Tag: #phishing

Think Before You Scan: That QR Code May Be a Scam

In quishing attacks, cybercriminals place QR codes containing malicious links in public places, such as parking meters or restaurants, or send these QR codes via email. Such attacks can result in financial losses, stolen personal data, or compromised device, cybersecurity experts warn.

January XX, 2026. At the start of January, the US Federal Bureau of Investigation (FBI) issued a warning against cyber attacks organised by North Korean cybercriminals who used fake QR codes to trick users into obtaining personal information. According to cybersecurity experts, similar attacks, also known as “quishing”, are on the rise not only in the US but in other countries, as cybercriminals look for new ways to profit.

Quishg (QR code phishing) is a phishing technique where cybercriminals try to trick users into scanning QR codes that lead to malicious websites. Organisations in several countries have issued warnings that bad actors place these QR codes on top of legitimate ones in public places such as kiosks, restaurants, or parking meters.

For example, last year, UK government institutions have warned users of fake QR stickers on parking machines, with victims being sent to spoofed payment pages. Meanwhile, the US Federal Trade Commission issued a similar warning about unexpected packages containing QR codes that led to phishing websites.

Such fake QR codes can also be shared online. For example, the FBI said that a North Korean state-sponsored cybercriminal group, called Kimusky, targeted employees of organizations by embedding malicious QR codes in an email. In one such instance, a QR code was presented as a way to download additional information.

According to cybersecurity experts at Planet VPN, a free virtual private network (VPN) provider, no matter where a fake QR code is placed, the scheme is similar. After scanning it, a user is often forwarded to a fake phishing website mimicking a legitimate one, such as a restaurant’s website, where cybercriminals may try to charge a user’s credit card.

According to Konstantin Levinzon, co-founder of Planet VPN, such scams can lead not only to financial losses but also to compromised devices.

“Quishing is phishing–just in a different wrapper. A QR code can lower people’s guard because this technology became ubiquitous only during the pandemic, and the threat still isn’t as widely recognized. It also shifts the “risky click” from a visible link to a quick scan, making the danger easier to miss. Attackers are refining these tactics every year and constantly finding new ways to trick users,” he says.

According to Levinzon, one reason why cybercriminals may favour QR codes in emails instead of regular phishing emails is that QR codes often bypass anti-phishing and scam filters, because these often analyze only text and links, but don’t analyze images.

And even if anti-spam filters in emails are equipped with QR code detection, cybercriminals often find new ways to bypass them, for example, by making QR codes in different colors.

Cybersecurity researchers at Proofpoint estimate that during the first half of last year, there were 4,2 million QR code-related threats. However, Levinzon says that the number is likely higher because many QR code scams are undetected.

When it comes to protecting against the growing threat, users are advised to be more deliberate about when and why they scan a QR code. If after scanning a QR code, a person is forwarded to a website that asks for payment or log-in details, this is a real warning sign.

Meanwhile, if a QR code is sent from an unknown sender via email, Levinzon advises contacting the sender directly before entering login credentials or downloading files.

“We recommend applying the same logic everywhere: stay skeptical whether you receive a message from a coworker or on your personal social media account. However, vigilance is only part of the story. To maximize security, users also need basic safeguards – use a VPN on public Wi-Fi, install updates promptly, use strong passwords, and enable multi-factor authentication on all accounts,” he says.

 

 

CCPC warns of surge in online scams for Irish consumers

Irish consumers are being targeted by increasingly sophisticated online scams, according to a new set of case studies released by the Competition and Consumer Protection Commission (CCPC). The warning comes as Black Friday and Cyber Monday kick off the busiest shopping period of the year, creating prime opportunities for scammers to steal from unsuspecting shoppers.

With recent research revealing that almost 40% surveyed expect to make a purchase in the Black Friday/Cyber Monday sales, the CCPC is advising consumers to be extra vigilant and to stop and think before rushing into making a purchase.

The case studies, which date between November 2024 and August 2025, reveal losses ranging from €42 to €20,000 and highlight the wide range of methods used to scam consumers. These include fake websites, phishing emails, fraudulent job offers, rental accommodation scams, and investment fraud.

