I hate scumbags like this, but I have to have some respect for decent craft.
Discussion
Loading...
@neurovagrant huh. I thought it was a warning about sea level rise.
@neurovagrant @monoxyd Got that one, too. This is a huge campaign. They pretended to add an lgbtq banner before. Probably the new strategy is "rage phishing". https://tldr.nettime.org/@leitmedium/115865040267681231
@neurovagrant fuck. I would definitely fall for that one
@AuntyRed Stay frosty out there. It's a great time for bastards.
@neurovagrant im curious is this a targeted attack only at those who aren't cool with horrendous shit being done to people on a daily basis in the name of some imaginary line in the sand
@Li nah it's wider than that - there are legit samples trying to ragebait the rigth as well
@neurovagrant
Hah, they are playing both sides on this.
The previous variant talked about a Black Lives Matter footer for a month.
@ftg Yep I've now seen "Support LGBT+" variants as well as general technical ones. Definitely a wider campaign than at first glance.
@neurovagrant @ftg The bad guys have been stomping around Sendgrid's servers for at least eleven months. I've probably gotten over 100 of them. Here's my thread: https://ruby.social/@jamiemccarthy/115728934673241939
@neurovagrant same scam but different targets, previous I've seen include threatening Pride banners, commemorating a trans women's death, celebrating Black Lives Matter, to trigger MAGA types. I've been wondering what the converse would be so thanks 🙂
@neurovagrant why would someone want to donate to a government institution? Isnt that what taxes are for?
@comrad The emotional manipulation involve specifically targets irrational actors, so trying to make sense of it is crazymaking.
@neurovagrant I fucking hate this world, man...
@nyanbinary yup. Been swearin all morning about this.
@neurovagrant That is innovative. Got to give them props for the grift. Still hope non of my users fall for it.
A victimless crime. No actual human beings will be harmed
@neurovagrant when opportunity knocks
@neurovagrant s/clever/evil/
@neurovagrant I wonder whether anyone on their team has extensive social media management experience. Optimizing posts to maximize engagement, usually through rage-bait, has been a thing there for years. It's one of the worst aspects (in my opinion) of algorithmic social media, and it should not be allowed to catch on in other industries.
@neurovagrant Daaaaang they're getting crafty!
@neurovagrant Very clever, very evil.
@neurovagrant Peak social engineering.
@neurovagrant 👋 I have also been receiving these messages. I have sent you the ones I still have as an attachment to the email you shared in this thread.
@neurovagrant I could see myself falling for that.
I've been receiving these phishing emails for a while now. I saw this one this morning!
@neurovagrant so: DO NOT CLICK SETTINGS, because it is fake
@neurovagrant I’ve gotten these from other email providers as well. The email looked legit based on headers (DMARC, SPF.)
@neurovagrant I saw one two weeks ago about having rainbow templates on all customer emails to support lgbtq+ rights unless you click the link.
@drewdaniels You wouldn't happen to have the email headers or content from that email, would you?
:D
@neurovagrant I can’t seem to find that one, but I got a new one this morning about Sendgrid’s authentication changing to sinch by the end of the month. From “Sendgrid” but the from address was noreply at nysar.org
@neurovagrant @drewdaniels share with the class plz 
@neurovagrant I'll take stupid human tricks for 500 Alex.
I hate scumbags like this, but I have to have some respect for decent craft.
So here's the historical pDNS and domain data for sender domains in the headers of these emails from the samples I have.
SendGrid UPNs have been a bust so far, but guessing the attack isn't something to really write home about, but I'd like to see this group in particular inconvenienced for the ragebait aspect.
@neurovagrant
Someone needs to do this to target MAGA. Just say "Your [gun related thing] will not include [something'woke'] and click to opt out and also include a feedback link. No way is MAGA going to pass up a chance to tell some lefty what for.
Inclusion of a domain doesn't necessarily indicate malicious actions on the part of the domain's owners.
Guessing it's a mix of compromised domains, and active domains with an exploitable misconfiguration common to cloudflared domains that opens their relay up, though I don't know one off the top of my head.
@neurovagrant Wow, that's annoyingly clever.
In unrelated news, i was reflecting this morning on how "sad sack of shit" was probably one of my favourite insults.
@neurovagrant i often find myself both disgusted at the depravity of some cybercriminals, yet impressed by their technical skill.
@neurovagrant #ty for reading the toxic positivity site so i do not have to 🙃
and i def tip my hat to those threat actors. brilliant emotional manip!