Tips to Combat Phishing via Social Media

phishing / a fish hook on computer keyboard with email sign / computer crime / data theft / cyber crime

Tips to Combat Phishing via Social Media

Tags :

Category : Cyberawareness

Phishing, the practice of trying to lure unsuspecting victims to click on links to install malware or divulging confidential information, is a tactic which unfortunately involves more than just malicious emails. Phishing attacks can also take place in other environments such as via texts, phone calls, or social media.

Facebook, in particular, seems especially prone to these types of nuisances, such as those involving fake websites set up by scammers in the hopes of tricking people into divulging their account information. Facebook does offer some tips to combat these efforts (such as being on the lookout for sloppy messages, messages which claim to have attached passwords, malicious links, or requests for confidential information). However, the threats also involve fake charity requests for victims of the latest natural disaster.

How can you avoid phishing? Below are tips from email security organization Proofpoint for both consumers and IT departments, which I combined with commentary based on my own experiences

Be wary of fake news
Social media con artists use divisive political content to enrage voters and spread misinformation. Avoid “fake news” or news of dubious accuracy and refrain from clicking on links sent to you or posted on social media. Think like a newsroom: You need to confirm accuracy. If you see a news story, verify it on an online news site. Never blindly repost information without checking for accuracy, no matter how much you might wish it to be true.

Be wary of bots

Keep an eye out for bot accounts and block them since they aren’t likely to promote honest or legitimate content. Be cautious of any Twitter and Facebook accounts where something doesn’t look quite right, or he/she seems especially aggressive. Telltale signs of a bot include accounts with random names/numbers, accounts which frequently repost items, accounts posting material which doesn’t seem relevant to the context of a discussion or thread, and accounts which contribute no actual content but just share/retweet other accounts.

Investigate details behind questionable ads

Use Facebook’s “Info and Ads” to determine the motivations behind ads. For instance, when you see a political ad on Facebook which seems suspect or sensational, click the ad and then click the page associated with it. Facebook’s goal is provide “increased accountability for bad actors, which will help to prevent abuse on Facebook” and to “bring additional transparency to Pages and the ads they’re running.”

If the ad comes from a less-than-reputable source, disregard future content from this page or entity as phishing attempts are more likely from these types of accounts.

Avoid clicking links
Do not click on Twitter Direct Message (DM) or Facebook Messenger links unless you are positive they are reputable. They might contain malware or direct you to credential phishing sites that will attempt to steal your passwords or financial information or install malware on your system or device.

Links can also be obfuscated by adding a bunch of unnecessary words or random characters to what seems like a legitimate site in the hopes that you’ll be fooled into opening them. For instance, a link to www.americanexpressfinancialserviceadvice.com or www.citibank2018BBB.com might seem OK at first glance but look closer. You can highlight the link and press Ctrl-C to copy it, then open a text editor like Notepad and press Ctrl-V to paste it in for closer inspection.

Use a quality filter
If it is not already on, activate your quality Twitter filter. This tool (which is enabled by default) helps you locate the quality tweets amongst the noise generated by bots and other low-value entities.

To check your setting, click your profile picture at the top right of the Twitter site and then choose “Settings.” At the “Settings” screen, select “Notifications” from the left column. Check the “Quality filter” box to enable the filter.

Note, Twitter states this “does not filter notifications from people you follow or accounts you’ve recently interacted with.”

Also, verify that Twitter accounts purportedly owned by famous people or governmental officials really are who they say they are by ensuring there is a blue circle with a check in it next to their name or Twitter handle.

Finally, unfollow pages of dubious accuracy or pages prone to promoting sensationalistic “click bait” ads or posts.

Want to read the full article? https://www.techrepublic.com/article/10-tips-to-combat-phishing-via-social-media-platforms/?ftag=TREa988f1c&bhid=22565946068539068551870113317293


Phishing

86% of security pros worry about a phishing future where criminals are using Artificial Intelligence







A new survey by Webroot shows that 86% of security professionals worry that AI and ML (machine learning) technology could be used against them. And they are right, because it will and probably is already happening right now with fake celebrity sex videos.

The survey shows the US is an early adopter of AI for cyber security, with 87 percent of US professionals reporting their organizations are currently using AI as part of their security strategy.

Three quarters of cyber security professionals in the US believe that, within the next three years, their company will not be able to safeguard digital assets without AI. Overall, 99 percent believe AI could improve their organization’s cyber security.

Respondents identified key uses for AI including time-critical threat detection tasks, such as identifying threats that would have otherwise been missed and reducing false positive rates.

“There is no doubt about AI being the future of security as the sheer volume of threats is becoming very difficult to track by humans alone,” says Hal Lonas, chief technology officer at Webroot. More detail at Webroot’s Quarterly Threat Trendsreport.

AI is a game changer for better or for worse

This is the first time in history that AI has come up to the level predicted in Sci-Fi for decades. And some of the smartest people in the world are working on ways to tap AI’s immense power to do just that.

And some bad guys are using it to create fake celebrity sex videos. Yes, you read that right.

This is going to be the next wave of phishing emails that use social engineering to manipulate your users into opening an infected attachment.

With help from a face swap algorithm of his own creation using widely-available parts like TensorFlow and Keras, Reddit user “Deepfakes” tapped easily accessible materials and open-source code that anyone with a working knowledge of machine learning could use to create serviceable fakes.

“Deepfakes” has produced videos or GIFs of Gal Gadot (now deleted ), Maisie Williams, Taylor Swift, Aubrey Plaza, Emma Watson, and Scarlett Johansson, each with varying levels of success. None are going to fool the discerning watcher, but all are close enough to hint at a terrifying future.

After training the algorithm — mostly with YouTube clips and results from Google Images — the AI goes to work arranging the pieces on the fly to create a convincing video with the preferred likeness. That could be a celebrity, a co-worker, or an ex.  AI researcher Alex Champandard told Motherboard that any decent consumer-grade graphics card could produce these effects in hours. (THIS LINK IS NFSW!) 

So, picture this. (Or rather, don’t picture this!)

Your user gets a spear-phishing email based on their social media “likes and shares”, inviting them to see a celebrity sex video with.. you guessed it, their favorite movie star! Take it one step further and your user will be able to order fake celeb sex videos with any two (or more) celebrities of their liking and get it delivered within 24 hours for 20 bucks.

And a good chunk of these video downloads will come with additional malware like Trojans and Keyloggers that give the bad guys full pwnage. Yikes.

All the more reason to educate your users within an inch of their lives with new-school security awareness training that sends them frequent simulated tests using phishing emails, the phone, and txt to their smartphone.

We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks.


Click hear fool

Request your Free Network Evaluation