The Werks

The Werks is an IT related commentary bringing you the unvarnished truth steeped in a vat of reality. The information contained herein is the opinion and rantings of a 30+ year veteran of the IT industry. This will hopefully give you helpful knowledge untainted by any specific vendor focused kool-aide. Occasionally, you may find that this collection of brain droppings will also give you the laugh you needed to make it through another day locked in the IT gulag. Read-on, brave soldier!

Wednesday, June 21, 2023

Cybercriminals Pose As Facebook And Instagram Support:

How To Protect Your Private Information From Being Stolen On Social Media

Another day, another scam! A new wave of social media scams has emerged, targeting unsuspecting Facebook and Instagram users. Whether you use your page for personal or business use, this new con could affect you. In this article, you'll discover what this scam is, how to detect if hackers are targeting you, and how to avoid falling for it and potentially leaking your private information.

If you're a social media user, you may have noticed that in recent years, both platforms are quick to hand out page violations. An inappropriate comment or post can land you in "Facebook jail" or with a 30-day suspension for repeated offenses. Facebook’s goal appears noble – keep these platforms a positive, kind place for all users.

To help identify these comments, the platforms have developed a sophisticated bot that can read the posts and detect "flagged" phrases that the platform has deemed inappropriate. Typically, they remove the inappropriate content and notify the user that the post was flagged and warn if they continue posting similar content a ban can occur.

However, this robotic peacekeeper is not perfect. It has a reputation for flagging ordinary content because of key trigger words and banning unoffending accounts. This situation is frustrating for users who don't want to lose access to their social media platforms for an offense they didn't commit or are worried that years' worth of memories they've accumulated on their account could disappear if their account is wrongfully deleted.

Cybercriminals saw their opportunity and went for it. Hackers pose as support agents from Facebook or Instagram, contacting users via direct message on the platforms saying there has been a policy violation and they'll help the user resolve it by filling out a simple form that gives them the information they need to make this digital slap on the wrist go away. The alarming twist? Once users submit their information, it falls directly into these skilled hackers' hands, who can use it for who knows what.

If you want to protect yourself from this scam, you must first be able to recognize it. If you receive a message like the one below – don't panic. Cybercriminals want you to be worried, so you slip up and make a mistake. Remember, a Facebook agent will never directly contact you unless you go through the support chat first. The platforms have in-app notifications about banned or flagged content that you will see first, and they will follow up via email.

The image below features an actual screenshot of this scam in action and points out other factors to notice when determining the legitimacy of a violation.

We didn't request the form to see what information it collects (and neither should you), but we can guess. Facebook has developed strict verification processes for confirming identities to reduce the number of imposters on Facebook and determine the rightful ownership of accounts in hacking situations. The platform will request proof of identity with a photo of your ID or sometimes even business documents proving ownership. Cybercriminals will likely request this information but may take it further by asking to confirm your password, social security number, and more.

This deceptive tactic highlights the ever-evolving nature of cybercrime. Just as we've seen with the rise of AI-powered tools used in voice cloning scams, these hackers are becoming increasingly creative and sophisticated in their efforts to manipulate social media users. They are watching what's happening and adapting their tactics accordingly. The stakes are high, and so is the potential damage to individuals and businesses.

To safeguard yourself and your business from such threats, it's crucial to remain vigilant and informed. Here are a few practical tips to help you stay protected:

Always verify the authenticity of messages received from social media platforms. Support does not contact you via message unless you request chat support, and they will never ask you to provide sensitive information through direct messages.
Be cautious of unsolicited messages requesting you to click a link or fill out a form. Instead of clicking the link, visit the platform's help center or contact support directly to inquire about the issue.
Strengthen your account security by enabling two-factor authentication, regularly updating your passwords, and using unique, complex combinations of characters.
Provide regular security awareness training to your employees. Share articles like this one that shed light on emerging scams and engage in ongoing education to ensure your team remains alert and prepared.
Collaborate with your IT service provider to implement robust cybersecurity measures and disaster recovery protocols. Investing in comprehensive protection is essential in minimizing the risk of falling victim to these sophisticated attacks.

Remember, prevention is critical. Don't wait until it's too late to act. If you're concerned about the security measures your IT service provider has in place, click here to request a FREE IT Security Risk Assessment. This assessment will give you a clear understanding of your current security stance and whether you're well-equipped to handle a cyber-attack.

Monday, June 12, 2023

Cybercriminals Are Deploying Powerful AI-Powered Tools To Hack You

Are You Prepared For What’s Coming?

An Arizona family was recently in the news warning others about how they were the target of a ransom call in which scammers used AI (artificial intelligence) to clone their daughter’s voice to convince the parents they had kidnapped their daughter, with the apparent goal of extorting money.

DeLynne Bock, the mother of Payton Bock and target of the con, said she feels she can easily spot a fake scam call, but this was on a whole other level.

According to the news story, the scammers called their home, where DeLynne’s husband answered the call. A man on the other end of the line was screaming and using foul language, saying his daughter had caused an accident, hitting his car, and couldn’t find her insurance. From there, he started making threats, saying he had her tied up in the back of his truck.

What made the call so convincing was the deep fake of her daughter’s voice on the other end of the line – pleading for help, crying. Unable to reach her daughter by phone, DeLynne called the police while her husband kept the man on the phone. “I called the police, and they’re saying, ‘This is possibly a scam situation.’ I said, ‘There is no way this is a scam. This is my daughter’s voice,’” DeLynne said. “This wasn’t just some person pretending. As a mother, you know your daughter’s voice, and this was my daughter.”

Apparently, this wasn’t the first time this happened which is how the police were able to suggest it could be a scam. This is just the latest iteration of how hackers are using AI to produce deep fakes to extort money. AI and ChatGPT have been in the news recently for a reason – AI is an extremely powerful tool that, if put in the wrong hands, can do a lot of harm.

It’s not a stretch to imagine the use of AI to fake a CEO’s voice, signature or writing style in an e-mail, text, call or instant messaging to trick an employee into sending money or doing things that would severely harm the organization, such as providing a login or access to the company’s network, data or critical applications. Or similarly use this same type of approach to scam clients or patients into giving up confidential information or payments.

A report released by security experts at Home Security Heroes showed that 51% of common passwords could be cracked in less than one minute using an AI. Both the length and complexity of the passwords factored into the speed of successfully cracking the password, but even a complex password with seven characters using both uppercase and lowercase letters, numbers and symbols took just minutes to crack.

This means it’s hypercritical for all business owners to no longer rely on strong passwords and simple antivirus to protect their organization.

Today, all businesses should have some type of security awareness training for their employees. For example, simply sharing this article and others we publish like them with them can go a long way toward making sure they’re always on high alert for scams; but sharing the occasional article is not enough. You should have some type of ongoing reminders and formal training so that it’s always top of mind. Employees AREN’T “too smart” to fall for these scams. If someone can trick a mother into believing her daughter has been kidnapped by duping her daughter’s voice, they can trick an employee into clicking on a link, giving them access or transferring funds – and it’s happening right now to a lot of businesses.

Second, you need to work with your IT company to ensure they have implemented robust cyber security tools and protections, as well as disaster recovery protocols so if you are ransomed, you can be sure to recover your data. This is not an area to be cheap about. Most people stubbornly believe it won’t happen to them, or that it will be a minor inconvenience, not the costly, business-crippling and devastating disaster that a cyber or ransomware attack can have. An ounce of prevention goes a long, long way toward minimizing your risk.

I would also recommend protecting your online presence by using the following strategies:

· Consider getting cybersecurity awareness training for yourself and your workforce

· Enable Multi-Factor Authentication (MFA) on all accounts that support it

· Use a password manager to keep track of all of your accounts (bonus if it also does a continuous dark web search for compromised accounts)

· Equip all of your mobile devices and laptops with a personal VPN or SASE (Secure Access System Edge) client to isolate your internet bound traffic from prying eyes.

If you want to make sure your IT services provider is protecting you properly, click here to request a FREE IT Security Risk Assessment. This assessment is not time-consuming, invasive or difficult to do, but will give you the unvarnished truth about your current security and whether or not you will be properly and brilliantly prepared for a cyber-attack.

Tuesday, June 6, 2023

Facebook Owes You Money!

How To Apply For Your Share Of Facebook’s Recent $725 Million Privacy Lawsuit

Here’s a shocker: Facebook is being forced to pay a whopping $725 million in a settlement following numerous lawsuits claiming they violated users’ privacy. This is in addition to another class action lawsuit for $650 million for storing and collecting the biometric data of nearly 1.3 million Illinois residents without their knowledge or consent. Think it’s a scammers hoax? Not this time, Mr. Zuckerberg. It’s legit.

The lawsuits allege that Facebook shared data from users and their friends with third parties without the users’ knowledge or consent and then failed to monitor or direct how these third parties accessed the data or what they did with it.

The plaintiffs’ lawyers estimate about 250 to 280 million people may be eligible for payments as part of this suit.

The money being paid to each person depends on how long they’ve had a Facebook account and how many people actually file claims. Users will get “points” for every month they’ve had an account between May 24, 2007, and December 22, 2022. The money will be split (after lawyers’ fees are paid, of course) based on those numbers, so don’t expect a financial windfall that will allow you to move to Beverly Hills. The only people getting rich here are the lawyers.

If you had a Facebook account during the dates above, you’re automatically part of the settlement, but you must submit a claim by August 25 of this year using this website. If you do nothing, you get nothing and you’ll give up the right to sue or be part of another lawsuit against Facebook related to these claims.

However, if you’re feeling ambitious (and have deep pockets to pay the legal fees), you can choose to opt out of this lawsuit and attempt to sue Facebook separately, under your own initiative.

We should all be happy that big tech companies accessing, selling and sharing our data without our knowledge or consent are being held accountable; but it’s not enough to depend on lawyers or our government to protect our identity and personal information. Companies like Meta make far too much money from our data to turn away from selling it and using it. For example, Meta made over $116 billion last year from a FREE app. That money is coming from selling access and data. This lawsuit, while sizeable, only represents just 0.62% of the company’s total revenue – a rounding error.

The entire dark web and the rise of hacking demonstrate how much money there is to be made from gaining access to personally identifiable information, so you need to be careful you don’t end up a victim of your data being stolen, shared and sold.

One of the ways to prevent your information from being shared is by going into the privacy settings on Facebook and finding “Your Facebook information.” From there, click “Off-Facebook activity” and “Recent activity” to clear your history.

You can also click “Manage future activity” and choose “Disconnect future activity” to disable this feature. Of course, if you like the ads you get from Facebook this will (should?) make all of that go away.

Another suggestion is to check the privacy settings on your phone to ensure apps installed aren’t getting free access to your camera and microphone unless specifically given permission by you to perform those functions. Many apps will install with that access feature turned on and require you to opt out.

Of course, as a business owner, YOU have to also think about how you are storing and using your clients’ data. As this lawsuit proves, the government is taking data privacy and protection seriously, which is why you’re seeing more regulatory compliance for data security and privacy hitting all industry sectors.

If you want to make sure you’re not accidentally exposing your clients’ data and violating data protection laws, schedule a quick call with us to discuss your concerns and see if there are ways we can help you avoid exposing your clients’ and employees’ data by accident.