A NEW SCAM ON TUMBLR.
so, i was going through my notifications 10 minutes ago. and i came across this notification amongst a few others:
it already looks suspicious. tumblr doesn't usually inform people of security breaches by tagging them in public posts.
i opened the notification.
there were 45+ other comments mentioning dozens of people of "suspicious activity", about which they had to take several steps immediately.
and that was the moment i knew this is a phishing aimed to attack devices and harvest credentials.
because take a look at the post of @1255128758912896 blog:
seem off? it is. it baits people into believing that if the so-called "restriction" (that wasn't imposed at all, because this is fake) is false, they will get two weeks of tumblr premium subscription free.
and take a closer look at the "link", which seems so straightforward:
the plain text is linked to an entirely different website, which i copied instead of opening. this:
https: //age - verif.cfd/6W7G3N8U7
i added spaces in between so it doesn't open automatically. .cfd websites are notorious for scam/phishing campaigns.
even opening the link can expose:
IP and device data
browser vulnerabilities
notification spam permissions
fake CAPTCHA malware
auto-downloads
trudging further ahead and clicking things in the website can:
install malware
steal card details
collect emails and passwords
push fake investment schemes
please be careful with such phishing blogs. all reblogs are turned off and comments are deleted of this post so newcomers remain unaware. this is my first time seeing one, but it can look convincing to some.
tagging my some of my mutuals here.
@fedyas-damsel @literatureloverx @nerdyloverparadise @m1rs101 @b1rd-0f-w4r @melancholic-whimsy @lily-of-knossos @barbies-favourite-silhouette @maroontragedy @transchuu1stbeliever @emconan @lemunati @avanunez @liliesareblooming
PLEASE REBLOG TO SPREAD AWARENESS.
(again, no pressure, but it's highly appreciated! <33)














