And You Won't Have To...
And You Won't Have To...
Your Data Is Your's
Text Message Opt-in
I confirm that I want to receive automated reminders and promotional messages from this company using any contact information I provide. I also agree to your terms of service and Privacy Policy. This agreement isn't a condition of any purchase. Msg & Data rates may apply. Reply STOP to end or HELP for help.
On November 17, 2023, I posted about it being the start of the phishing season.
I’m going to update you on the latest round of attacks including what to do when it’s happening, what to do right now after reading this, and a few additional tips to help you keep yourself, family, and friends safer.
The attack category is Social Engineering Attack. So I’m going to start this with a little primer on these attacks.
Attack Type Communication Channel Target
Phishing Email All
Vishing Voice: often using VoIP All
Whaling Email and/or Voice Individual
Smishing Text Both
Social Engineering Social Media Both
How and Why:
Tactics: Impersonation, urgent action required, Threatening/Fear
End-Result: Personal information, Financial information
Most people have heard about phishing (the OG) and so they use it to describe any socially engineered attack.
Phishing and its voice counterpart target as many potential victims as possible. Usually for vishing, it’s a recording with a request to call a specific number.
Whaling targets a specific individual.
Smishing and Social Media SEs may target both.
Today, December 30, 2023, I’m going to talk about a specific whaling attack.
I’m seeing people I know posting about receiving a call from their “bank” with a live person who has a considerable amount of information that makes the call recipient believe it is legitimate. Now if you’re expecting a call from your extremely local bank because you called and left a message, you probably know exactly who is calling you back.
First thing to know: There’s a lot of data collected by legitimate data collectors and it’s for sale. There are also breaches occurring where the illegally acquired data is also sold.
Second thing to know: No bank or financial institution will cold call you via a live representative.
The best security practice most banks use is to leave a voice message, usually identifying the department (i.e. fraud) with the instruction to:
CALL THE NUMBER ON THE BACK OF YOUR BANKCARD/CREDIT CARD.
So, here’s what to do if it happens to you:
1️⃣ HANG UP - yup, cut them off right after they say the financial institution’s name, if possible.
2️⃣ CALL THAT NUMBER - Ask for the fraud unit and let them know there was a potential phishing/whaling attack.
3️⃣ GET A CASE # - If the bank unit opens a case.
4️⃣ CONTACT LOCAL POLICE - If you’ve gotten a case number.
So, here’s what to do right now after reading this post.
Login to either your bank app or directly online:
1️⃣ SET-UP NOTIFICATIONS - Set-up notifications for every bankcard transaction to be sent to your email account.
⏺️Purchases outside of physical merchant
(may show up as Card Used Online, by phone or by mail)
NOTE: depending on the bank, you may be able to set-up
physical purchase notifications
⏺️Direct Deposit Notice
⏺️Low Account Balance - You set the amount for this notification.
2️⃣ SET-UP MFA - Multifactor Authentication is the strongest account security.
3️⃣ CHECK FOR SECURITY RECOMMENDATIONS - then use them.
I've got workshops and understanding cybersecurity trainings in the works. But if you need help you can book a security call. We'll cover protection and defense... securing your home networks and more. Then we'll tackle how to shield your privacy... out in the wild. Finally, learn the favorite techniques and products security experts use to shut down access to those all important social apps.
I created the GhostMode Cybersecurity 101 & 201 Series to bring cutting edge, up-to-date security info and how to understand it. We'll cover AI, Web3, and even blockchain technologies in easy to understand every day language.
We call the vulnerable point of attack an endpoint. We can start with a security audit and create a strategy of recommended products and services you can tailor to your home or business needs. You'll have access to recurring security updates and previews of what we're seeing in the cyberworld.
Meet Your Security Expert
Oh Hello! I’m Angela "Ange Gos" Payton. I've reverse-engineered malware and as the tech copywriter, I made tech jargon understandable for everyday people. Retiring from the Security and Response team at Symantec didn't end my cybersecurity life.
My corporate copywriting clients, top competitors of my former company, wanted less technobabble in their marketing info, anchoring and keeping me deep in cybersecurity for years.
After several years of copywriting for competitors, why pivot to cybersecurity, now? I watched a "cybersecurity expert" with zero threat experience provide outdated information... so outdated, I knew I needed to help internet denizens, like yesterday because I have a wealth of knowledge and How-To's people need.
So here we are.
Imagine keeping your family, home, AND business safe. Simply and easily.
“A really strong testimonial that confirms the transformation that is waiting.”
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam enim ab voluptate id quam harum ducimus cupiditate similique quisquam et deserunt, recusandae. Lorem ipsum dolor sit amet, consectetur adipisicing elit. Autem dolore, alias, numquam.
I haz friends. I've already started inviting experts to come and talk about security trends and what's next. There may even be some history stories about how some threats were found.
In the member's area, we'll have a dedicated set of lists for apps, tools, & SaaS (both Software as a Service and Security as a Service). We'll cover who's behind them and what they cover.
An ounce of prevention... yada, yada. But really, think of how cool it will feel to know the latest social phishing scams and shutting it down. That's where our courses come in. Based on the Categorical Lists O'Security, we break down the how so you can decide if it'll work great for your or keep your $$. We'll also offer courses that will the protection protocols you'll use often.