#vishing

A vishing operation using adversary-in-the-middle tactics is intercepting credentials and multi-factor authentication tokens in real time, then hijacking Microsoft 365 and Okta accounts to gain persistent access across major SaaS platforms.

Source: Google Threat Intelligence Group

Walked to Arena Shopping Park in the pouring rain to buy Puppy Toilet Training pads at Poundland, then on to Harringay station. (1.1 miles)

Rail: Harringay to Streatham

Shopping at Tesco, then bus (50) to Becmead Avenue

I found my mother in the gloom clutching a letter from Acorn Stairlifts. She was fixated on the offer of a £50 reward if she referred someone to get a stairlift. I said, “You don’t know anyone that needs a stairlift.” (She probably once did, but now they are mostly dead, or if not, already have one.) But she wouldn’t have it. Eventually, when I said I was going to put the shopping in the fridge, she said I should put the letter there as well. I said, “We don’t put letters in the fridge. We put food in the fridge.” “That’s true,” she quickly replied.

Later, the phone rang, and I soon regretted answering it as it was a woman named Monica with a thick accent saying that a warranty on my mother’s washing machine was up for renewal. I was straight away dubious that this was genuine, but I listened, reluctantly, to sales patter about policy benefits and a telephone no. for engineer call-out. Then she passed me over to a man who said his name was Johnny, and it was more spiel about benefits, and did I want to add any more appliances to the policy. Finally, he moved on to asking for card details. I said that I didn’t want to provide such details over the phone and could he put something in writing, but he said they only sent promotional material in the mail. I responded that I would need to discuss the matter with my mother, and he said that was fine and he could call back in 10 minutes. I said that I wouldn’t be there (checkmate), so he gave up, saying he’d call back some other time. If he does call and my mother answers it, she won’t tell him anything to his advantage as she doesn’t know the card no. or other details necessary for any scam to succeed. But no doubt it would cause her some anxiety, which she could do without.

***

Soon after I left the house, it began to rain heavily again, so I thought I’d go to the Wetherspoon’s on the High Road (The Holland Tringham). I had something to eat and a pint of Sambrook’s Junction (good). I originally only planned to have one pint, but an hour later it was still pouring with rain, so I thought I’d wait it out in hopes of the rain stopping, which it eventually did. There was a notice pinned on the wall saying all ales were reduced to 99p once more following the announcement of Tier 3 restrictions from Wednesday. For my second pint I had Ruddles bitter, which only costs £1.29 at full price, so not much of a saving, but it was very good – tasted fresh.

I’m a fan of Wetherspoon’s but the Holland Tringham not so much. It’s a bit dowdy and seems to attract a higher ratio of rather washed-up-looking, decrepit customers (of course, I’m not far off being one of them myself, so I shouldn’t complain). At a nearby table, two somewhat elderly women who had long finished their drinks (and, presumably, mandatory meals) were playing cards endlessly. One of them kept coughing, which made me feel slightly uneasy.

By the time I’d finished my beer, it was past 8.00 pm, so too late to walk all the way home. Not that I would have really wanted to, because I’d done 16 miles on Friday and 10 miles on Saturday and was wary of bringing on a bout of tendonitis, or whatever it is that I suffer from periodically (various pains in my right hip, knee and shin). Instead, I thought I’d just walk to Trafalgar Square, which would be around 8 miles, and I could get the bus home from there.

The rain had only just stopped, so the pavements were still soaking wet and dotted with puddles, plus the streets had completely emptied out to almost lockdown levels. That, and the fact I was slightly buzzing from the alcohol, meant the first four or five miles were quite exilharating, before I started to tire a little. I couldn’t be bothered to think of different routes, so I mostly just walked the same way as on many previous occasions:

Prentis Rd., Garrad’s Rd., Abbotswood Rd., Drewstead Rd., across Tooting Common to Emmanuel Rd., Radbourne Rd., Weir Rd., Clarence Ave., Poynders Rd., Rodenhurst Rd., Hambalt Rd., Elms Crescent, Elms Rd., across Clapham Common to Cedars Rd., Queenstown Rd., Chelsea Bridge, Grosvenor Rd., Claverton St., Denbigh St., Churton St., Tachbrook St., Longmoore St., Wilton Rd., Victoria, Sir Simon Milton Sq., Warwick Row, Palace St., Buckingham Gate, Birdcage Walk, Great George St., Parliament Square, Whitehall, Trafalgar Square (8.0 miles)

Bus: 29 to Harringay

Weather: heavy rain in the afternoon and again in the early evening, but dry later; mild; light winds

Modern phishing kits now sync fake login pages live during scam calls, letting attackers steer victims and bypass MFA in real time.

Source: Okta

La Guardia Civil, en el marco de la operación “Lorath”, ha desarticulado una organización criminal especializada en estafas telemáticas y blanqueo de capitales. En total, 15 personas han sido detenidas, -ocho hombres y siete mujeres de entre 19 y 55 años-, vinculadas presuntamente a una trama que operaba en distintas provincias del territorio nacional. La investigación se inició tras la denuncia…