The Lazy Networker

Category: Networking

  • 🔐 SSH Configuration with RADIUS Authentication (Cisco)

    🧩 Topology

    • Cisco Router / Switch → RADIUS Server (Windows NPS / FreeRADIUS / ISE)
    • Management subnet: 192.168.10.0/24
    • RADIUS Server IP: 192.168.10.50
    • Shared secret: Radius@123

    1️⃣ Basic Device & SSH Setup (Mandatory)

    hostname R1
ip domain-name lab.local

crypto key generate rsa modulus 2048
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 3

    2️⃣ Create Local Fallback User (IMPORTANT)

    Used when RADIUS server is unreachable.

    username localadmin privilege 15 secret L0cal@123

    3️⃣ Enable AAA

    aaa new-model

    4️⃣ Configure RADIUS Server

    🔹 IOS / IOS-XE (Classic Method)

    radius server RAD1
 address ipv4 192.168.10.50 auth-port 1812 acct-port 1813
 key Radius@123

    (Older IOS alternative)

    radius-server host 192.168.10.50 key Radius@123

    5️⃣ Create AAA Method Lists (Best Practice)

    aaa authentication login SSH_AUTH group radius local
aaa authorization exec SSH_AUTH group radius local
aaa accounting exec default start-stop group radius

    Explanation:

    • Authenticate via RADIUS
    • Fallback to local
    • Authorize privilege level
    • Log sessions

    6️⃣ Apply AAA to VTY Lines (SSH Only)

    line vty 0 4
 transport input ssh
 login authentication SSH_AUTH
 authorization exec SSH_AUTH
 exec-timeout 10 0

    ✔ SSH only
    ✔ No Telnet
    ✔ Timeout protection

    7️⃣ Restrict SSH Access with ACL (Highly Recommended)

    ip access-list standard MGMT-ACL
 permit 192.168.10.0 0.0.0.255
 deny any log

line vty 0 4
 access-class MGMT-ACL in

    8️⃣ Privilege Level from RADIUS (Critical for Admin Access)

    On RADIUS Server

    Return attribute:

    Cisco-AVPair = shell:priv-lvl=15

    ✔ Gives full admin access
    ✔ Without this, user gets privilege 1

    9️⃣ Verification & Troubleshooting

    🔍 Check AAA & RADIUS

    show aaa servers
show radius statistics
show run | section aaa

    🔐 Check SSH

    show ip ssh
show users

    🧪 Debug (Use Carefully)

    debug aaa authentication
debug radius authentication

    Disable after testing:

    undebug all

    🔁 Authentication Flow (Important Concept)

    SSH Login
   ↓
AAA Method List
   ↓
RADIUS Server
   ↓
Privilege from RADIUS
   ↓
Fallback to Local (if RADIUS fails)

    ⚠️ Common Mistakes

    ❌ Forgot local fallback user
    ❌ RADIUS secret mismatch
    ❌ No privilege attribute → user stuck at level 1
    ❌ Telnet still enabled
    ❌ ACL blocking RADIUS traffic

    🧠 CCNA / CCNP / Interview Tips

    • Why AAA > local authentication
    • Difference between Authentication vs Authorization
    • Why fallback local user is mandatory
    • SSH + RADIUS vs TACACS+
    • What happens if RADIUS server is down?

    ✅ Minimal Working Config (Quick Paste)

    aaa new-model
username localadmin privilege 15 secret L0cal@123

radius server RAD1
 address ipv4 192.168.10.50 auth-port 1812 acct-port 1813
 key Radius@123

aaa authentication login SSH_AUTH group radius local
aaa authorization exec SSH_AUTH group radius local

ip domain-name lab.local
crypto key generate rsa modulus 2048
ip ssh version 2

line vty 0 4
 transport input ssh
 login authentication SSH_AUTH
 authorization exec SSH_AUTH

  • ✔ Cisco Switch Hardening Template (IOS / IOS-XE)

