Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Phishing or bribing an employee at a domain registrar. Phishing you to get your password and then bribing or social-engineering someone at the phone company to forward your SMS-based 2FA codes to them. Waiting for you to forget to renew your domain and then registering it.


> Phishing or bribing an employee at a domain registrar.

Okay? I don't think anyone would go to that trouble.

> Phishing you to get your password and then bribing or social-engineering someone at the phone company to forward your SMS-based 2FA codes to them.

Seems unlikely, I never log into my registrar's website. I do often have to enter my Google password though!

> Waiting for you to forget to renew your domain and then registering it.

It's auto-renewing.


It often surprises people what effort someone will go to to steal their identity.

Consider that you have a github account. You might be in the supply chain for a bit of code someone needs to read or backdoor to attack a company that you've never heard of. Github is a harder target though.

The scary ones are the real estate funds redirectors. They just need to be in your inbox for a little bit and boom, hundreds of thousands of $ gone because people don't take the time to re-verify bank account details by in person.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: