Turn on extra verification for your online accounts whenever it is possible. This adds an extra step when logging in, such as entering a code sent to your phone or email to confirm that it is really you. Even if someone learns your password, they will not be able to access your account without this second confirmation, which helps keep your information safe.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Be careful with links sent through chat apps. Cybercriminals often disguise malicious links as messages from friends, coworkers, or trusted services. Always verify the sender and avoid clicking links that seem unexpected or suspicious. When in doubt, open the official website or app directly instead of using the link. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Cybersecurity researchers discovered a new phishing tool called Starkiller that can trick people into giving their login details even if multi-factor authentication (MFA) is enabled.

The tool is offered by a cybercrime group called Jinkusu. It allows attackers to create fake login links that look like real websites. Starkiller loads the real website and secretly acts as a middleman, capturing usernames, passwords, and security codes entered by victims.

It can also hide malicious links using services like TinyURL, making phishing messages harder to recognize.

Another phishing kit called 1Phish now targets users of 1Password and can steal one-time passcodes and recovery codes. Researchers also found attacks targeting Microsoft 365 accounts by tricking victims into entering a device code on a real Microsoft login...

Always be cautious of impersonation scams, where attackers pretend to be trusted individuals or organizations to steal sensitive information. Always verify messages or requests that appear to come from trusted sources, especially if they ask for passwords, verification codes, or personal details. If something seems suspicious, contact the person or organization through their official website or app instead of responding directly to the message.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Pause before tapping "Agree." Only grant permissions essential for the app to work—this small step protects your privacy.

Red Flags

• Requests unrelated to app function
• Multiple unexplained permissions
• Vague data-use statements
• Pressure to agree quickly
• Low-rated or suspicious apps

Safe Signs

• Permissions match app functionality
• Can deny some permissions
• Clear data-use explanations
• Requests made individually
• Trusted developers or official stores

"Your Data, Your Rules"

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Never bypass security steps just to “save time.” Security procedures are designed to protect sensitive information, systems, and people from preventable threats. Even a small shortcut can create weak points that attackers are quick to take advantage of. Following every required step helps maintain strong defenses and reduces the risk of costly incidents. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

If you receive a message asking for urgent money from someone claiming to be a friend, family member, or colleague, pause before taking any action. Scammers often create panic and pressure you to act quickly, so always verify the request by contacting the person through a different method, such as calling their usual phone number or speaking to them directly. Never send money, gift cards, or transfer funds until you are completely certain the request is genuine.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Assume bad actors are always trying to find weaknesses in your systems and accounts. Cybercriminals continuously look for weak passwords, outdated software, and unsuspecting users. Staying alert to unusual activity and potential scams can help you avoid becoming a target. Awareness and proactive habits are your strongest defense against security threats. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Practice a Zero-Trust mindset by never automatically trusting people, emails, phone calls, messages, or links—even if they appear to come from legitimate organizations like your bank or workplace. Always verify requests independently by contacting the person or company through an official website or trusted phone number, rather than responding directly to the original message. By pausing to confirm before clicking, sharing information, or making payments, you significantly reduce your risk of falling victim to phishing, scams, or identity theft.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Cybersecurity firm ThreatFabric has identified a new Android malware strain called Massiv that enables criminals to take over victims’ phones and steal money from their bank accounts.

The malware spreads through fake IPTV apps distributed via SMS phishing. Posing as an “important update,” it tricks users into granting permissions that give attackers full control of the device. Findings shared with The Hacker News warn that despite limited campaigns so far, the threat to mobile banking users is significant.

Massiv has primarily targeted users in Portugal and Greece. In one campaign, attackers impersonated Portugal’s government services app, gov.pt, stealing phone numbers and PIN codes — in some cases using the data to open bank accounts for fraud or money laundering.

Once installed, Massiv can remotely control the phone, hide activity with a black screen, intercept text messages, capture banking credentials, and install additional malware. Unlike...