The CCPC is warning consumers to be especially wary of ads on social media, as scammers are using convincing clones of trusted websites and fake local shops to trick shoppers. To stay safe, always purchase through the retailer’s official website or app rather than clicking on the social media link.

Stop, search and stay safe 

To help consumers shop safely during the peak shopping season, the CCPC advises following three simple steps:

  • Stop: Scammers often create urgency to pressure quick decisions. If something feels off or too good to be true, stop and think before engaging further.
  • Search: Remember that logos, “about us” pages and imagery on websites can be fabricated. Always take a minute to check sites like Trustpilot or Reddit for independent reviews.
  • Stay safe:
    • Watch out for common red flags, including unusually large discounts – “up to 80% off”, unfamiliar websites, recently created social media profiles, and all five-star reviews.
    • Always use a credit card, debit card or trusted payment provider, rather than a direct bank transfer.

Grainne Griffin, director of communications at the CCPC said: 

“As the busiest shopping season of the year kicks off, it’s important that consumers avoid rushing into online purchases and transactions. Online scams have become more and more sophisticated, using convincing images and stories and carefully tailoring their ads to seem like they’re a trustworthy business.

“For the sake of your finances and your safety, take care when shopping online. Don’t let tactics like time-sensitive offers or countdown clocks pressure you into making a decision you might regret.

“Do your research, take your time, and don’t take risks, no matter how tempting the deal – you can lose an awful lot of money in just a few clicks. Always use a credit card, debit card or trusted payment provider like PayPal, rather than a direct bank transfer.”

What to do if you’ve been scammed when shopping online  

If you think you’ve been scammed, contact your bank or payment provider immediately. You may be able to initiate a chargeback and get your money back, and you may need to freeze your card to prevent further money being taken. An Garda Síochána are responsible for pursuing scam operators so contact your local Garda office and report it and of course you can ask us as many do each year.

For information on the different types of scams and how to spot them, visit ScamUniversity.ie.

How to Use Crypto Securely in Ireland: Devices, Apps, and Safety Tips

Cryptocurrency use in Ireland has grown quickly, offering both a flexible payment option and an alternative investment. However, with crypto, users are fully responsible for protecting their assets. There are no banks to reverse fraud or recover lost keys. Security depends on the device used, the apps chosen, and daily habits. For anyone in Ireland using crypto, staying secure is essential.

Using Secure Devices for Crypto Transactions

A secure device is the foundation of any safe crypto setup. For Irish users, this usually means a personal smartphone or laptop that’s regularly updated and well-maintained. Operating system updates patch security flaws, while antivirus software and a firewall help block threats. These tools should always run in the background, with auto-updates enabled.

Public Wi-Fi, common in cafés or during commutes, poses risks since data can be intercepted. A virtual private network (VPN) adds encryption and helps protect sensitive activity. Ideally, crypto transactions should be carried out on a home network using a clean, trusted device.

Some users take this further by setting up a separate phone or computer solely for crypto use. After a factory reset, the device runs only essential apps and stays offline unless needed. This approach adds another layer of protection, especially when making crypto payments on entertainment platforms such as online casinos, where safeguarding wallet access and private keys is essential for peace of mind.

Gambling expert Viola D’Elia from ESI notes that top no-verification platforms take security and anonymity to another level. These sites don’t require players to provide sensitive personal or financial details. Instead, registration typically involves just an email address, a username, and a password. This low-barrier setup enhances anonymity while still offering access to thousands of provably fair games and enabling near-instant, secure payouts through a wide range of cryptocurrencies. By combining strong device protection, smart internet practices, and a mindset focused on privacy, users can confidently navigate the crypto space while keeping their assets safe and their identity protected.

Choosing Trustworthy Crypto Wallets

In Ireland, users can choose from mobile, desktop, hardware, and browser-based crypto wallets, each offering a different trade-off between convenience and security. Mobile wallets are quick and useful for small transactions, but can be compromised if a phone is lost. Desktop wallets provide more features but still operate online, making them vulnerable. Hardware wallets like Ledger and Trezor keep private keys offline and are widely regarded as the most secure option. Though they require an upfront cost, they offer strong protection by staying disconnected except during transactions. Browser-based wallets are convenient but require caution; always verify site legitimacy and avoid entering sensitive details unless sure of the source. Whenever possible, users should use wallets that grant full control of private keys, as custodial options limit personal ownership.