    Goal: Secure L2 attacks, management access, and user ports

    🔐 1. Identity & Management Security

    hostname SW1
service password-encryption
enable secret Sw@12345

username admin privilege 15 secret Adm1n@123

ip domain-name lab.local
crypto key generate rsa modulus 2048
ip ssh version 2

    🔑 2. Secure VTY Access

    line vty 0 4
 transport input ssh
 login local
 exec-timeout 10 0

    🎯 3. Management VLAN & ACL

    interface vlan 10
 ip address 192.168.10.2 255.255.255.0
 no shutdown

ip access-list standard MGMT-ACL
 permit 192.168.10.0 0.0.0.255
 deny any log

line vty 0 4
 access-class MGMT-ACL in

    🚫 4. Disable Unused Services

    no ip http server
no ip http secure-server
no service pad
no cdp run

    🔌 5. Shut Down Unused Ports

    interface range g1/0/10 - 48
 shutdown
 description UNUSED

    🔐 6. Port Security (Access Ports)

    interface g1/0/5
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation restrict
 switchport port-security mac-address sticky

    🛡 7. Layer-2 Attack Protection

    ip dhcp snooping
ip dhcp snooping vlan 10

ip arp inspection vlan 10

spanning-tree portfast default
spanning-tree bpduguard default

    🧾 8. Logging & NTP

    logging buffered 64000
logging host 192.168.10.50

ntp server 192.168.10.1

    📊 9. SNMPv3 Only

    snmp-server group SECURE v3 priv
snmp-server user snmpadmin SECURE v3 auth sha Auth@123 priv aes 256 Priv@123

    ✅ Final Deployment Checklist

    ✔ Port security
    ✔ DHCP Snooping + DAI
    ✔ BPDU Guard
    ✔ Unused ports shutdown
    ✔ Secure management VLAN

  • ✔ Cisco Router Hardening Template (IOS / IOS-XE)

    Goal: Secure management, control plane, routing, and services

    🔐 1. Identity, Passwords & AAA

    hostname R1
service password-encryption
security passwords min-length 10

enable secret Str0ngEnable@123

username admin privilege 15 secret Adm1n@123
aaa new-model
aaa authentication login default local
aaa authorization exec default local

    🔑 2. Secure Management Access (SSH only)

    ip domain-name lab.local
crypto key generate rsa modulus 2048
ip ssh version 2
ip ssh time-out 60
ip ssh authentication-retries 3

line con 0
 exec-timeout 10 0
 logging synchronous

line vty 0 4
 transport input ssh
 login local
 exec-timeout 10 0

    🎯 3. Restrict Management Access (VTY ACL)

    ip access-list standard MGMT-ACL
 permit 192.168.10.0 0.0.0.255
 deny any log

line vty 0 4
 access-class MGMT-ACL in

    🚫 4. Disable Insecure & Unused Services

    no ip http server
no ip http secure-server
no service pad
no ip source-route
no ip bootp server
no cdp run

    🧠 5. Control Plane Protection (CoPP – Basic)

    class-map match-any MGMT-TRAFFIC
 match protocol ssh
 match protocol snmp
 match protocol ntp

policy-map CONTROL-PLANE-POLICY
 class MGMT-TRAFFIC
  police 64000 conform-action transmit exceed-action drop

control-plane
 service-policy input CONTROL-PLANE-POLICY

    📡 6. Interface Hardening

    interface range g0/2 - 4
 shutdown
 description UNUSED

interface g0/0
 no ip redirects
 no ip proxy-arp

    🧾 7. Logging & Time Sync

    logging buffered 64000
logging host 192.168.10.50
logging trap warnings

ntp authenticate
ntp authentication-key 1 md5 NTPkey
ntp trusted-key 1
ntp server 192.168.10.1 key 1

    📊 8. SNMP (Secure Only)

    snmp-server group SECURE v3 priv
snmp-server user snmpadmin SECURE v3 auth sha Auth@123 priv aes 256 Priv@123

    💾 9. Configuration Protection

    archive
 path flash:config-backup
 write-memory

    🔥 10. (Optional) Disable Password Recovery

    no service password-recovery

    ⚠️ Enable only if physical access is controlled

    ✅ Final Deployment Checklist

    ✔ SSH v2 only
    ✔ CoPP enabled
    ✔ ACL-restricted VTY
    ✔ SNMPv3
    ✔ Logging + NTP

  • 🔐 Cisco Device Hardening & Security Best Practices

    (Routers, Switches, IOS / IOS-XE / NX-OS – CCNA / CCNP / Real-World)

    Device hardening reduces the attack surface and protects your Cisco infrastructure from unauthorized access, misconfiguration, and exploits.

