ChatGPT's Footer
In a recent ChatGPT session, I noticed the footer "Don't share sensitive info. Chats may be reviewed and used to train our models. Learn more." Not sure if they recently added it, or if our ChatGPT friends have put that there from the beginning. Regardless, I am writing about sharing sensitive information in AI prompts today. My example is of ChatGPT but I feel this advice applies to all AI interactions.
Why You Should Keep Personal Info Out of ChatGPT, and All AI Engines
When using ChatGPT or any AI engine, it's important to be careful about what information you share. You should avoid putting personal details or health information in your prompts. This helps protect your privacy and keeps sensitive data safe. ChatGPT uses the information ... Read More
Test your users' gullibility to social engineering
Stephanie Carruthers, People Hacker for IBM- X-Force Red wrote an excellent post on why you should social engineer your own organization. I'll quote the first paragraph or so, and you should read the rest of the article, it makes an excellent point for the need to "social engineer your employees" and assess the strength of your human firewall!
"It was one of the highest phishing rates I had ever seen: Almost 60 percent of employees clicked the malicious link. Yet the client, a chief information security officer (CISO) of a Fortune 100 company, asked a question that caught me completely off-guard.
“So what?” he said, clearly unimpressed.
As a “people hacker” for X-Force Red, IBM Security’s team of veteran hackers, I’ve performed social ... Read More
September 30, 2024Mark Anthony Germanos
LinkedIn ads used to spread malware
The context of contacting the victim via LinkedIn may be all that was needed to trick one job seeker into installing malware on the network of a bank. Sometimes credible sites are avenues of malware distribution.
Imagine you’re on LinkedIn and you see an ad for an open position that you’re perfect for. See anything wrong with that? Given you’re on a website that knows your job title, industry sector, location, etc. I’d say none of us would give it a second thought and assume it was legitimate.
That was exactly what hackers were hoping for when they used LinkedIn ads to target employees of the victim bank (which include company as a part of their ad filtering). A bank employee responded ... Read More
September 30, 2024Mark Anthony Germanos
Cybersecurity training kids can understand
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform is offering an interactive, no-cost, children’s cybersecurity activity kit to the public. A workbook, poster and video module available to help families teach children how to protect themselves from online dangers
The activity kit consists of two workbooks with puzzles and games, a poster and a video module featuring KnowBe4’s security awareness hero Captain Awareness.
The workbook also includes a cyber hero pledge consisting of helpful tips to help children stay safe online, along with a family agreement that parents can review with their children to set guidelines for using online devices.
Concrete tools
With this activity kit, parents, teachers and other guardians have some concrete tools to help teach their children about online ... Read More
September 30, 2024Mark Anthony Germanos
Anatova game tricks users into downloading ransomware
The anatova ransomware strain was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
Creating a quick and fast piece of ransomware is fairly easy
Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also ... Read More
September 30, 2024Mark Anthony Germanos
Phishing attack when selling a house
Cyber thieves stole $150,000 from a woman during a real estate transaction last year, according to Lisa Vaas at Naked Security. Mireille Appert, a Swiss woman who lives in the United States, inherited her uncle’s house in Australia when he passed away in 2014. She fell victim to a phishing attack.
In 2018, Appert decided to sell the house and got in touch with an Australian law firm, KF Solicitors, on July 1st. On July 18th, she received a phishing email that read, “The sellers [sic] authority just needs to be emailed back to us and not posted.” She emailed her bank details to the company in a PDF.
Wrong bank account number
Over the next month, Appert and her son worked with ... Read More
September 30, 2024Mark Anthony Germanos
Similar AI Prompts Create Different Results - This Will Confuse Plagiarism Checkers
Plagiarism checkers thwarted. I asked an AI engine to generate content yesterday. One small change in my prompt created a result with a vastly different result, tone and verbiage. Armed with this knowledge, I am arguing plagiarism checkers will not generate consistent results on AI-generated content.
My client has all users logging into their Windows 11 workstations with the same password. Danger, Danger, Danger, I know. I asked perplexity to generate content I can share with the client, promoting creating user-specific passwords.
My first prompt was
“why should a company with 5 computer users have unique passwords for each user and in under 300 words and include bullet points and in a friendly tone and written from ... Read More
September 30, 2024Mark Anthony Germanos
Phishing has moved above simple fake email
Phishing has grown above and beyond email and into your online experience as a whole. This is an effort to collect personal details and share out the attack on social networks, according to a new report from Akamai Enterprise Threat Research.
In a world where millennials have grown up with a device in their hand, inherently trusting everything they interact with on the web, cybercriminals are meeting victims where they are online, using a new type of phishing attack that gets the user to give up personal details.
Users surfing the web are unexpectedly redirected to a “Congratulations” page with either a roulette-looking wheel or a 3-question quiz. It’s an attack designed to gather email addresses and personal information to be used ... Read More
September 30, 2024Mark Anthony Germanos
CEO fraud nets $18.6 Million
A talented group of Fraudsters used phishing, social engineering, and CEO fraud to convince the India arm of Italian engineering company Tecnimont to part with millions of dollars.
We’ve all heard of phishing or whaling stories where someone is sent an email pretending to be the CEO of an organization, asking the recipient to perform an action that benefits the cybercriminal. The attack on Tecnimont takes these kinds of attacks to a new level and is something right out of a Mission: Impossible movie.
A series of conference calls
Chinese fraudsters sent Tecnimont’s head of India operations an email from an account that spoofed that of group CEO Pierroberto Folgiero. Rather than simply asking for money to be transferred, the cybercriminals instead arranged for not one, ... Read More
September 30, 2024Mark Anthony Germanos
Phishing trends that persisted throughout 2018
In reviewing the Q4 2018 most clicked subject lines, Knowbe4 identified these trends. Five subject line categories appeared quarter-over-quarter throughout 2018, including:
Deliveries
Passwords
Company Policies
Vacation
IT Department (in-the-wild)
(You can compare past quarterly findings here.)
Additionally, three “in-the-wild subject lines” were clicked three out of four quarters and included Amazon, Wells Fargo and Microsoft as keywords.
Users are concerned about security
“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security. Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about ... Read More
September 30, 2024Mark Anthony Germanos