How Social Media Angler Phishing Attacks Target Businesses

How Social Media Angler Phishing Attacks Target Businesses banner image

How Social Media Angler Phishing Attacks Target Businesses

Cybercriminals develop new methods every day for committing online fraud. This also applies to Angler Phishing, a recent type of cybercrime. This threat targets its victims via social media. The criminal gathers private information by posting false messages on a bogus social network account.

Social media is an effective tool for phishing attacks. The key to social media phishing is using personal information, such as a username and password, to trick users into revealing sensitive information about themselves. Most attacks are carried out via fake email messages, but there has also been an increase in phishing websites and malicious links.

In this blog, we’ll explain how Angler Phishing operates, how to spot it, and how to safeguard yourself against the potential loss of your data and possibly even your money.


What is Angler Phishing?

Angler phishing is a form of email fraud that uses fake websites to trick you into clicking on a link. This scam aims to steal your login credentials and use them to gain access to your bank account or other personal information.

The act of pretending to be a customer care account on social media to contact an irate customer is known as angler phishing. In these attacks, victims were lured into providing access to their personal information or account credentials in almost 55% of cases last year that targeted clients of financial institutions.

These scams are often spread by emails that appear to be from banks, authorities, or other reliable companies. The emails contain links or embedded images that can direct you to fake websites that appear legitimate. Once there, you’ll be asked to enter your account information — including login credentials for your bank accounts and email addresses for various social media platforms.

The goal is to steal your login credentials and use them to gain access to your bank account or other personal information.


How do Angler Phishing Attacks work?

Angler phishing attacks are simple but effective because they exploit a vulnerability in business-related social media accounts. In most cases, the attacker will create a web page with an identical URL address as the legitimate page they are trying to access.

When a BEC attack targets a business through social media, companies must take precautions against these cyberattacks.


How-Social-Media-Angler-Phishing-Attacks-Target-Businesses-middle-imageImpact Of Angler Phishing Attacks on Business

If you run a company or have a presence on social media, you should be aware of the impact of an angler phishing attack on your brand’s reputation:


1.   Business Disruption

A business may suffer a substantial loss due to a cyberattack, mainly if malware infestation is involved. A complete reversal of operations may be necessary to address the hack. The virus may require the company to operate on a skeleton crew or suspend operation altogether until the malware has been removed.

An interruption of business services can cause significant economic disruptions if the economy is already fragile. A cyberattack could also increase crime rates, making the situation worse.

Business disruption can result from both natural disasters and manufactured events like cyberattacks. The latter category includes everything from information theft to destructive viruses that target specific industries or sectors of society.


2.   Revenue Loss

Loss of revenue can have a huge impact, especially for businesses that rely on the internet and e-commerce. The costs of fraud, cyber security breaches, and other types of attacks can be very high, so it is essential to prevent them from happening in the first place.

The first step is creating an active cyber security policy that clearly outlines what the organization expects from its employees, what it will do if a breach happens and how it will respond to such an event.

Secondly, training employees about the importance of validating incoming data before acting on it is essential. Employees should also be made aware that no information should be shared with anyone outside their team without prior authorization.


3.   Intellectual Property Loss

Even if businesses are not protected under a ransomware attack, they risk losing user data, trade secrets, research, and blueprints. Regulatory companies, tech companies, pharmaceutical and defense providers are often hit the hardest. A company losing a patented invention for millions of dollars would no longer be able to afford to undertake the kinds of research and development that precede it.

Attempting to struggle directly with financial setbacks is simpler than you might think, but it’s far more challenging to do well without handling sensitive company info appropriately.

Trade Secrets Theft also has severe implications for manufacturers and suppliers who rely on customer relationship management (CRM) systems to track sales trends and contact lists. Suppose a hacker could access these systems and steal trade secret information such as product formulas or pricing strategies. In that case, this could seriously impair their ability to compete against other companies that have not been victimized by cybercrime.


4.   Reputation Effect

While the damage to reputation is the most significant consequence of a data breach, it’s not the only one. The costs involved in mitigating a breach can be substantial.

Although many companies have experienced data breaches, few have suffered the consequences. However, even though there are many benefits to having your own data breach preparedness plans, you still need to consider some risks before implementing one.



