Q&A A site only detected by Kaspersky and Netcraft

SeriousHoax

Level 43
Verified
Top poster
Well-known
Mar 16, 2019
3,233
The problem is when the page doesn't display correctly or doesn't work properly, in which case you need to enable more scripts and then the user has little clue of whether to enable or not the malicious script, unless they try scripts one by one, starting from same domain, only cautiously expanding to 3rd domains etc -- but this approach is a quite a slow one.
You're right and that's why I don't recommend it to everyone. I was just pointing out its usefulness. Since that particular third party script isn't necessary for any function on that website, users who use script blocker extensions wouldn't have enabled that and stayed protected.
 

JB007

Level 25
Thread author
Verified
Top poster
Well-known
May 19, 2016
1,445
Hello,
It is currently very dangerous to order Champagne online in France ;)
Again detection by Kaspersky(y) but I can order with PayPal:)
champagne.PNG
 

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,693
I am curious about the
FYI: Edge Chromium gives "Insecure content blocked" message in address bar, unlike the full screen alert from Netcraft.

I am curious to know how this shield alert in Edge address bar is generated, i.e. what process it was. It was neither a normal Smartscreen nor Windows Defender alert. Maybe related to PUA browser settting? Can someone with more technical knowledge (@Andy Ful @SeriousHoax @Umbra anyone) please help me understand what's happening here? 🤔
 
Last edited:
F

ForgottenSeer 823865

I am curious about the


I am curious to know how this shield alert in Edge address bar is generated, i.e. what process it was. It was neither a normal Smartscreen nor Windows Defender alert. Maybe related to PUA browser settting? Can someone with more technical knowledge (@Andy Ful @SeriousHoax @Umbra anyone) please help me understand what's happening here? 🤔
Could just be built-in smartscreen designed to show up differently.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,966
No, I did not 🍾
Well I did, and not super easy to find a replacement that would be better safe in general considering for example their software platform etc.

Also I have no idea how well, or bad they would in the end deliver. It seems a bit late now IMO to get anything online before Christmas. You should probably use their phone number to get a better answer. I sent the link in a PM.
 

notabot

Level 15
Oct 31, 2018
734
It's interesting, whenever I've come across hijacked ( or even hacked ) sites, it's always been a specialty/niche online retailer as well.
For someone with safe browsing habits, specialty & niche retailers are probably the most risky sites they'll come across.

I actually been curious about Revolts card/system as I seen a few local good reviews.

You can do granular control on your card. E.g. you can block the card for online transactions but leave it working for chip & pin or contactless. You can also place location restrictions, that card point of use matches your location etc.

I think it's great for travelling (super easy to convert FX, plus who trusts their card to agents a foreign country they've never visited before - with Revolut you disable right after use and re-enable on demand).

It's also great for buying stuff online when the website is a niche one and cannot afford to hire Amazon's security team. I feel this approach is more practical than hoping for a suite to detect every possible card skimmer injection.
 

notabot

Level 15
Oct 31, 2018
734
Just to add, you can also make virtual cards on the fly from your mobile. E.g. buy champagne from niche retailer with a virtual card (visa debit, not credit), pay for it then delete the card entirely. And of course you can set limits on the virtual card so even an instantaneous attack would fail.

skimmers are really a non-issue with virtual cards. Give your "normal" card to Google, Amazon, Netflix where it's likely to be safe and for smaller fish, with smaller security teams, use virtual cards. Can't get more secure than that.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,966
Just to add, you can also make virtual cards on the fly from your mobile. E.g. buy champagne from niche retailer with a virtual card (visa debit, not credit), pay for it then delete the card entirely. And of course you can set limits on the virtual card so even an instantaneous attack would fail.

skimmers are really a non-issue with virtual cards. Give your "normal" card to Google, Amazon, Netflix where it's likely to be safe and for smaller fish, with smaller security teams, use virtual cards. Can't get more secure than that.
I agree but, this was interesting.
And then he waited. For about two hours. That’s how long it took for the bait to be nibbled on, with one of those small transactions made by fraudsters’ bots and scripts. The crooks test whether the payment card information is valid, by using a stolen card on merchant sites that automatically respond with a detailed reason for why a given card is declined. Two hours was actually pretty slow, Greenwood said. The prepaid card was eventually used at the site for a well-known UK British retailer.