>They sent malicious emails to the targeted parties tricking them to share their login information.
This is a reminder how naive we can be interacting with malicious individuals on the internet. Are there any useful platforms that teach internet safety in everyday life?
In most cases, forcing staff to use two-factor authentication is enough to block most of attempts. Employees can still leak their passcode onc (even though stealing codes is more difficult), but there is much less risk of persistent compromise.
2FA is important of course, but it is in no way a panacea. Especially SMS or TOTP MFA. It is near-trivial to add a phase to phishing that captures the second factor as well. Tools like https://github.com/kgretzky/evilginx2 support it out-of-the-box.
I wish. Social media alone broke countless practices about anonymity and you would think everyone knows about the Nigerian prince and Russian penis enhancements by now.
Instead of fact checking, how about putting up a simple disclaimer: Don't believe everything you read on the internet.
Edit: the professional scammers that target firms with personalized emails with correct correspondence info and signatures (the text you put at the end) are another matter.
It isn't just social media that punishes good scam-filtering skills.
I delayed my home loan application by two weeks because my loan officer went on vacation without telling me, and I refused to click anything in or respond to an email from somebody else claiming to be with the bank. The email was asking for scans of IDs, bank statements, and pay stubs. I alerted my loan officer, who only responded when he got back to the office.
In the end, I don't blame him. I blame the bank. Those kind of requests should be done through their online system. An email should at most be a reminder to log in and do it (but not provide a link). Even the temporary officer should've been listed in the web app.
I constantly struggle with basic stuff like this through my bank as well. It's really obvious that banks have put tons of energy into looking high-tech on the front end while so many other processes and experiences lack the same momentum and seem to be stuck in the past.
Went through a similar scenario and the way I handled it was that whenever any document was requested through email , I would go to the secure loan portal and upload it there and then email the bank to get it from the uploads section of the secure loan app. The basic assumption here was that only bank employees have access to that portal and that is one way to safeguard myself .
Well one think I noticed with unscribing a email newsletter than after doing it you start to lots of mails and got to know unscribing something is a way to indicate that email is active. My two cents. So now just click spam and let email provider run some machine learning and pattern to figure out it's a spam.
8 comments
[ 4.3 ms ] story [ 30.4 ms ] threadThis is a reminder how naive we can be interacting with malicious individuals on the internet. Are there any useful platforms that teach internet safety in everyday life?
Instead of fact checking, how about putting up a simple disclaimer: Don't believe everything you read on the internet.
Edit: the professional scammers that target firms with personalized emails with correct correspondence info and signatures (the text you put at the end) are another matter.
I delayed my home loan application by two weeks because my loan officer went on vacation without telling me, and I refused to click anything in or respond to an email from somebody else claiming to be with the bank. The email was asking for scans of IDs, bank statements, and pay stubs. I alerted my loan officer, who only responded when he got back to the office.
In the end, I don't blame him. I blame the bank. Those kind of requests should be done through their online system. An email should at most be a reminder to log in and do it (but not provide a link). Even the temporary officer should've been listed in the web app.