facebook

Facebook Trend Gives Hackers Personal Information

There is a trend going around Facebook in support of this year’s seniors who missed out on prom and graduation due to the pandemic. Many users are posting their senior pictures along with the year they graduated, and the school they graduated from. The problem with this trend is it gives hackers information that is commonly used as security questions for banking or other high security websites. Even if a user doesn’t use these specific questions, it gives hackers a head start on information for spear phishing campaigns.

Last year we saw a shift from generalized phishing campaigns to spear phishing campaigns. A general phishing campaign sends out thousands of emails with the hope a small percentage of recipients will click on the link or attachment and become a target of the hacker. A spear phishing campaign differs because they target individual users. Instead of sending out thousands of emails, they are sending single highly detailed emails to known people in attempt to infect their computer or steal personal information. The hackers learn as much as they can about an individual person before sending a phishing email referencing personal information. The problem with this new trend is Facebook users are giving hackers their name, city, and graduation date from which they can infer a birth date. Then users are tagging the post #Classof2020, so the posts are very easy for hackers to find.

The Better Business Bureau raised concerns about this new trend. Below are some tips from BBB on staying safe on social media.

Resist the temptation to play along. While it’s fun to see other’s posts, if you are uncomfortable participating, it is best to not do it.

Review your security settings. Check your security settings on all social media platforms to see what you are sharing and with whom you are sharing.

Change security questions/settings. If you are nervous about something you shared possibly opening you up to fraud, review and change your security settings for banking and other websites. 

Source: Better Business Bureau News Release

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

New Phishing Campaign Using Microsoft’s Azure Blob Storage

Two, new email phishing campaigns have been identified with a unique twist.  The first is an email, notifying users of Office 365 that their account is out of date, and the information associated with the account needs to be updated.  This phishing email also threatens users that their subscription will be terminated unless they log in and update their account.

The second phishing email appeared to come from the business-oriented side of Facebook, called Workplace, and tried to trick users into clicking a “View More Posts” link.  Strangely, this link also went to a fake Office 365 login page instead of a fake Facebook page.

The twist on this phishing campaign that makes it stand out from others, is it used Microsoft’s Azure Blob Storage to host the campaign.  This extra creative step gave the attackers two advantages over what we normally tell users to look for, when they are inspecting suspicious emails.  Using Azure Blob Storage adds legitimacy to the phishing campaign because content hosted on the Microsoft service are given a windows.net URL.  To even discerning users, this windows.net address makes the content look as if it is actually coming from Microsoft.  The second advantage this service gave the attackers is that URLs hosted on Azure Blob Storage are given a wildcard SSL certificate.  This means the site had the familiar lock icon next to the URL that we associate with secure web pages.

What Can You and Your Business Do to Avoid These Advanced Traps?

Your users are still your biggest asset in avoiding these scams.  Continued education and reminders about what they should and should not be clicking on, need to be an ongoing process.  Even with these advanced tactics, there are still red flags in this campaign that should have stopped you from clicking.  In the first email, there was a threatening tone that your subscription will be terminated unless you click.  These phishing campaigns are written to create urgency and play on emotions.  The second email was seemingly for a Facebook Workplace page, but then landed users on an Office 365 page.  This is the level of attention needed to navigate these phishing campaigns.

As always, the best advice is to go straight to the source if you question an email.  In this example, instead of clicking the link in the email, type office.com into your web browser, log into your account as you normally would, and see if your account information needs updated.  The same goes for Facebook or Amazon.  If you get a suspicious email, instead of clicking the link, go directly to the site as you normally would, log in, and see if there is an issue.

Educating your users is the best defense against phishing campaigns like these.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business