How Social Media Angler Phishing Attacks Target Businesses

How Social Media Angler Phishing Attacks Target Businesses banner image

How Social Media Angler Phishing Attacks Target Businesses

Cybercriminals develop new methods every day for committing online fraud. This also applies to Angler Phishing, a recent type of cybercrime. This threat targets its victims via social media. The criminal gathers private information by posting false messages on a bogus social network account.

Social media is an effective tool for phishing attacks. The key to social media phishing is using personal information, such as a username and password, to trick users into revealing sensitive information about themselves. Most attacks are carried out via fake email messages, but there has also been an increase in phishing websites and malicious links.

In this blog, we’ll explain how Angler Phishing operates, how to spot it, and how to safeguard yourself against the potential loss of your data and possibly even your money.

 

What is Angler Phishing?

Angler phishing is a form of email fraud that uses fake websites to trick you into clicking on a link. This scam aims to steal your login credentials and use them to gain access to your bank account or other personal information.

The act of pretending to be a customer care account on social media to contact an irate customer is known as angler phishing. In these attacks, victims were lured into providing access to their personal information or account credentials in almost 55% of cases last year that targeted clients of financial institutions.

These scams are often spread by emails that appear to be from banks, authorities, or other reliable companies. The emails contain links or embedded images that can direct you to fake websites that appear legitimate. Once there, you’ll be asked to enter your account information — including login credentials for your bank accounts and email addresses for various social media platforms.

The goal is to steal your login credentials and use them to gain access to your bank account or other personal information.

 

How do Angler Phishing Attacks work?

Angler phishing attacks are simple but effective because they exploit a vulnerability in business-related social media accounts. In most cases, the attacker will create a web page with an identical URL address as the legitimate page they are trying to access.

When a BEC attack targets a business through social media, companies must take precautions against these cyberattacks.

 

How-Social-Media-Angler-Phishing-Attacks-Target-Businesses-middle-imageImpact Of Angler Phishing Attacks on Business

If you run a company or have a presence on social media, you should be aware of the impact of an angler phishing attack on your brand’s reputation:

 

1.   Business Disruption

A business may suffer a substantial loss due to a cyberattack, mainly if malware infestation is involved. A complete reversal of operations may be necessary to address the hack. The virus may require the company to operate on a skeleton crew or suspend operation altogether until the malware has been removed.

An interruption of business services can cause significant economic disruptions if the economy is already fragile. A cyberattack could also increase crime rates, making the situation worse.

Business disruption can result from both natural disasters and manufactured events like cyberattacks. The latter category includes everything from information theft to destructive viruses that target specific industries or sectors of society.

 

2.   Revenue Loss

Loss of revenue can have a huge impact, especially for businesses that rely on the internet and e-commerce. The costs of fraud, cyber security breaches, and other types of attacks can be very high, so it is essential to prevent them from happening in the first place.

The first step is creating an active cyber security policy that clearly outlines what the organization expects from its employees, what it will do if a breach happens and how it will respond to such an event.

Secondly, training employees about the importance of validating incoming data before acting on it is essential. Employees should also be made aware that no information should be shared with anyone outside their team without prior authorization.

 

3.   Intellectual Property Loss

Even if businesses are not protected under a ransomware attack, they risk losing user data, trade secrets, research, and blueprints. Regulatory companies, tech companies, pharmaceutical and defense providers are often hit the hardest. A company losing a patented invention for millions of dollars would no longer be able to afford to undertake the kinds of research and development that precede it.

Attempting to struggle directly with financial setbacks is simpler than you might think, but it’s far more challenging to do well without handling sensitive company info appropriately.

Trade Secrets Theft also has severe implications for manufacturers and suppliers who rely on customer relationship management (CRM) systems to track sales trends and contact lists. Suppose a hacker could access these systems and steal trade secret information such as product formulas or pricing strategies. In that case, this could seriously impair their ability to compete against other companies that have not been victimized by cybercrime.

