I am guessing that Russia really doesn’t want its citizens to see news from outside of Russia. I’m basing that on this Reuters story where VPNs are to be banned early next year:
Russia’s communications watchdog plans to block Virtual Private Networks (VPNs) from March 1 next year, a Russian senator for the ruling United Russia party said on Tuesday.
Demand for VPN services soared after Russia restricted access to some Western social media after President Vladimir Putin ordered troops into Ukraine in February 2022.
Senator Artem Sheikin said an order from the Roskomnadzor watchdog would come into force on March 1 that would block VPNs.
“From March 1, 2024, an order will come into force to block VPN services providing access to sites banned in Russia,” Sheikin was quoted as saying by state news agency RIA.
Phone calls to the number listed by Roskomnadzor as its press service were answered by a voice message with the Bobby McFerrin song “Don’t Worry Be Happy”. An emailed request for comment got no immediate reply.
Sheikin said that it was particularly important to block access to Meta Platforms, which owns Facebook, Instagram and WhatsApp.
Clearly this is a pretty naked attempt by Russia to control the information that their citizens see. It will be interesting to see if Russian citizens actually obey this order. I suspect that some may not and it will be interesting to see how that is handled.
There’s A Dangerous Microsoft Phishing Email Making The Rounds
Posted in Commentary with tags Microsoft, Phishing on October 8, 2023 by itnerdA reader sent me this email that when I examined it, illustrates how a well done phishing email can be extremely dangerous.
Let’s start with the email:
The look of this email is very well done. It will fool a lot of people. If click on the “Verify Now” link which for the record you should not do, you get this:
To add to the legitimacy of the scam, you have to pass through this fake Cloudflare page. Fun fact. Microsoft doesn’t use Cloudflare to verify connections and protect against denial of service attacks. You next go here:
This is a perfect replication of a Microsoft login screen. Again, this is going to fool a lot of people. And it does some checking to see if an account is likely to be valid. I say that because I originally typed in “fuckyouscammer@hotmail.com” and had that rejected. So I had to go with “screwyouscammer@hotmail.com” to get this password screen:
Again, a very well done replication of a real password screen from Microsoft. And what’s interesting is that it actually checks to see if the password is valid. So that implies that whomever is behind this is really sophisticated and trying to harvest credentials to use for whatever evil purposes that they have in mind.
Now how did I figure out that this email was not from Microsoft, there were a couple of things that caught my eye:
Seeing as Microsoft uses Microsoft.com for all its communications, this email makes it clear that this email is from someone other than Microsoft.
The URL in the fake login page isn’t one that uses Microsoft.com. That’s another sign that this is something that you should be avoiding.
This phishing campaign is clearly aimed at Outlook.com as well as Microsoft 365 users. Thus if you’re in one camp or the other, you need to watch out for this email hitting your inbox as you’re clearly a target. And if you do get this email, delete it and move on with your day.
Leave a comment »