Latest news with #JavvadMalik
Yahoo
22-05-2025
- Business
- Yahoo
5 subtle signs your laptop or phone has been hacked
Cyberattacks have been making headlines in recent weeks, with Marks & Spencer revealing a major hack will continue to impact its operations until July. Hackers targeted the IT help desk at the company over the Easter weekend, convincing workers to allow them to reset passwords to gain access to their networks, before unleashing malicious software (malware). The attack, which will cost the retailer an estimated £300m, left M&S with empty shelves as well as halting orders on its website, which has still not seen resolved. Customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken by hackers in the attack. The Co-op was another high-profile victim in recent weeks, but cyber attackers do not just limit themselves to major can - and do - gain access to home computers, often via phishing attacks from emails, or via malware downloaded from compromised websites or via dodgy software. Cyber attackers will mostly attempt to gain control of a computer or mobile device in order to steal, for example by accessing bank accounts or taking out loans in a person's name. But what are the common signs that your computer or smartphone has been compromised? Some are obvious: a ransomware attack (similar to the one on M&S) will announce itself with a window demanding a ransom, usually payable in cryptocurrency. But other signs are much more subtle, experts have told Yahoo News. If an attacker is in control of your accounts, they may delete some of your emails or have them forwarded to another address, says Javvad Malik, lead security awareness advocate at security firm KnowBe4. "One thing to look out for is the unexplained disappearance of emails, particularly those related to financial transactions," Malik says. "This could signify an attacker's attempt to conceal unauthorised activities by intercepting and deleting confirmation messages. Attackers will also commonly divert emails to an address they control, so that the user cannot see them, Malik says. Visit your email settings to check there are no 'rules' which automatically forward certain emails to another address, Malik advises. Other related signs are that your passwords change, you're locked out of accounts, or suddenly logged out of accounts. If your device starts displaying unusual pop-up windows, either containing advertising or other messages, it's a good sign you may be running unauthorised software or malware, Malik warns. Another warning sign is that your browser redirects you to pages you didn't ask it to. Both of these are classic signs of software that is either serving unwanted adverts or trying to defraud consumers. On smartphones, the signs are more subtle. "For mobile devices, unexpected increase in data usage could indicate some unwanted application activity taking place.," says Malik. On a computer, the first thing many malware infections do is to disable antivirus software, warns Brian Higgins, security specialist at Comparitech. 'It's not uncommon for malware to deactivate these measures as part of their exploit payload so it's a good indication that you need to take action," Higgins explains. Malware does this in order to prevent detection, and this can offer a warning sign that your computer has been compromised. Higgins advises: 'Carry out random but frequent checks on any products you are running to check their status. Malicious software often prevents your computer operating properly, and sometimes stops you shutting it down or restarting (this allows the malware to keep running). Frequent error messages can also be a sign that something is wrong, says Chris Hauk, consumer privacy advocate at Pixel Privacy. 'Keep an eye out for unusual activity on your computer or device. If your computer or mobile device begins crashing or you're seeing repeated error messages, your device could have malware on it," he warns. 'While malware-as-a-service has made it easy for even rookie hackers to infect your device, not all malware is well-written, which could result in crashes and error messages." On mobile devices, a sign that something is wrong can be that battery life suddenly changes for the worse, Hauk warns. "On mobile devices, keep an eye on your device's battery life. Poorly written malware can result in extreme battery drain on your device. Even well-written apps can put a strain on your device's battery," he says.
