How to Spot Phishing Emails While Working From Home

Would you fall for a fake email from Amazon.xyz ? Because 690,502 people just like you did. A new rigorous, empirical study shows how modern phishing attacks work. And it's not what you think. Here's the wild part: Two-thirds of these attacks use brand new web addresses that look ~almost~ real. 📊 The Data: - 39 Months  - 690,502 Phishing Sites Here's The Attacker Playbook: 1. Buy Cheap, Throw Away Fast • Use .top and .xyz domains • Cost pennies to buy • Easy to dump when caught 2. Copy Famous Names • Amazon becomes Amaz0n.xyz • PayPal becomes PayPal-secure.top • Microsoft becomes Micros0ft.xyz 3. Play Digital Hide & Seek • Switch servers every few days • Change settings constantly • Stay ahead of blockers 🔍 The Numbers Tell the Story: • 66.1% use fresh domains • 64.3% keep changing servers • Takes 11.5 days to shut them down Keep Yourself Safe: 1. Check EVERY Link • Hover before clicking • Look for weird spellings • Question unusual extensions 2. Watch Out For: • .top domains • .xyz domains • Any odd-looking web address 3. Trust Your Instincts • Looks fishy? Probably is • Verify the sender • Check independently 💡 Key Takeaway: Modern phishers aren't using obvious fake emails anymore. They're playing a sophisticated game of digital deception. Stay sharp. Stay safe. ♻️ Share this to help others spot these tricks. 👉 Follow me for more security insights that keep you protected. #Cybersecurity #PhishingAwareness #DigitalSafety #TechSecurity

How many signs of phishing can you spot in this email? I am getting more and more of this exact type of fake invoice phish. In fact, a lot of them aren't even getting caught by spam these days. So, let's spread the security awareness to help others avoid falling for it. How many signs of phishing can you spot in this image? Alternatively, what common signs do you NOT see, which is likely how it is avoiding spam filters? Here is what I see on this one (SPOILERS): 🔻 From a generic gmail.com account 🔻 No personal greeting - it is all generic 🔻 The ID number in the subject doesn't match any other numbers in the email or the Invoice number in the attached PDF (visible but hard to see here) 🔻 The text is repetitive and very difficult to read 🔻 The PDF says "Norton from Symantec" but the email doesn't contain any branding or contact details Now, here is what I DON'T see which security awareness programs always highlight: 🔹 Call to *urgent* action 🔹 A link to click 🔹 Typos or spelling errors (grammar problems not withstanding) So, what actions can you tell people to avoid falling victim? 🔸 Never trust incoming email, particularly from sources you haven't seen before 🔸 If an email says you paid a bill you don't remember paying, check your bank accounts FIRST. If you don't see the bill, the email is almost certainly spam. 🔸 Never be afraid to forward an email like this to somebody else and ask for a second opinion on it. 🔸 Don't call the phone number or respond to an email like this. Look up the company in Google and call the official support number. #security #cybersecurity #spam #phishing #securityawareness

There is a wide-spread phishing campaign using QR codes to be aware of. What to look out for: The phishing campaign involves the following steps: Email: Email with a QR code. Recent emails have been pretending share a file from HR or a security team requiring multi-factor authentication to be setup.   Initial webpage: Scanning the QR code often leads the user an initial landing page containing a Captcha.   Phishing webpage: Once clicking the Captcha, it will redirect the user to a fake Microsoft 365 login page. This page is designed to capture login credentials, including username and password, and may also prompt multi-factor authentication to be completed. What you should do: Exercise caution when clicking links from emails: Always be cautious when clicking on links where it asks you to login, even if it originates from someone you know and trust since the sender may be compromised.   If you have any suspicion or if the email is unexpected, contact the sender on a known trusted method of communication independent of the email or contact information from the email.   Verify website when logging in: When you are logging into websites, verify the website is the correct address and not a look alike website.   Report suspicious emails: If you receive a suspicious email to your inbox that has not been captured by the spam filter, report the email to your security team.   Change your password and notify your security team: If you accidently entered your credentials into a website that you are not sure about, immediately reset your password and notify your security team. #phishingattacks #phishingawareness #cybersecurityawareness #cybersecurity