While many types of attacks from botnets or DDoS attacks use malvertising to gain access to sensitive business data, Angler phishing can potentially allow for the same. As a result, businesses need to be aware that such attacks exist and how they work to prevent them from occurring in the first place.

Another tip is to be wary of links in emails. Most email links don’t go anywhere and are just there for decoration.

Many companies are likely unaware of such attacks against their networks, trying to mitigate them once they occur. The best way to avoid these attacks is to be skeptical of any links or offers you see on social media. Protected Harbor is your partner in safeguarding your business against cyber threats. With our risk-based approach to security and our experience with thousands of customers, we can create a solution that works for you. Our team of experts will assess your organization’s security posture and recommend how to improve it. We will also develop a detailed action plan to help you stay secure from phishing emails, ransomware, and threat detection and response.

We offer a free cybersecurity audit to all businesses, regardless of size or industry. Contact one of our cybersecurity experts today.

How do You Prevent Another Uber-Style Breach

How do You Prevent Another Uber Style Breach Banner

How do You Prevent Another Uber-Style Breach

Uber blames contractors for the hack and links breach to Lapsus$ organization.


In the News

According to Uber, the hacker responsible for the breach last week is a member of the Lapsus$ extortion group, which has previously attacked Microsoft, Cisco, NVIDIA, Samsung, and Okta, among other well-known IT firms.

According to the company, the attacker conducted an MFA fatigue attack by flooding the contractor with two-factor authentication (2FA) login requests until one of them was approved using the stolen credentials of an Uber EXT contractor.

The usage of this social engineering technique has increased dramatically in recent attacks on well-known businesses worldwide, including Twitter, Robinhood, MailChimp, and Okta. Continue to read how do you prevent another uber-style breach?


What happened

The attacker gained privileged access to several tools, including G-Suite and Slack, by breaking into numerous other employee accounts, according to Uber’s updated statement.

“The attacker then modified Uber’s OpenDNS to display a graphic image to employees on some internal sites,” which was posted to a company-wide Slack channel many of you saw.

The business stated that it had not discovered proof that the threat actor could access production systems that hold sensitive user data, including financial and personal information (e.g., credit card numbers, user bank account info, personal health data, or trip history).

The FBI and the US Department of Justice assist the company’s investigation into the event.


Uber claims to have taken the following steps to stop similar approaches from being used in future breaches:

  • Any employee accounts that were affected or might have been compromised were found, and we either disabled their access to the Uber systems or ordered a password reset.
  • Many internal tools that were impacted or might have been impacted were disabled.
  • We changed the keys on many of our internal systems, effectively resetting access.
  • We restricted access to our source to stop further code additions.
  • We asked users to re-authenticate to regain access to internal tools. Additionally, we are enhancing our multi-factor authentication (MFA) guidelines.

We could keep all of our public-facing Uber, Uber Eats, and Uber Freight services operational and running smoothly. Because we took down some internal tools, customer support operations were minimally impacted and are now back to normal. — Uber



Is there a solution?

MFA is not an antidote on its own, but security experts believe that any level of MFA is better than none. Uber is not the only business whose network has been penetrated despite using multi-factor authentication.

By luring an employee into submitting their credentials to a phishing page, they had set up, which the hackers then used to generate a push notification delivered to the employee’s smartphones, hackers hacked into Twitter’s network in 2020.

According to an inquiry by the state of New York, the employee acknowledged a prompt, allowing the hackers to enter. More recently, a social engineering attempt that conned a worker into giving up their log in information led to another hack of Mailchimp.


Instead of focusing on the highly inspected systems for security issues, all of these attacks use the limitations of multi-factor authentication, frequently by directly attacking the individuals using it.

Cloudflare is the only company targeted in a recent wave of cyberattacks that successfully prevented a network compromise because it employs hardware security keys, which cannot be phished.

Even though some employees “did fall for the phishing messages,” Cloudflare acknowledged in a blog post that its use of hardware security keys—which require employees to physically plug a USB device into their computers after entering their credentials—had prevented the attackers from accessing its network.

According to Cloudflare, the attack “targeted personnel and systems in a manner that we believe would make it probable that most firms would be compromised.


Experts Advice MFA

The gold standard of MFA security, security keys, are not without their limitations, not the least of which are the expense and maintenance of the keys. We spend much time debating the necessity of physical security keys for everyone.

