Let's talk #phishing on #nostr
The art of the catch is in being as deceitful as possible and mimicking something familiar that your target takes the bait.
Nostr clients (at least the web ones) allow you to login to someone else's account as read-only mode.
You can see their notifications and even see who has messaged them. It's even possible to know who the target replied back to, as standard message bubbles give it away.
https://imgur.com/a/uraDw64
Of course, the contents of messages cannot be read, as they're encrypted.
But, if you're farming for victims to pwn, and you see they DM'd an "influencer", it'd be easy to create a clone account of the influencer, register a near-match domain, get it NIP-05'd and then send your targets a DM.
I'd venture to guess not many (at least not many of the technologically inept) would take the time to validate the pubkey.
It would be great if there could be some sort of secondary auth for viewing notifications/messages when in read-only mode. Not the privkey, but a password or something else only the account owner would know.
This way, the account can remain in read-only mode without the ability to sign messages, but the things that should remain private, stay private and less susceptible to being used as phish bait.
As the saying goes, "trust, but verify". Stay vigilant #nostriches and ensure whoever DMs or replies to you is really who you think it is. There will always be malicious actors, but you can prep to combat them!
Lux /
npub16j…733sv
2023-02-19 07:29:13
Author Public Key
npub16jdfqgazrkapk0yrqm9rdxlnys7ck39c7zmdzxtxqlmmpxg04r0sd733svPublished at
2023-02-19 07:29:13Event JSON
{
"id": "39456cffc0ef7a1a9f3880e9f0fe4bb8088f1257fd7cf236094c1762e26cfd04",
"pubkey": "d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df",
"created_at": 1676791753,
"kind": 1,
"tags": [
[
"t",
"phishing"
]
],
"content": "Let's talk #phishing on #nostr\n\nThe art of the catch is in being as deceitful as possible and mimicking something familiar that your target takes the bait.\n\nNostr clients (at least the web ones) allow you to login to someone else's account as read-only mode.\n\nYou can see their notifications and even see who has messaged them. It's even possible to know who the target replied back to, as standard message bubbles give it away.\n\nhttps://imgur.com/a/uraDw64\n\nOf course, the contents of messages cannot be read, as they're encrypted.\n\nBut, if you're farming for victims to pwn, and you see they DM'd an \"influencer\", it'd be easy to create a clone account of the influencer, register a near-match domain, get it NIP-05'd and then send your targets a DM.\n\nI'd venture to guess not many (at least not many of the technologically inept) would take the time to validate the pubkey.\n\nIt would be great if there could be some sort of secondary auth for viewing notifications/messages when in read-only mode. Not the privkey, but a password or something else only the account owner would know. \n\nThis way, the account can remain in read-only mode without the ability to sign messages, but the things that should remain private, stay private and less susceptible to being used as phish bait.\n\nAs the saying goes, \"trust, but verify\". Stay vigilant #nostriches and ensure whoever DMs or replies to you is really who you think it is. There will always be malicious actors, but you can prep to combat them!",
"sig": "a881e057a095b9c5d89267a3615c1a9796f1cfb83e7de11e7a7dc5ca32b6696c648ed231dcef56064098b83a997db5160aae47b3f2567f562d0ccbf91c770b13"
}