and thank YOU for everything you do. Always learning so much and realising just how much I still have to learn when I watch your channe! Thank you for the education! 🔥🔥🔥
I do not use my PC for email or internet browsing, I use iPhone & iPad. Any access to any banking or payment I use the App provided by the financial entity. I always use strong passwords. This is not 100% failsafe but is pretty close.
I don't use E banking, never will as long as I can, 'anything' on computers is there for the taking ! Also all E mail is taken as suspicious, they can ring me if they know me ! Gaz UK.
@Gazr965 You aren't going to live a computer-free life. You're not. The most logical thing for everyone to do is educate yourself. The best way to protect yourself is to have the same knowledge the hackers do.
I do THIS: If emails are not clearly identifiable as junk, phishing or fraudulent, I simply send a direct reply with a "?" or "!" or "Thanks". In 95% of dubious messages, they are undeliverable.
Before you delete any suspicious email. It would be adviced to report it and block and then delete it. That way your email provider can see what malware or what ever the suspicious file thats attached will be on there database if threats. However this video gets top marks for security information that you and everyone should know. Thank you Liron.
@@LironSegevBelieve me Liron Ive been trying to get my sister to log out of everything and not open attachments. In fairness she has calmed down a lot. Only because I got fed up fixing her computer 🙄 But Im going to show this vid to her. Hopefully it will knock a bit of sense. Thanks for the vid. 👍
I remember late 90's you could download a programme, it still exists, it was meant to test the security of your own website, but you could use that programme also to hack other websites and get in as admin, change the website, etc. you could even find visa card accounts that way. time doesn't stand still neither the possible free programs/apps to hack.
Wouldn't it be beneficial to NOT "Remember Me" on your accounts and erase your History every day? I don't save ANYTHING on my PC. I don't allow my Browser to save any User IDs or Passwords EVER.
This is why you never click, "yes" when your browser asks you if you want to store the password to a critical site. Just gear up and remember your password, or use a password program.
Thank you for this info I never open an email attachment or pdf if I don't know the email sender, QUESTION PLEASE HOW TO KNOW DETAILS OF RANDOM NUMBER CALLEED YOU ? CHERRS
Thanks for great video. I have a question. Will the malware or virus affect my windows system if I open the attachment in a sandboxed environment using something like sandboxie?
Since session-key vulnerability is well known, cannot the site that requires it implement additional checks for unique identifiers such as the MAC address that was first used when the session-key was delivered by the site? This renders stealing session-keys worthless as w/o it being used on a computer with the same MAC address - which is impossible to do - unless the MAC address can be spoofed etc etc. I don’t say it has to be the MAC address but would not something along those lines work?
I never open email's from anyone I don't know. Some I get from companies I know but the address is wrong so I delete those. I've cancelled my Norton Anti-virus subscription. Doesn't seem to do anything these days. When I first installed it, it was picking up about 3 viruses a week. Thinking of going to Windows Defender. Do you any thoughts on this? Only concern I have is with my iPhone's. Yes I have 2. One without a Sim as it uses my Wifi, the other with a Sim only gets used as a phone and navigation but sometimes I do Google to find an address.
great channel. i wanted to ask how when you run a file with pdf ext you can run bad code. i mean the os will try to run a pdf viewer. can you please explain
not a great attitude as that makes the was "us" ie the tech savvy people vs the "them" the not so tech savvy. That is not right. It is "us" vs the "hackers". We need to educate not make people feel like they are dumb for not knowing. I don't know anything about my car, so I go to a mechanic. We all don't know everything about everything.
