Security Week: 2,000 People Arrested Worldwide for Social Engineering Schemes. “As part of this operation, which ran between March 8 and May 8, police raided more than 1,700 locations, identified roughly 3,000 suspects, and arrested 2,000 individuals believed to be involved in illicit activities. Authorities also froze approximately 4,000 bank accounts and intercepted $50 million worth of illegal funds.”
The Guardian: How fraudsters can use the forgotten details of your online life to reel you in . “In the first half of this year, £355m was lost in the UK to authorised push payment fraud, where people transferred money to scammers’ accounts. Some of these crimes began with fraudsters socially engineering victims they had met on dating sites. Others with people being contacted by someone pretending to be from a bank’s fraud department, and manipulating them that way.”
Hackaday: Airport Runways And Hashtags — How To Become A Social Engineer. “Of the $11.7 million companies lose to cyber attacks each year, an estimated 90% begin with a phone call or a chat with support, showing that the human factor is clearly an important facet of security and that security training is seriously lacking in most companies. Between open-source intelligence (OSINT) — the data the leaks out to public sources just waiting to be collected — and social engineering — manipulating people into telling you what you want to know — there’s much about information security that nothing to do with a strong login credentials or VPNs.”
Fast Company: I’m a hacker, and here’s how your social media posts help me break into your company. “Think twice before you snap and share that office selfie, #firstday badge pic, or group photo at work. Hackers are trolling social media for photos, videos, and other clues that can help them better target your company in an attack. I know this because I’m one of them.”
SecurityWeek: Research Shows Twitter Manipulation in Weeks Before EU Elections. “This is an age of large scale political social engineering through social media, both by advertising and the presentation of misleading data. International social engineering became frontpage news with the 2016 US presidential elections, but has not abated since. Researchers with the Sherpa project analyzed the use of social media as a recommendation system — specifically Twitter — ahead of the European elections in May 2019.”
eWeek: Microsoft Warns of Emails Bearing Crafty PDF Phishing Scams. “Instead of trying to cram malware into inboxes, attackers are increasingly using PDF-based social engineering schemes to to trick victims into handing over sensitive data or email login passwords.”
A new strain of ransomware wants you to get educated. “Instead of demanding a large amount of money from victims, it will only ask the victim to read two articles regarding computer security and staying safe on the internet. One of these is Google’s ‘Stay safe while browsing’ blog post, while the other is Bleeping Computer’s ‘Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom.’”
Oh dear. Will people really give up passwords in exchange for chocolate? “During the experiment, researchers asked randomly selected passers-by about their attitude towards computer security, but also asked them for their password. The interviewers were carrying University of Luxembourg bags, but were otherwise unknown to the respondents. In one condition, participants were given chocolate before being asked for their password, while in the control group they were only given chocolate after the interview. The research showed that this small gift greatly increased the likelihood of participants giving away their password. If the chocolate was only given out afterwards, 29.8 per cent of participants revealed their passwords. However, if the chocolate was received generally beforehand, a total of 43.5% of the respondents shared their password with the interviewer.”
The BBC: Twitter’s role in modern warfare. “Virtual warfare is being waged on social networks with the majority of users unaware that nations and militant groups alike are targeting their hearts and minds. Modern conflicts are no longer about warring states and control over territory, but more about identity, control of the population and the political decision-making process, argues military researcher Thomas Elkjer Nissen.”
Digital Trends has a very scary story about how easy it is for an Amazon account to be hacked. “It turns out if you want to break into someone else’s Amazon account, you don’t need to know their password, mother’s maiden name, or what their first pet was called. You just need to keep asking for information. That’s what happened with the case of Eric Springer, who found that Amazon customer support had handed over his personal information with just some gentle prodding.” Good grief, Amazon.
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.