 

4.   Reputation Effect

While the damage to reputation is the most significant consequence of a data breach, it’s not the only one. The costs involved in mitigating a breach can be substantial.

Although many companies have experienced data breaches, few have suffered the consequences. However, even though there are many benefits to having your own data breach preparedness plans, you still need to consider some risks before implementing one.

 

Conclusion

While many types of attacks from botnets or DDoS attacks use malvertising to gain access to sensitive business data, Angler phishing can potentially allow for the same. As a result, businesses need to be aware that such attacks exist and how they work to prevent them from occurring in the first place.

Another tip is to be wary of links in emails. Most email links don’t go anywhere and are just there for decoration.

Many companies are likely unaware of such attacks against their networks, trying to mitigate them once they occur. The best way to avoid these attacks is to be skeptical of any links or offers you see on social media. Protected Harbor is your partner in safeguarding your business against cyber threats. With our risk-based approach to security and our experience with thousands of customers, we can create a solution that works for you. Our team of experts will assess your organization’s security posture and recommend how to improve it. We will also develop a detailed action plan to help you stay secure from phishing emails, ransomware, and threat detection and response.

We offer a free cybersecurity audit to all businesses, regardless of size or industry. Contact one of our cybersecurity experts today.

How do You Prevent Another Uber-Style Breach

How do You Prevent Another Uber Style Breach Banner

How do You Prevent Another Uber-Style Breach

Uber blames contractors for the hack and links breach to Lapsus$ organization.

 

In the News

According to Uber, the hacker responsible for the breach last week is a member of the Lapsus$ extortion group, which has previously attacked Microsoft, Cisco, NVIDIA, Samsung, and Okta, among other well-known IT firms.

According to the company, the attacker conducted an MFA fatigue attack by flooding the contractor with two-factor authentication (2FA) login requests until one of them was approved using the stolen credentials of an Uber EXT contractor.

The usage of this social engineering technique has increased dramatically in recent attacks on well-known businesses worldwide, including Twitter, Robinhood, MailChimp, and Okta. Continue to read how do you prevent another uber-style breach?

 

What happened

The attacker gained privileged access to several tools, including G-Suite and Slack, by breaking into numerous other employee accounts, according to Uber’s updated statement.

“The attacker then modified Uber’s OpenDNS to display a graphic image to employees on some internal sites,” which was posted to a company-wide Slack channel many of you saw.

The business stated that it had not discovered proof that the threat actor could access production systems that hold sensitive user data, including financial and personal information (e.g., credit card numbers, user bank account info, personal health data, or trip history).

The FBI and the US Department of Justice assist the company’s investigation into the event.

 

Uber claims to have taken the following steps to stop similar approaches from being used in future breaches:

  • Any employee accounts that were affected or might have been compromised were found, and we either disabled their access to the Uber systems or ordered a password reset.
  • Many internal tools that were impacted or might have been impacted were disabled.
  • We changed the keys on many of our internal systems, effectively resetting access.
  • We restricted access to our source to stop further code additions.
  • We asked users to re-authenticate to regain access to internal tools. Additionally, we are enhancing our multi-factor authentication (MFA) guidelines.

We could keep all of our public-facing Uber, Uber Eats, and Uber Freight services operational and running smoothly. Because we took down some internal tools, customer support operations were minimally impacted and are now back to normal. — Uber

How-do-You-Prevent-Another-Uber-Style-Breach-26-sep-middle

 

Is there a solution?

MFA is not an antidote on its own, but security experts believe that any level of MFA is better than none. Uber is not the only business whose network has been penetrated despite using multi-factor authentication.

By luring an employee into submitting their credentials to a phishing page, they had set up, which the hackers then used to generate a push notification delivered to the employee’s smartphones, hackers hacked into Twitter’s network in 2020.

According to an inquiry by the state of New York, the employee acknowledged a prompt, allowing the hackers to enter. More recently, a social engineering attempt that conned a worker into giving up their log in information led to another hack of Mailchimp.

