• What is phishing? How to recognize and avoid phishing scams | (NortonLifeLock) Phishing is a con game. Phishers are tech-savvy con artists and identity thieves who use spam, fake websites, emails, phone calls and instant messages to trick people into divulging sensitive information like passwords or account numbers. How to avoid them and what to do if you've been the victim of a phishing scam.
---Three common types of phishing scams (Government of Canada) The “free vacation” scam, the “fake government message” scam, and the “gift card” scam, plus The 7 red flags of phishing and How to keep yourself safe
---20 types of phishing attacks + examples and prevention tips (Clare Stouffer, Norton)
---Phishing email examples to help you identify phishing scams ( Dan Rafter, Norton)
---Spear phishing: Definition + protection tips (Ellie Farrier, CNBC)
• How to Recognize and Avoid Phishing Scams (Federal Trade Commission) Scammers use email or text messages to trick you into giving them your personal and financial information. But there are several ways to protect yourself. How to recognize phishing, how to protect yourself from phishing attacks, what to do if you suspect a phishing attack, how to do if you responded to a phishing email, and how to report phishing.
• Beware the “your domain has exceeded its disk quota“ Phishing Email (Nate Hoffelder, 6-5-24) One common feature shared by many hosting companies is that they will send automated emails if there is a problem with your account. Scammers know this, which is why they started sending out fake emails with warnings like “WARNING: the domain BLANK has exceeded its disk quota”. The scam email in fact looks almost exactly like the real email, so much so that I even thought it was real, and tried to solve the problem it reported. What the scammers want you to do is click a link in the email and enter your username and password.
• Phishing prevention and email hygiene (especially 2FA) (Harlo Holmes, Director of Digital Security, Freedom of the Press Foundation, 8-4-21) Most people are hacked via phishing attacks. Phishing is a social-engineering attack where an adversary crafts an email (or text, app message) in such a way to trick you into divulging information that could be used against you or your network; gain access to, and ultimately commandeer your account; or introduce malware and/or viruses to your machine. One of the most important advances in credential security is two-factor authentication.
Two-factor authentication (or “2FA”) relies on the idea that services are more secure if you access them with something you know (i.e., your passphrase), and something you have (i.e. physical access to your phone). Turn on two-factor authentication for any and all services that you can, starting with your Gmail account. Better yet, get a security key, a small device that you either plug into your computer, or connect to your phone wirelessly, if it supports NFC, to enable this securely.
• What Is Two-Factor Authentication? (Brain Station) Links to subtopics along left side.
• What Is a Security Key? (HYPR) A security key, also known as a security token, is a physical device used for two-factor authentication (2FA) or multi-factor authentication (MFA) to enhance the security of online accounts and systems. Security keys are secondary hardware devices that rely on a primary device, such as a workstation, application or laptop. 80% of data breaches are the result of compromised login credentials. Security keys can help prevent data breaches by adding an extra layer of authentication while reducing the risk of unauthorized access to sensitive accounts and systems.
• The Most Common Types of Cyber Security Attacks (Bill Jefferson, Top VPN Canada) How they work and steps you can take to protect yourself against: Socially engineered trojans, malware, phishing, mining cryptocurrencies viruses, AI-powered attacks, denial-of-service attacks (DDoS), man-in-the-middle attacks (aka session hijacking). "One way to protect yourself would be to use a premium VPN service to mask your IP and hide your location, in conjunction with a good firewall and antivirus."
I recall receiving an "email from PayPal, which looked legit and stated that my account had been frozen and that I needed to click on the link and log in to report the problem. The only issue is that the link directs you to a phishing website, where your information is stolen. The only way to avoid this is never to open emails or click on links without verifying the sender. For example, if you get an email from PayPal, don't click on the link in the email but visit the website by typing in the address manually."
• Defending Against Ransomware A Resource Guide from the PCI Security Standards Council. 30%of users open phishing emails, and more than 12 percent click on their attachments. Phishing emails are a common delivery vehicle for ransomware. These emails look legitimate, such as an invoice or electronic fax, but they include malicious links and/or attachments that can infect your computer and system. Criminals are attacking businesses with a type of malware that holds business-critical systems and data hostage until a sum of money is received. See additional resources in PCI's Document Library.