|
Pile Of Garbage posted:yeah that's how those scams work. the scammer rents the airbnb and then shows it off as if its their own. it would be odd to set up an entire functional office with multiple employees with name tags and a copy machine and all for that lol i mean i guess not impossible but that's a very dedicated scammer
|
#
?
Jun 6, 2023 14:17
|
|
|
|
| # ? Apr 25, 2024 10:59 |
|
|
Shame Boy posted:it would be odd to set up an entire functional office with multiple employees with name tags and a copy machine and all for that lol its quite probable that the scammers were scamming many other people that day too. its easy to get office supplies cheap from twitter these days you know
|
|
#
?
Jun 6, 2023 14:25
|
|
|
Shame Boy posted:it would be odd to set up an entire functional office with multiple employees with name tags and a copy machine and all for that lol yeah sorry i misread your post my bad!
|
|
#
?
Jun 6, 2023 14:29
|
|
|
4lokos basilisk posted:its quite probable that the scammers were scamming many other people that day too. its easy to get office supplies cheap from twitter so that means they must have hired actors to play maintenance and delivery personnel that came in periodically to do things like get / return keys or drop off packages too cuz that happened a bunch, the clever bastards
|
|
#
?
Jun 6, 2023 14:29
|
|
|
Pile Of Garbage posted:yeah sorry i misread your post my bad! no i like this version better anyway, where instead of just being a really poorly organized business run by people who don't know any better it's an incredibly elaborate scam where the scammers basically took over an entire large apartment complex just to get my SSN and like, a $50 application fee
|
|
#
?
Jun 6, 2023 14:31
|
|
|
actually when you put it like that you're literally describing the operating model for property managers
|
|
#
?
Jun 6, 2023 14:33
|
|
|
Shame Boy posted:so that means they must have hired actors to play maintenance and delivery personnel that came in periodically to do things like get / return keys or drop off packages too cuz that happened a bunch, the clever bastards
|
|
#
?
Jun 6, 2023 14:36
|
|
|
another thing i just remembered that gives off the "cargo-cult KYC" vibe, i had to separately provide the name of my employer (it's right there on my paystubs i already gave...) and my supervisor's name and phone number (???). when i didn't know my supervisor's phone number because what the hell, she was like "oh just the company phone number, i just need any number to put in this box, he [compliance guy] isn't actually going to call them or check who your supervisor is or anything" so why is it required then  as far as i can tell this was all because they just have this enormous form with every single field marked as required (couldn't see her monitor but she kept saying stuff like "oh it won't just let me leave it blank") that they have to fill out for every applicant, that gets sent off to Back Alley Dave's Legitimate Compliance Warehouse or whatever anyway we'll see if Back Alley Dave manages to catch the fact that my company actually laid me off a few weeks ago and i haven't started my new job yet 
|
|
#
?
Jun 6, 2023 14:46
|
|
|
oh and at first she thought i already had an account on their web portal thing (cuz i had been there a few days prior and gave the other lady i talked to my email and she would normally have set one up i guess) so she put my email in and hit forgot password, and sure enough i got a forgot password email on my phone, so i clicked it and set a new password, which it said happened successfully then we figured out that i did not, in fact, have an account. i wonder where that password went...
|
|
#
?
Jun 6, 2023 14:50
|
|
|
Shame Boy posted:oh and at first she thought i already had an account on their web portal thing (cuz i had been there a few days prior and gave the other lady i talked to my email and she would normally have set one up i guess) so she put my email in and hit forgot password, and sure enough i got a forgot password email on my phone, so i clicked it and set a new password, which it said happened successfully Oh, there was an account, it just wasn't yours.
|
|
#
?
Jun 6, 2023 14:54
|
|
|
Volmarias posted:Oh, there was an account, it just wasn't yours. at the time i did seriously consider the fact that there's a nonzero chance i had just reset literally everyone's password, yeah like at my first job there was more than one SQL query that just added % to the front and back of every string because the guy that wrote it couldn't be assed to figure out why certain things weren't coming up or didn't understand what he was doing or something, and then mysteriously later we had to do a bunch of emergency revert to backups because some operations would cause a write to every single row in the table if certain fields happened to be blank 
Shame Boy fucked around with this message at 15:00 on Jun 6, 2023 |
|
#
?
Jun 6, 2023 14:57
|
|
|
Shame Boy posted:my supervisor's name and phone number (???). funny enough, this part is actually pretty standard … for an application in the 90s
|
|
#
?