Protecting Passwords and Enabling Two-Factor Authentication

One weak password can result in the complete loss of assets. That’s why password hygiene matters. Avoid using the same login details across multiple platforms. Irish users should rely on reputable password managers to create and store strong, unique passwords. This makes it harder for hackers to guess or brute-force access to crypto accounts.

Two-factor authentication (2FA) is also essential. Instead of relying solely on a password, users receive a second confirmation code before gaining access. SMS-based codes can work, but they are more vulnerable to SIM swap attacks. A more secure method is to use an authenticator app, like Google Authenticator or Authy. These apps generate time-sensitive codes and cannot be intercepted in the same way.

For higher-value accounts, physical security keys such as YubiKey can take authentication even further. In these cases, an attacker would need the physical device in addition to knowing the password. Adding these extra steps might feel inconvenient at first, but they significantly reduce the risk of losing access or having accounts compromised.

Securing Seed Phrases and Backup Systems

The most important part of any wallet setup is the seed phrase, a sequence of words that can recover the entire wallet. In Ireland and beyond, many have lost life-changing amounts by storing it on phones, computers, or cloud services.

Never save a seed phrase digitally. Instead, write it down by hand and store it in a fireproof safe or another secure place only you or trusted individuals can access. Metal backups are also reliable, offering durability against fire or water damage. Ideally, keep copies in two or more locations to reduce risk.

It’s smart to test recovery now and then. Setting up a secondary device and restoring from the phrase, without moving funds, ensures it works and that no words are missing or incorrect.

Avoiding Common Scams and Phishing Attempts

As Ireland’s crypto scene grows, so does the risk of scams, phishing being one of the most common. Fake websites, emails, or apps mimic trusted services to steal passwords or seed phrases.

Always check URLs carefully when accessing wallets or exchanges. Bookmark the official site and avoid clicking on urgent messages like “Your account will be locked.” Never open links or files from unknown emails or social media messages.

Social engineering is also a concern, with scammers posing as support staff or influencers. No legitimate service will ever ask for your private key or seed phrase. If they do, it’s likely a scam. 

Conclusion

Crypto security in Ireland starts with personal responsibility. Whether managing €100 or €100,000, the same principles apply. Using secure devices, strong passwords, private wallets, and reliable backups helps protect against common threats. Staying alert to phishing and using only registered platforms ensures safer transactions. With steady habits and awareness, crypto can remain a secure part of your financial toolkit.

 

7 Simple Ways To Stay Safe When Gaming Online

Gaming has evolved into more than just a way to pass the time. It is how people relax, connect, and even compete in competitive online tournaments. The thrill of online gaming can quickly fade when safety is not given the attention it deserves.

From identity theft to scams and shady downloads, the risks are real. One lesser-known issue that has become increasingly common involves players being caught out on platforms that promise rewards but require excessive personal information. 

1. Avoid Unofficial Game Downloads

Some of the best protection starts with knowing where and how to play responsibly. iGaming analyst Caroline points out that no verification casinos appeal to many users, not only for ease of access but also for their emphasis on privacy. By removing the need to upload personal documents, these platforms reduce the risk of sensitive data falling into the wrong hands. Built on decentralised systems and often operating with cryptocurrency, they offer a layer of anonymity that many players appreciate.

Beyond privacy, the benefits include quicker sign-ups, faster withdrawals, and generous bonuses such as welcome rewards, cashback, and free spins. These casinos remain licensed and regulated, giving players the freedom to enjoy thousands of games without compromising on trust or security.

By sticking to official sources and trusted platforms, players can enjoy the best that online gaming has to offer. This approach supports a safer, more reliable experience every time you pick up a controller, try a new platform, or join a server. Unofficial downloads, especially mods or game files from unverified sources, may seem tempting, but they often come with hidden malware or spyware that can disrupt both gameplay and privacy. Staying with legitimate distribution platforms remains the smartest move.

2. Use Strong and Unique Passwords

Using the same password on several gaming platforms can compromise the security of several accounts. Attackers can attempt to reuse the same information if one account is compromised. Strong, one-of-a-kind passwords are important.

