admin – Page 2 – POPCyber

What is vishing?

Posted on April 27, 2023April 27, 2023 by admin

Vishing, also known as voice phishing, is a type of cyber attack where an attacker uses a phone call to trick a victim into giving away sensitive information such as credit card numbers, passwords, or other personal data.

In a vishing attack, the attacker usually poses as a representative from a legitimate organization, such as a bank or government agency, and uses social engineering techniques to gain the victim’s trust. They may claim that there is a problem with the victim’s account or that there has been suspicious activity, and ask for sensitive information to resolve the issue.

Vishing attacks can be especially effective because the attacker can use voice manipulation techniques to sound convincing and create a sense of urgency or fear in the victim. They may also use spoofing to make it appear as if the call is coming from a legitimate source.

To protect yourself from vishing attacks, it’s important to be cautious when receiving unsolicited phone calls and never give out sensitive information over the phone unless you are sure of the caller’s identity. You can also verify the legitimacy of the call by contacting the organization directly through a trusted channel, such as the phone number listed on their official website. Additionally, enabling call-blocking and anti-spoofing features on your phone can help to prevent vishing attacks.

What is phishing?

Posted on April 27, 2023April 27, 2023 by admin

Phishing is a type of cyber attack in which an attacker tries to trick a victim into giving away sensitive information such as usernames, passwords, credit card numbers, or other personal data. Phishing attacks typically occur through fraudulent emails, text messages, or websites that appear to be legitimate but are actually designed to deceive the victim.

The attackers often use social engineering techniques to make the message or website seem convincing, such as creating a sense of urgency or fear, or impersonating a trusted entity like a bank, a government agency, or a popular online service. They may also use fake links or attachments to download malware onto the victim’s device.

Once the victim is tricked into providing their sensitive information, the attackers can use it for identity theft, financial fraud, or other malicious purposes.

To protect yourself from phishing attacks, it’s important to be vigilant and skeptical of unsolicited messages or websites that ask for your personal information. Always verify the legitimacy of the message or website by checking the sender’s email address, the website URL, or contacting the organization directly through a trusted channel. Additionally, enabling two-factor authentication and using anti-phishing software can add an extra layer of protection to your online accounts.

Why is password re-use a bad thing?

Posted on April 27, 2023 by admin

Using the same password across multiple accounts is generally not a good idea for the following reasons:

Security Breaches: If one account gets hacked, the hacker will be able to access all other accounts using the same password.

Lack of Complexity: It is difficult to create a complex password that is unique for each account. Using the same password may mean using a less complex password that is easier for hackers to guess or crack.

Phishing Attacks: Phishing attacks can trick users into revealing their login credentials. If the same password is used across multiple accounts, the hacker can use the stolen credentials to access all the other accounts.

Personal Information: If a password is compromised, a hacker could use personal information from one account to guess the passwords for other accounts.

Compromised Devices: If a device is lost or stolen, a hacker may be able to access all accounts that use the same password.

Overall, using the same password is risky and could lead to a significant compromise of your online security. It’s always recommended to use unique, complex passwords for each account and enable two-factor authentication whenever possible.

New content going up

Posted on May 12, 2022May 12, 2022 by admin

I am getting more pages added so that there is more to wander around and view.

If you hover the menu items at the top of the page, you may find subtopics. If you have topics that you want to see, speak up and I can prioritize it.

The current focus is going to be OSINT tools. These will take some time, but I will try to add other items as I go. If you know me, you know that I can dive pretty hard into the rabbit holes. Sometimes… I explore the whole warren.

