Latest news with #phishing
Zawya
a day ago
- Business
- Zawya
South Africa is a prime target for ransomware attacks: How to safeguard your system?
Ransomware attacks have become a significant threat to South African businesses, with the country emerging as a top target in Africa. The prevalence of these attacks is driven by a combination of factors, including the rapid digital transformation of businesses, the increasing sophistication of cybercriminals, and the economic incentives for attackers. South Africa's relatively strong economy and high levels of digital adoption make it an attractive target for ransomware operators, who know that businesses and institutions here are more likely to pay ransoms to recover critical data. Why South Africa is a hotspot for ransomware South Africa's position as a regional economic hub means that its businesses and government institutions store vast amounts of sensitive data online. Cybercriminals are well aware of this, and they exploit vulnerabilities in outdated systems, weak passwords, and human error to infiltrate networks. For instance, a healthcare provider could fall victim to a ransomware attack if its systems are not updated with the latest security patches, allowing attackers to encrypt patient records and demand a hefty ransom. Similarly, a financial institution might be targeted if employees click on a phishing email, granting attackers access to the network. Common tactics used by ransomware operators Ransomware attacks often begin with phishing emails, where attackers use social engineering to trick employees into clicking malicious links or downloading infected attachments. Once inside the network, the ransomware spreads rapidly, encrypting files and rendering them inaccessible. Attackers then demand payment in exchange for decryption keys. In some cases, they also steal sensitive data and threaten to leak it if the ransom is not paid. Another common tactic is using exploit kits, which scan systems for vulnerabilities and deploy ransomware payloads without the need for user interaction. For example, a manufacturing company could be targeted through a compromised website, where an exploit kit silently installs ransomware on its systems. The cost of ransomware attacks The financial impact of ransomware attacks can be devastating. Beyond the ransom itself, businesses face costs related to downtime, lost revenue, and reputational damage. A retail chain might lose millions of rands in sales during a ransomware-induced shutdown, while a logistics company could suffer delays in delivering goods, leading to customer dissatisfaction. Moreover, the recovery process could take weeks or months, compounding the financial losses. Prevention is key: building resilient infrastructure Businesses must adopt a proactive approach to cybersecurity to protect themselves from ransomware. This starts with regular employee training to recognise phishing attempts and other social engineering tactics. Companies should also implement robust password policies and multi-factor authentication (MFA) to reduce the risk of unauthorised access. Keeping software and systems up to date is crucial, as outdated systems are a common entry point for ransomware. Partnering with an experienced IT security provider can make a significant difference in preventing ransomware attacks. An expert partner can help businesses identify vulnerabilities, implement advanced monitoring tools, and develop a comprehensive incident response plan. For example, a small business might work with an IT partner to deploy endpoint protection software that detects and blocks ransomware before it can encrypt files. Additionally, regular backups of critical data, stored securely offsite, can ensure businesses recover quickly without paying a ransom. A multi-layered defence strategy A multi-layered approach to cybersecurity is essential for safeguarding against ransomware. This means having multiple layers of security measures in place, each one adding a different level of protection, such as firewalls, email security, and intrusion detection systems, which can be used to block attacks at the perimeter. Inside the network, businesses should use tools that monitor for suspicious activity and automatically respond to potential threats. For example, a financial institution might use machine learning algorithms to analyse network traffic and detect anomalies that could indicate a ransomware attack. While prevention is the best defence, cyber insurance can provide additional protection. Policies that cover ransomware attacks can help businesses recover financially from the costs of downtime, data recovery, and ransom payments. However, insurers are increasingly scrutinising the cybersecurity measures of their clients, meaning businesses with stronger defences might benefit from lower premiums. Ransomware attacks are a growing threat to South African businesses but are not inevitable. By investing in robust cybersecurity measures, training employees, and working with expert IT partners, businesses can significantly reduce their risk of becoming a target. Prevention is key, and a proactive approach to cybersecurity can help ensure that businesses remain resilient in this evolving threat.