A simple password manager can assist users when creating and safely storing complex password combinations, eliminating the need to remember them all. Users can keep their accounts secure while monitoring for any suspicious logins or devices and changing your credentials as soon as something seems suspicious.

3. Safeguard Your Data

Joining new platforms, creating profiles, and interacting with other players during live sessions are all common aspects of gaming. Although they may appear innocuous, information such as your pet’s name, birthday, or even the school you attended might be used to guess passwords or solve security questions.

The risk increases when users use identical login details across multiple accounts. Take into account all of the information you are sharing when creating a profile. Choose a moniker that doesn’t include your name, and avoid sharing intimate photos online. Consider the consequences of making that information public and ask why a platform is asking for more information than appears necessary. 

4. Beware of Phishing Scams

Scams targeting gamers have become more sophisticated. These scams may seem as emails saying you have won something or messages posing as support representatives requesting that you confirm your account. These phishing attempts often look very real.

Always check the email address or message source. The majority of official communications originate from domain-verified sources. Never use a URL you do not completely trust to enter your password or personal information.

5. Secure Your Devices

To play games safely, you must keep your device protected. Use reliable antivirus software and ensure it is up to date to safeguard against threats that frequently infiltrate through antiquated systems. Safety problems can be fixed before becoming vulnerable by activating automatic updates for your computer’s operating system and antivirus program.

It is also worthwhile to utilise the integrated privacy features. Firewalls and parental controls help limit unwanted contact and restrict risky content, especially on shared systems. Pay attention to third-party programs, such as Discord, and frequently check permissions. Additional safeguards can stop future issues before they arise.

6. Only Use Reputable Servers and Communities

Multiplayer games rely on fan-run communities or user-hosted servers; some are designed, but others lack the framework to fully protect players. Reputable servers typically have moderators who are actively involved, enforce rules, and communicate their code of conduct. In addition to having reporting options for users to flag issues, these places are made to limit toxic behaviour, cheating, and fraud.

If a server seems random, uses foul language, or allows users to act anyway they want without repercussions, it’s advisable to leave right away. Platforms that promote player safety should always be the first option. 

7. Stay Up to Date

Patching and updates might seem annoying, especially when they interrupt a session, but they serve an important purpose. Developers release them to fix bugs, improve performance, and close security gaps. Ignoring updates can leave your system exposed to known threats. Check for updates regularly and install them when available, including for your games, operating system, antivirus, and any chat or launcher tools. Gaming safety doesn’t have to be difficult, and with a few simple habits, you can protect your information, devices, and overall experience.

 

ESET bulks up its ESET HOME consumer protections against identity theft, ransomware, phishing, and more

Last October, cybersecurity company ESET  announced some updates to ESET HOME Security  and I was wondering if you’d like to take a look at the latest version of ESET’s consumer offering to do a new review which covers the new features?

To rceap, ESET HOME Security is an all-in-one security management platform, available across all major operating systems and covering all typical smart home devices.  To complement the long list of existing layers of protection, including Antivirus & Antispyware, Firewall, Ransomware Shield, Anti-Phishing, Safe Banking, Safe Browsing, Password Manager, VPN and anti-theft, to name just a few, new features and upgrades have been added including:

  • New Dark Web Monitoring — ESET Identity Protection scours websites on the dark web, black market chat rooms, blogs, and other data sources to detect the illegal trading and selling of users’ personal information. ESET technology sends prompt alerts so users can take immediate action.
  • New ESET Folder Guard — This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers. Users can create a list of protected folders — files in these folders can’t be modified or deleted by untrusted applications.
  • New Multithread Scanning — Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has processor cores.
  • New Link Scanner — This feature improves  ESET Mobile Security Anti-Phishing that, in general, blocks potential phishing attacks coming from websites or domains listed in the ESET malware database. The Link Scanner is an additional layer of protection for Android smartphone users that allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps.
  • Improved Gamer Mode — This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to create a list of apps automatically starting gamer mode. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.
  • Improved Password Manager — ESET Password Manager now includes an option to remotely log out of Password Manager when it is logged in on other devices. Users can check their password against the password breach list and view a security report that informs users if they use any weak or duplicate passwords for their stored accounts. Password Manager has an integrated option to use third-party programs as an optional two-factor authentication (2FA).
  • Improved Cyber Security for Mac users — ESET HOME Security tiers for Mac users now have a new unified Firewall with both basic and advanced setup options in the main Graphical User Interface (GUI). This means the solution is tailored to the needs of users from basic to more advanced, without unnecessary settings.