    1️⃣ Secure Device Access (Management Plane)

    🔹 Use Strong Authentication (AAA)

    • Prefer AAA with TACACS+ / RADIUS
    • Fallback to local user if AAA fails
    aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local

    🔹 Use Local User Accounts (Minimum)

    username admin privilege 15 secret Str0ngP@ssw0rd

    ❌ Avoid:

    enable password cisco

    ✔ Use:

    enable secret En@bleS3cret

    🔹 Secure VTY Access (SSH Only)

    ip domain-name lab.local
crypto key generate rsa modulus 2048
ip ssh version 2

line vty 0 4
 transport input ssh
 login local
 exec-timeout 10 0

    ❌ Disable Telnet

    2️⃣ Management Access Control (ACLs)

    Allow only trusted IPs to access the device.

    ip access-list standard MGMT-ACL
 permit 192.168.10.0 0.0.0.255

line vty 0 4
 access-class MGMT-ACL in

    3️⃣ Disable Unused & Insecure Services

    no ip http server
no ip http secure-server
no service pad
no ip source-route
no ip bootp server

    ✔ Keep device minimal

    4️⃣ Password & Session Security

    service password-encryption
security passwords min-length 10

line con 0
 exec-timeout 10 0

line vty 0 4
 exec-timeout 10 0

    5️⃣ SNMP Hardening

    ❌ Avoid SNMP v1/v2c (community strings)

    ✔ Use SNMPv3

    snmp-server group SECURE v3 priv
snmp-server user snmpadmin SECURE v3 auth sha AuthP@ss priv aes 256 PrivP@ss

    6️⃣ Control Plane Protection (CoPP)

    Protect CPU from attacks like DoS, scanning, routing floods

    class-map match-any MGMT-TRAFFIC
 match protocol ssh
 match protocol snmp

policy-map CONTROL-PLANE-POLICY
 class MGMT-TRAFFIC
  police 64000

control-plane
 service-policy input CONTROL-PLANE-POLICY

    7️⃣ Interface Hardening

    🔹 Shut Unused Interfaces

    interface range g0/2 - 4
 shutdown

    🔹 Disable CDP on Untrusted Interfaces

    no cdp enable

    🔹 Enable Port Security (Switch)

    interface g1/0/5
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation restrict
 switchport port-security mac-address sticky

    8️⃣ Layer-2 Security (Switches)

    ip dhcp snooping
ip dhcp snooping vlan 10

ip arp inspection vlan 10
spanning-tree portfast default
spanning-tree bpduguard default

    9️⃣ Routing Protocol Security

    🔹 OSPF Authentication

    interface g0/1
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 OSPFkey

    🔹 BGP Security

    • Use TTL security
    • Use MD5 authentication
    • Prefix filtering

    🔟 Logging, Time & Monitoring

    🔹 Enable Logging

    logging buffered 64000
logging host 192.168.10.50

    🔹 Use NTP with Authentication

    ntp authenticate
ntp authentication-key 1 md5 NTPkey
ntp trusted-key 1
ntp server 192.168.10.1 key 1

    1️⃣1️⃣ IOS & Configuration Protection

    🔹 Secure Configuration Files

    service config
archive
 path flash:backup
 write-memory

    🔹 Disable Password Recovery (Physical Security)

    no service password-recovery

    ⚠️ Use carefully (lab vs production)

    1️⃣2️⃣ Firmware & Patch Management

    ✔ Keep IOS updated
    ✔ Remove unused images
    ✔ Verify image integrity (MD5/SHA)

    verify /md5 flash:image.bin

    1️⃣3️⃣ Best Practice Summary Checklist

    ✅ SSH v2 only
    ✅ AAA + TACACS+/RADIUS
    ✅ Strong passwords & secrets
    ✅ ACL-restricted management
    ✅ SNMPv3 only
    ✅ Disable unused services
    ✅ Interface & L2 security
    ✅ Logging + NTP
    ✅ Regular backups

    🧠 CCNA / CCNP / Interview Focus

    • Difference between Control Plane / Data Plane / Management Plane
    • Why CoPP is important
    • SSH vs Telnet risks
    • SNMPv3 vs v2c

  • 🌐 NAT Types & PAT Configuration in Cisco Routers

    NAT (Network Address Translation) allows private IP addresses to communicate with public networks like the Internet. PAT (Port Address Translation) is a form of NAT that uses port numbers to map multiple private IPs to a single public IP.