Forbes
15-05-2025
- Forbes
More Bad News For Windows Users As Critical HTTPBot Warning Issued
Beware this HTTPBot Windows attack. It was only on May 6 that I reported how a remote attacker targeting Windows Deployment Services with a dangerous memory exhaustion exploit, for which there remains no fix, could crash your enterprise network. Yes, we are talking about Distributed Denial of Service attacks, which, let's face it, really are nothing new. That doesn't make them any less critical a risk than other vulnerabilities and even zero-day exploits that can target your Windows systems, given the consequences of a successful threat campaign against your business. Which is why security researchers have just issued a critical new warning after detecting a significant increase in DDoS attacks deploying the HTTPBot Trojan, developed based on the Go language and targeting Windows users. Although first hitting the cybersecurity threat intelligence radar in August 2024, a significant spike in activity involving the HTTPBot trojan during April 2025 has spurred researchers at the NSFocus Fuying Lab to issue a high-risk warning regarding the aggressive expansion of this Windows DDoS threat. The NSFocus threat intelligence report, published May 12, confirmed that the attackers are currently 'continuously leveraging infected devices to launch external attacks.' These attacks primarily target the gaming, education, and technology industries. The big issue, and why HTTPBot is considered such a critical attack campaign, is the highly-targeted, multi-stage methodology used to perpetrate what the intelligence analysts described as 'continuous saturation attacks' against those organizations unlucky enough to find themselves in the crosshairs. HTTPBot attacks use a bunch of DDoS techniques, from highly simulated HTTP floods to dynamic feature obfuscation. With regard ton the latter, the NSFocus report advised that HTTPBot employs the following detection bypass mechanisms: HTTPBot doesn't look to target bandwidth consumption in the standard DDoS attack manner, but rather, the report warned, it takes a different approach by targeting 'precisely target high-value business interfaces' and saturating critical areas such as login and payment systems. This type of transactional DDoS attack is, obviously, of great concern. HHTPBot has 'scalpel-like precision,' the researchers said, and so poses 'a systemic threat to industries that rely on real-time interaction.' Indeed, the report goes so far as to suggest it represents a paradigm DDoS shift from indiscriminate traffic suppression to 'high-precision business strangulation.' 'By targeting application-layer vulnerabilities rather than bandwidth,' Javvad Malik, lead security awareness advocate at KnowBe4, warned, 'HTTPBot's operators have identified a more efficient path to service disruption in sectors dependent on real-time transactions.' Referring to the Windows DDoS threat as a shift from brute-force to resource-targeted attacks, Malik said it demands evolution in defense. 'Static rule-based protections are inadequate,' Malik concluded, 'the future of cybersecurity defences require real-time relevant and adaptive across all domains."
Scottish Sun
24-04-2025
- Scottish Sun
Urgent texts from your kids & fake two-factor codes – the shocking ways scammers are targeting your phone for cash
The full list reveals TWELVE signs to watch out for PANIC BUTTONS Urgent texts from your kids & fake two-factor codes – the shocking ways scammers are targeting your phone for cash TROUBLED daughters in a panic, "innocent" six-digit numbers, and even mysterious texts from yourself – these are the new signs you're about lose a lot of money, and quickly. Your bank account could be emptied in an instant, and there might be no way to get the cash back. 5 Dangerous scam attacks can come in any form – but The Sun can now reveal some of the most common threats in 2025 Credit: Getty 5 CyberSmart's Jamie Akhtar says crooks are using AI to scam you even more effectively Credit: CyberSmart It's not just fake prizes and dodgy bank alerts you have to worry about anymore. Scammers have levelled up, which means you must too. The Sun has spoken to top security experts who have revealed the seemingly innocent texts and emails that can lay waste to your bank balance. Crooks are flooding British phones with shockingly effective scam messages – and even a posh iPhone or Android with the best security settings won't keep you safe. Worse still, they warn that AI is making these sinister scams even more effective – using them to create convincing cons and carry them out faster and more widely than ever before. "Cybercriminals are definitely getting better at crafting them," warned security pro and CyberSmart CEO Jamie Akhtar. "Although, they've had some help," he added. "AI has made crafting a convincing scam much easier." A 2024 Ofcom report warned that dodgy text messages are the most common type of "suspicious content" that British phone owners typically receive. And Brits can lose anything from personal data to vast sums of money in the tens of even hundreds of thousands of pounds. SURPRISING TEXT THREATS One increasingly common type of scam in recent years is the "Hi mum, it's me" message. Deepfakes more 'sophisticated' and dangerous than ever as AI expert warns of six upgrades that let them trick your eyes This usually appears from a new number, and claims to be your son or daughter in trouble. They'll say they're texting from a new number, and need some money quickly – usually to get out of a sticky situation. It preys on your emotion, and uses urgency to make you act quickly without thinking it through. Action Fraud revealed this scam had been reported over 1,000 times in a matter of months – with a total cost to victims of £1.5 million. "Ask yourself: Is this expected? Does it evoke a strong emotion, like fear or excitement? Is there a sense of urgency being pushed?" said KnowBe4 security expert Javvad Malik. 