ctrl + shift + ? :
Show all keyboard shortcuts
ctrl + g :
Navigate to a group
esc to dismiss
On Mar 21, 2025, at 7:39?AM, Dutch Junge via groups.io <dutch@...> wrote: |
Thank you Dutch. Great article. Interesting how it morphed from Windoz to Mac.
I can see how this kind of attack could work. A friend of mine had something very similar to this.
It's not your typical "click on the link" approach.
All the best,
John?
Thank you, Dutch, for this article.
?I encountered this two nights ago on my phone. I use…
— iPhone 14 Pro
— iOS 18.3.2 (current)
— Brave Browser on above device
— StartPage search engine (by Brave)
— Settings: deny permission to allow cross-website tracking.
Side note, on Randy Singer’s recommendation, I have been using Brave on my Mac mini and my iPhone as my default browser for a number of years.
So - I stopped by Home Depot on the way home Wednesday night to check details on an electric water pump. I did not tie into the store Wi-Fi or anything else nearby, I only used cell data (Patriot Mobile, a Verizon MVNO).
I punched up Brave, typed in homedepot.com, but the Home Depot website was very slow to respond (which often happens when I’m not on a Wi-Fi network).
So I opened a second Brave browser page, which by default opens to StartPage; typed in the name of the pump I wanted details on, and as the search began, suddenly there was a StartPage request to verify my identity by typing in a CAPTCHA code.
This was not a sudden splash screen that appears over on top of a webpage or another intrusion that entirely redraws the screen or opens a new page, all of which are obvious signs of a pfishing attack, and which happen from time to time. (I never fall for it.)
This was a new thing: The CAPTCHA code request was presented within the Brave StartPage window, as though Brave itself was asking for verification.
This is the first time on either platform I have ever encountered any CAPTCHA request or interruption like this purporting to be directly from Brave or StartPage itself. After so many years of using this browser and the search engine it provides, why all of a sudden now? It just didn’t smell right.
(Like everyone else, I have encountered legitimate appearances of CAPTCHA many times when dealing with mainstream shopping and financial management sites and so forth.)
More out of my impatience than my brilliance at recognizing a new form of pfishing attack, I didn’t take the bait, I just quit Brave, took a picture of the pump I was curious about and went home.
Now I read this article.
I don’t know what may have been compromised had I entered the CAPTCHA code, but sometimes it pays to be lazy.
Speaking of, it’s almost nap time…
Michael
|
On Mar 21, 2025, at 1:00?PM, Michael Russo via groups.io <pwrks@...> wrote: Now I read this article.
I don’t know what may have been compromised had I entered the CAPTCHA code, but sometimes it pays to be lazy.
Speaking of, it’s almost nap time…
Michael Wow! Thank you Michael for your compelling recount of the CAPTCHA trap. I've never encountered this, yet, but now that I'm aware I'll know to quit out of browser, and reconnect. A million thanks Michael. All the best, John?
p.s. What exactly is your "StartPage?" ? 1) a blank page 2) a home page 3) something else??
|
My impression is the is just simple phishing is by both the hackers and by the anti-AV developer. The article and most others that referenced the LayerX-Labs-blog use a lot of BA buzzwords. It would take a nation state ban actor to pump that much effort into maintaining and operating at the implied levels.
If you step aside and let Chicken Little pass, you will notice it is just a simple social engineering trick to get you to give them your credentials. Neither Apple or Microsoft monitor your computers security, can lock it up, or give out phone numbers in their alerts.?
I look forward to Randy Singers comment, something along the line of there is no known malware for Mac that can lock up your Mac. I would like Al Vernell’s opinion on the threat and the verbiage used.?
My bet is that it is simply a scare tactic to get you to willingly give up your credentials.
Another thing that caught my eye Is that this was reported 3/19, two days ago, and picked up and repeated by many other normally good sources. No name is given for the malware, even though the Windows version had been out for almost a year. Just a lot of scary terminology. Just like the old video I was watching of a conman speaking to swindle a crowd of people.?
