Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

387
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#creditcard

3 posts3 participants1 post today
Public
OTX Bot

Silent Credit Card Thief Uncovered

A sophisticated credit card skimming campaign dubbed 'RolandSkimmer' has been discovered, targeting users in Bulgaria. The attack utilizes malicious browser extensions across Chrome, Edge, and Firefox, initiated through a deceptive LNK file. The malware employs obfuscated scripts to establish persistent access, harvesting and exfiltrating sensitive financial data. The attack workflow involves system reconnaissance, downloading additional malicious files, and injecting scripts into web pages. The threat actor uses unique identifiers to track victims and employs sophisticated techniques to evade detection. The campaign demonstrates the evolving nature of web-based credit card skimming threats, highlighting the need for enhanced security measures against LNK-based attacks and unverified browser extensions.

Pulse ID: 67efc6e92fbd533808f09435
Pulse Link: otx.alienvault.com/pulse/67efc
Pulse Author: AlienVault
Created: 2025-04-04 11:47:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Browser#Bulgaria#Chrome
Public *
BerlinFokus

oh shit .. 05:15 in the morning

just spend a night researching #US #consumer houshold #debt, without noticing

at least you can profit of my stupidity because I'm telling now that the world is clearly headed into a 2008 style global #EconomicCrisis

epicenter will again be the #USA

this time it isn't going to be just a #mortage default crisis but a everything default (#AutoLoans, #CreditCard, #StudentDebt, ..)

and the trigger is #tariffs & #doge adding to an already financially hurting nation

a banker standing on wall street, begging for a bailout
Public
Steve Dustcircle 🌹

Why #Toll #Text #Scams Are Out Of Control

The #FBI has issued a warning against “#smishing”, which are text-based scams that people all over the country are receiving on their #phones. #Scammers are impersonating the agencies and companies that collect money for tolls #parkingtickets, #creditcard payments, bank notices, phone bills. Some scams are even fake anti-scam warnings.

youtube.com/watch?v=g-gAepaVU8

YouTubeWhy Toll Text Scams Are Out Of ControlBy CNBC
Public
OTX Bot

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

A sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout page, collected payment and billing information, sending it to a malicious server. A PHP backdoor allowed remote system command execution, while a reconnaissance script gathered server information. The attack demonstrates the evolving complexity of e-commerce platform threats, emphasizing the need for strict security measures, regular scans, proper access controls, and timely updates to prevent such exploits.

Pulse ID: 67d52aad906732f7bad24dfa
Pulse Link: otx.alienvault.com/pulse/67d52
Pulse Author: AlienVault
Created: 2025-03-15 07:22:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#CreditCard#CyberSecurity
Replied in thread
Public *
Kevin Karhan :verified:

@carnage4life I have mixed feelings about that.

  • Shure #PayPal doing the #Honey #AffiliateStealing is unacceptable, but I could understand it if people made something that is actually consensual that does it.

I.e. a "creator support" plugin that allows people to add and choose affiliate links by someone.

  • This is espechally true for people who don't have a #CreditCard nor PayPal account (i.e. most people in #Germany) that still want to support their social nedia icons.

That being said even #PC manufaturers like #hp got caught shoving #AffiliateLinks onto #preinstalls with #bookmarks!

  • Also rewriting also means removing as well...
YouTube100°C... Gaming PC bei MediaMarkt gekauft!! #GamingSchrottBy HardwareDealz
Public
Benjamin Carr, Ph.D. 👨🏻‍💻🧬

Parents Gaming #Kids#CreditScores
Credit scores are meant to be neutral measures of someone’s financial reliability, but in practice, they’re an easy way for some better-off families to give children an early financial advantage. Services promise to help parents ensure kids enter adulthood with good scores. When parents add children as “authorized user” on their #creditcard, makes parents spending and payment habits a part of her credit history.
theatlantic.com/family/archive
archive.ph/GFA4T

The Atlantic · Parents Are Gaming Their Kids’ Credit ScoresBy Michael Waters
Public *
Linknation

#ElizabethWarren: #codered: it's all about the money: #Trump campaigned to help working people but is doing the EXACT OPPOSITE in office

#drillbabydrill #scam baby #scam

#elonmusk and #project2025 author #RussellVought TRY TO DELETE #CFPB (Consumer Financial Protection Bureau)
en.wikipedia.org/wiki/Consumer

a #agency protecting #citizens from #finance #fraud the #financemafia that has lost it's #moralcompass centuries ago, or never had one to begin with

#banksters will trick you in every possible way to extract the last Dime out of you, the probably not so rich

if this goes through it will make things worse for ordinary people #usa you are #doomed

#fucksake#politics#wtf
Replied in thread
Public
Kevin Karhan :verified:

@dave and most worringly:

"How is any #bank allowed to open up accounts, Issie a #CreditCard and ship it without explicit prior consent of you as the customer who's name it's on?"

  • I mean, I know the #USA is pressing other Juristictions into #KYC & #AML whilst #CashApp & #Venmo are illegal in the #EU for lack of KYC & AML compliance alone...

Like ain't they afraid someone may steal it and swipe a shitload of stuff with it?

Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
ExploreLive feeds
About