    🔁 Types of NAT in Cisco

    1️⃣ Static NAT (One-to-One)

    • One private IP ↔ One public IP
    • Used for servers (web, mail, VPN)
    https://media.geeksforgeeks.org/wp-content/uploads/20221015171237/1NATTopology.jpg
    https://www.manageengine.com/network-configuration-manager/images/static-NAT.jpg

    Configuration Example

    interface g0/0
 ip address 203.0.113.2 255.255.255.252
 ip nat outside

interface g0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

ip nat inside source static 192.168.1.10 203.0.113.10

    2️⃣ Dynamic NAT (Many-to-Many)

    • Private IPs mapped to a pool of public IPs
    • No port translation
    https://www.practicalnetworking.net/wp-content/uploads/2017/10/dynamic-nat-outbound.png
    https://media.geeksforgeeks.org/wp-content/uploads/20221015171237/1NATTopology.jpg

    Configuration Example

    access-list 1 permit 192.168.1.0 0.0.0.255

ip nat pool PUBLIC_POOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0

ip nat inside source list 1 pool PUBLIC_POOL

    3️⃣ PAT (NAT Overload) – Many-to-One

    • Multiple private IPs share one public IP
    • Uses TCP/UDP port numbers
    • Most common for Internet access
    https://www.networkacademy.io/sites/default/files/2024-10/nat-overload-pat.png
    https://cdn.networkacademy.io/sites/default/files/2024-10/nat-overload-pat-example.svg

    ⚙️ PAT Configuration (Most Common)

    🔹 Using Interface IP (Recommended)

    access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface g0/0 overload

    🔹 Using Public IP Pool

    ip nat pool PAT_POOL 203.0.113.50 203.0.113.50 netmask 255.255.255.0

ip nat inside source list 1 pool PAT_POOL overload

    🔄 Inside vs Outside Interfaces (Mandatory)

    interface g0/0
 ip nat outside

interface g0/1
 ip nat inside

    📌 NAT Terms (Quick Reference)

    TermMeaning
    Inside LocalPrivate IP (192.168.x.x)
    Inside GlobalPublic IP assigned by NAT
    Outside LocalPublic IP as seen inside
    Outside GlobalActual Internet IP

    🧪 Verification & Troubleshooting

    show ip nat translations
show ip nat statistics
clear ip nat translation *
debug ip nat

    🚦 Real-World Scenario (Home / Lab)

    • LAN: 192.168.1.0/24
    • ISP IP on g0/0
    • Goal: Internet access for all LAN users
    access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface g0/0 overload

    ✔ This single command enables Internet for the entire LAN.

    ⚠️ Common Mistakes

    ❌ Forgetting ip nat inside / outside
    ❌ ACL mismatch (wrong subnet)
    ❌ NAT applied on wrong interface
    ❌ Missing overload keyword for PAT

    🧠 CCNA / CCNP Exam Tips

    • Static NAT → servers
    • Dynamic NAT → limited public IPs
    • PAT (Overload) → Internet access
    • Order matters: Static NAT > Dynamic NAT > PAT

  • 🔐 What is an ACL?

    An ACL is an ordered list of rules (statements) that a router checks top to bottom to decide whether to permit or deny traffic.

    👉 Implicit deny exists at the end of every ACL (anything not matched is denied).

    🧩 Types of Cisco ACLs

    1️⃣ Standard ACL

    • Filters only by source IP address
    • Numbered: 1–99, 1300–1999
    • Usually placed near the destination

    Example

    access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 deny any

    Apply to interface

    interface g0/0
 ip access-group 10 in

    2️⃣ Extended ACL

    • Filters by:
      • Source IP
      • Destination IP
      • Protocol (TCP/UDP/ICMP)
      • Port numbers
    • Numbered: 100–199, 2000–2699
    • Placed near the source

    Example

    access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 101 deny ip any any

    Apply

    interface g0/1
 ip access-group 101 out

    3️⃣ Named ACL

    • More readable and editable
    • Can be standard or extended

    Extended Named ACL Example

    ip access-list extended WEB-FILTER
 permit tcp 192.168.10.0 0.0.0.255 any eq 443
 deny ip any any

    Apply

    interface g0/0
 ip access-group WEB-FILTER in

    🎯 Wildcard Mask Basics

    Wildcard mask is the inverse of subnet mask:

    Subnet MaskWildcard
    255.255.255.00.0.0.255
    255.255.255.2550.0.0.0

    Examples

    • host 192.168.1.10 → same as 192.168.1.10 0.0.0.0
    • any → same as 0.0.0.0 255.255.255.255