These enhancements correspond to the increasing number of advanced, automated, and AI driven threats targeting individuals and address growing concerns about data privacy, ransomware attacks, phishing, and scams. ESET offers three subscription tiers to ESET Home Security, more information on what’s included can be found here.

 

Fraudsters try to make every day April Fool’s Day

This April 1st, Bank of Ireland is warning customers that fraudsters don’t just try to fool you for one day, they are always active and financial fraud can lead to devastating loss of income and savings. The Bank is reminding customers about the top ten fraud types currently reported to its 24/7 fraud team.

According to Bank of Ireland’s fraud reporting data, the most concerning fraud type being used to target customers is investment scams, with smishing texts and vishing calls following closely behind. Further down the list, yet becoming more prevalent, are malware attacks where fraudsters gain access to customers’ devices and access private information, including their banking app.

The 10 most commonly reported frauds are:

  1. Investment scams – promising higher returns on investments that don’t exist.
  2. Smishing texts – scam texts claiming to be from delivery companies and other providers urging you to pay outstanding charges or update account details.
  3. Vishing calls – fraudsters pretend to be from your bank, saying your account has been compromised and they need to move your money to a ‘safe account’.
  4. Purchase scams – fake adverts on genuine websites and social media platforms that promise a slashed price or bargain.
  5. Romance scams – fraudsters build relationships online to manipulate victims into sending them money.
  6. Family impersonation – fake messages pretending to be from a family member who has lost their phone and needs access to money.
  7. Rental and holiday scams – fraudsters trick people into paying rent for property that doesn’t exist or is not actually available to rent.
  8. Money mules – criminals try to recruit people into receiving stolen money into their account, then transfer it to another account and keep some of the cash for themselves as ‘payment’.
  9. Malware – harmful apps that ask for full control of your device allowing fraudsters to control your phone and access private information like your banking app.
  10. Phishing emails – fraudsters send emails that look like they’re from legitimate companies, asking for personal information or login credentials.

Nicola Sadlier, Head of Fraud, Bank of Ireland said“Fraudsters don’t just try to fool you for one day, they never take a break and are always on. Our latest fraud reporting data shows that investment fraud is still the most concerning scam targeting our customers. The level of highly personalised targeting, with fraudsters promising higher returns on bogus schemes, continues to grow. Smishing texts and vishing attempts continue on a persistent basis. Fraudulent advertisements online and on social media have been the subject of regular warnings for some time and the trend is not going away. And some new types of fraud including accessing devices using malware are happening more often.

“All fraud types are serious criminal activity and there is no room for complacency. Being alert to the ‘red flags’ – including ‘too good to be true’ returns and pressure to act quickly – is vital.

“Bank of Ireland offers a 24/7 fraud telephone support for customers on 1800 946 764available every day of the year. We encourage our customers to put this number in their phone, so they have easy access to it if they ever need it.”

For detailed advice and information on how to stay safe from all types of financial fraud, visit the Security Zone on Bank of Ireland’s website.

Red flags of Investment Fraud:

  • Follow-up calls: You receive a call having clicked an investment product advert on social media or in a sponsored search result.
  • Higher/fast returns: They promise a quick and profitable return, with little or no risk.
  • Pressure: They advise you must act quickly to take advantage of an “opportunity of a lifetime”.
  • Celebrity Endorsements: Be wary where the investment is being endorsed by celebrities – they may not know their name is attached to the advertisement.
  • Secrecy: They say you’re not to discuss the “investment” with family, friends or your bank and they may instruct you to sign a “non-disclosure agreement” (NDA).

Remember, Bank of Ireland will never:

  • Send you a text or email with a link directly to the login page of our online banking channels asking you to confirm or update your banking details
  • Ask you to click a link in a message with an urgent warning about suspicious activity on your account
  • Ask you to transfer money out of your account to protect you from fraud
  • Ask you to send us back your bank card.

