Paul Walsh

Password Hack Warning As New Threat Jumps From Your Laptop To Phone As if by magic, this password hack jumps from your laptop to your smartphone — but it's you who waves the wand.

This article @forbes.com has now been updated with an interesting counterpoint from @paulwalsh.bsky.social.

#Infosec

www.forbes.com/sites/daveyw...

Number spoofing: are scam filters doing enough to catch dodgy texts? - Which? While hundreds of millions of dodgy texts are blocked, scammers continue to find ways to get them through

Hey Matt, I have detailed reports you might be interested in, that explains *why* SMS surpassed email as the number 1 vector on mobile for phishing and why phishing is still the main entry point for almost all fraud and attacks. It’s not sophisticated. www.which.co.uk/news/article...

elmo from sesame street says " worth a shot " ALT: elmo from sesame street says " worth a shot "

I haven’t signed into this site for quite some time - is it worth it?

Phishing isn’t a human problem. It’s a failure of the systems meant to protect us. Would you trust the SMS link above? Look closely. The honest answer is, you can’t know without opening it.

Most phishing links aren’t flagged as dangerous because they’ve never been seen before.

We don’t need more, or better awareness. We need better systems to protect people.

Here’s how MetaCert stops phishing without the need to train people:

🔗 www.linkedin.com/pulse/phishi...

In addition to the good detail contained in this article, do NOT trust any person who calls you, even if it comes from a legitimate number because they’re easy to spoof.

Bank of Ireland warns customers of spike in new scam to steal personal information The bank have warned their customers that there's a new scam doing the rounds in which fraudsters will send texts urging people to call phone numbers, where they will attempt to steal financial inform...

MetaCert has built a new solution that helps banks protect their brand, reduce liability, and stop this type of fraud before it happens — using tech that wasn’t possible until now. Hoping to see it adopted in Ireland soon. @bankofireland @AIBIreland ☘🔐

www.rsvplive.ie/news/irish-n...

Confirmed — 19 Billion Compromised Passwords Published Online You must take action now, as security experts confirm 19 billion compromised passwords available to cybercriminals for use in account hacking attacks.

My open letter to the security industry — and MetaCert’s U.S. SMS security test report — is featured in this Forbes article.

Huge thanks to @happygeek for giving the underdog a voice. The best solution means nothing if no one hears about it.

www.forbes.com/sites/daveyw...

I just wrote this: "Zero Trust Is Broken at the URL — And That’s Where Most Attacks Begin (Phishing)"

www.linkedin.com/pulse/zero-t...

paul-walsh.medium.com/zero-trust-i...

Lots of people are talking about Zero Trust at #RSAC2025 but not one person has mentioned zero trust for URLs. 🙄

It’s just basic phishing. Time to ask the question: “Why hasn’t the security world tried a different approach in the past 20 years?” It’s time to move away from threat “intelligence” as it doesn’t work - period. Time to move to zero trust for URLs/web links.

🎓 Are you brave enough to give it a go? What’s the right answer?

Even the most skilled & experienced security pros fail my tests 99% of the time — so there’s no need to feel afraid or embarrassed. Feel free to share it too — the more awareness, the better

I don’t get much engagement on here so...

I just received this SMS scam. This one’s from a lazy attacker — strange ID, sloppy text. But don’t let it fool you into thinking they’re all this obvious. Many are highly convincing and look exactly like the real messages you’re expecting — from deliveries to security alerts.

The Lie We’ve Been Sold: Why Security Has Never Stopped Phishing — and Won’t Start with SMS Phishing Isn’t New — It Just Keeps Changing Channels In the 1990s, I worked at AOL during the early days of the internet, when phishing first emerged in chat rooms, email, and instant messages. I didn...

I just wrote this:
www.linkedin.com/pulse/lie-we...

How to Train ChatGPT to Think Like You — And Use It as a Strategic Collaborator For Anyone Using ChatGPT at Work: This Is How to Take It to the Next Level If you’re already using ChatGPT at work — for writing, planning, or creative thinking — but want more consistent, higher-qual...

💡 Just dropped: how I turned ChatGPT into my expert collaborator — not just a generic assistant.

Includes the exact prompt I use + how to apply it across product, sales, hiring, comms, and more.

www.linkedin.com/pulse/how-tr...

SMS phishing isn’t clever — just easy
Criminals test fake messages on their own SIMs
If the link gets through, they send it to you
If it doesn’t, they swap it until it does
This is why traditional security fails
Only trusted link authentication stops smishing before it starts.

