This will be a quick post. We have received a phishing mail to our info@lemmy.world mail address telling that they are “lemmy.world Security Team”, telling that they will “disconnect” your account from our instance. This is ofc, not us. Do not fall for it! The attached image is how the mail looks like.

~Lemmy World Team.

  • Clbull@lemmy.world
    link
    fedilink
    arrow-up
    40
    arrow-down
    3
    ·
    1 year ago

    Why would they target Lemmy users?

    Your typical Lemming (for lack of a better term) is not technologically inept and would generally not fall for a phishing scam. They’d earn a lot more money from targeting Redditors.

    • I study cybersecurity. Technically inept or not, people in IT fall for phishing all the dam time.

      What I imagine is that they look at popular domains (in this case “lemmy.world”), turn that into a fake app name (“My Lemmy World”) and set up some kind of generic link somewhere. When you do that for enough domains, they’ll strike gold eventually.

      You’re not always at 100% concentration. At some point you’re going to get an email late at night after you’ve had a few shots, or after you’ve woke up from a terrible sleep, or your baby has been waking you up every four hours and your boss is threatening to fire you if you don’t get yourself together, and you’ll make a dumb mistake.

      Sure, most IT people don’t fall for the “this is the company’s password inspector please list all your passwords so I can check if they’re safe” level of scams, but phishing people is remarkably easy if you do it at scale. You send out a million email and less than one percent needs to fall for your scam for your attack to work.

      What’s worse is that because of all of that knowledge, IT people tend to think they’re too smart to get scammed. That’s incredibly useful for scammers, because that means those people will justify their mistakes for longer when they do eventually fall for something like this. Plus, they’re less likely to get help, because their peers who are also Very Smart will probably make fun of them for falling victim of a scam like this. Plus, if you work in IT, you probably make a nice chunk of money, and maybe have some cryptocurrency on your super secure local wallet that an app with the right exploits can steal.

      Emails are practically free and they only need a few mistakes to make a profit. Targeting IT professionals doesn’t increase your probability of success like targeting the elderly does, but it’s still a risk/reward situation that can make you money once you’ve set up your preexisting scam automation.

    • Stalinwolf@lemmy.ca
      link
      fedilink
      arrow-up
      9
      arrow-down
      4
      ·
      edit-2
      1 year ago

      Attention! u/spez demands that you suckle upon his prostate like a thirsty little pig!

      “OMG guys, ^ THIS!”

    • u/unhappy_grapefruit_2@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Aren’t people who use lemmy already or had used reddit I mean lemmy was brought out as an alternative to reddit which many people on reddit flocked to when spezy wezy started doing his you-know-wut

      Plus I’m sure there’s alot of people here whom won’t be as informed about phishing emails

      • Clbull@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        It’s more like there’s a technical barrier for using Lemmy (or any fediverse social media for that matter) and for actually giving a shit about Reddit’s API policy.

        There’s a tendency for more tech-saavy people going to Lemmy.