ANY message telling you your computer, tablet, or phone
is infected is a Blatant LIE. No one can tell that from
outside your computer, tablet or phone.
Phishers (Bad guys) will (and do):
1. Send you an email message, pretending to be...
2. Send you a text message, pretending to be...
3. Popup a window while using your web browser, pretending to be...
4. Call you on your phone, pretending to be...
5. Send you a letter (USPS Mail), pretending to be...
6. Knock on your door, pretending to be...
Phishers (Bad guys) try to convince you:
1. Your computer (or phone) is infected and...
2. Your package cannot be delivered...
3. Your account or credit card has been charged...
4. Your computer is sending out spam, pornography, etc.
5. Your account has been blocked, suspended, or deleted
6. You ordered something, or you've been charged...
7. Your friend is stranded...
8. And so on...
Phishers (Bad guys) pretend to be:
1. From your bank...
2. From your investment company...
3. From UPS, Apple, Google, Microsoft, etc.
4. From FBI (or other law enforcement or government agency)
Phishers (Bad guys) try to get you to:
1. Click on this link
2. Call this phone number
3. Download (install) something to your computer
4. Let them get onto your computer
5. Give them money (or your credit card number)
6. Give them account information, passwords, etc.
7. Give them ANY information about you
A Day in the Life of a Prolific Voice Phishing Crew
https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/
https://www.youtube.com/watch?v=F44un1_y2fs
WHAT YOU SHOULD DO
WEBSITE PHISH - Popup a window in your browser
You are using your web browser (Safari, Firefox, Chrome,
etc.) and a window pops up with some message saying that
your computer or mobile device is infected...
1. Don't Respond in any way!
2. On mobile devices, delete all tabs
3. On computeres Quit or force quit your browser
4. Restart your computer without reopening any Apps
Your browser should start up in your home page and you can
get on with your life. Clear History and Website Data.
Doing so should clear any data and cookies from the infected
website that popped up the phishing window.
If you need help from Microsoft
Phone: 800-642-7676
If you need help from Apple
Phone: 800-MY-APPLE (800-692-7753)
Make sure your devices are up2date
http://edu-observatory.org/olli/Manage/Updates.html
There is a lot of malware out there that has been mitigated
by recent updates. If you haven't installed the latest
updates, you may wind up in a world of hurt!
EMAIL PHISHES
1. Don't Respond
2. Mark the email message as junk (or spam). Training your
email system to recognize phishes, spam, and junk will
help reduce those distressing emails.
TEXT MESSAGE PHISHES
1. Don't Respond
2. Be vigilant and delete phishing messages. Ignore, delete
and get on with your life.
CISA | NSA | FBI | MS-ISAC
PHISHING GUIDANCE: STOPPING THE ATTACK CYCLE AT PHASE ONE
http://edu-observatory.org/olli/Manage/PDFs/Phishing_Guidance.pdf
Social engineering is the attempt to trick someone into
revealing information (e.g., a password) or taking an action
that can be used to compromise systems or networks. Phishing
is a form of social engineering where malicious actors lure
victims (typically via email) to visit a malicious site or
deceive them into providing login credentials. Malicious
actors primarily leverage phishing for:
1. Obtaining login credentials. Malicious actors conduct
phishing campaigns to steal login credentials for initial
network access.
2. Malware deployment. Malicious actors commonly conduct
phishing campaigns to deploy malware for follow-on activity,
such as interrupting or damaging systems, escalating user
privileges, and maintaining persistence on compromised
systems.
The Cybersecurity and Infrastructure Security Agency (CISA),
National Security Agency (NSA), Federal Bureau of
Investigation (FBI), and Multi-State Information Sharing and
Analysis Center (MS-ISAC) are releasing this joint guide to
outline phishing techniques malicious actors commonly use
and to provide guidance for both network defenders and
software manufacturers. This will help to reduce the impact
of phishing attacks in obtaining credentials and deploying
malware.
The guidance for network defenders is applicable to all
organizations but may not be feasible for organizations with
limited resources. Therefore, this guide includes a section
of tailored recommendations for small- and medium-sized
businesses that may not have the resources to hire IT staff
dedicated to a constant defense against phishing threats.
The guidance for software manufacturers focuses on
secure-by- design and -default tactics and techniques.
Manufacturers should develop and supply software that is
secure against the most prevalent phishing threats, thereby
increasing the cybersecurity posture of their customers.
sam.wormley@icloud.com