 

Instead of focusing on the highly inspected systems for security issues, all of these attacks use the limitations of multi-factor authentication, frequently by directly attacking the individuals using it.

Cloudflare is the only company targeted in a recent wave of cyberattacks that successfully prevented a network compromise because it employs hardware security keys, which cannot be phished.

Even though some employees “did fall for the phishing messages,” Cloudflare acknowledged in a blog post that its use of hardware security keys—which require employees to physically plug a USB device into their computers after entering their credentials—had prevented the attackers from accessing its network.

According to Cloudflare, the attack “targeted personnel and systems in a manner that we believe would make it probable that most firms would be compromised.

 

Experts Advice MFA

The gold standard of MFA security, security keys, are not without their limitations, not the least of which are the expense and maintenance of the keys. We spend much time debating the necessity of physical security keys for everyone.

However, Tobac noted that some firms still push for mandated SMS two-factor authentication or MFA prompts for internal access.

As Uber’s breach shows, MFA by randomly generated code or push notification is far from ideal. Still, according to Richard Luna, CEO of Protected Harbor, ” Putting the good before the perfect is not a good idea.” Minor adjustments over time have a significant impact.

One notable advance is MFA number matching, which makes social engineering attempts much more challenging by presenting a code on the user’s screen and requiring them to enter it into an app on their verified device. The notion is that, similar to a security key, the attacker would need both the target’s credentials and their confirmed device.

Microsoft, Okta, and Duo offer MFA number matching. However, as security expert Kevin Beaumont pointed out, Okta’s number matching service is wrapped in an expensive licensing tier, while Microsoft’s solution is still in preview. Uber uses Duo for MFA, but it is said that at the time of the incident, number matching was not being used.

According to Tobac, network defenders can also set alerts and restrictions on the number of push messages a user can receive. They can also begin by distributing security keys to a test group of users before expanding it every three months.

In reaction to the hack, Uber stated on Monday that it is strengthening its MFA standards. Uber may still have many questions to answer regarding how the hacker gained access to high-privilege credentials for the remaining vital systems of the company using just a contractor’s stolen password.

 

Bottom Line

Stay up to date with patches, upgrade your software, and apply the latest security fixes. Install an antivirus program and keep it up to date. Use a VPN to protect your traffic from being monitored and encrypted communication to protect your data from prying eyes.

Stay vigilant and aware of any trends or changes in the threat landscape, and react accordingly. Stay informed by reading best practices and security blogs and keeping up with the news to stay on top of all the latest threats.

Protected Harbor security experts recommend enabling multi-factor authentication, using encryption, and activating Identity and Access Management. These tools will help to maintain data integrity, protect private and confidential information, and keep your customers safe from identity theft and data breaches.

Identity and Access Management solutions allow you to delegate the right level of access to the right people, thereby limiting the risk of data breaches. Encryption is essential to protect data in transit and at rest. It is recommended to use TLS protocol for secure data transfer and a FIPS-certified cryptographic module for data at rest.

Get a free security IT Audit and Penetration Testing today from Protected Harbor. Contact us now!

Major Security Flaw Exposes Twitter Accounts        

Twitter accounts exposed in major security SNAPU

 

Major Security Flaw Exposes Twitter Accounts

Twitter has acknowledged that a bug in its code allowed malicious actors to link accounts with email addresses registered to them, possibly disclosing the identity of their users.

The company late last week revealed the flaw and apologized for the inconvenience stating the issue was remedied immediately.

The vulnerability in Twitter’s handling of unsuccessful log-in attempts was exploited. When a user entered the incorrect password, Twitter used to do one of two things when they attempted to log in using an email address or phone number:

  • Inform the user that they entered the wrong password
  • Display the Twitter account linked to the specified email or phone number (if any exist)

This implied that users of fictitious accounts might have had their identities revealed.

In this post, we will be discussing what exactly happened with Twitter and how you can protect yourself from cyber-criminal.

Also, check out our blog from last week where we talk about Malware hitting millions of android users and the Top 5 Apps You Need to Uninstall Right Now.

