me on steam asking for my login data and I thought nothing of it since we spoke about it in person, so I gave him the info. Turned out, his account got hacked and the intruder basically got a two for one special by just asking lol
Steam support rectified the situation and didn’t even scold me for sharing my account which is clearly a violation of their ToS.
Well one of the best scam hunters on YouTube lost his account to a scam. So not really a waste of time, trying Lemmy.
That sounds so crazy, who was it? What happened?
Looks like he was tricked into deleting his own channel by someone masquerading as YouTube support. https://futurism.com/the-byte/youtube-channel-hunts-scammers-gets-scammed
I was curious too so I googled it:
https://www.bitdefender.com/blog/hotforsecurity/scam-baiter-jim-browning-bamboozled-by-scammers-into-deleting-his-own-youtube-channel/
From what I read, some scammer tricked him by impersonating YouTube Support and telling him he would lose all his adsense revenue, which prompted Browning to fall for it.
Yep that’s him, I can never remember his name.
It was Jim Browning, as another comment said. I can never remember his name more than Jim, so I settled for job description, as he is easy to find that way.
But others have been through it also, Linus Tech Tips, The Spiffing Britt and Atomic Shrimp are the other big ones I know of, but there is plenty more. Of those Atomic Shrimp is also a scam hunter like Jim, so it definitely shows that just because you are very familiar with what it looks like you aren’t immune too it.
I can’t remember if they all fell for the same or similar ones or if it was different ones, but that really doesn’t matter so much.
And what happend was Jim and LTT got tricked into deleting there channels. LTT by a fake sponsorship and Jim I don’t remember someone else said it was fake YouTube support.
Spiff had something of a similar thing happen but I don’t remember the means, and Atomic Shrimp I believe was a different typ of scam not related to YouTube.
But everyone got their channels back in the end.
There’s also variable levels of sophistication for scam messages based on the desired target. If you’re looking for a whole lot of people who don’t understand technology enough to see through your premise, you go with the generic “hello sir and/or madame I am hackor send gift cards or I will delet ur phone”.
If you’re after a very specific person who is well known to be privy to the normal red flags, you’re more likely to create a custom spear phishing campaign and mimic as closely as possible the format, lexicon, domain names, etc of something reputable to avoid setting off their BS detectors.
With that said, yeah there’s enough people on lemmy that this low-effort take is worth a shot
Atomic Shrimp did a video on how he fell for a spear phishing scam
i click every link that shows up in my email, keeps life interesting
Living on the edge
Doing my part to keep our security team at work employed.