5 Javvad Malik said 'emotional manipulation' is a key tactic crooks use to empty your bank Credit: KnowBe4 "Understanding the tactics behind the phrases – the emotional manipulation and urgency – is key to staying safe," Malik told The Sun. "It's easy to get caught up in the moment and make a quick, unsafe decision if you're not aware of these manipulation techniques." Another strikingly simple but effective scam involves a six-digit number appearing in your inbox. This will usually be accompanied by a text from someone saying they'd accidentally sent you their log-in code – and could you pass it back. It's a total lie. What they're doing is trying to log in somewhere as you – and asking for your own two-factor verification code. The one that is supposed to keep your account safe. Sometimes this scam will also appear on Facebook Marketplace, with buyers or sellings claiming they've sent you a code to pass back to them as a form of "verificiation". But it's all a big ruse to bag your log-in codes. This could allow them to break into your most private accounts, like your email, social media, or even online banking. 5 Scam messages can turn up via text – but also over email or social media. They might even appear to come from a friend Credit: Getty Or they could use the code to hijack your WhatsApp account, and then carry out scams on your friends and family while posing as you. Then there's a strange type of scam that sees texts arrive on your phone from your own number. This kind of "spoofing" is designed to lure you into a false sense of security. They'll usually try to get you to click a link, which can let them steal your log-ins or install dangerous malware on your device. Impersonation has also grown in popularity as AI makes it much easier to create a credible message Brian Higgins Or it might simply be a trick to get you to reply, allowing them to carry out a more complicated scam – or check that your number is active for future spam campaigns. FULL LIST OF SCAM PHRASES "There are many different variants on opening lines for scam texts or emails," Akhtar told us. "Most phishing scams use urgent language, set some sort of time limit for whatever it's asking you to do, and request personal or financial information. "That's not to say you'll never receive a legitimate email asking for those things, but it's unusual and unlikely to come out of the blue. BECOME A PRO SCAM SPOTTER Here's the official advice from Comparitech security specialist Brian Higgins... "A few opening methods to be aware of are offering prizes or discounts, these are most effective if they appear to come from a website or platform that you may already use," Higgins told The Sun. "It's always advisable to close the message and visit the site directly to check validity. "Urgency is a widely used method to launch a scam, telling you that your bank details have been compromised for example and demanding immediate action to avoid losing any money. "Impersonation has also grown in popularity as AI makes it much easier to create a credible message or request purporting to be from a personal contact asking for cash. "In all cases you should avoid any links or actionable inserts and attachments in any message; pdfs, unsubscribe links, websites etc. "You can forward suspicious emails to the National Cyber Security Centre at report@ and likewise any text messages for free by forwarding to 7726." Picture Credit: Getty Images "If you receive any email with one or more of these things, it should immediately put you on guard." Here's the official list of dangerous text scams from CyberSmart, obtained exclusively by The Sun: Low-Interest or No-Interest Credit Card Offers: Texts promising exclusive credit card deals with suspicious links Texts promising exclusive credit card deals with suspicious links Account Verification Requests: Messages asking to verify Apple ID or other tech accounts, often with phishing links Messages asking to verify Apple ID or other tech accounts, often with phishing links Free Bitcoin Offers: Scams offering free cryptocurrency or threatening blackmail demanding bitcoin payments Scams offering free cryptocurrency or threatening blackmail demanding bitcoin payments Family Emergency Scams: Texts claiming a family member is in urgent trouble and requesting money transfers immediately Texts claiming a family member is in urgent trouble and requesting money transfers immediately Account Reactivation Alerts: Messages warning that your account has been hacked or suspended, urging you to click links or call numbers provided Messages warning that your account has been hacked or suspended, urging you to click links or call numbers provided New Billing Statement or Payment Confirmation: Fake notifications about billing statements or payment receipts with malicious links Fake notifications about billing statements or payment receipts with malicious links Texts from Your Own Number (Spoofing): Scam texts appearing to come from your own phone number to trick you into clicking links or responding Scam texts appearing to come from your own phone number to trick you into clicking links or responding 2FA Code Requests: Messages asking for two-factor authentication codes to hijack your accounts; legitimate companies never ask for these codes Messages asking for two-factor authentication codes to hijack your accounts; legitimate companies never ask for these codes Bank Suspicious Activity Alerts: Texts warning about unusual activity on your bank account, prompting you to verify details via a link or phone number Texts warning about unusual activity on your bank account, prompting you to verify details via a link or phone number Prize or Vacation Redemption Fees: Messages claiming you won a prize but need to pay a fee to claim it Messages claiming you won a prize but need to pay a fee to claim it Sextortion Scams: Threatening to release compromising images unless payment is made, often targeting younger victims Threatening to release compromising images unless payment is made, often targeting younger victims Fake Customer Support on Social Media or Text: Scammers posing as support staff offering help but sending malicious links Akhtar warned that there are "thousands upon thousands" of variations on these scams. 5 A scam text might seem innocent at first – but the conversation can quickly turn dangerous Credit: Apple But that in 2025, the swindles included in this list are now "all extremely common". If you think you've been a victim of online fraud, you can contact Action Fraud on 0300 123 2040. If debit or credit cards, online banking, or cheques are involved then you should contact your bank first.
The Sun
24-04-2025
- The Sun
Urgent texts from your kids & fake two-factor codes – the shocking ways scammers are targeting your phone for cash
TROUBLED daughters in a panic, "innocent" six-digit numbers, and even mysterious texts from yourself – these are the new signs you're about lose a lot of money, and quickly. Your bank account could be emptied in an instant, and there might be no way to get the cash back. 5 It's not just fake prizes and dodgy bank alerts you have to worry about anymore. Scammers have levelled up, which means you must too. The Sun has spoken to top security experts who have revealed the seemingly innocent texts and emails that can lay waste to your bank balance. Crooks are flooding British phones with shockingly effective scam messages – and even a posh iPhone or Android with the best security settings won't keep you safe. Worse still, they warn that AI is making these sinister scams even more effective – using them to create convincing cons and carry them out faster and more widely than ever before. " Cybercriminals are definitely getting better at crafting them," warned security pro and CyberSmart CEO Jamie Akhtar. "Although, they've had some help," he added. "AI has made crafting a convincing scam much easier." A 2024 Ofcom report warned that dodgy text messages are the most common type of "suspicious content" that British phone owners typically receive. And Brits can lose anything from personal data to vast sums of money in the tens of even hundreds of thousands of pounds. SURPRISING TEXT THREATS One increasingly common type of scam in recent years is the "Hi mum, it's me" message. This usually appears from a new number, and claims to be your son or daughter in trouble. They'll say they're texting from a new number, and need some money quickly – usually to get out of a sticky situation. It preys on your emotion, and uses urgency to make you act quickly without thinking it through. Action Fraud revealed this scam had been reported over 1,000 times in a matter of months – with a total cost to victims of £1.5 million. "Ask yourself: Is this expected? Does it evoke a strong emotion, like fear or excitement? Is there a sense of urgency being pushed?" said KnowBe4 security expert Javvad Malik. "Understanding the tactics behind the phrases – the emotional manipulation and urgency – is key to staying safe," Malik told The Sun. "It's easy to get caught up in the moment and make a quick, unsafe decision if you're not aware of these manipulation techniques." Another strikingly simple but effective scam involves a six-digit number appearing in your inbox. This will usually be accompanied by a text from someone saying they'd accidentally sent you their log-in code – and could you pass it back. It's a total lie. What they're doing is trying to log in somewhere as you – and asking for your own two-factor verification code. The one that is supposed to keep your account safe. Sometimes this scam will also appear on Facebook Marketplace, with buyers or sellings claiming they've sent you a code to pass back to them as a form of "verificiation". But it's all a big ruse to bag your log-in codes. This could allow them to break into your most private accounts, like your email, social media, or even online banking. Or they could use the code to hijack your WhatsApp account, and then carry out scams on your friends and family while posing as you. Then there's a strange type of scam that sees texts arrive on your phone from your own number. This kind of "spoofing" is designed to lure you into a false sense of security. They'll usually try to get you to click a link, which can let them steal your log-ins or install dangerous malware on your device. Or it might simply be a trick to get you to reply, allowing them to carry out a more complicated scam – or check that your number is active for future spam campaigns. FULL LIST OF SCAM PHRASES "There are many different variants on opening lines for scam texts or emails," Akhtar told us. "Most phishing scams use urgent language, set some sort of time limit for whatever it's asking you to do, and request personal or financial information. "That's not to say you'll never receive a legitimate email asking for those things, but it's unusual and unlikely to come out of the blue. BECOME A PRO SCAM SPOTTER Here's the official advice from Comparitech security specialist Brian Higgins... "A few opening methods to be aware of are offering prizes or discounts, these are most effective if they appear to come from a website or platform that you may already use," Higgins told The Sun. "It's always advisable to close the message and visit the site directly to check validity. "Urgency is a widely used method to launch a scam, telling you that your bank details have been compromised for example and demanding immediate action to avoid losing any money. "Impersonation has also grown in popularity as AI makes it much easier to create a credible message or request purporting to be from a personal contact asking for cash. "In all cases you should avoid any links or actionable inserts and attachments in any message; pdfs, unsubscribe links, websites etc. "You can forward suspicious emails to the National Cyber Security Centre at report@ and likewise any text messages for free by forwarding to 7726." Picture Credit: Getty Images "If you receive any email with one or more of these things, it should immediately put you on guard." Here's the official list of dangerous text scams from CyberSmart, obtained exclusively by The Sun: Low-Interest or No-Interest Credit Card Offers: Texts promising exclusive credit card deals with suspicious links Account Verification Requests: Messages asking to verify Apple ID or other tech accounts, often with phishing links Free Bitcoin Offers: Scams offering free cryptocurrency or threatening blackmail demanding bitcoin payments Family Emergency Scams: Texts claiming a family member is in urgent trouble and requesting money transfers immediately Account Reactivation Alerts: Messages warning that your account has been hacked or suspended, urging you to click links or call numbers provided New Billing Statement or Payment Confirmation: Fake notifications about billing statements or payment receipts with malicious links Texts from Your Own Number (Spoofing): Scam texts appearing to come from your own phone number to trick you into clicking links or responding 2FA Code Requests: Messages asking for two-factor authentication codes to hijack your accounts; legitimate companies never ask for these codes Bank Suspicious Activity Alerts: Texts warning about unusual activity on your bank account, prompting you to verify details via a link or phone number Prize or Vacation Redemption Fees: Messages claiming you won a prize but need to pay a fee to claim it Sextortion Scams: Threatening to release compromising images unless payment is made, often targeting younger victims Fake Customer Support on Social Media or Text: Scammers posing as support staff offering help but sending malicious links Akhtar warned that there are "thousands upon thousands" of variations on these scams. 5 But that in 2025, the swindles included in this list are now "all extremely common". If you think you've been a victim of online fraud, you can contact Action Fraud on 0300 123 2040. If debit or credit cards, online banking, or cheques are involved then you should contact your bank first.
Zawya
17-03-2025
- Zawya
Broken Cyber Windows Theory (By Javvad Malik)
By Javvad Malik, Lead Security Awareness Advocate at KnowBe4 ( Have you ever walked down a street with broken windows, burnt out cars, graffiti and felt a bit uneasy? There's a reason for that, and it's not just about aesthetics. The Broken Windows Theory, introduced by social scientists James Q. Wilson and George L. Kelling in 1982, suggests that visible signs of crime and antisocial behavior encourage further crime and disorder. But what does this have to do with cybersecurity? More than you might think. The Cybersecurity Parallel: Neglected Digital Environments In many organizations, cybersecurity awareness feels like a losing battle. Employees ignore security policies, download unapproved software, and use weak passwords. It's as if our digital environments are full of "broken windows," signaling that it's a culture where no one really cares about security. Traditional approaches often focus on punitive measures or dry, technical training that fails to engage employees. It's like trying to reduce crime by simply increasing fines, without addressing the underlying issues that make an area feel unsafe or neglected. Applying the Broken Windows Theory to Cybersecurity Just as fixing broken windows and cleaning up graffiti can reduce crime by fostering a sense of order and care, we can apply similar principles to our digital environments: Create a Culture of Vigilance: Encourage employees to report potential security issues, no matter how small. This is like neighborhood watch programs for your network. Address Small Issues Quickly: Respond promptly to minor security infractions. This shows that security is taken seriously at all levels. Improve the "Look and Feel" of Security: Make security tools and processes user-friendly and aesthetically pleasing. A clean, well-designed security interface is like a well-maintained storefront. Celebrate Security Wins: Publicly recognise employees who spot phishing attempts or follow good security practices. This is akin to community awards for neighborhood improvement. Practical Steps for Implementation Conduct a Digital Environment Audit Walk through your organization's digital spaces as an average user would. Where are the "broken windows"? Look for outdated software, clunky security processes, or confusing policies. Implement a "See Something, Say Something" Program Create an easy way for employees to report potential security issues. Make it as simple as sending a quick message or clicking a button. Redesign Security Communications Transform your security awareness materials. Replace dense text with infographics, short videos, or even memes. Make security information as engaging as a well-designed public space. Create Security Champions Identify and empower individuals across departments to be security advocates. These champions can help maintain a secure "neighborhood" in their area of the organization. Regular "Digital Community" Events Host regular cybersecurity events that feel more like community gatherings than lectures. Think cybersecurity fairs, hacking demos, or even escape rooms with a security twist. The Path to a Strong Security Culture By applying the principles of the Broken Windows Theory to cybersecurity, we can create digital environments where security feels natural and everyone plays a part. It's not just about preventing breaches; it's about fostering a community where secure behavior is the norm. As we move forward, let's reimagine our approach to cybersecurity awareness. Instead of building walls and enforcing rules, let's create digital neighborhoods where everyone takes pride in keeping things secure. Every fixed "window" in your digital environment is a step towards a more secure future. So, let's roll up our sleeves and start cleaning up our digital streets. The neighborhood—and your data—will thank you. Distributed by APO Group on behalf of KnowBe4.