    🔁 Inbound vs Outbound

    • Inbound (in): Traffic checked before routing
    • Outbound (out): Traffic checked after routing
    ip access-group 101 in
ip access-group 101 out

    ⚠️ Important Rules to Remember

    ✔ ACLs are processed top-down
    ✔ First match wins
    ✔ One ACL per interface, per direction, per protocol
    ✔ Always add explicit permit if needed (else implicit deny blocks traffic)

    🛠 Useful Show Commands

    show access-lists
show ip access-lists
show run | section access-list
show ip interface g0/0

    🔍 Common Use Cases

    • Block specific IPs or subnets
    • Allow only HTTP/HTTPS traffic
    • Restrict management access (SSH/Telnet)
    • Basic firewalling on routers

  • Pass the Hash attack

    A pass-the-hash attack is a cybersecurity attack in which a malicious user steals hashed credentials from a compromised system and uses them to log in as the original user.

    Hashing is an essential concept in cybersecurity and computer science. It involves using a mathematical algorithm, a hash function, to convert input data into a hash value. This process is deterministic and one-way, meaning it cannot be reversed to reveal the original data. i.e, It is not possible to get a clear-text password from a password hash.

    On local systems, Windows stores passwords in a hashed, encrypted format in the Security Accounts Manager (SAM) database and caches them in LSASS(Local Security Authority Subsystem Service) memory during logon. If a malicious user obtains a password hash, they can execute a pass-the-hash attack.

    NTLM (NT LAN Manager) is a Windows authentication protocol that uses a challenge-response mechanism. Instead of sending a password over the network, the client proves it knows the password by encrypting a server-issued challenge with the password’s hash (as a DES key)

    The server verifies this response using its stored hash.

    In a Pass-the-hash attack, the attacker exploits a vulnerability in the NTLM protocol to gain unauthorised access. The attacker does not need to know the clear-text password, as NTLM will accept the hash as proof of identity. He will pass the hash he obtained and will be allowed access as a legitimate user.

    . Attackers can steal these hashes through various methods

    1. Memory dumping: They can extract hashes from the LSASS process’s memory using Mimikatz and Procdump.\
    2. Stealing SAM database: If an attacker has access to SAM, they could dump the hash from it.
    3. Malware – key loggers, rootkits can give them access to hashes.
    4. Active directory compromise.
    5. Packet sniffing.

    NTLM is mainly kept for backward compatibility in Windows. Current versions of Windows primarily use Kerberos for domain authentication, but NTLM is still used where a system is not part of a domain.

    Because of its vulnerability, Microsoft recommends disabling NTLM wherever possible.

    Implementing a zero-trust architecture is the most effective way to prevent pass-the-hash attacks. Stick to the following to secure your Pc/network.

    1. Strong authentication and identity verification – implement MFA.
    2. Least privilege and Just-in-Time Access control.
    3. Continuous monitoring and anomaly detection

  • Prevent Screen Capture

    Microsoft is actively rolling out a new security feature in Teams called “Prevent screen Capture”. This will block screenshots and recordings in sensitive meetings. Any screenshot attempts will show a black rectangle over the screen and will not record anything . On Android devices, it will pop up a message that says “Screen capture is disabled.” On unsupported platforms, users will be forced to use audio-only modes.

    This feature will be “off “ by default, and the user / organizer will have to manually enable it per meeting by selecting “meeting options.” However, to enforce “Prevent screen capture” effectively, the device should be enrolled in Intune, Microsoft’s cloud-based endpoint management solution.  This is a premium feature and requires a Teams Premium license.

    The Prevent Screen Capture feature in Teams protects sensitive or confidential information during virtual meetings. It benefits organizations in finance, healthcare, legal, and government by blocking screenshots and recordings. This feature helps protect intellectual property and client data, and supports regulatory compliance. It helps enforce strict security policies and Zero Trust frameworks by reducing insider threats and accidental leaks. For remote teams or those sharing proprietary information, this feature adds security and keeps critical information private.

  • How Your PC Communicates with Google: Step-by-Step Network Journey

    When your PC communicates with Google’s server (e.g., http://www.google.com), there’s a sequence of events happening from your local network to Google’s global infrastructure.

    🧩 Step-by-Step Communication Flow

    1️⃣ You type “http://www.google.com” in your browser

    Your browser doesn’t know where Google is yet—it only has a domain name.