South China Morning Post
2 days ago
- South China Morning Post
8 arrested in Hong Kong after HK$46 million lost in investor phishing scams
Hong Kong police have arrested eight people for allegedly making unauthorised stock transactions, manipulating the market and using phishing scams to swindle about HK$46 million (US$5.8 million) out of more than 130 victims based locally and overseas. Advertisement Senior Superintendent Fanny Kung Hing-fun of the force's commercial crime bureau said police had arrested seven men and one woman over two separate phishing cases, with one targeting locals and the other going after overseas investors. Both cases allegedly involved scammers duping retail investors into sharing their securities accounts for unauthorised transactions, with some overseas victims referred to the force by the city's Securities and Futures Commission. 'The methods used in these cases have revealed how the syndicates used phishing links to hijack accounts, orchestrating cross-border market manipulation and money laundering crimes,' Kung said. The senior superintendent said the syndicates started by sending phishing messages en masse that contained hyperlinks to websites set up to impersonate overseas securities firms. Advertisement The victims then input their account login details and one-time passwords issued by the real securities firms, allowing the scammers to access their investment accounts. Senior Inspector Chow Tsz-hin of the same bureau said 137 victims had come forward as of Wednesday, with their combined losses exceeding HK$40 million.
Khaleej Times
3 days ago
- Business
- Khaleej Times
Triple extortion, AI phishing: UAE banks face evolving cyber threats
From hyper-personalised phishing emails to ransomware attackers leaking stolen data before encryption, cyber threats in the banking and financial sectors are growing faster than many institutions can adapt. At the FutureSec Summit 2025, hosted by Khaleej Times in Dubai on Wednesday, cybersecurity leaders warned that even tightly regulated sectors, such as BFSI (Banking, Financial Services, & Insurance), are now facing more complex, intelligent, and coordinated cyberattacks. "More than 95 per cent of cyber incidents still begin with social engineering," said Hala Elghawi, Regional Cybersecurity Risk Specialist. "Phishing emails have become highly sophisticated, especially with AI-generated spear phishing. These are tailored to specific individuals, making them incredibly hard to detect — even by trained professionals." Elghawi added that traditional ransomware attacks have evolved into what experts are calling triple extortion tactics: "Attackers now first exfiltrate data and leak it online, then encrypt systems, and finally demand ransom. If companies hesitate, they escalate by threatening to publish or sell the data. The pressure is intense." She also pointed to the rising availability of malware-as-a-service platforms, which have made it easier and cheaper for less technically skilled actors to launch serious attacks. Regulation, culture, and AI While regulation in the UAE is evolving rapidly, experts emphasised that compliance alone is not enough. "The Central Bank of the UAE took a very forward-looking step in 2024 with two key regulations," said Rohit Bajpai, Head of Internal Audit at Gulf Islamic Investments. "One was the introduction of open finance rules, extending data-sharing frameworks to insurance firms under customer-consent models. The second was a regulatory sandbox that allows firms to safely test AI and digital tools in a controlled environment." These shifts, he noted, create an environment that fosters innovation without compromising risk controls. But according to Linoy Kidd, Chief Information Officer at HSBC MENAT, the human element remains just as critical: "Cybersecurity must be part of the organisational DNA. It's not just about XDR or MFA. It's about accountability at every level, first line, second line, and third line of defence," she said. "Training, awareness, and a culture of vigilance are just as important as technology." Multi-cloud chaos Expanding the conversation beyond finance, Georges Farah, Head of Container Security for Kaspersky (Middle East, Turkey, and Africa), echoed that the shift to hybrid and multi-cloud environments is creating serious visibility challenges. "With every additional cloud provider, you get more flexibility but also more blind spots," Farah said. "Only about 51% of organisations today say they have fully unified visibility across their infrastructure. That's where attackers thrive." He cautioned against a common mistake: trying to enforce the same low-level configurations across different cloud providers. "You need a top-down approach," he explained. "Start with master policies in plain English, what data needs to be protected and why—then translate those into cloud-specific tools and configurations. Automate what you can, but make sure it's strategic, not reactive." Despite the evolving threat landscape, speakers expressed optimism that AI could be as much a solution as a risk if adopted correctly. "Machine learning lets us detect threats faster, identify patterns, and even automate containment," said Elghawi. "Instead of replacing people, it should free them to focus on strategy and innovation."
