#phishingprevention — Public Fediverse posts

@patrickcmiller : there is nothing sophisticated about this attack; it is business as usual.

I'm tired of C-Level people with thick wallets who know shit.

A zoom in of the screenshot at the top of https://specopssoft.com/blog/phishing-campaign-cisco/ can be seen below.

The browser's address bar clearly shows that http is used (instead of https) but more importantly, the domain name is:

tradixyu.cfd

Instead of complaining and looking for excuses, we need to fix the Internet as I wrote in (among other places) https://todon.nl/@ErikvanStraten/115656812871207370.

#Phishing #PhishingPrevention #GoogleIsEvil #BigTechIsEvil #CloudflareIsEvil #LetsEncryptIsEvil

@maaikees : unfortunately, no. If such a solution would exist, spammers and phisher-(wo)men would immediately start using it.

Using an email provider with a good reputation *or* (evil) big tech is your best bet.

Note: when switching email provider, first make a list of *all* websites where you have an account, either with the old email address as user-ID or another user-ID but where the old email address can be used for password resets.

It's okay to create a new email address (using another provider and domain name), but do not close your old email account until it has been removed (or replaced by your new address) from all websites where it may be used to authenticate you.

My advice: use a password manager (*). Apart from other advantages, if you record in it every site where you enter your email address, you'll have a nice overview of sites that know your email address.

(*) Full list of tips:
Dutch: https://security.nl/posting/912904

English: see the list in https://todon.nl/@ErikvanStraten/115611078608008423

#PasswordManager #AutoFill #PhishingPrevention #Phishing

𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴: 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆𝗶𝗻𝗴 𝗮𝗻𝗱 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗻𝗴 𝗠𝗼𝗱𝗲𝗿𝗻 𝗧𝗵𝗿𝗲𝗮𝘁𝘀

#CyberSecurity #DataProtection #MalwareAwareness #InformationSecurity #RemoteWorkSafety #CyberTraining #TechSecurity #PhishingPrevention

https://youtu.be/HnMBmeyVGlQ

𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴: 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆𝗶𝗻𝗴 𝗮𝗻𝗱 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗻𝗴 𝗠𝗼𝗱𝗲𝗿𝗻 𝗧𝗵𝗿𝗲𝗮𝘁𝘀

#CyberSecurity #DataProtection #MalwareAwareness #InformationSecurity #RemoteWorkSafety #CyberTraining #TechSecurity #PhishingPrevention

https://youtu.be/HnMBmeyVGlQ

𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴: 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆𝗶𝗻𝗴 𝗮𝗻𝗱 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗻𝗴 𝗠𝗼𝗱𝗲𝗿𝗻 𝗧𝗵𝗿𝗲𝗮𝘁𝘀

#CyberSecurity #DataProtection #MalwareAwareness #InformationSecurity #RemoteWorkSafety #CyberTraining #TechSecurity #PhishingPrevention

https://youtu.be/HnMBmeyVGlQ

𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴: 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆𝗶𝗻𝗴 𝗮𝗻𝗱 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗻𝗴 𝗠𝗼𝗱𝗲𝗿𝗻 𝗧𝗵𝗿𝗲𝗮𝘁𝘀

#CyberSecurity #DataProtection #MalwareAwareness #InformationSecurity #RemoteWorkSafety #CyberTraining #TechSecurity #PhishingPrevention

https://youtu.be/HnMBmeyVGlQ

For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.

Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.

DNS is really your friend as a security practitioner.

Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66

#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention

Mastering Cybersecurity: How to Protect Yourself from Phishing and Smishing Scams

1,428 words, 8 minutes read time.

Cybersecurity is more important than ever in today’s digital world. As technology continues to evolve, so do the methods cybercriminals use to exploit unsuspecting individuals. One of the most prevalent and dangerous types of cyber attack is phishing—and a particularly sneaky variation, smishing, which targets you via text messages. These scams can lead to significant personal and financial loss, but understanding how they work and knowing how to protect yourself is key to staying safe online.