 

Don’t ever share:

  • Your full six-digit 365 PIN or Business On Line credentials
  • Any one-time activation codes or codes from your Business On Line Approve app
  • Your four-digit card PIN.

Anyone who suspects they have been a victim of fraud should contact their bank immediately so that the bank can try to stop the fraud and try to recover funds. Bank of Ireland customers can call the Fraud Team 24/7 on the Freephone line 1800 946 764.

ESET bulks up its ESET HOME consumer protections against identity theft, ransomware, phishing, and more

ESET, a global leader in cybersecurity solutions, has announced the launch of its upgraded consumer offering ESET HOME Security, introducing new features such as ESET Folder Guard and Multithread Scanning, together with an overall improvement of its capabilities. Identity Protection featuring Dark Web Monitoring is now globally available.

These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and AI-driven threats targeting individuals and address growing concerns about data privacy, ransomware attacks, phishing, and scams.

Despite being packed with the latest technology, ESET HOME Security remains easy to use thanks to ESET HOME, a comprehensive security management platform available across all major operating systems — Windows, macOS, Android, iOS — and covering all typical smart home devices. Now ESET HOME Security offers even more formidable protection for entire households.

“As a progressive digital life protection vendor, ESET is dedicated to always being one step ahead of adversaries. Our team of experts created a powerful digital life protection solution that blends more than 30 years of human expertise with artificial intelligence, multilayered security technology, and live cloud protection. Following a prevention-first approach that stops threats before they can do any harm, ESET HOME Security brings peace of mind regarding privacy and security, while staying user-friendly, powerful, light, and fast,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET.

To complement the long list of already existing layers of protection, including Antivirus & Antispyware, Firewall, Ransomware Shield, Anti-Phishing, Safe Banking, Safe Browsing, Password Manager, VPN, and Anti-Theft — to name just a few — new features and upgrades have been added:

New Dark Web Monitoring — ESET Identity Protection* scours websites on the dark web, black market chat rooms, blogs, and other data sources to detect the illegal trading and selling of users’ personal information. ESET technology sends prompt alerts so users can take immediate action.

New ESET Folder Guard — This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders — files in these folders can’t be modified or deleted by untrusted applications.

New Multithread Scanning — Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has processor cores.

New Link Scanner — This feature improves ESET Mobile Security Anti-Phishing that, in general, blocks potential phishing attacks coming from websites or domains listed in the ESET malware database. The Link Scanner is an additional layer of protection for Android smartphone users that allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps. For instance, if a user receives a phishing link in a game app and opens it, the link is first redirected to the ESET Mobile Security app, where it is checked, before being redirected to the browser. If the user is using an unsupported browser, the Link Scanner will block the malicious link in this case.

Improved Gamer Mode — This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to create a list of apps automatically starting gamer mode. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.

Improved Password Manager — ESET Password Manager now includes an option to remotely log out of Password Manager when it is logged in on other devices. Users can check their password against the password breach list and view a security report that informs users if they use any weak or duplicate passwords for their stored accounts. Password Manager has an integrated option to use third-party programs as an optional two-factor authentication (2FA).

Improved Cyber Security for Mac users — ESET HOME Security tiers for Mac users now have a new unified Firewall with both basic and advanced setup options in the main Graphical User Interface (GUI). This means the solution is tailored to the needs of users from basic to more advanced, without unnecessary settings.

This robust all-in-one security product is an ideal solution for all who have concerns beyond general cybersecurity, and it includes privacy protection, identity protection, performance optimization, device protection, and smart home protection. Because in a world of advanced cyberthreats, quality matters.

More information about the consumer offering and subscription tiers can be found here.

AI to supercharge Deepfakes, Ransomware and Phishing Attacks.

Every 39 seconds a cyberattack is happening somewhere in the world. And, while cybercrime involving large organisations, like the HSE or Sony, makes headlines; in reality, small and medium businesses are three-times more likely to be victims of attack, due to weak defences.

Current cyber threats facing businesses in Ireland, and what can be done to manage them, is the subject of the annual Irish Reporting and Information Security Service cybercrime conference, in Dublin in November.

IRISSCON 2024 takes place on November 6th next, at The Aviva Stadium in Dublin, featuring expert speakers and delegates from all over the world, as well as the popular Cybersecurity Challenge, testing the skills of would-be hackers to break the system!

