SeriousHoax

Level 18
Verified
Malware Tester
The problem is when the page doesn't display correctly or doesn't work properly, in which case you need to enable more scripts and then the user has little clue of whether to enable or not the malicious script, unless they try scripts one by one, starting from same domain, only cautiously expanding to 3rd domains etc -- but this approach is a quite a slow one.
You're right and that's why I don't recommend it to everyone. I was just pointing out its usefulness. Since that particular third party script isn't necessary for any function on that website, users who use script blocker extensions wouldn't have enabled that and stayed protected.
 

oldschool

Level 42
Verified
I am curious about the
FYI: Edge Chromium gives "Insecure content blocked" message in address bar, unlike the full screen alert from Netcraft.
I am curious to know how this shield alert in Edge address bar is generated, i.e. what process it was. It was neither a normal Smartscreen nor Windows Defender alert. Maybe related to PUA browser settting? Can someone with more technical knowledge (@Andy Ful @SeriousHoax @Umbra anyone) please help me understand what's happening here? 🤔
 
Last edited:

Umbra

Level 25
Verified
I am curious about the


I am curious to know how this shield alert in Edge address bar is generated, i.e. what process it was. It was neither a normal Smartscreen nor Windows Defender alert. Maybe related to PUA browser settting? Can someone with more technical knowledge (@Andy Ful @SeriousHoax @Umbra anyone) please help me understand what's happening here? 🤔
Could just be built-in smartscreen designed to show up differently.
 

upnorth

Level 39
Verified
Trusted
Content Creator
No, I did not 🍾
Well I did, and not super easy to find a replacement that would be better safe in general considering for example their software platform etc.

Also I have no idea how well, or bad they would in the end deliver. It seems a bit late now IMO to get anything online before Christmas. You should probably use their phone number to get a better answer. I sent the link in a PM.
 

notabot

Level 15
It's interesting, whenever I've come across hijacked ( or even hacked ) sites, it's always been a specialty/niche online retailer as well.
For someone with safe browsing habits, specialty & niche retailers are probably the most risky sites they'll come across.

I actually been curious about Revolts card/system as I seen a few local good reviews.
You can do granular control on your card. E.g. you can block the card for online transactions but leave it working for chip & pin or contactless. You can also place location restrictions, that card point of use matches your location etc.

I think it's great for travelling (super easy to convert FX, plus who trusts their card to agents a foreign country they've never visited before - with Revolut you disable right after use and re-enable on demand).

It's also great for buying stuff online when the website is a niche one and cannot afford to hire Amazon's security team. I feel this approach is more practical than hoping for a suite to detect every possible card skimmer injection.
 

notabot

Level 15
Just to add, you can also make virtual cards on the fly from your mobile. E.g. buy champagne from niche retailer with a virtual card (visa debit, not credit), pay for it then delete the card entirely. And of course you can set limits on the virtual card so even an instantaneous attack would fail.

skimmers are really a non-issue with virtual cards. Give your "normal" card to Google, Amazon, Netflix where it's likely to be safe and for smaller fish, with smaller security teams, use virtual cards. Can't get more secure than that.
 

upnorth

Level 39
Verified
Trusted
Content Creator
Just to add, you can also make virtual cards on the fly from your mobile. E.g. buy champagne from niche retailer with a virtual card (visa debit, not credit), pay for it then delete the card entirely. And of course you can set limits on the virtual card so even an instantaneous attack would fail.

skimmers are really a non-issue with virtual cards. Give your "normal" card to Google, Amazon, Netflix where it's likely to be safe and for smaller fish, with smaller security teams, use virtual cards. Can't get more secure than that.
I agree but, this was interesting.
And then he waited. For about two hours. That’s how long it took for the bait to be nibbled on, with one of those small transactions made by fraudsters’ bots and scripts. The crooks test whether the payment card information is valid, by using a stolen card on merchant sites that automatically respond with a detailed reason for why a given card is declined. Two hours was actually pretty slow, Greenwood said. The prepaid card was eventually used at the site for a well-known UK British retailer.