Tag: cyber security

Security, Tech

Being able to phish is important, here’s how…

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

gentleman sitting down with breakfast at a laptop
A mail-order bride doesn’t sound like a bad idea after all.
Photo by Jack Sparrow, please show support by following @pexels.com

So you get an email from someone you don’t know, more likely they’re someone who promises you something that’s usually too good to be true, like in my case a nice comfy job that would pay six figures and all I had to do was work from home.

My start date is still pending. In other cases, it could be presenting you the opportunity to hold money for them because they claim to be a rich prince (or princess) with a lot of money, and they’ll reward you handsomely for completing such a task for them.

If you haven’t gotten any of these emails, you’re the lucky one out of the bunch because other people can attest to having their spam inboxes littered with these emails.

If you have ever been unfortunate enough to complete your interaction with any of these individuals, you’ll be sad to know, you’ve just been phished (and no, it’s not what you think it is).

Don’t know what I mean? Well, you’re in luck because I’ll be going over what, how, who, and more or less how you can be more aware when checking your DMs.

gentleman pointing a handgun
Hi, I’m Sarah69lover…and you’ve just been catfished.
Photo by cottonbro studio, please show support by following @pexel.com

Phishing with Dynamite

Phishing is not what the name states although it parallels and before you ask, no none of this happens with actual fish. Phishing is the act of contacting someone posing as a contact the victim may know or trust to extract money, and information, or to provide them with problematic malware.

Malware could be installed to either gather information without you knowing, wreak havoc on your computer, or simply a combination of the two.

There are a few various forms of phishing, all come with interesting versions of the original name. You have spear-phishing, whaling, smishing, vishing, and email-phishing.

Email phishing is the most common type of attack people fall victim to. In the other attacks, in a nutshell, an attacker is targeting you directly, an attacker is aiming for the most important individual in the company (more like CEO type person), an attacker tries contacting you via text with a link, and the last one is a voice call impersonating someone from a company like Microsoft.

There are two other types of attack which get even more interesting, there’s sextortion which is the attacker contacts you with a threat of revealing a recording from your webcam watching “adult time” material (been on the hub, I know that’s an actual brand, trust me I’m not proud) and search engine phishing (or SEO poisoning) where attackers prop themselves high up on the search engine only for you to click on their link and be redirected to emptying out your pockets or worse, releasing the hounds on your computer by downloading malware.

Criminals have many interesting ways of trying to get your money and that list continues to grow.

man looking with evil intentions
I never intended to rob people, but life insisted I do.
Photo by cottonbro studio, please show support by following @pexel.com

Emailing with Delicious Intent

Who are the people that do this and how could they do this to someone you might ask? Well, for one, it could be anybody, attackers come in all shapes and sizes.

That sweet old lady at the end of the street you live on who gives cookies to children with a smile and everyone in the neighborhood waves to could also be the same prince or princess seeking to pull money from your bank account.

And to the second part of your question, well, really, come on, the economy, might be a controversial thought but people would be less inclined to commit a crime if economic hardship wasn’t a thing.

Many people today are in the “have not” section of society and the cost of living rising each year applies pressure on people to venture into areas they wouldn’t have considered the year before, theft being one of them.

I’m not saying I condone it, but I understand it.

Woman seated in front of laptop
Can’t find me a date on tinder? Looks like it’s phishing time.
Photo by Dan Nelson, please show support by following @pexel.com

Two Times a Fool

You might be thinking to yourself, “who falls for this? I mean just how? Most of the emails I come across are poorly structured and or in bad English.” Well, just because you didn’t fall victim doesn’t mean your adolescent entrepreneur or Gam-gam won’t.

In fact, most victims are either in their 20s or in their mid-late 40s, so that’s either an “I’m still trying to figure it out, oh this link says it can make me rich” or “I’m about to hit a mid-life crisis and my Nigerian princess/wife is still not here.”

People who worked for big-name companies and even some big-name IT companies often become complacent and fall victim to these attacks.