However, Tobac noted that some firms still push for mandated SMS two-factor authentication or MFA prompts for internal access.

As Uber’s breach shows, MFA by randomly generated code or push notification is far from ideal. Still, according to Richard Luna, CEO of Protected Harbor, ” Putting the good before the perfect is not a good idea.” Minor adjustments over time have a significant impact.

One notable advance is MFA number matching, which makes social engineering attempts much more challenging by presenting a code on the user’s screen and requiring them to enter it into an app on their verified device. The notion is that, similar to a security key, the attacker would need both the target’s credentials and their confirmed device.

Microsoft, Okta, and Duo offer MFA number matching. However, as security expert Kevin Beaumont pointed out, Okta’s number matching service is wrapped in an expensive licensing tier, while Microsoft’s solution is still in preview. Uber uses Duo for MFA, but it is said that at the time of the incident, number matching was not being used.

According to Tobac, network defenders can also set alerts and restrictions on the number of push messages a user can receive. They can also begin by distributing security keys to a test group of users before expanding it every three months.

In reaction to the hack, Uber stated on Monday that it is strengthening its MFA standards. Uber may still have many questions to answer regarding how the hacker gained access to high-privilege credentials for the remaining vital systems of the company using just a contractor’s stolen password.


Bottom Line

Stay up to date with patches, upgrade your software, and apply the latest security fixes. Install an antivirus program and keep it up to date. Use a VPN to protect your traffic from being monitored and encrypted communication to protect your data from prying eyes.

Stay vigilant and aware of any trends or changes in the threat landscape, and react accordingly. Stay informed by reading best practices and security blogs and keeping up with the news to stay on top of all the latest threats.

Protected Harbor security experts recommend enabling multi-factor authentication, using encryption, and activating Identity and Access Management. These tools will help to maintain data integrity, protect private and confidential information, and keep your customers safe from identity theft and data breaches.

Identity and Access Management solutions allow you to delegate the right level of access to the right people, thereby limiting the risk of data breaches. Encryption is essential to protect data in transit and at rest. It is recommended to use TLS protocol for secure data transfer and a FIPS-certified cryptographic module for data at rest.

Get a free security IT Audit and Penetration Testing today from Protected Harbor. Contact us now!

A Quick Guide to Proactive Cybersecurity Measures: How to Keep Yourself Safe From Hackers

A quick guide to proactive cybersecurity measures how to keep yourself safe from hackers

A Quick Guide to Proactive Cybersecurity Measures: How to Keep Yourself Safe From Hackers


Cybersecurity has become an important topic in today’s society. In the digital age, cybersecurity is critical to protecting data and intellectual property from unauthorized access, modification, disclosure, or destruction. However, cyber threats continue to grow in number and sophistication. A recent study by Intel Security found that 66% of businesses experienced at least one cyberattack during the year 2021. Cybersecurity for small businesses is important because they are often easy targets for cybercriminals who seek to steal sensitive data or disrupt operations, leading to significant financial losses and reputational damage. As more organizations are confronted with this reality, many have also begun to realize their current security measures aren’t enough.

In this blog post, we will unpack some proactive cybersecurity measures you can take to protect your organization’s data and reduce your risk of being a victim of cybercrime.


What is Proactive Cybersecurity?

Proactive cybersecurity is an organization’s effort to protect its data and software systems from threats before they happen. A proactive approach to cybersecurity can help organizations to stay ahead of emerging threats by using data-driven insights, continuous monitoring, and risk assessments. There are many ways to implement proactive cybersecurity measures.

Focusing on cybersecurity policies and procedures is a great place to start. You can also consider implementing tools that automate security tasks, such as Endpoint Detection and Response (EDR).


Cyber-Threat Analysis

When adopting proactive cybersecurity measures, there are various risks your company can face. To determine your top cybersecurity risks and vulnerabilities, you must do a thorough threat analysis. You’ll want to know how many cyber attacks happen daily based on your sector, geography, and relevant exposure. You must be aware of your defenses’ weak and strong points. Additionally, you must have a specific cybersecurity attack and defensive strategy.

Cybersecurity threats can come from various sources, including human error, natural disasters, hardware failures, malicious software, unsecured networks, and more. Before implementing proactive cybersecurity measures, you should analyze your organization’s cyber threats. You can use cyber threat modeling to identify the most significant risks to your organization. This process maps the threats to your organization and involves breaking down the organization’s infrastructure into components and mapping the threats against them.