In this post, we’ll walk through the basics of phishing and smishing, how these scams work, and most importantly, how you can safeguard yourself from falling victim to these deceptive attacks.

1. Understanding Cybersecurity and Why It Matters

Before diving into phishing and smishing scams, it’s essential to grasp the broader concept of cybersecurity. At its core, cybersecurity is the practice of protecting your personal, financial, and sensitive information from cybercriminals, hackers, and malicious software. The goal is to ensure the confidentiality, integrity, and availability of your data, meaning your information should only be accessed by those who are authorized, and it should be kept secure from tampering or loss.

As our world becomes increasingly digital, the threats to our online security also grow. Cybercriminals use a variety of techniques to steal data, gain access to accounts, and commit fraud. Phishing and smishing are two of the most common, and they can have devastating consequences if you’re not vigilant.

2. What is Phishing and Smishing?

Phishing

Phishing is a type of cyber attack where scammers send fraudulent messages—typically through email—that appear to be from a legitimate organization, like your bank, the government, or a trusted online retailer. These messages often include links that lead to fake websites designed to steal your personal information. The emails may claim that you need to update your account information, resolve a billing issue, or confirm a transaction. The goal? To trick you into entering your username, password, or credit card number.

Smishing

Smishing is the SMS (text message) version of phishing. In this scam, cybercriminals send text messages that appear to come from legitimate sources, such as government agencies, toll services, or postal delivery companies. The message will typically inform you of an “unpaid invoice” or a “fee” that requires immediate attention. You’re then encouraged to click on a link that takes you to a fake website, where you may be asked to enter sensitive information.

Both phishing and smishing exploit the same tactics: impersonating a trusted entity, creating a sense of urgency, and directing you to a fake website or form to steal your personal information.

3. How Phishing and Smishing Scams Work

While phishing and smishing may seem like sophisticated attacks, their methods are relatively simple, yet highly effective. Here’s how they typically unfold:

Step 1: You Receive a Message

A phishing or smishing scam begins with a message that appears to come from a familiar, trustworthy source. The email or text might look legitimate because it includes logos, official language, and even your name or other personal details. You might receive a notification claiming there is an unpaid toll fee, an overdue invoice, or a problem with your bank account.

Step 2: You’re Asked to Click on a Link

The message will often contain a link that prompts you to click. This is where the scam turns dangerous. In a phishing email, the link will take you to a fake website that looks nearly identical to a legitimate one. In a smishing text, clicking the link will lead you to a fraudulent page designed to capture your personal information.

Step 3: You Enter Personal Information

If you fall for the scam, you’ll be prompted to enter sensitive data such as login credentials, credit card numbers, or personal identification numbers (PINs). The criminals behind these attacks use this information for identity theft, financial fraud, or selling your data on the dark web.

Step 4: The Scamsters Profit

Once the scammers have your information, they can use it to make unauthorized purchases, steal your identity, or access your financial accounts. In the case of smishing, your phone number might be sold to other cybercriminals, or they may use it to perpetrate additional scams.

4. Red Flags to Look Out For

Phishing and smishing attacks can be incredibly convincing, but there are several warning signs you can look for to help you identify a scam. Here are a few common red flags to watch out for:

• Urgency or Threats: Scammers often create a sense of urgency, claiming that you must act immediately to avoid penalties or lose access to your account.
• Suspicious Links: Always hover over a link to see where it leads. Scammers often use slightly misspelled URLs or obscure domains that look similar to the legitimate website’s domain but are not quite right.
• Generic Greetings: A legitimate organization will address you by name, whereas scammers may use generic greetings like “Dear Customer” or “Dear User.”
• Unusual Requests: Be wary of requests to enter personal or financial information via email or text message. Legitimate companies usually don’t ask for sensitive data this way.

5. How to Protect Yourself from Phishing and Smishing Scams

Protecting yourself from these types of attacks requires vigilance, awareness, and adopting a few simple but effective practices. Here’s what you can do:

a. Never Click on Links in Unsolicited Messages

Whether the message comes by email or text, avoid clicking on any links from unknown or suspicious sources. If you think the message might be legitimate, go directly to the official website or app by typing the URL into your browser.

b. Check the Sender’s Email Address or Phone Number

Scammers often use email addresses or phone numbers that look similar to legitimate ones but have small differences. Verify the sender’s details before responding or taking any action.

c. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your online accounts. Even if a scammer manages to steal your password, they won’t be able to access your account without the second factor of authentication, usually a temporary code sent to your phone or email.

d. Use Strong, Unique Passwords

Always use strong passwords that are difficult to guess and unique for each of your online accounts. Password managers can help you generate and store complex passwords securely.

e. Regularly Update Your Software

Keep your operating system, browsers, and apps up to date. Software updates often include important security patches that protect against new vulnerabilities.

f. Educate Yourself and Stay Informed

Stay up to date with the latest cybersecurity trends and learn about common scams. Knowledge is one of your best defenses against phishing and smishing attacks.

6. What to Do if You’ve Fallen for a Phishing or Smishing Scam

If you’ve clicked on a suspicious link or entered sensitive information, don’t panic. Here’s what you can do:

• Immediately change your passwords for any affected accounts, especially your bank or email accounts.
• Contact your bank or credit card company if you suspect financial fraud, and monitor your accounts for any unauthorized transactions.
• Report the scam to your local authorities or relevant organizations, such as the Federal Trade Commission (FTC) or your country’s cybersecurity agency.
• Run a full antivirus scan on your devices to check for malware or malicious software that may have been installed.

7. Conclusion: Stay Safe and Stay Informed

Phishing and smishing are dangerous but preventable threats. By staying informed, being cautious with your personal information, and using good cybersecurity practices, you can protect yourself from these types of scams.

Remember, always verify any unsolicited messages before taking action. Never let urgency cloud your judgment, and never share sensitive information through email or text messages unless you are 100% sure the source is legitimate.

For more tips on how to protect your digital life, subscribe to our newsletter and stay up to date with the latest cybersecurity advice. Your safety online is only a few simple steps away.

D. Bryan King

Sources

• Cybersecurity & Infrastructure Security Agency (CISA)
• United States Computer Emergency Readiness Team (US-CERT)
• Federal Trade Commission – Identity Theft
• Australian Cyber Security Centre
• SecureWorks Cybersecurity Education
• BBC Technology News
• Help Net Security
• Kaspersky Resource Center
• SANS Institute
• CNBC – Cybersecurity News
• Norton LifeLock Blog
• BrightTalk – Cybersecurity Webcasts
• Digital Trends – Security
• CNET – Tech Services & Software

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

#avoidPhishing #cybersecurity #cybersecurityAdvice #cybersecurityGuide #CybersecurityTips #digitalSafety #emailProtection #emailScams #emailSecurityTips #fakeWebsites #financialSecurity #howToAvoidSmishing #howToSpotPhishing #identityTheftProtection #internetSecurity #mobileSecurity #onlineFraud #onlineScamProtection #OnlineSecurity #passwordManager #phishingAttacks #phishingDangers #phishingDetection #phishingEmail #phishingEmailsTips #phishingLinks #phishingPrevention #PhishingScams #phishingScamsWarning #phishingWebsite #protectAccountsOnline #protectAgainstPhishing #protectDataOnline #protectingPersonalInformation #safeInternetBrowsing #safeTextMessages #scamAlerts #scamAwareness #scamPreventionTips #secureEmail #secureOnlinePractices #securePasswords #secureYourPhone #securingYourInformation #smishingDangers #smishingDetection #smishingProtection #smishingScams #SMSSecurity #spottingPhishingScams #textMessageScams #TwoFactorAuthentication