So no matter what the target size is, the effects of phishing are felt around the world.

keyboard keys spelling the word "scam"
If you can read this, click the follow or subscribe button. It’s not a scam likely, promise.
Photo by Mikhail Nilov, please show support by following @pexel.com

Phishing Abroad

At this junction, you’re probably thinking, “I don’t want to fall victim to this, how do I protect myself or is there a career path to learn more so I can protect others?” You’re in luck, protecting yourself from phishing is possible but to quote Run-DMC, “it’s tricky”.

As mentioned earlier, attackers find interesting ways to pull money and information out of you. Some ways you could protect yourself are by double checking the email for grammar, misspelled words, and links that may seem fishy (saw what I did there) an example of this would be the word “google” spelled in the link as “go0g1e”, and finally double checking the person contacting you.

If they’re asking for information that they should have on hand and you’ve had no dealings with them or their company, swipe left because it’s a scam likely. Do you want to protect others?

There are countless entry-level cybersecurity jobs and for most of them, you don’t need a degree. An Information Security Analyst is one of the most common entry-level jobs, in which they are responsible for system and network security analysis.

You can learn the necessary skills on your own through a Bootcamp (which I wouldn’t recommend since they can get pricey) or by grabbing some online courses. I currently hold a certificate for Cybersecurity Analysis provided by IBM via Coursera.

It may be just a certificate that doesn’t hold much weight as a certification but passing the quizzes and projects wasn’t an easy ride.

It’s been over three paychecks and she’s still not here. I don’t know how much more money I can send her.
Photo by Andrea Piacquadio, please show support by following @pexels.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Think you have what it takes to enter the world of cyber security?

Script a comment below about a time when you got a suspect looking email.

AI, Cloud Talk, Programming, Security, Tech

Social Pain Points

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Monk 1: I have been reading on this site called “Scriptingthewhy,” they seem on the level.
Monk 2: How!? We don’t have internet in the temple.
Monk 1: Oh yes we do, I’ve seen your browser history.
Photo by Nishant Aneja, please support by following @pexel.com

Since the dawn of time, the one thing humans enjoy doing is communicating with one another. Just try to think of a day when you didn’t have a social interaction with someone. You can’t, but if you can then you may be something more to worry about than a serial killer.

Serial killers may do not-so-great things to people but at least they socialize. Anyhow moving along, we’re social creatures, it’s how we’re built, how we live together in not-so-perfect harmony, and it’s how we exploit each other. How?

Well, if you’re using these two apps on your phone or computer, you should watch out for some sneaky stuff going on while you’re logged in. In this we’re going to be looking at what kind of attack this is, who is using it, its effects upon release, and what are some ways to communicate with your fellowman securely.

Trish: I feel like I fell in love with a scammer.
Dave: Hm, that’s funny because you catfished me Cougarlove6tothe9 at yahoo.
Photo by Polina Zimmerman, please support by following @pexel.com

The Attack

If you are familiar with the following two applications, Slacker and Discord, then you might want to monitor for some activity in the days to come and if you don’t use these applications then still monitor anyway as this is one of the security best practices.

The Slacker application is a software tool that allows users to communicate and collaborate with each other in real-time. It can be used for various purposes, such as project management, team chat, file sharing, video conferencing, and more.

The Slacker application aims to improve productivity, efficiency, and creativity among its users. Slacker can also be a land of confusion because another trait of most humans working jobs they’re not too thrilled about is disorganization. Discord application is another popular platform for online communication and collaboration.

Discord allows users to create and join servers, channels, and voice chats, where they can share text, images, audio, and video. Discord also supports bots, which can provide various functions and features to enhance the user experience.

Discord is widely used by gamers, streamers, educators, and communities of various interests and topics. However, while these applications offer good, cybercriminals use them to distribute malicious links that appear to be legitimate or to embed Discord functionality into their malware to control or steal data from infected devices.

Cougarlove6tothe9 just joined your Slacker and Discord? Who the heck is this?
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Can It Be Now

Are you wondering who has been using this kind of attack? Well, when it comes to attacks like this, most of the time no one individual or group has been appointed for using phishing attacks.