What You Can Learn from Cyber Threat Analysis Are:

Assets: System administrators and cybersecurity experts should identify and safeguard the most critical assets in your organization. This includes sensitive data, intellectual property, and critical systems.

Attack vectors: Attacks can come from a variety of sources. The most common attack vectors include infected websites, malicious code, unsecured networks, and social engineering tactics.

Controls: You can use threat modeling to identify the controls and protect your assets. This will help you determine where additional controls might be needed.


Educate Your Team

One important proactive cybersecurity measure is to ensure that your team understands the potential threats facing your organization and how they can reduce their risk of being attacked. This can be done through regular cybersecurity training that educates employees on best practices and how they can contribute to better cybersecurity. It can also help them learn how to protect themselves and their colleagues.


Quick Guide to Proactive Cybersecurity Measures smallThreat Hunting

Cyber threat hunting continuously monitors networks and systems to identify malicious activity and threats in real-time. During threat hunting, you should also look for information that could be useful in tracking down and identifying potential attackers. This will allow you to respond to threats and attacks quickly. It could be an Advanced Persistent Threat (APT), a sophisticated cyber-attack, or even an insider threat. Regardless of the potential attack, the threat-hunting process can help you identify the nature of the threat and take the appropriate action to mitigate it before any real impacts on your business.


Penetration Testing

Penetration testing is testing your cybersecurity measures by breaking into your own systems. You can also refer to this as ethical hacking or red teaming. Once you have identified a potential threat, you can use penetration testing to simulate the attack and determine the outcome of this threat. This will help you understand the threat’s risk and choose the best way to respond to it. A vulnerability assessment is also an essential tool to use during a penetration test. It will help you to identify areas of your network where you are at risk of being attacked. It is important to remember that penetration testing is only a simulation and will help your business down the road.


Get Help

The cyber threats facing organizations today are constantly growing. Proactive cybersecurity measures must be implemented to protect your organization’s data and intellectual property. This includes cyber threat analysis, educating your team, threat hunting, and penetration testing.

Now, one final proactive cybersecurity measure we recommend is to get help. Even well-resourced organizations often struggle to fully protect themselves from cyber threats. Therefore, engaging with cybersecurity experts who can help your organization improve its cybersecurity posture is important. Working with our team at Protected Harbor is also essential as it provides an unbiased third-party perspective that can help you to identify vulnerabilities you may be unaware of.

Calling in the experts is the most straightforward preventative cybersecurity strategy for if this all sounds a bit overwhelming. You and your IT team may feel less pressure if you enlist a group of professionals to assist at each stage, and your organization may be better protected.

Let our staff of cybersecurity professionals start taking preventative steps to secure your company. Get in touch with Protected Harbor today to learn more about our Threat Monitoring, Detection, & Response services.

How did Twitter get hacked?

How did Twitter get hacked?

On July 15th many Twitter accounts were compromised.  How did this happen to a company like Twitter?

‘This was the worst social media hack ever happened in history’twitter hacked

The security involvement of the hack are also wide-reaching, not just for Twitter but for other social platforms.

Early suggestions are the hackers managed to access administration privileges, which allowed them to bypass the passwords of any account they wanted.

Twitter appeared to confirm this in a tweet saying: “We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

As we generate more content online we are creating a larger digital footprint.  These attackers simply contacted Twitter and asked for the names of key personal, the head of the customer service, their CIO, etc.  Once the attackers knew the identity of key individuals they then researched their web pages, Facebook links, LinkedIn profiles, etc.

The attackers were able to gain enough information from those pages to be able to correctly answer Twitter’s support questions and gain access to those accounts.

Once the attackers had access to an Admin account they could reset end-user accounts and then login as those users.  It was that easy.

Some questions that should be asked; What would have helped prevent this disaster?  Is your system(s) vulnerable to a similar attack?   How can your system(s) be protected?

2FA or Two Factor Authentication would have stopped this attack.  With 2FA the mobile device is registered to the account and the login is not possible until a code on the mobile device is entered.

At Protected Harbor we support 2FA for all systems, allowing our customers to be safe, secure, and protected, as in Protected Harbor.