2FAWhen you get a login code for an account you don’t have
What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.
accounts
28 articles
How the adversary-in-the-middle technique is used in spearphishing attacks
Cybercriminals are using AitM techniques to compromise accounts of company executives. How do they do this, and how to protect against it?
phishingPhishing using FB infrastructure stealing business-account passwords
Cybercriminals are using genuine Facebook infrastructure to send phishing emails threatening to block accounts.
passwordsWhat is a credential stuffing attack?
A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.
Google OAuth and phantom accounts
Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.
Securing cloud providers’ SSO
Single sign-on is supposed to enhance corporate security, but it’s essential that cloud vendors have the information security team’s back.
The principle of least privilege: what is it and why is it needed?
What’s the principle of least privilege, why’s it needed, and how does it help secure corporate information assets?
Kick off the year with a digital cleanup
Let’s start the New Year with a digital cleanup: canceling unnecessary subscriptions, clearing out unnecessary data, deleting unused accounts, changing weak passwords, and so on.
Hacked hotel accounts on Booking.com
Attackers are hijacking hotel accounts on Booking.com, and stealing their clients’ banking data through its internal messaging system.
extensionsDangerous browser extensions
How malicious extensions steal cryptocurrency, hijack accounts in games and social networks, manipulate search results, and display intrusive ads.
appleAre Macs safe? Threats to macOS users
Are Macs as safe as their owners think they are? A few recent stories about malware targeting macOS users.
Malware that steals Facebook accounts
How attackers use infected archives and malicious browser extensions to steal Facebook Business accounts.
A how-not-to guide to password policies
Examples of password policies that will have users tearing their hair out — and why you shouldn’t employ them.
Password storage as the cornerstone of security
How online services should store user passwords, and how to minimize the damage in the event of a leak or hack.
Airbnb security: tips for safe travel
Four threats you might face when using Airbnb, and tips for avoiding them.
Identity security: what is it, and why is it helpful?
Proper account security not only reduces the number of cyberattacks on companies — it brings financial benefits too. What needs to be done to reap them?
The Phantom Menace: how gamers of different ages are being attacked
Why scammers are more likely to target kids than hardcore gamers, how they do it, and what they want to steal
The true cost of gaming
Our research reveals gamers’ attitudes toward computer performance — and the ethics of winning and losing.
Scammers eye MetaMask: how can you stay safe?
What is a seed phrase, how scammers use it to steal cryptowallets, and how to protect your MetaMask account.
Phishing in Netflix and beyond
We analyze some typical examples of phishing bait for movie streamers.