Hello and welcome to the Tuesday, February 28, 2023 edition of the Sands and its Storms, Stormcast.

My name is Johannes Ulrich and today I am recording from Jacksonville, Florida.

Quick diary today by Xavier.

Xavier came across a zip file that contained lots and lots of

phishing pages, essentially HTML pages, ready to go in order to impersonate many important

brands and then submit credentials to a collection site. He mentioned that not all of the collection sites were actually still valid or completely

configured, but this is sort of the kind of fishing kit that someone would then use in order

to quickly create multiple lookalike sites.

And a full list of impersonated brands can be found in the diary that Xavier wrote.

And the Wall Street Journal had an article that was heavily quoted and reposted about some

thefts that apparently are first observing the victim entering a pin or other

a password into a mobile device to unlock it, and then later after they observed the victim,

they will then steal the device, of course, giving them full access to the device.

Well, aside of all the commentary out here, I think one of the big stories here is also

that your mobile device often is essentially the gateway to your digital life.

So if an attacker does obtain access to your device, they often have access to all of your documents, financial accounts, and more even identity

documents and the like.

While these cases still are somewhat rare, it's something that you may want to think about

if you, for example, completely rely on cloud storage for all of your

personal information, maybe having an on-premise copy of some of the more important data,

also being able to quickly change things like passwords for banking accounts, maybe something to consider here as a backup,

as it's probably not really possible to perfectly secure a mobile device that you keep carrying around with you.

...