Sophisticated Phishing Attacks Outsmarting Savvy Users
Рет қаралды 1,570
2 ай бұрынA recent attack targeting LastPass users used email, SMS, and voice calls to trick targets into divulging their password vault master passwords. A deeper look at these attacks shows how sophisticated phishing kits have become. Not only are attackers using phishing via email, but they're also corroborating false information with phone calls and text messages.
Lookout, a data-centric cloud security company, investigated this kit in action to see how threat actors were leveraging new tools to trick users.
More about the LastPass campaign:
arstechnica.com/security/2024...
Previous videos about LastPass:
• LastPass Password Vaul...
• The LastPass Hack Has ...
• New Information on the...
Lookout's threat research:
www.lookout.com/threat-intell...
===========================
Get Private Internet Access, the best VPN available:
zant.fyi/piavpn
Get CyberGhost for privacy:
zant.fyi/cyberghostvpn
===========================
Sign up at Proton Mail for secure mail:
zant.fyi/Proton
Remember to set up 2-factor authentication using a reputable 2FA application!
===========================
Get the WordPress Security Mini-Course:
zant.fyi/mini-course-yt
===========================
Connect with me!
===========================
Tik Tok: ➡︎ / kathyzant
X: ➡︎ x.com/@kathyzant
Instagram: ➡︎ / kathyzant
Facebook: ➡︎ / kathyzant
LinkedIn: ➡︎ / kathyzant
Website: ➡︎ www.zant.com/
#cellphonesecurity #emailprivacy #cellphoneprivacy
@D.von.N 2 ай бұрын
Sandboxing (so far) is a safe way to open risky attachments or other files. Virustotal is good at eliminating potential threats. One antivirus can fail spotting malware, but over 70 different vendors have better chance against malware.
@bwgosselin 2 ай бұрын
Use temp email to give out. Use virtual machines
@David-zp8rx 2 ай бұрын
Thanks to Microsoft for their ridiculous URLs people are so used to constantly typing microsoft credentials in these random (legitimate) hard to read URLs, it makes it hard for average users to discern. Thanks MS..
@KathyZant 2 ай бұрын
MS security concerns are the gifts that keep on giving. 😩
@octonoozle 2 ай бұрын
I don't use the internet.
@KathyZant 2 ай бұрын
Perfect. The solution to everything.
@MacS7n 2 ай бұрын
Which password manager do you use? I need to start using a password manager. Great video btw
@KathyZant 2 ай бұрын
There are quite a few password managers that are quite good. Bitwarden free is the easiest to get started with; the paid version is only $10/yr. NordPass is good, as is 1Password. I have friends who love Keeper. Given the problems LastPass has had, I'd avoid that one.
@MicroOrbit 2 ай бұрын
Hi Kathy, great video! I use a unique email, yubi key, never click on links or give info over the phone (even if it is the "IRS"). If one wanted a career in cyber without college, how would you go about it? Video idea?
@KathyZant 2 ай бұрын
Great idea for a video. I didn't study cybersecurity in college as it wasn't a thing back then. I'll put together some thoughts and post a video. Thanks for watching and for the suggestion!
@RCohle452 2 ай бұрын
The change some of the letters to cyrillic characters that look similar to the alphabet characters.
@D.von.N 2 ай бұрын
And that is a growing problem. People cannot trust their eyes these days.
@KathyZant 2 ай бұрын
Yep, that and homoglyph swapping are used frequently.
@datajake1999 2 ай бұрын
@@D.von.N When a screen reader encounters these strange characters, the URL is read out in an unusual way. For example, a character that visually looks like a slash is read as divided by, and this will most likely tip off the user letting them know that something phishy is going on (pun intended).
@BrianWoodruff-Jr 2 ай бұрын
So what are sites like Amazon supposed to do, not send "update on your package" emails? If everyone is sus, then what's the point? I chose to trust >0 emails, which videos like this make me feel ashamed of.
@KathyZant 2 ай бұрын
Don’t feel ashamed, at all. Just be aware of what attackers are up to. Hopefully you feel more empowerment through knowledge than anything else. They’re getting more sophisticated, which means we have to be more aware.
@D.von.N 2 ай бұрын
Hmmm if they click on anyhing sent to them out of blue, even if a follow up, they aren't that savvy then. Always don't trust any links in mobile media where you cannot hover over them or inspect the link in detail independently. This is why I hate smartphones as supposed computers. You have your hands tied in some aspects as an average user. All that advice for the use on PC doesn't quite work in mobile devices. Always search the website of the company and log into it by yourself. Just beware of sponsored links. Those might be phishing sites, too.
@KathyZant 2 ай бұрын
This phishing campaign definitely targets the limited mobile experience. And yes, ads can be malicious, too. Good advice.
@D.von.N 2 ай бұрын
@@KathyZant There was a warning somewhere, when people look for a contact number to call usual companies, they just search it and use anything that appears in the first searches, the company name and their number, not knowing they can be fraudulent pages pushed to the top by skilled scammers. Always look for a proper website and use their proper number under 'about us' section.
💀Skeleton Ninja🥷【にんげんっていいなチャンネル】
Рет қаралды 8 МЛН
DixyFilms - Фильмы и сериалы
Рет қаралды 7 МЛН
ТВ3 - сериалы и шоу
Рет қаралды 1,2 МЛН
Trendy Treats
Рет қаралды 22 МЛН