@@LironSegev Sorry dude, but the guy has a point. This is nothing new or sophisticated, it's kids stuff phishing that's been going on unchanged for over 30 years. It's not as if nobody has ever been warned about scam emails, calling it "hacking" merely shifts responsibility for security away from the user and it's a fashionable excuse. I do repairs etc for a small technoshop with a fairly large catchment area, I get around half a dozen of these cases every year and the first thing I'm told is "my email/bank/card/other online service account has been hacked". My immediate response is "no it hasn't, you've given that information away, now let's see what you did" and generally within 30 minutes we've identified the email they fell for, the red flags in the email, and exactly what the user did to give their information away. The killer question in a lot of these cases, particularly with the fake login/update emails is "Why did it not occur to you to ask yourself why (for example) Microsoft Customer Services has sent you an important update or a login verification request email from a Gmail address?" As a matter of routine these days I ask my clients if they store their logins on their computer and advise them not to for the very reasons given in the video, very few of them stop doing that even when I tell them I can give them their complete list of logins in 60 seconds and if I can do it anyone can. Every now and again (with the permission of the victim and with their details removed) we highlight one of these emails on the shop's Facebook page along with every detail that shows them to be fake. That appears to have little effect. Finally, for the last 3 years we've run a free Fake Email Checking Service (also featured on the shop's Facebook page), just forward the email to us and we'll check it out. Nobody has used it. I fully agree with you that the war is against the bad guys and that we need to educate people about them but we also need to recognise that we live in a world where people have to be told that their coffee may be hot and that their nut-based comestibles may contain nuts, and that there are times when the only effective form of education is to call out dumb for what it is and let dumb go do what it wants and suffer the consequences.
While I agree that DO NOT DRINK labels on pain tins kinda tell a story about the people, I am still a big fan of not making it about smarter tech people vs not-so-smart tech people. It doesn't matter how long we have been educating, I still can not tell a 68-year-old man who just lost his life's saving "Tough shit - now you learned the hard way not to click on links." An entire generation didn't grow up with tech and is being taken advantage of. And to make them feel stupid for it is just wrong. It's not how they are wired to think because it's not in their psyche. There is also an entire set of people where tech is just not their world. They had no idea about Apple Vision Pro, couldn't give a shit about AI, and have had the same phone for 5 years since it still works. So when they fall for a scam, are you really going to blame them and not the scammer? A waiter/ waitress working three jobs trying to survive is the problem because she thought her bank needed her to verify her PIN - so she is the problem because she isn't up to date with all the tech in between her jobs and she is dumb and should suffer the consequences? Sorry, but I can not get on board with that. That is why I keep making these videos - in the hope that someone will have a conversation somewhere and they would warn others about whatever scam is going on. We have to keep fighting the threat actors and not the "dumb people who fell for it"
@@LironSegev Thank you for taking the time to reply. To be clear, I'm with you on the tech elitism thing, I've been against it since I started working with and on computers. I tell my clients that what I do isn't sorcery, they can do anything I can, and have talked myself out of a good few dollars by teaching people how to forestall or fix problems. I also don't pile on to people who have lost out as the result of a scam, but for every example you can give of someone who has understandably been scammed I can give one of someone who has been scammed because they don't give a moment's thought to the security of their tech or their information or apply even basic principles of common sense. Probably the most important lesson I ask my clients to learn is that the security of their tech and information is entirely their responsibility, everyone knows scams exist and everyone has a responsibility to do their best to avoid being scammed. The internet is awash with good advice (including yours) on how not to get scammed, but time and time again we see the results of that information going unsought or unheeded. There will always be one born every minute, and no amount of education will fix that. Depressing, really. All that said, another good video, I hope it hit the target somewhere, and a belated congrats on a million subs.
true story - you can't fix everyone! Thanks for helping to spread the word and keeping people safe. We can do what we can but can't save everyone unfortunatly. Appreicate the "chat" 🔥
Fails to mention that Chrome "advanced protection" requires browsing data to be sent to Google. Your providing even more information to Google than they already collect from you. If your bank allows "remember cookies" don't use that feature. It's a PITA but always opt for a one time passcode to be texted or phoned to you. This will also alert you when someone may have your credentials and is trying to access your account.
Fails to understand the difference between Advance Proftection and Enhanced Safe Browsing....but ok - lets go with it. So you are on Google Chrome, trying to log into Google account and your concern is that Google will know? eh... ok.
