Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations.

Read more in my article on the Tripwire State of Security blog.

Read More

Graham Cluley Security News is sponsored this week by the folks at SolCyber. Thanks to the great team there for their support! If the bad guys don’t discriminate when it comes to who they are attacking, how can your business settle for anything less than the very best security? SolCyber has brought to market a … Continue reading “How to get Fortune 500 cybersecurity without the hefty price tag”

Read More

Popular NFT marketplace OpenSea has warned users that they might be targeted with phishing attacks following a data breach that exposed the email addresses of its users and newsletter subscribers.

Read More

It’s Social Media Day! How are you celebrating? Reposting your very first profile picture from a decade ago? Sharing your most-loved status update or the photo you’re most proud of? This year, consider commemorating the day by learning more about how to keep your information safe. Enjoy your favorite platform, but be on the lookout for scams, such as social engineering. 

What is Social Engineering 

Social engineering is a cybercrime common to social media sites. It is a tactic where a cybercriminal lurks on people’s social media pages, gleaning personal information that they then use to impersonate them elsewhere. 

With more than half of the global population on social media, you may think that a cybercriminal will never single you out from such a huge pool; however, it is possible.1 Luckily, you only have to make a few, easy changes to your online habits to keep your valuable private information just that: private. Check out these tips to make smart decisions and be more confident about your and your family’s online security. 

Why Do Cybercriminals Care About Social Media? 

Think of the types of posts you share with your dozens – or even hundreds or thousands! – of followers: updates about your life, where you live, work, or favorite travel destinations, your hobbies, pets, family members, etc. All of these details, that only you and those closest to you should know, are a valuable commodity to cybercriminals. Plus, now that social media shopping is growing in popularity, the credit card information linked to accounts is sweetening the deal for cybercriminals. 

Here are a few social engineering scams that are common to social media.  

Credential stuffing

People commonly create passwords based on things, places, and people that are important. Have you ever published a 20 questions-style get-to-know-me post? Those contain a lot of valuable personally identifiable information (PII). With just a few of those details about your personal life, cybercriminals can make educated guesses at your passwords, a tactic called credential stuffing. If they’re able to crack the code to one of your accounts, they’ll then input that password and login variations in several other sites, especially online banking portals, to see if they can gain entry to those too. 

Fake contests 

You’ve won! Send us your banking information and address, and you’ll receive a package in the mail or a direct deposit to your bank account!  

But did you enter a drawing for a prize? Very rarely does anyone win something just by being a follower of a certain page. If you receive a message similar to the above, it’s likely a phisher trying to draw more PII and sensitive banking information out of you. Or, the message may have links within it that redirect to an untrustworthy site. If you regularly enter social media contests, keep a list and only respond to legitimate ones. Also, never give your banking information out over social media, private messages, or email. 

Emotional messages and posts

There are plenty of valid fundraisers and petitions circulating around social media; however, there are just as many social engineering scams that dupe social media users because they inspire a strong emotion in them. For example, there have been several scams around Ukrainian donation sites. Cybercriminals often use fear, anger, or sadness to inspire people to open their wallets and share confidential banking information. 

How to Protect Yourself from Social Engineering

Luckily, all it takes is a few smart habits to stop social engineers in their tracks. Consider the following tips and make these small changes to your social media usage: 

Edit your follower or friend lists

At this point, you’ve probably had several of your social media accounts active for over a decade. That means it’s time to do some cleaning out of your friends and followers lists. It’s best to only accept requests from people you personally know and would actually like to keep in the loop about your life. A friend and follower request from strangers could be cyber criminals in disguise. Also, consider setting your account to private so that your posts are invisible to strangers. 

Slow down and think 

Social engineering hacks often bank on people acting rashly and quickly because of strong emotion, either excitement, fear, sadness, or anger. If you see a post on your newsfeed or receive a direct message that gives you a tight window to respond and asks for PII, slow down and think before acting. Double-check the destination of every link in the message by hovering over it with your cursor and checking the link preview at the bottom of your browser screen. Be careful, because some link previews include slight misspellings of legitimate websites. As a great rule of thumb, be automatically skeptical of direct messages from people you do not personally know. And if a DM from a friend seems out of the ordinary, shoot them a text to confirm they actually sent it. It could be that their social media account was hacked and a criminal is spamming their followers.   

Create strong, unique passwords or passphrases

A password manager will go a long way toward ensuring you have unique, strong passwords and passphrases for every account. Not reusing passwords makes credential stuffing impossible. McAfee True Key stores all your logins and passwords and guards them with one of the strongest encryption algorithms available. All you need to do is remember your master password. It’s a great practice to also enable multifactor authentication whenever a website offers it. This makes it incredibly difficult for a cybercriminal to break into your online accounts with their educated guesses at your password. 

Live More Confidently and Safely Online 

Now that you know what to look for and the best tricks to be safe, you can feel more confident that you’re doing everything you can to protect your online accounts and private information. McAfee Protection Score can also help you take control of your online safety. This service allows you to monitor your current online safety and encourages you to take specific steps to improve it. Now you can enjoy digitally keeping in touch with your friends with peace of mind! 

1Smart Insights, “Global social media statistics research summary 2022” 

The post It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online appeared first on McAfee Blog.

Read More

ZuoRAT used in operation focused on SOHO routers

Read More

A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft’s facial recognition tech no longer wants to know how you’re feeling.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford from The Host Unknown podcast.

Plus don’t miss our featured interview with Bitwarden founder and CTO Kyle Spearrin.

Read More