Jun 6, 2023 15:35
|
|
|
Shame Boy posted:it would be odd to set up an entire functional office with multiple employees with name tags and a copy machine and all for that lol look they had a goon move the printer it’s legit
|
|
#
?
Jun 6, 2023 15:40
|
|
|
Shame Boy posted:Snip Yeah, I moved apartments recently and while there was some variance most of them wanted my supervisor name and #. One place required me, instead of paystubs, to log into some 3rd party site with my bank account credentials so they could just look directly at all my transactions and pay deposits. "Easier than uploading pay stubs" they tried to say
|
|
#
?
Jun 6, 2023 15:46
|
|
|
My latest apartment move required a bunch of third party 'verification' services including one that required me to take a photo of my face and upload it, presumably so they can share it with the cops so they know exactly who to execute when eviction time rolls around.
|
|
#
?
Jun 6, 2023 16:02
|
|
|
mystes posted:They also hired us to tell you it's legit btw what am i supposed to put on my timesheet? scammer or accomplice?
|
|
#
?
Jun 6, 2023 16:20
|
|
|
Pile Of Garbage posted:btw what am i supposed to put on my timesheet? scammer or accomplice? I can never remember. You can ask Janice if you really want to know, I just put down Analyst and no one seems to care.
|
|
#
?
Jun 6, 2023 20:11
|
|
|
careful about that. analyst and scammer have different hourlies and rich doesn’t know which you did so he just trusts the timecard when he does payroll. janice does try to fix it up but mostly to make sure analysts aren’t claiming to be talking to customers, so you could be cheating yourself
|
|
#
?
Jun 6, 2023 20:39
|
|
|
rjmccall posted:careful about that. analyst and scammer have different hourlies and rich doesn’t know which you did so he just trusts the timecard when he does payroll. janice does try to fix it up but mostly to make sure analysts aren’t claiming to be talking to customers, so you could be cheating yourself Nah I'm good, I check the pay stubs, and "analyst" is just a cheeky (  ) way of saying "my primary task is the performance and improvement of rear end loving customers," not having to talk to them just means I'm even more efficient here.Really, I could probably change the numbers too and no one would catch it, but I'm just too honest for that.
|
|
#
?
Jun 6, 2023 21:54
|
|
|
Volmarias posted:Nah I'm good, I check the pay stubs, and "analyst" is just a cheeky ( i admire your metascamming, feel free to ping me if you need a peer denunciation
|
|
#
?
Jun 6, 2023 22:55
|
|
|
haveblue posted:they’re trying to get you to show a picture of the cat and I respect that title change?
|
|
#
?
Jun 6, 2023 23:09
|
|
|
Hey we're almost out of hours on the analyst project code, so if you have time to report please use the graphic design code since there is budget left on that one.
|
|
#
?
Jun 6, 2023 23:16
|
|
|
Well I secfuck'd myself. A couple years ago I bought some novelty domains on Namecheap. I wanted to get rid of the parking page so I set the nameservers to Cloudflare's "beth" and "ed" because those were the ones that my prior domains with Cloudflare had used and I assumed any other domains I added would use the same ones (that is, that "beth" and "ed" were assigned to my account for any domains I add). They were effectively offline while I decided what, if anything, I wanted to do with them, but I never added them to my Cloudflare account because I didn't have anywhere to point them to yet. Well, someone else added those domains to their Cloudflare account and was able to "hijack" the DNS records and use them for whatever they wanted, which appears to be copies of other pages (phishing?) and streaming movie/TV links. Today when I went to add the domains to Cloudflare, it gave me two different nameservers to use (not beth and ed), and now I have control back after updating the nameservers on Namecheap. I guess it never clicked with me that Cloudflare's domain ownership authentication is basically, "have you pointed the nameservers at the two we gave you?". It's my fault and I'm an idiot, I know. The only part I'm still trying to figure out is, there's 2,550 possible Cloudflare nameserver combinations. The attacker/squatter/whatever must've had to keep re-rolling adding the domains until Cloudflare randomly picked the same ones I had set the domains to use?
|
|
#
?
Jun 7, 2023 03:12
|
|
|
I'd almost wonder if what happened was, when the attacker added the domain, cloudflare scanned your domain's NS records, saw that you already configured the domain to use beth and ed, and said 'well, theres no other zone for clownmove.com what exists in cloudflare, this checks out to us' then set those as the name servers automatically. or something like that? i know thats not what would happen if the domain already existed in cloudflare in a different account, but its such a bizarre combination of things to lead to that scenario. edit: all of my domains in my free account have the same nameservers, so maybe not. but in that case, would that mean they needed to create new accounts until they got nameservers that matched yours? i cant just remove the domain and get new ns records every time, so i dont think itd even be that. related: https://community.cloudflare.com/t/...per-hour/357196 post hole digger fucked around with this message at 05:42 on Jun 7, 2023 |
|
#
?