Please share with us, EXACTLY how just opening nd previewing an email can execute the attachment. Because I do not believe that is a fact. It just can not be done. One has to click on the attachment at least.
Every time I have ever checked the "Remember Me" box, websites only pre-fill my Username on the next visit. I have NEVER had a case where it auto-filled my password. I use Chrome OS.
Depening on the site, but if you choose Rememeber Me it shouldnt even ask you for the username. It will just like you straight in. That is literally the reason for that checkbox.
You never mentioned that they arent really .mp4 / .png files. It only works against people who have hidden files extensions. The files really are .mp4.exe or .mp4.scr
Is there software that performs a check locally on your pc for email attachments before you open them? Like an antivirus? If it's sent as a gmail/Hotmail attachment (not just a link) does Google or Microsoft check it?
@@LironSegev well I'll try again. Since YT won't even allow links to YT. A channel named woodgears had a video from 9 days ago showing how he he got compromised via Dropbox.
ahhh that is different. In this case it was RAR file. Its the same as having a password protected ZIP file. Those systems will not scan those documents for privacy reasons and some technical reasons too. If you try to download a large file from Google Drive, it will literally tell you on the screen that is will not scan it. If you get a PDF or a Word document in a cloud storage system, it will scan those first and send you a link so you can view it in the browser. Then you can download it. Imagine if you had your confidential information in a zip file and google found a virus in it. People would be outraged at Google for "looking" inside their files.
I'd like to know exactly what "opening" an email is? I use Microsoft Outlook, clicking on an email shows it in the preview panel. Is that "opening" the email? Since Microsoft has shoved Outlook down our throats this is what it does. I used to be abe to just right click an email and mark as junk, now it opens it while trying to mark it as junk.
just having it in your Outlook doesn't mean it is opened. When I say preview is when you click on it so it loads up inside your email without having to double click on it.
When you talk about preview mode for emails, are u just referring to desktop clients, or web browsers and mobile apps? Also, if you previewed an email with one of these malicious attachments, wouldn't a virus/malware scanner detect it once the code is executed? Thanks!
Descktop clients. You can't preview an attachment in mobile app (at least not in any app I have seen). It is also typically aimed at Windows machines not mobile systems. When you click on a PDF or a Word document - not doulbe click - it opens the document inside your email so you can see it. Malware uses that to trigger. The Anti virus can get disabled and there are ways for it to add itself to the "do not scan" exception list so your anti virus wont stop it.
@LironSegev thank you! So if we're just using email via a web browser or mobile app, this really isn't a threat/issue, as long as we don't download attachments? Thanks so much for your response. Love your channel. Keep up the great work!
@@NorbertFarley on the desktop, you need to select the Preview option in the menu that appears over the attachment when you hover your cursor over the attachment. The other option is to Download. So just don't select the preview. @LironSegev, can malware files disguised at Jpegs be inserted inline into an email? That is the one way that pictures files display upon opening an email that I can think of. I would suspect not, but I don't know.
there are always hackers who develop systems to bypass security - so its def possible. But if the file is a PDF and not a zip file then this is less of an issue.
Liron, will this still happen if your User Account Control is set to maximum? Will you get that prompt that asks you to confirm if you want to run something?
BTW? NEVER do the SAVE user-name & password deal on Your financial accounts! never! Big companies can have DATA BREACHES and THERE goes ALL of Your MONEY!
yup - mostly. However, be aware that there are groups who are specifically attacking Linux so its not immune, much like Mac isn't when hackers realized there is value there.
@@LironSegev True, but I still have the habit from my Windows days of never opening an unexpected attachment, and don't do preview in Thunderbird, so it should be cool.
When you click on a PDF or a Word document - not doulbe click - it opens the document inside your email so you can see it. Malware uses that to trigger.
@@LironSegev the password manager makes it easier to re-enter usernames and passwords. What you are saying is that this needs to be combined with logging out of EVERY session. Please correct me if I'm wrong.