Jake Moore, global cybersecurity advisor for security software company, ESET, is a keynote speaker. With a 14-year background in the UK police force, in digital forensics and cybercrime, Moore now helps businesses bolster their cybersecurity, blending real-world crime insights and social engineering techniques, with advanced digital security strategy, to combat ever-evolving cyber threats.

Attackers have been known to spend over 200 days in an organisation’s network, unnoticed, before launching any sort of attack, he says.

“Once a hacker has breached an organisation’s network through unprotected endpoints, like a mobile phone, laptop or IoT device, it takes around one minute, 84 seconds on average, to move laterally and get deeper into the network.

“That is not a lot of time for any network security to react, and, once the harm is done, it takes 73 days, on average, to contain the breach. So, the objective is to prevent the network access in the first place.”

Ransomware and phishing attacks remain top threats, according to the ESET software developers. Cybercriminals use AI algorithms to analyse vast amounts of their target segments’ data. They look at social media profiles, online behaviour, recent purchases and other publicly available information to create very personalised phishing and social engineering attacks.
Your Voice is my Password

With Artificial Intelligence affecting every single industry, AI obviously benefits cybercriminals too, Jake Moore says.

“From text and image creation tools, to audio and video generation, the newest wave of cyberattacks is AI supercharged. New defences are needed to protect companies from this next generation of attacks.”

The ESET expert’s work with clients begins with some very telling practical examples of their vulnerabilities. Jake Moore has hacked businesses using AI voice cloning technology, stealing money, completely unnoticed, in minutes.

He has also, in the guise of work, hacked a police station. Having socially engineered his way into the police station, he was able to steal a laptop, break the encryption, hack into the entire network, and change the password of the Head of Professional Standards, without being caught.

Moore also engineered a targeted phishing attack, via LinkedIn, on the CEO of a company, illustrating how easy it is to manipulate people into handing over their account credentials, and data, using hacking tools widely available on the internet, (if you know where to look).

Simple social engineering techniques, like psychological manipulation, tricks users into making security mistakes, or giving away sensitive information, so the criminal can take over their email account, website, or even their life, the cybersecurity pro says.

Conference updates and bookings are available on the IRISSCON website: https://iriss.ie/irisscon/#about

Infographic + data – phishing is more prevalent via email than SMS/voice, plus latest on mobile connections

𝐌𝐄𝐅 𝐃𝐚𝐭𝐚 𝐈𝐧𝐬𝐢𝐠𝐡𝐭 – 𝐇𝐚𝐫𝐦 𝐨𝐧 𝐌𝐨𝐛𝐢𝐥𝐞

Most incidents of Phishing or Spoofing on smartphones still occur via Email, according to MEF’s (Mobile Ecosystem Forum) 9th Annual Trust Study, with 52% of users reporting personal experience of data harm via this channel. Surprisingly, 39% of those users still took no preventative measures to protect their online data.

SMS and Voice (phone calls) were the joint second most reported channels for Phishing and Spoofing attempts for 39% of users, followed by WhatsApp (30%). However, more users are taking protective action against breaches on these channels – perhaps highlighting the acceptance of Email as a ‘dirty’ channel.

Full details are available to download at https://mobileecosystemforum.com/mefs-9th-annual-trust-study/

 

𝐌𝐄𝐅 𝐃𝐚𝐭𝐚 𝐈𝐧𝐬𝐢𝐠𝐡𝐭 – 𝐌𝐨𝐛𝐢𝐥𝐞 𝐂𝐨𝐧𝐧𝐞𝐜𝐭𝐢𝐨𝐧𝐬

The total number of cellular connections worldwide with mobile data (excluding M2M) has risen 75% since the end of 2016 – from 3.89 billion to 6.82 billion. Mobile data connections comprise both Talk, Text & Data SIMs and Data-only SIMs.

Over the same time, the total number of cellular connections rose from 7.25 billion to 8.44 billion meaning that cellular connections with mobile data now comprise almost 81% of the total versus just 54% at the end of 2016.

Mobile connection data and user data for over 200 countries worldwide is available to view at MEF Data https://mobileecosystemforum.com/mef-data/