Avoid sharing sensitive work details with friends, family, or colleagues outside of the workplace. Casual conversations can lead to accidental leaks or security risks. At social events, be mindful of what you disclose—scammers may use personal or work info for phishing or social engineering attacks. Always protect your privacy, even in relaxed settings. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Before installing any app, carefully review the permissions it requests. Be cautious about granting access to sensitive features like your camera, microphone, or location unless absolutely necessary. Limiting app permissions helps protect your privacy and reduces the risk of unauthorized data access or surveillance. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Cybercriminals are using a new method called Ghost Tap to steal money from victims' accounts on a large scale. This technique relies on near-field communication (NFC) technology and allows thieves to steal funds from stolen credit cards linked to mobile payment services like Google Pay and Apple Pay.

ThreatFabric, a Dutch security company, explained to The Hacker News that criminals can use Google Pay or Apple Pay to transmit payment information anywhere in the world within seconds. This means that even if the victim doesn't have their physical card or phone, attackers can still make payments from their account.

These attacks usually start by tricking victims into downloading mobile banking malware. This malware can capture banking credentials and one-time passwords through methods like overlay attacks or keyloggers. In some cases, attackers may also use voice phishing to deceive the victim.

Source: November 20, 2024 19:24 (4 days, 14 hours ago) |  0 | 1 minute read

In the workplace, staying organized is key to protecting sensitive information. Avoid leaving your computer unattended with important information visible, and make sure to securely store documents and devices when not in use. Regularly tidy your workspace to minimize the risk of data loss or unauthorized access.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Phishing scams are everywhere. Always verify email signatures, especially for sensitive requests, to avoid fraud.

How to Verify Email Signatures:

• Check Authenticity: Look for official email addresses and consistent branding.
• Use a Second Channel: Call or message the sender through a known contact method.
• Spot Red Flags: Watch for odd language or unusual requests.
• Trust Your Gut: If something feels off, double-check!

A quick check can save you from major headaches!

Attackers can easily spoof legitimate email addresses to make phishing attempts look authentic. Always double-check the "From" field to verify that the sender is who they claim to be—especially when the email involves sensitive requests, such as account changes or financial transactions. If in doubt, contact the sender through a known, trusted communication channel to confirm the message's legitimacy. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

When you get a notification about software updates or security patches, apply them right away. Postponing updates can leave your system exposed to known vulnerabilities. Regularly updating your software is one of the simplest and most effective ways to safeguard against cyber threats. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Since it's Christmas season, scammers create fake online stores or offer big discounts to lure shoppers. Always shop from trusted websites and be wary of deals that seem too good to be true, as they may be scams. If you're unsure, check reviews or do a quick online search before making a purchase.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Stay informed about emerging technologies and their security implications. Understanding how these tools can be taken advantage of will help you make informed decisions and better protect your data and systems from potential threats.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

A new phishing tool called GoIssue is being used to target GitHub users with fake emails designed to steal login details. The tool, created by a hacker known as cyberdluffy, collects email addresses from public GitHub profiles and sends mass emails that look legitimate, tricking users into sharing their personal information or giving access to their code. Priced as low as $150, GoIssue allows attackers to reach many people at once, increasing the chances of success.

In some cases, these fake emails ask developers to approve dangerous requests that could steal their code or lock them out, demanding a ransom. This attack is part of a growing trend where scammers use trusted platforms to fool people. Experts recommend GitHub users stay cautious, use strong security features like two-factor authentication, and avoid clicking on unfamiliar links or approving unknown requests.

Source: November 13, 2024 22:09 (1 week, 4 days ago) |  0 | 1 minute read