#1 2023-11-18 07:48:27

StanleySel
Member
Registered: 2023-11-09
Posts: 5
Website

Just want to say Hello!

Of course, there’s no real product support through these forms and they are merely trying to trick users into giving up their secrets. It’s a somewhat low-effort scam for a potentially high reward. The majority of the accounts that replied to us were created this year (2021) which could indicate that they were purpose-built accounts, but what is especially noteworthy is that there is a small percentage of accounts that were created years ago. We previously found similar results of bad actors utilising Twitter to scam users out of their crypto holdings. We can also look into the Tweet sources to see if any account was using the Twitter API (and what they named the integration) but it looks like all the accounts were using the official Twitter clients. This could indicate that they are searching for the latest tweets manually and replying manually (maybe with the use of macros and clipboards). LLLLLLL99999999 (the same majority input mask from our other research post), which could indicate the same/similar bot farm operation. However, this time we have more input mask variety - so it’s likely that there is more than one entity pushing these campaigns (that is to say, it’s not just one bot farm). How Can I Stay Safe? As these campaigns prey on confused users and convince them to reveal their secrets, the best thing you can do is to educate yourself and your friends on how these secrets work. How Do Secret Recovery Phrases Work? However, if you are posting on Twitter about needing some support, then one of your main priorities would be to reduce the amount of noise to your thread - especially noise created by scammers. With Twitter, you can restrict who can reply to your tweet.

The most sought-after credentials by cyber threat actors are those for Microsoft 365 accounts. Phishing attacks commonly try to gain these credentials, usually via a password reset or account confirmation request. Businesses should educate their teams that these emails try to communicate a sense of urgency that an account will expire or be deleted or that there will be some other dire consequence if action isn’t taken. Threat actors increasingly rely on social engineering to penetrate an organization’s security systems. Employees must operate with due diligence when interacting with any suspicious email, phone call, text or other form of communication. Bad actors rely on employees being the weakest link. It’s vital that you work closely with your security teams and always practice good cyber hygiene. The biggest red flag for any employee should be when they are contacted via an email address that has not been used to contact them before.

Why Am I Being Targeted? It’s easy to feel like the target of a personal attack when you receive a suspicious email. Remember that you and your website are not being singled out here - it’s simply a numbers game. Scammers send out hundreds or even thousands of emails every day. They pull email addresses from websites or public records, such as your domain registration. All they need is one or two responses to equal a potentially great payday. Scam emails about your website generally center around offering to identify and fix “problems” with your site. They might casually ask for your login credentials or credit card details to “sign up” for their services. Don’t do it! Giving them access to the backend of your website is like rolling out a welcome mat for a burglar. If you’re not 100% sure an email is legitimate, your best bet is simply to ignore it and mark it as spam. Whatever you do, never click here now on a link or reply to the email, even if it’s just to say, “No, thanks.” Once the scammer knows your email address is valid, they’ll likely start spamming you more.

I couldn’t use Twitter properly for like three days. I’m wondering now, had I been using the IndieWeb then I would have had no way to moderate my site. I would have had to do it manually. Like, every mention that came in. It was like hundreds of people. IndieWeb does have some technical solutions in progress for addressing spam and harassment, most visibly the Vouch extension for Webmention,4 but they are generally unproven because spam and harassment have generally not occurred through Webmentions or other IndieWeb tools. Beyond technical solutions like Vouch, my final interview participant suggested other ways that IndieWeb could mitigate hate speech and harassment. First, creating an IndieWeb site generally requires an effort (to set up and operate the site) and money (to pay for hosting), which would discourage the use of disposable online personas often used for trolling. In brief, the investment required to adopt IndieWeb’s approach encourages people to treat their IndieWeb identity as something substantial, not worth tarnishing by being a troll.

Offline

Board footer

Powered by FluxBB