Phishing : Analysing a Phishy

Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The phishing campaign is likely to …

Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?

Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using stolen information to steal money …

ChatGPT: Let’s try it out!

Estimated difficulty: 💜🤍🤍🤍🤍 You may have already heard of ChatGPT. It has been a headliner in the news recently, mainly with a concern that it will replace hundreds, thousands, or maybe even more jobs! This post does not intend to add to the fear mongering, but more explore what we can do with ChatGPT and …

Typo-What?! How Attackers Use Typo-squatting to Lure You to Dodgy Websites

Estimated difficulty: 💜🤍🤍🤍🤍 New year, new blog post… obviously! To kick things of in 2023, today we’ll be talking about a commonly used social engineering technique called typo-squatting and how you can identify malicious domains/websites to protect yourself, or how to protect your organisation or brand if you own a website domain. Typo-squatting is by …

I Spy With My Little Eye: A Guide to Social Media OpSec

Estimated difficulty: 💜🤍🤍🤍🤍 Happy Friday and happy (continued) cybersecurity awareness month! For those of you that don’t know, October is renowned for being cybersecurity awareness month – a month dedicated by security professionals to raise awareness in cybersecurity, specifically to the everyday user of technology that may not be security-savvy. Following on from Morgan’s last …

Locked Out: What is Ransomware?

Estimated difficulty: 💜🤍🤍🤍🤍 Ransomware can be a costly attack to organisations of all sizes. Recently Garmin fell victim to a ransomware attack, with reported ransoms of up to US$10 million in exchange to reinstate company files. According to a The State of Ransomware 2020 by Sophos, the global average cost to remediate a ransomware attack …

Misery Business: Sextortion Emails

Estimated difficulty: 💜🤍🤍🤍🤍
Content Warning: This post includes discussion of sensitive topics such as revenge porn and blackmail. This week I’m primarily going to cover sextortion phishing campaigns, and a little about how to deal with these sorts of emails. I’ll also include some resources at the end of the post discussing general (non-phishing) sextortion, and organisations who can help if somebody tries to blackmail you with, or releases your personal content without your consent.

B3st Pass**rd Pr@ct!ces

Estimated difficulty: 💜🤍🤍🤍🤍 Passwords have been a form of securing your accounts for years. They are your key to unlock the door to your account for want of a better metaphor. You are the only person that should know your password, as the creator and keeper of this information. My post will try to help …

Thnks fr th Bnk Dtls: A Quick Guide to Fraud

Estimated difficulty: 💜🤍🤍🤍🤍 Hello, and welcome to another week of Security Queens! 🎉 This week I’ll try to give you a quick overview (not exhaustive) of a few common types of fraud, a bit of information about money laundering, and a little perspective about how it all ties into the bigger picture. Fraud is criminal …