The reason for this is that the perpetrators of phishing attacks are often unknown and untraceable, as they use various techniques to hide their identity and location.

Phishing attacks are not attributed to any specific person or group, as they can be carried out by anyone with malicious intent and some technical skills. Therefore, there is no definitive answer to the question of who is behind phishing attacks, as they can originate from anywhere and anyone.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sarah: Z-Daddy is saying that anyone of us could be the hacker.
Beth: Just blame it on Tom, he’s the one in front of the computer. They’re going to let him go in a week anyway.
Photo by Edmond Dantes, please support by following @pexel.com

That Sinking Feeling

So how would something like this work? For those who never had those interesting emails saying you won some type of giveaway, or your prince or princess is waiting for you, we’ll explain.

In a phishing campaign, the email or message is sent with the intent to trick the victim into interacting with the malicious link. Once the link is clicked and depending on the payload code, a number of things can happen.

This ranges from creating a backdoor to stealing information from the machine, the attacker coming, and going as pleased without the victim knowing, and/or impersonating you completely.

These attacks can target individuals, organizations, or even governments. Discord has become a handy mechanism for cybercriminals. With growing frequency, they’re being used to serve up malware to victims in the form of a link that looks trustworthy.

In other cases, hackers have integrated Discord into their malware to remotely control their code running on infected machines, and even to steal data from victims. This leads to a real “How could you!?” moment.

Nope, not falling for this again. Cougarlove6tothe9 I’m changing all my passwords, and you are blocked from contacting me.
Photo by Karolina Grabowska, please support by following @pexel.com

The Prevention

There is nothing wrong with the applications themselves however, when interacting with individuals online it is better to be on guard as phishing attacks can take many forms, such as fake emails, websites, phone calls, or text messages that appear to come from legitimate sources.

To prevent phishing attacks, users should be careful and vigilant when interacting with any online communication that asks for sensitive information. Some tips to prevent phishing attacks are, do not click on links or open attachments from unknown or suspicious senders.

Verify the identity and authenticity of the sender before responding to any request for information. Use strong and unique passwords for different accounts and change them regularly.

Enable two-factor authentication whenever possible to add an extra layer of security. Install and update antivirus software and firewall on your devices. Report any suspicious or fraudulent activity to the appropriate authorities or organizations. But for a better and more solid outcome, just do not engage the email or message.

So, this is why you guys Scriptingthewhy so much? Ok, we’ll add it to our standup meetings.
Photo by Jopwell, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on phishing? Script a comment below.

Security, Tech

The Truth About Mac Security: Protecting Against Banshee Malware and Data Theft

Key Takeaways

Banshee Malware Threat

  • Targets macOS systems: This malware is specifically designed to attack Apple devices.
  • Steals extensive data: It can access browsers, cryptocurrency wallets, system information, and personal files.
  • Uses deceptive tactics: Banshee employs fake prompts to gain administrative access.
  • Avoids Russian language settings: Suggests targeted attacks on specific user groups.

Potential Consequences

  • Identity theft: Stolen personal information can be used to create fraudulent identities.
  • Financial loss: Cryptocurrency wallets, banking information, and credit card details are at risk.
  • Phishing attacks: Stolen data can be used to create highly targeted phishing campaigns.

Protection Measures

  • Be cautious with downloads: Only download software from trusted sources.
  • Keep software updated: Regular updates patch vulnerabilities exploited by malware.
  • Use strong, unique passwords: A password manager can help create and store complex passwords.
  • Consider security software: Additional protection can be provided by antivirus and anti-malware programs.
  • Backup your data: Regular backups can help recover lost information in case of an attack.
  • Enable two-factor authentication: This adds an extra layer of security to your accounts.
  • Monitor your accounts: Regularly check for suspicious activity on your financial and online accounts.
  • Use a VPN: Encrypt your internet connection for added privacy and security.