    2️⃣ DNS Resolution (Finding the IP Address)

    • Your PC asks the DNS resolver (usually your ISP’s DNS or a public one like 8.8.8.8) to find the IP address of http://www.google.com.
    • The resolver checks:
      1. Local DNS cache (in your PC or router)
      2. If not found, it queries the root DNS servers
      3. Then .com TLD servers
      4. Finally Google’s authoritative DNS servers
    • You get back an IP address, e.g. 142.250.193.68

    🔸 Now your PC knows where to send packets — Google’s IP.

    3️⃣ ARP (Address Resolution Protocol)

    Before sending packets out, your PC needs to know the MAC address of the next hop (usually your router).

    • Your PC sends an ARP Request: “Who has the gateway IP (e.g., 192.168.1.1)?”
    • The router replies with its MAC address.
    • Now your PC can send the packet to the router.

    4️⃣ TCP Connection Establishment (3-Way Handshake)

    Your PC establishes a TCP connection with Google’s server (port 443 for HTTPS):

    1. SYN → Client → Server (request to start session)
    2. SYN-ACK ← Server → Client (acknowledge and agree)
    3. ACK → Client → Server (final confirmation)

    ✅ Connection established.

    5️⃣ TLS/SSL Handshake (Secure Encryption)

    Since Google uses HTTPS, a TLS handshake occurs:

    • Browser and server agree on encryption methods.
    • Server sends its SSL certificate (issued by a trusted Certificate Authority).
    • Browser verifies authenticity.
    • A secure session key is generated.

    🔒 Now communication is encrypted end-to-end.

    6️⃣ HTTP Request and Response

    • Browser sends:
      GET / HTTP/1.1
      Host: www.google.com
    • Google server processes it and responds with:
      HTTP/1.1 200 OK
      (plus HTML, CSS, JavaScript, etc.)

    The web page starts loading.

    7️⃣ Data Flow Path

    • Your data packet flows through multiple layers:
      1. PC → Router (LAN)
      2. Router → ISP (WAN)
      3. ISP → Internet Backbone
      4. Internet → Google Data Center

    Google uses CDNs (Content Delivery Networks) — your request is usually served from the nearest Google edge server, not necessarily the US.

    8️⃣ Response Rendered

    Your browser receives the HTML and starts rendering the Google homepage with logo, search box, etc.

    🌐 Simplified OSI Model Mapping

    OSI LayerExample in this process
    7 – ApplicationHTTP / HTTPS
    6 – PresentationSSL/TLS encryption
    5 – SessionTCP connection management
    4 – TransportTCP (Port 443)
    3 – NetworkIP addressing and routing
    2 – Data LinkEthernet / Wi-Fi (MAC addresses)
    1 – PhysicalCables, Wi-Fi signals, etc.

  • Cyber Attack Vectors: What You Need to Know –

    This morning, I received a text from AIB asking me to confirm a money transfer via a link. Panic set in—until I remembered that I don’t even have an AIB account. Another day, another phishing attempt.

    Cybercriminals are increasingly targeting Irish individuals and businesses with sophisticated scams. These include:

    Phishing & Smishing

    Fake emails and texts often mimic trusted organisations, such as banks or An Post. Clicking links can lead to malware or credential theft. Watch for:

    • Poor grammar or odd phrasing
    • Suspicious sender addresses (e.g., support@aibbank-secure.com)
    • Urgent language pressuring quick action

    Vishing

    Scammers call pretending to be from banks or Gardaí, demanding sensitive info. Always hang up and call back using verified numbers.

    Spear Phishing

    Highly targeted attacks utilise personal details to craft convincing messages—such as fake invoices or job applications. Always verify unexpected requests through trusted channels.

    Social Media Scams

    Fake profiles and messages claim you’ve won a prize or violated copyright. These link to counterfeit login pages. If a friend sends an unusual request, confirm it directly with them.

    Credential Harvesting

    Scammers impersonate sites like Revenue.ie, luring victims with fake tax refund messages. These sites steal sensitive data, such as PPS numbers and bank details.

    Stay Safe with Zero Trust

    Adopt a “never trust, always verify” mindset. Don’t click links or share info without confirming through official channels. Cybercrime is rising—64% of Irish adults have faced phishing attacks, nearly double the global average.

    Pause. Verify. Protect. Share this knowledge with friends, family, and colleagues. Awareness is your best defence.