The hottest Phishing Substack posts right now

Be careful with emails from authority figures; they're likely to be phishing scams aimed at tricking you into sharing personal info.
Phishing is a growing problem, with billions of spam emails sent daily, yet many still get through and lead to cyber attacks.
Studies show that humans are often the weak link in cybersecurity, continually clicking on harmful links despite warnings and training.

To keep your crypto safe, create a cold wallet for most of your assets and an 'ape wallet' for riskier activities. This way, you limit exposure to potential threats.
Minimize the transactions you make with your main wallet to reduce risk. Only use it for important tasks to stay secure.
Be aware of phishing scams and how they work. Educate yourself so you can recognize and avoid falling for them.

Most breaches are due to simple mistakes, like employees accidentally sending confidential info to the wrong place. Security teams need to focus on basic issues before tackling more complex problems.
A large portion of breaches starts with phishing or stolen credentials. Companies should invest more in security measures like multi-factor authentication and employee training to lessen these risks.
Generative AI hasn't impacted security breaches significantly yet. Most attackers are still using traditional methods, and no one seems to be targeting AI systems directly.

Phishing attacks work by exploiting human psychology, using tactics like fear, urgency, and authority to manipulate targets into taking actions that compromise their security.
Attackers make phishing emails appear legitimate by mimicking trusted brands and official language, leveraging social cues to deceive individuals into trusting them.
To protect against phishing, individuals should cultivate skepticism, verify requests for sensitive information, and educate themselves and others about recognizing phishing attempts.

A fake LastPass app managed to get onto Apple's App Store and was likely designed to steal user credentials.
Iranian cyber operations against Israel are becoming bolder and more sophisticated, posing risks to American critical infrastructure and the 2024 elections.
The FCC has cracked down on AI-generated voice calls, recognizing them as 'artificial' and restricting their use for non-emergency purposes without consent.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

QR codes can be used maliciously, so it's important to generate them safely using reputable, secure QR code generators and consider adding password protection for private information.
A quishing attack combines QR codes and phishing to trick victims into sharing sensitive data on fraudulent websites, often bypassing traditional security measures.
Using Microsoft Defender for Office 365 along with Microsoft Sentinel can help detect and mitigate quishing attacks by configuring anti-phishing policies and connecting data for a comprehensive view of potential threats.

Vietcombank encountered a security incident involving a customer's stolen funds, prompting technical analysis and identification of potential attack methods like phishing and exploiting vulnerabilities in the Smart OTP system.
Smart OTP, a feature of Vietcombank, was found to have vulnerabilities that could be exploited by attackers to gain control over customer accounts, highlighting the importance of robust security protocols in online banking systems.
The importance of independent security audits, continuous monitoring, and prompt responsiveness to security reports is crucial for financial institutions like Vietcombank to safeguard customer data and prevent unauthorized access.

AT&T experienced a massive data breach affecting 73 million customers' personal information, prompting concerns about data security measures in place.
Google is implementing new security measures in Incognito mode to prevent unauthorized access using stolen session cookies, emphasizing the importance of safeguarding user data.
The discovery of the first Linux malware injected by an open-source maintainer highlights the vulnerability of systems worldwide, underscoring the critical need for enhanced cybersecurity measures.

Hacking smartwatches for spear phishing can be a creative and effective method.
Reverse engineering smartwatch apps is necessary to understand the custom protocols of each device.
Constructing and sending custom messages to smartwatches involves specific protocols and methods.

Two-factor authentication (T-FA) utilizes two different methods for higher security. Commonly, it involves something a person knows and something they have or are.
Using a matrix card as the second authentication factor is a cost-effective solution compared to other options like RSA SecurID, making it easy to implement and inexpensive for service providers and customers.
While T-FA with a matrix card is helpful, it does not fully protect against certain attacks like man-in-the-middle phishing. Authentication of transactions and vigilance for abnormal behavior are crucial for enhanced security.

Highly targeted and technically advanced attacks can be carried out by well-funded and motivated individuals or groups.
In practice, these attacks may involve the use of forged email headers, exploits within documents, keyloggers, and DNS-bouncer systems.
The attackers may craft their exploits to evade detection by antivirus products, making the attacks harder to detect and defend against.