AI isn’t just fun — it’s a serious business tool. I still had to finesse and shape things, but ChatGPT did most of the heavy lifting behind the scenes.

#SMSFraud #Phishing #Smishing

#hashtag | Paul Walsh Making myself available — selectively — for board seats and advisory roles for the first time in a while. I’m particularly interested in tech companies and digital agencies where I can add strategic v...

Already sparked a few great conversations from my LinkedIn post. It wasn’t a call for work — just holding myself accountable by not procrastinating. 🤓

www.linkedin.com/posts/paulwa...

OpenAI now holds detailed insight into people’s jobs and interests — all exchanged for a bit of entertainment. 🤓

If you know anyone at banks or payment providers in Ireland, I’d appreciate an intro. I’m in touch with the Banking Federation but keen to connect with more of the right people — hoping Ireland can lead the way in stopping SMS fraud.

All we need now is anti-phishing protection. 🤔

Thank you, ChatGPT. I made several edits, but the AI handled most of the heavy lifting.

MetaCert has developed a short code specifically for Ireland, where current privacy regulations prevent mobile operators from implementing network-based anti-phishing security.

LinkedIn engagement has fallen off a cliff since the start of 2025. I’m not sure what they changed, but it’s obvious something’s different. If I wasn’t writing for a handful of very specific people, I’d have stopped posting altogether. And it’s even worse on here. Not a single engagement.

I just wrote this: The security industry widely acknowledges smishing as one of today’s most serious cybersecurity threats. So why is it that no legacy vendor offers a network-based solution for mobile operators to protect...

LinkedIn: t.co/XpVg2498Cw

Medium: paul-walsh.medium.com/from-aol-ins...

I made this emoji using ChatGPT — with a transparent background!

It’s wild how fast this is evolving. Tools like this won’t replace great designers — but they will wipe out tedious work and make everyday tasks way faster and easier.

Troy Hunt Fell for a Phishing Attack — Here’s Why That Should Scare Everyone Troy Hunt — one of the world’s most respected security professionals and founder of Have I Been Pwned — just admitted to falling for a…

Troy Hunt has spent his career teaching people how phishing works and how to avoid it. He knows the tactics, he understands the risks — and he still got caught.

LinkedIn: www.linkedin.com/pulse/troy-h...

Medium: paul-walsh.medium.com/troy-hunt-fe...

Google is flagging MetaCert’s anti-phishing emails as ‘dangerous’ — the same emails that highlight Google’s failure to detect phishing apps on Google Play. Ironic, but not even slightly funny.

😤

@gmail

“A World Without ADHD and Dyslexia"

I just wrote this for Neurodiversity Celebration Week.

#NeurodiversityCelebrationWeek #NeurodiversityWeek #NCW #ThisIsND #ADHD #Dyslexia

cc @NCWeek

LinkedIn: www.linkedin.com/pulse/world-...

Medium: paul-walsh.medium.com/a-world-with...

300 Malicious 'Vapor' Apps Hosted on Google Play Had 60 Million Downloads 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play.

It’s 2025, and the security industry still hasn’t solved phishing. It’s time for a new approach - it’s time for Zero Trust for URLs.

Assume every site, login page, app, API, user account, and AI chatbot is dangerous unless explicitly verified as legitimate.

www.securityweek.com/300-maliciou...

35% of entrepreneurs have dyslexia, 40% of self-made millionaires have ADHD. 30% - 40% have both. Yet, most investors & corporate execs don’t fully understand how they think or communicate.

I’m writing a book to explain why neurodivergent founders thrive and where they struggle.

Google’s AI “Scam Detection” for Android: Why It Fails to Protect SMS, RCS, and iMessage Google’s recently announced AI-powered scam detection feature for Android has generated buzz, suggesting a big leap forward in safeguarding Android users and their mobile communications. However, bene...

This article explains why AI fails at detecting fake (dangerous) email links, SMS links, WhatsApp links, websites, login pages, apps, QR codes, AI chatbots, or any other web resource — and why relying on it for security is dangerous. #Smishing #Phishing

www.linkedin.com/pulse/google...

I asked ChatGPT to generate an image for my Dublin tech networking event, and of course, I got lots of white people holding pints of Guinness. At least it didn’t throw in a leprechaun pitching a blockchain idea. Progress. 😂