Overall Message

  • Macs are not immune to malware: The myth of Mac security is no longer valid.
  • Proactive measures are essential: Staying informed and practicing good security habits are crucial to protect your data.
THIS IS NOT A TEST! MAC IS BEING INVADED, AGAIN!
Photo by Sora Shimazaki, please support by following @pexel.com

Beware the Banshee: New Malware Steals Your Data on macOS

Mac users, rejoice no more! A new malware threat called Banshee Stealer has emerged, specifically targeting macOS systems. This isn’t your average malware; Banshee is designed to steal a wide range of data, making it a serious threat to your privacy and security.

What Does Banshee Steal?

If you don’t like having a piece of mind keep reading, if you do, we suggest you stop right now. Are you still reading? Ok, we warned you. Imagine a thief rummaging through your entire digital life. That’s essentially what Banshee does. It can steal information from:

Browsers

Browsers like Chrome, Firefox, Safari, Edge, and many more are vulnerable. Logins, browsing history, and even data from browser extensions are all up for grabs. This means that any saved passwords, autofill information, and even your browsing habits can be exposed. For instance, if you frequently visit banking websites, Banshee could potentially capture your login credentials and use them to access your accounts.

Cryptocurrency Wallets

If you use wallets like Exodus or Electrum, beware! Banshee can steal your hard-earned crypto. Cryptocurrency wallets are often targeted because they store valuable digital assets. Once Banshee gains access to your wallet, it can transfer your funds to the attacker’s account, leaving you with nothing. The decentralized nature of cryptocurrencies makes it nearly impossible to recover stolen funds, adding to the severity of this threat.

System Information

From basic details to your precious passwords stored in iCloud Keychain, Banshee wants it all. And if you know anything about Lola, Lola gets what Lola wants. System information can include your device’s specifications, installed software, and even your network configuration. This information can be used to launch more targeted attacks or to sell your data on the dark web. Passwords stored in iCloud Keychain are particularly valuable, as they can provide access to a wide range of accounts and services. To add more insult to injury, your information can be sold for cheap. Which really makes one question, “How much is your life really worth?”

Your Files

Documents, notes, and anything you have saved on your Desktop or Documents folders could be compromised. This includes personal files, work-related documents, and any other sensitive information you may have stored on your device. Banshee can search for specific file types, such as PDFs, Word documents, and spreadsheets, to find valuable information. Once these files are stolen, they can be used for identity theft, blackmail, or sold to the highest bidder.

How Does Banshee Work?

This malware is sneaky. It uses deceptive tactics like fake password prompts to trick you into giving it administrative access to your system. These prompts can look identical to legitimate macOS prompts, making it difficult to distinguish between the two. Once you enter your password, Banshee gains the permissions it needs to carry out its malicious activities.

Banshee also tries to avoid infecting computers with Russian language settings, suggesting targeted attacks. This behavior indicates that the attackers may be focusing on specific regions or user groups. By avoiding Russian-speaking users, Banshee may be attempting to evade detection by certain cybersecurity organizations or law enforcement agencies.

Why should I even try to stop them? Hackers are going to hack, am I right?
Photo by RDNE Stock project, please support by following @pexel.com

Why Should You Care?

The stolen information can be used for various malicious purposes. Hackers can use your logins to attack other accounts, steal your identity, or even launch targeted phishing attacks against you or your contacts. Financial information puts you at risk for theft. Identity theft can lead to long-term consequences, such as damaged credit scores, legal issues, and financial loss.

Identity Theft

Identity theft occurs when someone uses your personal information, such as your name, Social Security number, or financial information, without your permission. This can result in fraudulent activities, such as opening new accounts in your name, making unauthorized purchases, or even committing crimes. Recovering from identity theft can be a lengthy and challenging process, often requiring legal assistance and significant time and effort.

Financial Theft

Financial theft involves the unauthorized use of your financial information, such as credit card numbers, bank account details, or cryptocurrency wallets. This can lead to unauthorized transactions, drained bank accounts, and significant financial loss. In some cases, victims may be held liable for fraudulent charges, adding to the financial burden.

