I've noticed on some scam forums and subreddits I frequent that scammers have been using target site's own support searches to redirect users to scam phone numbers.<p>On both Ticketmaster and Facebook, and many other sites, when you perform a search on their support site it spits back your query in big letters at the top of the page. If you craft the correct search and then buy Google Ads pretending to be Ticketmaster, then you can redirect users to your call center and scam them. And because they link for your ad actually links to Ticketmaster the ad passes validation and appears to be a legit link in the eyes of Google.<p>Example of a crafted search term: <a href="https://help.ticketmaster.com/hc/en-us/search?utf8=%E2%9C%93&query=%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D+Need+Ticketmaster+Support%3F+Call+this+phone+number+-%3E+1-888-BIG-SCAM+%3C-++%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D+" rel="nofollow">https://help.ticketmaster.com/hc/en-us/search?utf8=%E2%9C%93...</a>
Among the common vulnerabilities listed:<p>> Outdated Wordpress plugins and CMS systems<p>No surprise, having worked in edu the following scenario was very common:<p>1) Researcher gets a grant for a project<p>2) Grad student sets up a Drupal site for the project<p>3) Things are maintained and updated for a couple of years<p>4) Grant runs out, project wraps up, student graduates, everyone forgets about the server which sits unattended and unmaintained.<p>Still happens, but most universites have really clamped down on the ability to just stand up a web server on the network. Many are requiring everything to be on a centrally managed enterprise CMS which is a PITA but that's the fallout for too much sloppy administration.
> Norton, Kaspersky, Zscaler, F-secure, NordVPN, Virustotal, Palo Alto: all of them marked these links as safe.<p>This is sad to see, these tools are forced down so many companies in name of "compliance" while totally not worth the maintenance and cost overhead. Apparently they haven't got any better in the last decade.
These days most "cyber" crimes are commited by corporations against their customers/users (just like most theft is wage theft). These small fish/phish putting sites on exploited servers are a drop in the bucket. It is sad when some university resource gets shut down because they didn't mantain it after the grad student that set it up graduates though. We really need to teach the people that set up these things to use .html pages instead of dynamic languages and databases.
><p>I have been advised not to disclose specific vulnerabilities since the parties involved are not most friendly and transparent in handling security reports. While most of these got reported and some even got fixed, I can only disclose high-level details of the compromise path. Some just ghosted me after conveniently fixing the flaws, and one even gave me a phone call, which was somewhat scary and perhaps not worth the adrenaline.<p>What an unprofessional sysadmin move, borderline infuriating.
Honestly you are always (half) a step behind and that’s for the worst cyber criminals cause the state sponsored ones are multiple steps ahead.<p>It’s very interesting to look at from the outside, thanks for sharing.
I am surprised no one mentioned using LLMs to spell and grammar check their emails and vibe-code bank landing-pages to continue a more polished version of scamming elderly people out of their life savings.
Is it just me or is cybersecurity... Calming down? I feel like a few years ago there was constant news of ransomware, intrusions, vulnerabilities, etc, but more recently the defensive side seems to have the upper hand.
damn, i remember seeing old servers just getting dusty and full of holes after the student left. kinda crazy how much messy stuff is hiding in corners like that lol