 

What Happened?

Countless apps are exposing Twitter’s API keys, giving hackers access to fully take control of those accounts and use them for identity theft or other forms of online fraud.

The information was discovered by cybersecurity experts CloudSEK, who found 3,207 mobile apps leaking both legitimate Consumer Keys and Consumer Secrets for the Twitter API.

Numerous mobile applications have interacted with Twitter, which enables those applications to carry out specific tasks on behalf of users. Consumer Keys and Secrets are combined with the Twitter API to complete the integration. The apps may enable threat actors to tweet things, write and read direct conversations, or do something similar by leaking this kind of data.

A threat actor could theoretically gather an “army” of Twitter endpoints and use them to tweet, retweet, direct message, as well as participate in other methods to spread a fraud or malware campaign.

 

Millions of Downloads

Twitter accounts exposedAccording to the researchers, the questioned apps include radio tuners, e-banking, city transportation, and similar sites, each receiving between fifty-thousand and five-million downloads.

In other words, there’s a good chance that millions of Twitter accounts are in danger as we speak.

All app owners/creators have been informed, but the majority have done nothing to fix the problem—nor even admit to the public that they have been informed of the issue. According to reports, Ford Motors was one of the businesses that quickly addressed the error with its Ford Events app.

The list of suspected apps won’t be made public until other apps address their problems.

Researchers also noted that mistakes made during the development of apps frequently lead to API leaks. Developers occasionally forget to remove authentication keys after embedding them in the Twitter API.

Protected Harbor advises developers to employ API key rotation, which would eventually make exposed keys invalid, to stop these leaks.

 

Final Words

In today’s technological landscape, you must take the proper steps to protect yourself and your family. Keep track of the latest scams and what you can do to keep yourself safe from cyber-criminals. If you feel you have been the victim of a scam, report it immediately.

Experts from Protected Harbor recommend that you:

  • Stay informed about the latest threats and vulnerabilities and keep your software up to date.
  • Don’t click on links from suspicious emails,
  • Don’t download apps from untrusted websites.
  • Change your passwords regularly.
  • Use a VPN when using public Wi-Fi.
  • Uninstall any and all harmful apps immediately.
  • Think before you allow any app permission or access to your files.
  • Enable 2FA (2-Factor Authentication).
  • Use trusted anti-virus software.

Stay vigilant, keep your privacy settings high, and you can keep your accounts secure.

We are giving away a free IT Audit for a limited time. Contact us today for one. Stay updated with the latest news with our blogs and other resources, and keep a keen eye on your social media accounts. Stay Safe![/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row]

How did Twitter get hacked?

How did Twitter get hacked?

On July 15th many Twitter accounts were compromised.  How did this happen to a company like Twitter?

‘This was the worst social media hack ever happened in history’twitter hacked

The security involvement of the hack are also wide-reaching, not just for Twitter but for other social platforms.

Early suggestions are the hackers managed to access administration privileges, which allowed them to bypass the passwords of any account they wanted.

Twitter appeared to confirm this in a tweet saying: “We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

As we generate more content online we are creating a larger digital footprint.  These attackers simply contacted Twitter and asked for the names of key personal, the head of the customer service, their CIO, etc.  Once the attackers knew the identity of key individuals they then researched their web pages, Facebook links, LinkedIn profiles, etc.

The attackers were able to gain enough information from those pages to be able to correctly answer Twitter’s support questions and gain access to those accounts.

Once the attackers had access to an Admin account they could reset end-user accounts and then login as those users.  It was that easy.

Some questions that should be asked; What would have helped prevent this disaster?  Is your system(s) vulnerable to a similar attack?   How can your system(s) be protected?

2FA or Two Factor Authentication would have stopped this attack.  With 2FA the mobile device is registered to the account and the login is not possible until a code on the mobile device is entered.

At Protected Harbor we support 2FA for all systems, allowing our customers to be safe, secure, and protected, as in Protected Harbor.