Password Security

Posted on March 24, 2022 by admin

As I pondered how to best discuss password security, I wondered if I could find a nice history of when passwords came into use and how badly they have been handled over time. Little did I know, we have been quite bad with them since their inception. The resource I found for the subject did such a wonderful job that I am opting instead to wrap his original work into this post. Major credit and props to Troy Hunt for his wonderfully crafted article, https://stealthbits.com/blog/a-history-of-passwords/. I do hope that you will give it a full read and perhaps click on an ad while you are there to show appreciation of his work. I have also been a fan of another piece of his work; https://haveibeenpwned.com/ which is a site that I have used many times. This is a site that will tell you if your email address has been discovered in one of the many multitudes of email/pswd caches out there. If you find your email address is listed there, just reset your password and move on. There is no cause for alarm unless you have that email address tied to something like… your back account. Now if you are one who abuses password by reusing the same one all over, then you may have an issue. If that is the case, then it is time that you start changing up those passwords so that one compromise doesn’t hand over the keys to your email kingdom. Oh I can hear you know… but I don’t have anything worthwhile in my email box, nothing that anyone would find interesting. Sound familiar. think of all of the places that you give your email address to in order to log in or perhaps to verify your existence. How many accounts do you think a black hat hacker could gain control of just by being able to lo into a web mail utility somewhere posing as you with your oh so clever password (yeah Password1)?

Really read Troy’s article, drink it in as it will help you understand why passwords are a bigger deal than you may think. If you want to discuss the topic more, please, drop a comment below. If you liked this article, please come back for more and feel free to mash an ad on your way in or out to help the cause.

What do you want to learn or discuss?

Posted on March 5, 2021 by admin

Before I get into more, I would like to know if anyone has a topic that they would like covered.

This gives you the opportunity to guide the path of our cybersecurity education adventure.

Topics For Us to Cover Over Time

Posted on March 5, 2021 by admin

In the cyber security realm, there is always something to learn, share, and teach. We have to learn on a daily basis what the criminals have gotten into. It isn’t enough to know what they did, but HOW they did it is the important so that we can find methods to prevent them form doing it again.

As users, we get tired of update after update coming along and making us reboot. Those updates are often critical. They make your operating system more secure. The reboot not only makes them take effect, but also may break the connection so that the crook cannot get back in when you reconnect to the internet.

With that in mind, let’s build a list of topics that we should discuss as we progress down the path of cyber education. If you have any that you would like to cover, or cover sooner than later, please let me know in a comment. If you have a topic that is not on the list, I will add it.

Phishing – Starts here: https://cyber.pissedoffpirate.com/phishing-emails/red-flags/
Vishing
Smishing
Malware
Ransomware
Identity Theft
Information Protection
DoS/DDoS
Online Predators
Online Harassment

Password Reuse and You

Posted on July 13, 2020 by admin

We could talk about password strength and safety first, but it is likely that you have heard that time and time again so I will slide that one down the priority list a bit.

There are storehouses of passwords that belong to compromised email addresses. You may have gotten a phishing email that claimed to have your password. One that I have seen provided a somewhat censored version of one of my old passwords.This typically comes with a ransom demand.

The way that these situations happen is the result of human nature. It is all too easy to use the same password on all of your online accounts. They keep increasing the password complexity and there are so many to keep track of.

When a website that you use gets hacked and the username/password database gets stolen that data gets sold off. The majority of Americans bank at one of five major financial institutions. If the criminals have control of your email address (or as we say in the industry, pwns) they can get passwords reset. If they get as far as getting your bank password, where does that leave you? It doesn’t take much imagination to see how bad that can be.

If you have a list of usernames/passwords it is like having a ring of keys. You can do some poking of common email providers and other services to see if those usernames and passwords open the door allowing criminals inside.

Has your email password ever been compromised? Maybe you had to change your email password because you started getting weird email bounceback messages. Would you like to see if your email address has been discovered on a list for sale, or just out for public consumption? Try this link. (I have a few email addresses that have been blown, so don’t feel badly about being listed.)

https://haveibeenpwned.com/Passwords

Where do you go from here? Regardless of being compromised in the past or not, you can help protect yourself from this moment forward by starting to use different passwords for each account. This is where a tool to track your passwords in a secure manner is important. There are many password storage tools out there. Some are subscription based, some are free. This is not an endorsement, but I can say that I have had good experience with Password Safe. Some of the important aspect to consider is that the tool stores your usernames and passwords using encryption, and that the tool is easy for you to use. If it is not easy, you won’t use it.

Please feel free to share your experiences in the comments. Maybe you have a password storage tool that you feel is wonderful, share it with the group. I am always happy to look over new products. Perhaps your input will give the rest of us a better tool to help us in staying safer.

Enjoy the day, and be good to those around you.