News

In today’s digital landscape, distinguishing between legitimate communications and phishing attempts can feel like navigating a labyrinth blindfolded. Phishing is a deceptive tactic where cybercriminals use fraudulent emails, texts, or messages to trick individuals into revealing sensitive information or clicking on malicious links. And let’s not forget its crafty sibling, “smishing” – the text message iteration of this digital charade. 

Now that most brands and even government agencies communicate with consumers via text or email, it’s hard to know whether a message is legit or not. Consider the United States Postal Service, which should be solely focused on dependable package delivery, yet is frequently tasked with warning individuals against clicking on links from unsolicited messages impersonating the postal service. 

Many people are concerned that they’ll unwittingly open an official-looking email or text only to become victims of a scam. Fortunately, there are steps you can take to educate yourself and establish safeguards against phishing and smishing attempts. 

Here are five steps for staying cyber savvy and protecting yourself from phishing scams: 

1. Educate yourself and your loved ones: Verizon’s Data Breach Investigations Report found that phishing attacks have surged and now account for 36% of attacks. Yet, many Americans still aren’t aware of what phishing is and that they might be at risk. Ask your family members and friends if they know what phishing and smishing are. If not, share what you have learned about it so that they, too, can become aware of the risks. 
2. Decode deception: Avoiding scams entails recognizing their characteristics and distinguishing them from legitimate communications. For scammers, these attacks are often a numbers game, sending mass messages to as many people as possible. Many phishing texts will have poor grammar or spelling and may not even address you by your first name. Legitimate emails typically address recipients by their first name and demonstrate proper grammar and spelling.
3. Beware of urgency: Since scammers are in a hurry to send as many messages and get as many clicks as possible, the communications often sound urgent — “Act NOW before we disable your account.” Take the time to slow down and consider whether the urgency of the message aligns with your usual interactions with the organization or service provider before taking any action.
4. Spot suspicious senders: Another sign of fraud can often be found in irregularities in the sender’s email or phone number. Legitimate banks typically use a consistent 5-digit number for their messages, while scammers might use a full 10-digit phone number or switch between different numbers. In emails, the sender’s email address may appear nonsensical or unrelated to the purported sender, signaling potential fraud.
5. Use multifactor authentication: Multifactor authentication (MFA) lets users “easily authenticate to online services” by replacing password-only logins with more secure logins. Turning on multifactor authentication means that, even if a scammer steals your password, they won’t be able to get into your account without something like an authenticator app or fingerprint that only you have. 

In a world where even simple emails and text messages can harbor malevolent intent, it’s crucial to fortify yourself with knowledge and vigilance. Using multifactor authentication and learning how to spot scam messages will help you avoid scams. If you want additional protection, our AI-powered Scam Protection scans text messages and alerts users or filters out the text if it detects a scam link. The software also blocks links from scam emails, texts, and social media messages in the event you accidentally click one. It’s not always easy to spot phishing scams, but we can help by providing that first — and second line of defense.  

The post Stay Cyber Savvy: Your 5-Step Guide to Outsmarting Phishing Scams appeared first on McAfee Blog.

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets.

A search at DomainTools.com shows at least 60 domain names have been registered over the past two days for domains ending in “twitter.com,” although research so far shows the majority of these domains have been registered “defensively” by private individuals to prevent the domains from being purchased by scammers.

Those include carfatwitter.com, which Twitter/X truncated to carfax.com when the domain appeared in user messages or tweets. Visiting this domain currently displays a message that begins, “Are you serious, X Corp?”

Update: It appears Twitter/X has corrected its mistake, and no longer truncates any domain ending in “twitter.com” to “x.com.”

Original story:

The same message is on other newly registered domains, including goodrtwitter.com (goodrx.com), neobutwitter.com (neobux.com), roblotwitter.com (roblox.com), square-enitwitter.com (square-enix.com) and yandetwitter.com (yandex.com). The message left on these domains indicates they were defensively registered by a user on Mastodon whose bio says they are a systems admin/engineer. That profile has not responded to requests for comment.

A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan. The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.

The domain mentioned at the beginning of this story — fedetwitter.com — redirects users to the blog of a Japanese technology enthusiast. A user with the handle “amplest0e” appears to have registered space-twitter.com, which Twitter/X users would see as the CEO’s “space-x.com.” The domain “ametwitter.com” already redirects to the real americanexpress.com.

Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registration records. Those include firefotwitter[.]com (firefox.com), ngintwitter[.]com (nginx.com), and webetwitter[.]com (webex.com).

Sean McNee, vice president of research and data at DomainTools, told KrebsOnSecurity it appears Twitter/X did not properly limit its redirection efforts.

“Bad actors could register domains as a way to divert traffic from legitimate sites or brands given the opportunity — many such brands in the top million domains end in x, such as webex, hbomax, xerox, xbox, and more,” McNee said. “It is also notable that several other globally popular brands, such as Rolex and Linux, were also on the list of registered domains.”

The apparent oversight by Twitter/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett, a lecturer at U.C. Berkeley’s School of Information, summed up the Schadenfreude thusly:

“Twitter just doing a ‘redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com’ is not absolutely the funniest thing I could imagine but it’s high up there.”

Palo Alto Networks observed growing malware-initiated vulnerability scanning activity

RansomHub has surfaced threatening to expose stolen data unless another ransom is paid

Sysdig stated that, by deploying multiple miners, the group decreased attack time and detection risk

DTEX claims industrial espionage and IP theft are at an all-time high thanks to malicious insiders

Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices

For the fourth edition of Identity Management Day, the Identity Defined Security Alliance shared staggering numbers on the boom of identity-related cyber incidents

Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely

Sophos has been recognized for enabling MSPs to effectively defend customers against today’s complex cyberattacks.