Fox News
6 days ago
- Fox News
What to do if you get a password reset email you didn't ask for
You're checking your inbox or scrolling through your phone when something catches your attention. It's a message about a password reset, but you never asked for one. It might have arrived by email, text message or even through an authenticator app. It looks legitimate, and it could be from a service you actually use. Still, something feels off. Unrequested password reset messages are often an early warning sign that someone may be trying to access your account. In some cases, the alert is real. In others, it's a fake message designed to trick you into clicking a malicious link. Either way, it means your personal information may be at risk, and it's important to act quickly. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. There are a few reasons this might happen: In some cases, the message is legitimate, as seen in the email below, but the request didn't come from you. That is often a sign your login details are already in someone else's hands. Unsolicited password reset alerts can take several forms, each with signs of potential fraud or hacking: No matter how the alert appears, the goal is the same. Either someone is trying to trick you into handing over your credentials, or they already have your password and are trying to finish the job. If you receive a password reset alert you didn't request, treat it as a warning. Whether the message is legitimate or not, acting quickly can help prevent unauthorized access and stop an attack in progress. Here are the steps you should take right away. 1. Don't click on anything in the message: If the alert came through email or text, avoid clicking any links. Instead, go directly to the official site or app to check your account. If the request was real, there will usually be a notification inside your account. 2. Check for suspicious login activity: Most accounts have a way to view your recent logins. Look for suspicious activity like unfamiliar devices, strange locations or logins you don't recognize. A login from a location you have never been to could be a sign of a breach. 3. Change your password: Even if nothing looks wrong, it's a good idea to reset your password. Choose one that is long, complex and unique. Avoid reusing passwords across different accounts. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 4. Scan your device for threats: If someone got access to your password, there is a chance your device is compromised. Use strong antivirus software to scan for keyloggers or spyware. 5. Report the incident: If the alert came from a suspicious message, report it. In Gmail, tap the three-dot menu and select Report phishing. For other services, use the official website to flag unauthorized activity. You can also file a report at the FBI's Internet Crime Complaint Center if you suspect a scam. You can take a few steps to try to reduce the number of emails you receive requesting a password reset. 1. Double-check your username and password. When accessing your account, you may have a typo in your login information. Should you repeatedly attempt to access your account with this error, the company that holds the account may believe a hacking attempt is occurring, triggering an automatic reset. If your web browser automatically populates your username and password for you, make sure this information is free of typos. 2. Remove unauthorized devices. Some accounts maintain a list of devices authorized to use your account. If a hacker manages to gain some of your personal information, it may be able to add one of his devices to your authorized list, triggering account login errors as he tries to hack your password. Check the list of authorized devices and remove any items you don't recognize. The process varies, depending on the type of account. We'll cover steps for Microsoft, Gmail, Yahoo and AOL. Microsoft Gmail: Yahoo: AOL: Remember to regularly check your account settings and authorized devices to ensure the security of your accounts. If you suspect any unauthorized access, it's also a good idea to change your passwords and review your account recovery options. 3. Sort such messages to spam. If you'd prefer to simply not see these kinds of email messages, set up your email client to sort messages like this to a spam folder. (Because many of them are spam, some email clients do this automatically.) Should you ever legitimately request a password reset, though, you'll need to remember to look in the spam folder for the message. 4. Use a static IP address. Some accounts attempt to recognize your device through your IP address. If you have a dynamic IP address, your IP address changes constantly, meaning the account may not recognize your device, triggering the reset message. This often occurs because you are using a VPN. See if your VPN allows you to use a static IP address. Even if this was a one-time scare, it is important to tighten your overall security. Here are a few simple habits that go a long way: 1. Use strong and unique passwords: Use a password manager to create secure, one-of-a-kind passwords for each account. Get more details about my best expert-reviewed Password Managers of 2025 here. 2. Consider using a personal data removal service: If you're receiving password reset emails from accounts you don't remember signing up for, or from multiple services, there's a good chance your personal information is exposed on data broker sites. These companies collect and sell your data, including your email, phone number, home address and even login information from old accounts. Using a reputable data removal service can help you automatically identify and request the removal of your personal data from these sites. This reduces your risk of identity theft, credential stuffing, phishing and spam. