A new Android malicious software called PhantomCard is targeting bank customers in Brazil by stealing credit and debit card data using NFC (near-field communication). The malware copies card info from a victim’s phone and sends it to criminals, who can then make fake payments.

PhantomCard spreads through fake Google Play pages offering a “card protection” app called Proteção Cartões, tricking users with fake positive reviews. When users install it and place their card near the phone, the app steals card details and PINs and sends them to attackers.

This malware allows criminals to use the victim’s card remotely, making transactions at nearby payment terminals or ATMs. It’s linked to a Chinese group selling similar malware services on Telegram.

Similar NFC-based fraud is growing in other countries, including the Philippines and India, where fake banking apps and malware spread through WhatsApp and phishing sites....

Always be cautious—it's a smart habit. A healthy level of suspicion can help you notice red flags before they become real threats. Don’t automatically trust emails, links, attachments, or anyone claiming to be from your company, even if they appear to come from someone you know. Taking a moment to double-check can prevent costly mistakes. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Some files hide malware—especially .exe, .scr, and .vbs. Always verify the source. It's easier to prevent damage than fix it.

Do:

• Pause before opening unknown files
• Check unfamiliar extensions
• Confirm with the sender
• Scan with antivirus/security tools

Avoid:

• Trusting files from unknown sources
• Assuming a file is safe based on appearance
• Skipping antivirus updates

“Files can lie—trust your gut, not the icon.”

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Avoid clicking on ads, even if they seem trustworthy—they’re often used to spread malicious software. Cybercriminals can disguise harmful content behind professional-looking advertisements. These malicious ads may redirect you to fake sites or automatically download harmful software. Just one wrong click can compromise your device or steal your personal information. For better security, always go directly to a website rather than clicking on ads. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Avoid storing or sending sensitive information, such as passwords or personal data, in plain text. Without encryption, this information can be easily intercepted or accessed by attackers, putting your accounts and privacy at risk. To stay protected, always use secure communication channels like HTTPS or VPNs, and store data using strong encryption methods.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

If you receive an unexpected call from someone claiming to be from the government or tech support asking you to install an app, it's likely a scam. These attackers often create a false sense of urgency or offer "help" to avoid in-person processes, then guide you to install malware disguised as a legitimate tool. No official agency or company will ever ask you to download an app through a call or email link. Always hang up and verify the request through trusted, official contact channels. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Effective cybersecurity follows the Zero Trust principle: never automatically trust any device or person, even if they’re inside your organization. Always verify requests, use strong, unique passwords, and enable multi-factor authentication (MFA) to protect your accounts. Make sure to access sensitive information only through secure, approved devices and applications, and stay cautious to keep your data safe.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Zoom and Xerox have released important software updates to fix serious security problems that could let hackers break into computers or take control of them remotely.

What Happened with Zoom?

Zoom found a major flaw in some of its Windows apps that could allow a hacker to gain more control over a computer than they should. The issue was discovered by Zoom’s own security team and has now been fixed in the latest update.

The problem affects several Zoom products on Windows, including Zoom Workplace, Zoom Rooms, and others. If you use Zoom on a Windows computer, make sure you’ve updated to version 6.3.10 or later.

What About Xerox?

Xerox also fixed multiple security issues in its FreeFlow Core software, which is used to manage printing and document workflows in businesses.

One of the flaws could have let hackers take full control of the system. The company has released an update (version...

Be cautious of SMS messages claiming you've received money and prompting you to click a link to check your balance. These messages are often phishing scams designed to steal your personal information. Never click on suspicious links or enter your login details outside the official wallet app or website. Always verify transactions directly through the official app — never through links in messages. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Clicking "Unsubscribe" in suspicious emails can confirm your address to scammers, leading to more spam or phishing. Instead, mark these emails as spam and delete them.

Avoid:
• Clicking "Unsubscribe" in shady emails
• Sharing personal info via email links
• Opening attachments from unknown sources

Do:
• Mark as spam
• Delete suspicious emails
• Always verify before clicking

Stay smart, stay secure – don’t click, just block and delete!

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support