Phishing Attacks

Phishing attacks involve tricking individuals into providing sensitive information, such as login credentials or financial details, by pretending to be a trustworthy entity. Banshee can use the stolen information to craft highly targeted phishing emails, making them more convincing and increasing the likelihood of success. These attacks can lead to further data breaches, financial loss, and compromised accounts.

Protecting Yourself from Banshee

Here’s what you can do to stay safe:

Be Wary of Downloads

Only download software from trusted sources. Avoid clicking on suspicious links or opening unknown attachments. Malware often spreads through malicious downloads or email attachments, so it’s essential to be cautious when downloading files or clicking on links. Verify the source of the download and ensure that it is from a reputable website or developer.

Keep Software Updated

Outdated software has vulnerabilities that malware can exploit. Regularly update your macOS, browsers, and extensions. Software updates often include security patches that fix known vulnerabilities, making it more difficult for malware to infect your system. Enable automatic updates whenever possible to ensure that you are always protected with the latest security patches.

Use Strong Passwords

Don’t reuse passwords across different accounts. Consider a password manager to generate and store strong, unique passwords. Strong passwords should be at least 12 characters long and include a mix of letters, numbers, and special characters. Avoid using easily guessable information, such as your name or birthdate, in your passwords.

Consider Security Software

While macOS has built-in security features, additional security software can offer extra protection. Antivirus and anti-malware programs can detect and remove threats, providing an additional layer of security. Look for security software that offers real-time protection, automatic updates, and comprehensive scanning capabilities.

The Myth of Mac Security

This malware outbreak highlights a crucial point: Macs are no longer immune to cyber threats. Don’t let the myth of Mac security lull you into a false sense of safety. Be vigilant and take proactive steps to protect your data. While macOS has historically been considered more secure than other operating systems, the increasing popularity of Macs has made them a more attractive target for cybercriminals.

Historical Context

In the past, Macs were less commonly targeted by malware due to their smaller market share compared to Windows PCs. Cybercriminals focused their efforts on Windows systems, which offered a larger pool of potential victims. However, as the popularity of Macs has grown, so has the interest of cybercriminals in targeting macOS.

Modern Threat Landscape

Today’s threat landscape is constantly evolving, with new malware and attack vectors emerging regularly. Cybercriminals are becoming more sophisticated, using advanced techniques to bypass security measures and infect systems. This means that no operating system, including macOS, is entirely immune to cyber threats.

Keep learning ways to better protect your digital fortress.
Photo by Oladimeji Ajegbile, please support by following @pexel.com

Staying Informed and Practicing Good Security Habits

Remember, staying informed and practicing good security habits is your best defense against malware like Banshee Stealer. Here are some additional tips to help you stay safe:

Educate Yourself

Stay informed about the latest cybersecurity threats and best practices. Follow reputable cybersecurity blogs, news sites, and organizations to keep up-to-date with the latest developments. Understanding the tactics used by cybercriminals can help you recognize and avoid potential threats.

Backup Your Data

Regularly back up your important files to an external drive or cloud storage service. In the event of a malware infection, having a backup can help you recover your data without paying a ransom or losing valuable information. Ensure that your backups are stored securely and are not connected to your main system to prevent them from being compromised.

Enable Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. Enable 2FA on all accounts that support it to reduce the risk of unauthorized access.

Monitor Your Accounts

Regularly monitor your financial accounts, credit reports, and online accounts for any suspicious activity. Early detection of unauthorized transactions or changes can help you take action before significant damage occurs. Set up alerts for unusual activity to stay informed about potential threats.

Use a VPN

A virtual private network (VPN) encrypts your internet connection, making it more difficult for cybercriminals to intercept your data. Use a reputable VPN service, especially when connecting to public Wi-Fi networks, to protect your online privacy and security.

Love learning tech? Join our community of passionate minds! Share your knowledge, ask questions, and grow together. Like, comment, and subscribe to fuel the movement!

Don’t forget to share.

Every Second Counts. Help our website grow and reach more people in need. Donate today to make a difference!

One-Time
Monthly
Yearly

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00
$15.00
$100.00
$5.00
$15.00
$100.00
$5.00
$15.00
$100.00

Or enter a custom amount

$

Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly