#phishing-prevention — Public Fediverse posts

@patrickcmiller : there is nothing sophisticated about this attack; it is business as usual.

I'm tired of C-Level people with thick wallets who know shit.

A zoom in of the screenshot at the top of https://specopssoft.com/blog/phishing-campaign-cisco/ can be seen below.

The browser's address bar clearly shows that http is used (instead of https) but more importantly, the domain name is:

tradixyu.cfd

Instead of complaining and looking for excuses, we need to fix the Internet as I wrote in (among other places) https://todon.nl/@ErikvanStraten/115656812871207370.

#Phishing #PhishingPrevention #GoogleIsEvil #BigTechIsEvil #CloudflareIsEvil #LetsEncryptIsEvil

@maaikees : unfortunately, no. If such a solution would exist, spammers and phisher-(wo)men would immediately start using it.

Using an email provider with a good reputation *or* (evil) big tech is your best bet.

Note: when switching email provider, first make a list of *all* websites where you have an account, either with the old email address as user-ID or another user-ID but where the old email address can be used for password resets.

It's okay to create a new email address (using another provider and domain name), but do not close your old email account until it has been removed (or replaced by your new address) from all websites where it may be used to authenticate you.

My advice: use a password manager (*). Apart from other advantages, if you record in it every site where you enter your email address, you'll have a nice overview of sites that know your email address.

(*) Full list of tips:
Dutch: https://security.nl/posting/912904

English: see the list in https://todon.nl/@ErikvanStraten/115611078608008423

#PasswordManager #AutoFill #PhishingPrevention #Phishing

𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴: 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆𝗶𝗻𝗴 𝗮𝗻𝗱 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗻𝗴 𝗠𝗼𝗱𝗲𝗿𝗻 𝗧𝗵𝗿𝗲𝗮𝘁𝘀

#CyberSecurity #DataProtection #MalwareAwareness #InformationSecurity #RemoteWorkSafety #CyberTraining #TechSecurity #PhishingPrevention

https://youtu.be/HnMBmeyVGlQ

Quishing #Scams: How To Prevent #QRCode Attacks in Your #SMB

#cybersecurity #phishingprevention #quishing

Did you know #QRcodes are now one of the most common sources of #cyberscams?

https://www.youtube.com/watch?v=259I2I5bBIU

Microsoft Outlook is taking bold action by blocking inline SVG images after a staggering 1800% rise in phishing attacks. Could this be the key to safer inboxes?

https://thedefendopsdiaries.com/microsoft-outlook-blocks-inline-svg-images-to-counter-surge-in-phishing-attacks/

#outlooksecurity
#svgphishing
#emailsecurity
#cyberthreats
#phishingprevention

For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.

Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.

DNS is really your friend as a security practitioner.

Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66

#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention