Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Login. Show all posts
Technology
AI Internet Login Password Tech News Technology

Proton Launches New Authenticator App With Standalone Features



Proton has released Proton Authenticator, an independent, standalone 2-factor authentication (2FA) app for macOS, Windows, Android, Linux, and iOS. 2FA verification applications are offline tools that create time-based OTPs that expire within 20 seconds, and can also be used with passwords when signing into offline accounts, offering a second layer of verification.

A Swiss tech company, Proton, is famous for its privacy-focused end-to-end encryption services such as

Integration of an authenticator app adds to the company’s product portfolio and brings a privacy-specialized tool that challenges competitors that are mostly ad-supported, closed-source, and trap customers into proprietary ecosystems.

But Proton Authenticator doesn’t have ads, vendor lock-in, or trackers, and uses no Proton account. According to the company, “Proton Authenticator is built with the same values that power everything Proton does: privacy, transparency, and user-first security.” "The company is now bringing these standards to the 2FA space – offering a secure, easy-to-use, and encrypted alternative to apps like Google Authenticator that further lock users into Big Tech's surveillance ecosystems." 

The application is open-source, but it takes around two weeks for the Proton team to release the source code of the latest tools on GitHub. The app has end-to-end encryption, which supports safe cross-device sync and shift to other platforms via easy-to-use import and export features. A lot of apps, such as Microsoft and Authy, cannot export the time-based OTP seeds feature.

The Proton Authenticator also provides automatic encrypted backups and app lock with PIN or biometrics, giving an extra security layer.

“Proton Authenticator will make it easier for everyone to log in to their online accounts securely, a vital step in making the internet a safer place,” read the product statement.

Read more »
Phishing Scams
account protection Account security Amazon Customer Data Cyber Attacks Cyberscams Cybertheft data security Data Theft Login Login Security Passkey Passkey Security Phishing Scams

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts

 

Cybercriminals are actively targeting Amazon users with a sharp increase in phishing scams, and the company is sounding the alarm. Fraudsters are sending deceptive emails that appear to originate from Amazon, prompting users to log in via a counterfeit Amazon webpage. Once a person enters their credentials, attackers steal the information to take over the account. The urgency to secure your Amazon account has never been greater.  

These scam emails often warn customers about unexpected Amazon Prime renewal charges. What makes them particularly dangerous is the use of stolen personal data to make the emails appear genuine. Amazon’s warning reached over 200 million users, emphasizing the widespread nature of this threat. 

Adding to the concern, cybersecurity firm Guardio reported a dramatic spike in a related scam—this time delivered through SMS. This variant claims to offer fake refunds, again luring users to a fraudulent Amazon login page. According to Guardio, these text-based scams have jumped by 5000% in just two weeks, showing how aggressively attackers are adapting their tactics. 

Amazon says it is actively fighting back, having removed 55,000 phishing websites and 12,000 scam phone numbers involved in impersonation schemes over the past year. Despite these efforts, scammers persist. To combat this, Amazon issued six practical tips for customers to recognize and avoid impersonation fraud.  

The U.S. Federal Trade Commission (FTC) has also issued alerts, noting that scammers are pretending to be Amazon representatives. These fake messages typically claim there’s a problem with a recent purchase. But there’s no refund or issue—just a trap designed to steal money or private data. 

To stay protected, Amazon strongly recommends two major security measures. First, enable two-step verification (2SV) via the “Login & Security” settings in your account. Avoid using SMS-based verification, which is more vulnerable. Instead, use a trusted authenticator app such as Google Authenticator or Apple’s Passwords. If you’ve already set up SMS verification, disable it and reset your 2SV preferences to switch to an app-based method. 

Second, add a passkey to your account. This provides a stronger layer of defense by linking your login to your device’s biometric or PIN-based security, making phishing attacks far less effective. Unlike traditional methods, passkeys cannot be intercepted through fake login pages. 

Cyberattacks are growing more sophisticated and aggressive. By updating your account with these safety tools today, you significantly reduce the risk of being compromised.
Read more »
Login
CAPTCHA Cloudfare Cyber Security Internet Login

Cloudfare CAPTCHA Page Tricks Users Into Downloading Malware

Cloudfare CAPTCHA Page Tricks Users Into Downloading Malware

An advanced but simple phishing tactic is being distributed, it deploys fake Cloudflare CAPTCHA pages to target users with malware. 

A recent research by SlashNext says the technique, called  ClickFix tricks users into running commands that deploy malware. ClickFix shows a fake version of Cloudflare’s Turnstile CAPTCHA page. It replicates visual layout and technical elements like Ray ID identifier to look authentic. 

Prompt that users generally miss

The phishing site is hosted on a domain that looks like the real one, or an authentic website that has been attacked. When users visit the site, they are tricked into checking a box called “Verify you are human.” 

This step looks normal and doesn’t raise any suspicion but after this, the users are asked to run a series of commands such as “Win + R” then “Ctrl + V” and after that “Enter.” These steps look harmless but they use a PowerShell command. Once executed, it can extract malware such as Lumma, NetSupport Manager, and Stealc. 

According to security expert Daniel  Kelley, “ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check.” ClickFix is dangerous because it uses standard security measures as attack tools.  

Experts call this “verification fatigue,” where a user clicks through various prompts without proper investigation. "In the context of a familiar-looking Cloudflare page, a user often assumes these extra steps are normal, especially if they’re in a hurry to reach some content. The instructions to press Win+R and Ctrl+V may raise an eyebrow for tech-savvy people, but an average user – seeing official logos and not understanding the implications – can be socially engineered into treating it as an advanced CAPTCHA," Slash reported in the blog.

This tactic doesn't depend on exploiting software flaws, it exploits trust and user habits. 

The phishing page is sent as a single HTML file but includes embedded scripts and hidden code to perform clipboard injections.

It uses genuine Windows utilities and doesn't download executables so that it can escape traditional identification tools. General defenses such as endpoint protection or antivirus software usually aim to detect binaries or suspicious downloads. 

In this incident, users were baited into activating the threat themselves. This underscores the need for sophisticated malware protection with zero-hour defense that can detect clipboard injections and malicious CAPTCHA screens in real-time. 

Read more »
Subscribe to: Posts (Atom)