Brent ?
On my late 2012 Mac mini running 10.15.7?
toggle quoted message
Show quoted text
On Mar 21, 2025, at 7:39?AM, Dutch Junge via < dutch@...> wrote:
|
On Mar 21, 2025, at 10:00 AM, Michael Russo < pwrks@...> wrote:
I don’t know what may have been compromised had I entered the CAPTCHA code, but sometimes it pays to be lazy.
Speaking of, it’s almost nap time…
My guess is that the CAPTCHA lets everyone thru, and is a fake also. You probably were redirected to a phone captcha page, too.?
Either way, it is good you were cautious.
Brent ?
On my late 2012 Mac mini running 10.15.7?
|
On Mar 21, 2025, at 12:18, John via groups.io <OceanCity@...> wrote: p.s. What exactly is your "StartPage?" ? 1) a blank page 2) a home page 3) something else??
That’s the actual name of the search engine. It the site Brave seems to use as its default search engine.
Here’s their explanation page…
|
Sometimes I use StartPage on Brave, sometimes I use Google when using Safari; either way, I’ve noticed the breadth and quality of searches on both of these have gone down in the past six months, maybe because they are trying to make their algorithms so smart, they’re trying to second-guess what I’m after or shape my opinion one way or another, and they don’t get it right, so the results are poor quality.
Or maybe I’m getting dumber. That’s what my dog says.?
Michael
On Mar 21, 2025, at 11:34 AM, Brent via groups.io <whodo678@...> wrote:
My impression is the is just simple phishing is by both the hackers and by the anti-AV developer. The article and most others that referenced the LayerX-Labs-blog use a lot of BA buzzwords. It would take a nation state ban actor to pump that much effort into maintaining and operating at the implied levels. The cited article says that you only get the phishing attempt if you miss-type the URL for the page that you are trying to access. You end up at a site created to serve up the phishing attempt with a URL that is a likely miss-type.
If you step aside and let Chicken Little pass, you will notice it is just a simple social engineering trick to get you to give them your credentials.
Yes. Neither Apple or Microsoft monitor your computers security, can lock it up, or give out phone numbers in their alerts. Yes.
I look forward to Randy Singers comment, something along the line of there is no known malware for Mac that can lock up your Mac.
There is…but not currently in the wild. It’s entirely a social engineering exploit. If you see a page that says that your Mac is locked, just quit your browser and re-start it.
My bet is that it is simply a scare tactic to get you to willingly give up your credentials.
Yes. If you come across a Web site that has this sort of scareware, please take note of the PRECISE URL, and report it to Google Safe Browsing. Report Phishing Google says that the site will be added to their security list within about an hour. From then on the site will be blacklisted and no longer a threat. __________________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Essential But Hard To Find Macintosh Software and Advice __________________________________________________
|
What if I do not use google? should I send phishing to Google anyway?
toggle quoted message
Show quoted text
On Mar 21, 2025, at 10:18 PM, Randy B. Singer via groups.io <randy@...> wrote:
If you come across a Web site that has this sort of scareware, please take note of the PRECISE URL, and report it to Google Safe Browsing.
Report Phishing
Google says that the site will be added to their security list within about an hour. ?From then on the site will be blacklisted and no longer a threat.
|
The article suggests that Safari is one browser targeted.?
The google link is to report the phishing if you encounter it regardless of your browser choice.?
--
Vincent Winterling
Vineland, NJ
What if I do not use google? should I send phishing to Google anyway?
|
On Mar 24, 2025, at 11:34 AM, Ellen Lerner via groups.io <iomug@...> wrote:
What if I do not use google? should I send phishing to Google anyway? Every single browser for the Macintosh that I know of includes Google’s Safe Browsing technology. It has nothing to do with Google’s search service. So, yes, if you come across a phishing Web site, send a report to Google right away. If you want to report a malicious Web site, you can do so here: Phishing Malware being disseminated __________________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Essential But Hard To Find Macintosh Software and Advice __________________________________________________
|
John
Brent