Jun 7, 2023 05:32
|
|
|
do they assign you nameservers before you add a domain? maybe they just saw you had already added theirs
|
|
#
?
Jun 7, 2023 05:46
|
|
|
if my account is any indication, if you have your domains added as free zones, they will all have the same ns servers. so if you had domain1 in there, and they have have beth.ns and ed.ns, and you then add those records to domain2 but never add it to cf, yeah, that seems plausible. just an odd series of choices required on both ends of this to be able to do that if that is what happened...
|
|
#
?
Jun 7, 2023 05:50
|
|
|
alternatively i guess the attacker could have thousands of accounts and just got lucky with the combination
Beeftweeter fucked around with this message at 06:00 on Jun 7, 2023 |
|
#
?
Jun 7, 2023 05:57
|
|
|
Beeftweeter posted:do they assign you nameservers before you add a domain? maybe they just saw you had already added theirs iirc you get the same set for every domain on account until they add more and the hash buckets change, which only happens rarely. however, for obvious reasons, if two accounts have the same assigned pair, and one tries to register an already-registered domain, that second registration gets a different pair idk how the malicious users actually managed getting coverage across the combinations, but OP is not the first person to encounter such a scenario. it wasn't exactly frequent but support would definitely get "you are directing my site to spam!" tickets from users that hadn't actually registered those domains, but had configured their nameservers. some enterprising spammer figured out an effective way to query for those, apparently
|
|
#
?
Jun 7, 2023 08:49
|
|
|
so apparently if you played Minecraft with mods at all this year then you've probably been infected with malware: https://prismlauncher.org/news/cf-compromised-alert/quote:Multiple groups are reporting CurseForge and Bukkit as compromised. Malware has been uploaded in various projects and it may be a security vulnerability in the Overwolf platform. We recommend not downloading or updating any mods from CurseForge and Bukkit at the moment, and we will update y'all with the latest news as more information becomes available. seems bad lol.
|
|
#
?
Jun 7, 2023 12:42
|
|
|
there's a hole in my bukkit
|
|
#
?
Jun 7, 2023 13:59
|
|
|
Pile Of Garbage posted:so apparently if you played Minecraft with mods at all this year then you've probably been infected with malware: https://prismlauncher.org/news/cf-compromised-alert/ appears that a bunch of rando accounts uploaded infected clones of existing mods, and then one real modder got infected and some of their legitimate mod uploads were compromised
|
|
#
?
Jun 7, 2023 14:47
|
|
|
Bukkike
|
|
#
?
Jun 7, 2023 15:25
|
|
|
pseudorandom name posted:appears that a bunch of rando accounts uploaded infected clones of existing mods, and then one real modder got infected and some of their legitimate mod uploads were compromised yeah apparently the malicious JAR is self-replicating and whatnot. also right now it's dormant but is communicating with C&C servers so only a matter of time until it's given a command/payload
|
|
#
?
Jun 7, 2023 16:45
|
|
|
Shame Boy posted:there's a hole in my bukkit even worse: there's a JAR in my bukkit!!!
|
|
#
?
Jun 7, 2023 16:49
|
|
|
I has a bukkit noooooo they be hacking my bukkit
|
|
#
?
Jun 7, 2023 16:56
|
|
|
haveblue posted:I has a bukkit thank
|
|
#
?
Jun 7, 2023 16:57
|
|
|
honestly i'm surprised this hasn't happened sooner (and it probably has but im just not aware of it). a mod system which involves downloading and running what is basically a little executable with zero signing/trust outside of "i downloaded it from the main mod site so it's legit" i mean really, lol: lmao.
|
|
#
?
Jun 7, 2023 16:59
|
|
|
supposedly someone (or multiple someones) have been uploading infected copies of normal mods for months and it took until now for an actual author to get infected and upload a legit mod with the infection
|
|
#
?
Jun 7, 2023 17:09
|
|
|
 yeah, that’s probably a good idea
|
|
#
?
Jun 7, 2023 17:45
|
|
|
|
| # ? Apr 25, 2024 10:59 |
|
|
I got a haveibeenpwned email for using lenscrafters IN PERSON and coincidentally I got failed login attempts on cineplex.com account soon after
|
|
#
?
Jun 7, 2023 17:56
|
|
