Phish of the Week

Today’s lesson: just because an ad appears in a search engine doesn’t mean it’s safe.

Here, scammers paid to be listed at the top of searches for “Apple Phone Support.”

If someone calls the toll-free number, they will reach a fraudster, not Apple.

The scammer would then attempt to persuade the victim to install software on the computer, which would allow the scammer to control it.

Via Malwarebytes

Cybersecurity News You Can Use

FALSE FLAG: Google Pay alarmed users this week by mistakenly sending email notifications about a “new card” being added to their account. Google has since confirmed that these emails were sent in error and reassured users that no personal information was compromised.

FALL VACATION HOME SCAM: Rangers at the Great Smoky Mountains National Park say they’re seeing a significant increase in scams involving cabin rentals. Fraudsters post fake cabin or vacation home ads using stolen photos from legitimate websites that show beautiful views, luxurious amenities, and low prices. The scammer, posing as the owner, responds quickly and requests upfront payment via untraceable methods like wire transfers. The scammer then disappears, leaving the tourist with no reservation or refund.

The travel website Cultural Creatives recommends contacting the property owner directly through the rental platform’s messaging system. Be wary if they try to move the conversation off the platform or ask for payment outside the official site. Always use the payment methods provided by the rental platform, which offers a degree of recourse if something goes wrong.

These organizations say they have recently suffered cybersecurity incidents. If you do business with any of these companies, change your account password and use two-factor authentication wherever possible.

Answers to Your
Cybersecurity Questions

How long should passwords be? — Ann F.

According to Microsoft, passwords for personal accounts should be at least 14 characters long. Instead of traditional passwords, using “passphrases,” a series of words rather than a mix of random characters and numbers is recommended. And here’s a change: the U.S. Standards Agency (NIST) now advises that you don’t need to regularly change your passwords unless your account has been involved in a cyber breach.

What is the safest web browser? — Bob C.

All major web browsers are generally safe, but McAfee ranks Firefox as the best. Remember to update your browser whenever it presents a message announcing a new version is available. The more important question is which browsers provide the most privacy. This summer, Google reversed its decision to remove tracking technology from its Chrome browser. In upcoming versions of Chrome, users will have to manually adjust Chrome’s settings to strengthen their privacy, but many won’t take the time to do that. According to ZDNet, the best browsers for privacy are Brave, DuckDuckGo, and Mozilla Firefox.

If I receive a spam text or email, can a spammer know I have opened the text or spam? If they so, what information are they able to gather? — Peter L.

Yes, most spammers can tell if you’ve opened their email. Unless you’re using a VPN, they can also see your device’s unique IP address, revealing your general location and type of device you’re using. Simply opening the email also confirms that your email address is active. However, if you click on a link, fill out a form, download something, or reply to the email, the spammer can gather more information about you or potentially infect your device with malware.
Send us your cybersecurity question for possible use in a future newsletter.

Original content © 2024 Aware Force LLC