After withdrawing cash or checking your balance at an ATM, always securely dispose of your receipt by shredding it or using a designated secure bin, especially in public areas. Leaving receipts behind can expose sensitive information, like your account number and transaction details, making you vulnerable to identity theft, fraud, and social engineering attacks. Stay vigilant and protect your financial security by discarding receipts properly.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

After using public Wi-Fi, always make sure to "forget" the network in your device settings. This prevents your device from automatically reconnecting to it later, reducing the risk of connecting to a suspicious Wi-Fi network that may mimic the original one. Taking this quick step can help protect you from potential security breaches. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Cybersecurity researchers have discovered a new phishing tool called Sneaky 2FA, which targets Microsoft 365 accounts to steal login credentials and two-factor authentication (2FA) codes. This phishing kit has been active since at least October 2024, and it was first spotted in December 2024 by the French cybersecurity company, Sekoia. The kit has been used on nearly 100 different websites, suggesting that cybercriminals are starting to use it more widely.

The Sneaky 2FA phishing kit is sold as a service, known as Phishing-as-a-Service (PhaaS), by a group called Sneaky Log. They offer this tool through a bot on Telegram. Buyers receive a version of the tool that’s disguised to hide its source code, which they can then use to carry out phishing attacks on their own.

The phishing attacks are designed to trick people into thinking they are receiving an email about a payment receipt. The email contains a link to a fake Microsoft 365 login page, where...

When using public Wi-Fi, always connect through a reliable VPN. It encrypts your internet traffic, adding an extra layer of security and keeping your data private. This is especially important when traveling or working remotely. With a trustworthy VPN, you can enhance your security and protect your data, even on public Wi-Fi networks.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Avoid accessing banking apps or sensitive accounts over public Wi-Fi. Attackers can intercept your data in real-time, putting your financial information at risk. For secure transactions, always use your mobile data instead. Your financial safety is worth the extra cost. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Free public Wi-Fi networks are often unsecured, making them a hacker’s playground. Avoid connecting to unknown networks unless absolutely necessary. If you must, limit activities to basic browsing and avoid entering sensitive information. Think of public Wi-Fi as a convenience, not a secure connection. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

If you're often on the go, consider using your phone's cellular data instead of public Wi-Fi. Public networks can be full of security risks, which is why cellular data offers better protection since it’s directly linked to your device. This way, you can stay connected, secure, and private while on the move. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Avoid posting personal details like your full address, phone number, or birth date online. These can be used for identity theft or social engineering attacks. Even seemingly harmless quizzes can collect sensitive information. Be mindful of what you share, even in private messages. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

A new phishing campaign is targeting Google Ads users by tricking them into entering their login details on fraudulent websites. The attackers use Google Ads to display fake ads that look like legitimate Google login pages. When users click on these ads, they are redirected to fake sites designed to steal their login credentials and two-factor authentication codes.

Cybersecurity experts from Malwarebytes revealed that the goal of the attack is to hijack Google Ads accounts, using stolen credentials to push fake ads and further spread the scam. The fraudsters cleverly exploit a loophole in Google’s system, allowing them to display misleading URLs while hiding the true destination of the ads. This makes it harder for users and even Google to spot the fraud until it’s too late.

The campaign is believed to be run by a group of Portuguese-speaking attackers, likely based in Brazil, and has been active since November 2024. As these attacks grow more sophisticated,...

Always update the default settings on apps, services, and devices to more secure options. Default settings are often set for convenience, not security, so customize them to better protect your personal information and privacy. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.