-
@ ImYour Huckleberry
2025-04-25 21:31:18
PSA: Just a friendly reminder to NEVER EVER send your login credentials via any method to any communication asking for them. If there is ANY doubt then initiate contact with the original company via previously established lines of communication, NOT links in emails or other messages. Also, don't share Authentication codes (OAuth, OpenID Connect, JSON Web Tokens (JWT), SAML, and WebAuthn, etc.) as they can be copied and used maliciously.
Be smarter than the #PHISHING attack. Most malicious activity can be traced back to poor personal security. Never open links or download files that get sent to you referring to account services or other important looking warnings/opportunities. Always initiate your contact by going to the original company website. Do your homework in advance. Have a way to contact them before you get targeted.
phishing:
the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
#Phishing #Hacking #Scam #SocialEngineering #IdentityTheft #Gmail #Account #Official #PSA
_____________________________________
This is an excerpt from an article about Google/Gmail but it could be just about any other company as well:
"You will receive a flood of malicious phishing emails though, despite Google’s assurance that its defenses now filter out 99% of these. And you do need to change your account settings to ensure you add a passkey and that you don’t rely on SMS two-factor authentication. This is being phased out, but you should move faster and change today.
More importantly, these sophisticated attacks on Gmail users that pretend to be from Google all rely on two false premises: that Google’s support staff may reach out to you by email, phone or message; and if you ever do receive an email or message relating to an account issue, that Google may “ask for any of your account credentials — including your password, one-time passwords [or] confirm push notifications.” The same is true of the company sending links to pages where you enter your credentials — it will not.
Last time there was this furor over a similar attack, Google asked me to “reiterate to your readers that Google will not call you to reset your password or troubleshoot account issues.” And it has reissued that warning in the wake of this latest attack. But the danger is this simple advice is drowned out by the technicalities of 0Auth and DKIM (DomainKeys Identified Mail) checks to authenticate senders, including Google itself. "
https://image.nostr.build/3f357e06b9d39022a4f7e2d087752b5dd32804ae37870b06ba4d49739f5abee7.jpg
https://www.forbes.com/sites/zakdoffman/2025/04/25/google-confirms-gmail-update-how-to-keep-your-email-account/