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web 3. Turn on two-factor authentication (2FA): Enabling 2FA is one of the most effective ways to stop unauthorized access, even if someone has your password. When 2FA is active, anyone trying to log in must also complete a second verification step, usually through an app on your phone. If an attacker triggers a login attempt, you will receive a prompt to approve or deny it. This gives you the power to block the attempt in real time and confirms that 2FA is working as intended. 4. Install strong antivirus software: Install strong antivirus software to catch malware before it causes harm. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 5. Review your account settings: Make sure your recovery phone number and email are current. Remove any outdated or unused backup methods. 6. Keep your software up to date: Keep your device software and apps up to date to patch security vulnerabilities that attackers often exploit. 7. Use a VPN to protect your online activity: Avoid public Wi-Fi or use a VPN to protect your information when browsing on unsecured networks. Consider using a VPN to protect against hackers snooping on your device as well. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices It's easy to brush off an unexpected password reset message, especially if nothing else seems out of place. But these alerts are often the digital equivalent of a knock at the door when you weren't expecting anyone. Whether it's a hacker probing for a way in or a scammer trying to bait you, the smartest move is to treat every unexpected security message as a wake-up call. Taking just a few minutes to check your login history, secure your accounts and update your passwords can make all the difference. Cybersecurity isn't just for experts anymore. It's an integral part of everyday life. And the more proactive you are now, the less likely you'll be dealing with damage control later. Are tech companies doing enough to protect users from password threats, or are they putting too much responsibility on individuals? Let us know by writing to us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Forbes
21-06-2025
- Forbes
Samsung Confirms New Account Purge — 3 Ways To Save Yours From Deletion
Samsung confirms new inactive account deletion policy. Although many, I'm inclined to say most, of the emails I receive claiming to be from a major vendor are quite patently not, with phishing cyber attackers actually being responsible, the one that dropped in my inbox on June 20 from Samsung was 100% genuine. I mean, it had all the hallmarks of a scam: the urgency of the headline, the call to action and a link for further information. But, no, this really was an official warning that my Samsung account would be deleted unless I followed the instructions. The good news is that, while Samsung's changes to account policy take effect on July 31, 2025, no accounts will be deleted until July 31, 2027. Here's what you need to know, and do to stop yours from going down the data deletion drainpipe. Samsung Confirms Inactive Account Deletion Policy This is not my first account deletion warning rodeo, and I'm going to hazard a guess it's not yours either. Google has been emailing users since 2023, after it made changes to the inactive Google account policy that meant said accounts would be deleted if they remained unused for a period of 24 months. Now, and not before time, you might think, Samsung is playing catch-up and has also started emailing Samsung Account holders with a very similar new policy. The June 20 email from Samsung, with a subject line of 'Important changes to your Samsung account,' informed me of critical changes that are coming and could impact my account. 'Samsung is implementing an inactive Samsung account policy to protect the data of users who have not used their account for an extended period of time,' the email explained. What this means, very much like the Google account policy changes, is that if you haven't used your Samsung account for a period of 24 months, then it will meet the criteria for deletion. And what that means is access to your account will be restricted, all data linked to the account will be deleted, and neither will be able to be restored. The bottom line: use it or lose. The Samsung Account Deletion Timeline — 3 Ways To Keep Yours The good news is that this isn't a pressing issue, despite the apparent urgency engendered by the email. Samsung has confirmed that the earliest date that any accounts will be deleted is July 31, 2027. Yes, you read that right, two years. Funny that, as it will be two years from the date the policy becomes official. Samsung confirms new policy will start deleting inactive accounts from July 31, 2027. The even better news is that it's really easy to ensure your Samsung account does end up in the delete pile: just use it. But what does this mean, in reality? Samsung has confirmed that account usage is defined in the following three ways: 'To prevent your account from being deleted,' Samsung said, 'and to ensure proper use of Samsung Services, your account must have at least one usage/activity every twenty-four months.'
