Hi everyone,

A new and sophisticated phishing attack has been discovered, targeting both iOS and Android users. This attack bypasses many of the traditional security measures on these devices, posing a significant threat to your bank credentials and other sensitive information. Here’s how it works and how you can protect yourself.

How the Attack Works:

  1. Phishing Pages in Legitimate Apps: Attackers are injecting phishing pages into otherwise legitimate-looking apps or websites. These pages mimic the login screens of popular banks and other financial institutions.
  2. Man-in-the-Middle Attacks: This technique allows attackers to intercept your data, such as usernames and passwords, by redirecting you to fake websites that look exactly like the real ones.
  3. Fake Apps & Updates: You might receive a notification prompting you to update an app, but instead of a legitimate update, you download a phishing page disguised as part of the app.
  4. Advanced Social Engineering: Attackers use various methods, such as fake alerts or warnings, to trick you into entering your credentials on these phishing pages.

How to Protect Yourself:

  1. Be Cautious with App Downloads: Only download apps from official app stores and verify the developer’s identity. Avoid apps that request unnecessary permissions.
  2. Use Two-Factor Authentication (2FA): Enable 2FA on your banking and other important accounts. This adds an extra layer of security, making it harder for attackers to access your information.
  3. Stay Updated: Always keep your device’s operating system and apps updated to ensure you have the latest security patches.
  4. Beware of Suspicious Links: Don’t click on links in unsolicited emails or messages, especially those asking you to enter login credentials.
  5. Regularly Monitor Accounts: Check your bank and financial accounts regularly for any unauthorized transactions.
  6. Continue Using Incognito: Use Incognito to scan your device daily for spyware and other threats. Stay updated with the latest security alerts to keep your data safe.

By staying informed and following these guidelines, you can protect yourself from these sophisticated phishing attacks. If you have any questions or need further assistance, feel free to reach out.

All the best,
Stephen McCormack