As much as we would want to believe that the Internet is a safe place where people can’t fall for many online frauds, it is a good thing to always remind ourselves of carrying out “reality checks”. As humans, we can easily become victims of malicious attacks who want to steal our most valuable personal data. Criminal minds can extend further than before into our personal lives, our work offices, and our homes. And most times, there isn’t so much we can do about it.
Invasion schemes and tools differ from traditional attack vectors, which use malicious software and susceptibilities present in almost all the programs and apps (including the famous Windows operating system).
Some phishing scams originate from unexpected regions of the world where catching the real perpetrators can be difficult. This article will explain how to identify phishing scams, and how to prevent it.
As reported by the Federal Trade Commission (FTC), millennials are particularly more vulnerable to online scams than seniors, as shocking as it may seem. From investigations, about 40% of adults (20-29years old) lose money in scams.
How can you tell if someone is phishing on your account?
According to a report about financial scams Source: Federal Trade Commission, For this reason, widely used methods to get unauthorized access to our private information and financial data by malicious actors should be known. It is worthy of note that their main aim is at our money and they would stop at nothing to get it.
- Phishing Email Scams
In agreement with a new report from F-Secure, over one-third of security occurrence begins with phishing emails or malicious attachments sent to company employees. Users and organizations in the online space are continually vulnerable to malicious actors in their methods of scamming.
The overwhelming effects of phishing attacks should prompt one to learn how to detect and prevent them. Phishing frauds are based on communication created via email or on social networks. Cybercriminals usually send users emails/messages, trying to con them to provide them valuable and sensitive data (login credentials-from bank accounts, social networks, work accounts, cloud storage) that can prove valuable to them.
These emails will seem to come from an official source (like bank institutions or any other financial authority, legitime companies, or social representatives for users.) This way, they’ll use social engineering techniques by convincing you to click on a specific (and) malicious link and access a website that looks legit, but it’s controlled by them. This link would redirect you to a fake login access page that looks like a real website. If one isn’t careful, login credentials including other persons might are given out.
Latest phishing email
Lots of spam email campaigns are used to circulate financial and data-stealing malware. Swindlers create a sense of urgency to increase their success rate. They’ll tell you a frightening story of how your bank account is under threat and how you need to access as soon as possible a site where you must input your certifications to verify your identity or your account. After you fill in your online banking details, cybercriminals use them to penetrate your bank account or sell them on the dark web to other interested parties.
Suspect a Phishing Attack- how to identify phishing and look for indications of a scam.
When you receive text messages or emails that ask you to click on a link or open an attachment, and you don’t have an account with the company that contacted you or you don’t even know the person who sent the link, it could be a phishing fraud. Once you see those types of messages, report and then delete them.
However, if you are familiar with the person or company that contacted you, reach out to them using a valid phone number or website. Not the information in the email. Harmful malware can get installed on one’s mobile through various attachments and links.
What Should You Do If You Accidentally Responded To A Phishing Email
If you think a scammer has your private information, like your Social Security, go to IdentityTheft.gov to know the specific steps to take based on the information that you lost. If you mistakenly clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan.
How To Report Phishing
If you got a phishing email or text message, report it using the following steps;
Report spam email to FTC
Step 1. Forward any phishing email you get to the Anti-Phishing Working Group ([email protected].). Forward any phishing text message you get to SPAM (7726).
Step 2. The phishing attack should be reported to the Federal Trade Commission @ ReportFraud.ftc.gov.
PHISHING YOUTUBE SCAM
A recent report from Google’s Threat Analysis group reveals a phishing campaign aimed at YouTube content creators. Commandeered channels by hackers were sold off to scam the channel’s viewers.
The campaign emphasizes why cyber security practices are significant — on YouTube and everywhere else though Google claims it’s actively working against the menace and has restored many of the compromised YouTube channels.
How This Latest YouTube Phishing Scam Is Pulled Off
Although YouTube did not reveal who was behind the attack, the report claims the campaign recruited its team from a Russian-speaking message board. Even though we do not know who was behind it, we are sure the group used ” cookie theft” to pull off the heists.
Unlike phishing scams that use fake login pages, malicious links, and so on to steal usernames, passcodes, and other private data, cookie theft attacks focus on the saved cookies of a browser whenever you’re logged in.
Cookie theft is more dangerous than the average phishing fraud. It is only functional if the operator remains logged in and doesn’t erase their cookies before the hacker can use the login cookies on their end.
However, when you use the login session cookies, you won’t have to log in entirely, it enables you to bypass additional authentication requirements like USB security keys, two-factor authentication codes, or security questions. This makes cookie theft attacks very dangerous, and considering YouTube’s latest 2FA login requirement for every YouTube creator, it is likely cookie theft is one of the few achievable options left to hackers.
A successful cookie theft like any other phishing and malware attack requires the operator to download and install dangerous files or applications to their computer. To carry this out, hackers use social engineering tools to lure victims into fake but certifying ad partnerships over email. For instance, the YouTuber would be asked to review some partnerships for anti-virus apps, VPNs, or video games.
Once the Youtuber concedes to testing the product, the hackers will send malware-infected files that will gather the operator’s YouTube channel login cookies. The files would be encoded so that they could bypass anti-malware and antivirus apps, making it impossible to intercept the files before they get to the user’s computer.
After getting these cookies, the hackers can now take over the channel without ever requiring the channel’s username or passcode. These hijacked channels are what they would use to start financial fraud against the Youtuber’s audience, such as fake crypto schemes, fake donation campaigns, and so on. These cyberpunks will sell off smaller channels to other hacking groups for $4 to $4000.
How To Keep Your Account Safe From The Latest Phishing Scam
According to a report given by Google, 99.6% of the volume of related phishing emails on Gmail have been reduced by its crew member since May 2021, they’ve blocked over a million messages, over sixty-two thousand phishing pages, and 2,400 malicious files. The hacker activities were also reported to the FBI.
YouTube said it has successfully restored over four thousand affected channel accounts. Although this is good news for those who fell victim to the fraud, these numbers show just how massive and dangerous phishing campaigns are.
Therefore, we normally recommend turning on the two-factor authentication for all your accounts. (In case you haven’t enabled it on YouTube, now is a good time to turn it on.) But yes, this phishing movement also shows it is possible to circumvent 2FA security — no cybersecurity characteristic is 100 percent effective.
However, 2FA authentication makes it much harder for hackers to break-in in the first place, as does making unique passcodes for every account. Our explanations on how to detect online scams will help you avert the common pitfalls that enable hackers to access your devices and information; make sure to always scan your PC and any files you download with credible anti-virus and anti-malware applications and turn on your browser’s highest browsing security mode.
Review the released Google’s list of domains that these hackers have used for their attacks and, include them in your anti-malware apps or browser’s blacklist.
Conclusion
To safeguard yourself against phishing, never enter your passcode on any page except myaccounts.google.com. Flag any video you see on YouTube that you think might be spam or phishing for review by the YouTube team. Do well to visit the National Cyber Security Alliance to get additional information on spam and phishing. Put in place permissions on your channel.
If you are a content creator, you can put someone else in charge of your YouTube channel without granting them access to your Google Account. As a manager, if you wish to invite someone to access your channel, you can add or remove others after editing the channel details.