Cybersecurity Awareness Basics
How to avoid identity theft, frauds, scams and more. Click below for more information.
Read our latest Fraud Newsletter: Citizens Fraud Update Winter 2023
Here Are The Scams People Keep Falling For, According To Reddit
When a Redditor posted, “What’s a scam that so many people fall for without realizing it?” hundreds of replies followed. Here are some scams you need to watch out for.
From “Kim Komando” Albert Khoury (4/11/2023)
Researchers Uncover Thriving Phishing Kit Market On Telegram Channels
In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns.
From “The Hacker News” Ravie Lakshmanan (4/07/2023)
Credential Theft And Prevention: What You Need To Know
Credential theft refers to the theft of user credentials or corporate credentials to gain access to sensitive data or services. Credential theft attacks can happen through phishing emails, malware injection, brute-force attacks, social engineering, and many other ways. The most common types of credential theft involve usernames, passwords, and other authentication factors used to access internet websites and apps.
From “Security Boulevard” Prashant Nirmal (4/05/2023)
How To Defuse Landmines In Your Backup And Recovery Strategy
Landmines in your backup and recovery strategy, really? Really. While we may think more today about the threats to our data due to some type of cyber incident, the reality is we may be more subject to some self-inflicted harm if we aren’t taking a holistic look at our data – all our data!
From “Jack Henry Fintalk” Eric Flick (3/29/2023)
Ads For Fake AI And Other Software Spread Malicious Software
There’s a lot of hype around artificial intelligence (AI) these days. And cybercriminals are taking advantage of people’s interest in AI to spread harmful malware through online ads. The criminals run bogus ads for AI tools and other software on social media sites and on search engines. These savvy cybercriminals can evade detection by systems designed to ferret out malicious advertising. They can also evade anti-virus software.
From “Federal Trade Commission” Alvaro Puig (4/13/2023)
Scareware 101: How To Spot This Dangerous Cyberattack And Protect Yourself
Most scareware pop-ups urge you to click it or else. For example, they’ll say to “click here” to remove the viruses. Since you don’t want your device infected with malware, you might do what the pop-up asks. Unfortunately, clicking on the link will download viruses onto your device. That’s right: You had no viruses on your phone or computer. The pop-up was lying. Cybercriminals manipulate your emotions so they can scare you into action.
From “Kim Komando” Serena O’Sullivan (4/12/2023)
Are You Really The Lucky Winner? Spot The Prize Scams
Sweepstakes, prize, and lottery frauds are among the top scams people report to the FTC. These scams usually start with a call or message that says you’re a winner. (A lie.) They say to get the so-called prize you have to send money or click somewhere to give your information. Don’t. The most recent FTC data shows people reported losing $301 million to this type of fraud. That’s an average loss of $907 per person.
From “Federal Trade Commission” Gama de las Heras (4/10/2023)
ChatGPT Account Takeover Bug Allows Hackers To Gain User’s Online Account
An independent security analyst and bug hunter, Nagli (@naglinagli), recently uncovered a critical security vulnerability in ChatGPT that allow attackers to easily exploit the vulnerability and gain complete control of any ChatGPT user’s account.
From “GB Hackers” Balaji N (4/20/2023)
Rogue QuickBooks, PayPal Accounts Used In Novel Phishing Attacks
Instead of compromising a corporate email account and targeting a top C-suite person, hackers are simply signing up for QuickBooks and PayPal accounts for free and sending thousands of phony invoices with phony phone numbers to mid-level managers and purchasing people as well as attacking small businesses. And it's working.
From “SC Media” Steve Zurier (4/06/2023)
Protect Businesses From The Dangers Of Social Engineering
It’s no secret that social engineering is a powerful tool in a cyber criminal’s arsenal. Threat actors use psychological manipulation to convince unsuspecting users to hand over their passwords, personal information, or money. To date, social engineering attacks have served as the most common tool to gain an initial foothold and perform the lateral movement in the network.
From “Express Computer” Diwaker Dayal (4/06/2023)
What Is Account Takeover Fraud?
Account takeover fraud (ATO) occurs when a criminal takes control of a victim’s online account to steal funds or sensitive information. This can happen when a customer’s login details – such as username and password – are used without permission to access their bank account, credit card, mobile phone account, or eCommerce account. The cybercriminals then make fraudulent transactions from the customer’s account, using sophisticated techniques to remain undetected and avoid raising suspicions from the victim or their bank.
From “Comply Advantage” (3/21/2023)
Warning! Your computer is infected with Black Basta ransomware. Call this phone number right away to fix your computer! - If you saw this warning pop-up on your computer, would you call the phone number?
From “SANS OUCH! Newsletter” (4/05/2023)