Remember that cybercriminals often imitate trusted brands to trick you into letting your guard down. Always inspect emails, messages, and websites carefully for subtle signs of fakery. When in doubt, go directly to the company’s official site instead of clicking provided links. Staying alert to brand impersonation helps you avoid phishing scams and protect your personal information. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Sharing passwords in plain text is very risky, as they can be easily seen, copied, or stored in unsafe places without your knowledge. Credentials sent via email, messaging apps, or notes are especially at risk of being accessed by others. Always keep your passwords secure by avoiding plain-text sharing and using trusted, approved methods whenever access is needed.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Security begins with awareness, and even the smallest habits can strengthen your protection. Simple actions—like verifying senders or updating software—add up quickly. When you stay mindful of potential risks, you’re less likely to fall for common threats. Make awareness part of your routine to keep yourself and your data safe. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Attackers using a Phishing-as-a-Service kit called Sneaky 2FA have added Browser-in-the-Browser (BitB) attacks to their tools. This method creates fake pop-up login windows that look real, helping criminals steal Microsoft account credentials. BitB works by copying the look of a normal login pop-up and showing what appears to be a legitimate URL, even though the page is fake.

In one example, victims visited a suspicious site, passed a bot check, and then clicked a “Sign in with Microsoft” button to view a fake PDF. A false Microsoft login window then appeared, stealing their login and session information.

Attackers also use CAPTCHAs, conditional loading, and fast-changing domains to hide from security systems. Sneaky 2FA further blocks code inspection and makes its phishing pages hard to analyze.

Researchers also found that malicious browser extensions can hijack the WebAuthn process, letting attackers fake...

Be cautious of triangle scams, where a scammer poses as both buyer and seller to collect your product details, repost your item, and trick another person into paying them; they may sometimes even arrange a meet-up to appear legitimate. Always verify who you’re dealing with, share details carefully, avoid online payments, and keep communication on trusted platforms. When buying online always use cash on delivery and check the item before paying to stay safe and protected from scams.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Unexpected offers promising free prizes or big discounts are often scams. Scammers use excitement and pressure to keep you from thinking clearly. If someone wants personal information or money upfront, pause and verify before responding.

What to Do

• Stop and think before responding
• Check legitimacy by contacting the company directly
• Request official confirmation
• Trust your instincts—if it feels off, it probably is

“Stay sharp, check twice—don’t pay the price for a nice surprise!”

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Be cautious during holidays—scam activity often increases when people are distracted. Fraudsters use festive seasons to send fake offers, urgent messages, or impersonation calls. Take a moment to verify anything unexpected before responding. When in doubt, contact the source directly using a trusted method. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Be mindful of your online presence, as everything you post or share contributes to your digital footprint. Think before posting personal information, photos, or opinions, since they can have long-term consequences for your reputation and privacy. Regularly review your accounts and privacy settings to ensure only the right people can see your information.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Always access services through their official websites rather than links sent in random messages. Unexpected links are a common tactic used in phishing attacks to steal your information. When in doubt, navigate to the site manually or use a trusted bookmark. Staying cautious with links helps protect your accounts and devices from compromise. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Be cautious of phishing impersonation, where attackers use email or SMS to pose as trusted people or organizations in an attempt to steal information or trick you into taking harmful actions. Always verify the sender and avoid clicking links or responding to unusual requests. When unsure, delete the message and report it to security team or provider.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support