This article is about social media scam, which is called Twitter bots are tricking users into making PayPal and Venmo payments into fraudsters’ accounts.
Bots will search for “PayPal”, “Venmo” and other keywords to find tweets, and obtain the personal information of legitimate users to pretend to be legitimate users. Then Bots would block the account it imitated, and in their case copied the entire configuration file and added an underscore to the end of the name. (For example, the legal user’s name is “Lin”, but the name impersonated by Bots will be “Lin_”)
The bot will use similar usernames to pretend to be other users and provide false payment information to the original Twitter user to obtain payment. Bots usually don’t delete posts, but often change names. These fake accounts are hard to find, and they even have fans.
(Personal experience: I was scammed once on Facebook, it was not a bot but a person. He changed the lowercase L(l) to the uppercase i(I) to imitate legitimate users.)
The National Institute of Standards and Technology plans to publish various volumes of its forthcoming Cybersecurity Practice Guide throughout 2022 and beyond.
Zero Trust Network Architecture:
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
I obtained the article, “Awareness of cyberattacks and cybersecurity may be lacking among workers” by TechRepublic. A survey administered by Armis to business professionals discovered the lack of knowledge about recent incidents and proper cyber hygiene. The respondents were from a variety of different professional backgrounds such as education, finance, healthcare, IT & telecom, manufacturing, sales, media and marketing. Twenty-one percent of the respondents had not heard about the attack against Colonial Pipeline and forty-five percent of the respondents were unaware of the hack against the Florida water treatment plant; some of those that were familiar with the attacks did not see a lasting impact. Now that businesses are starting to open up again, many employees are moving to a hybrid model of working both at home and in the office. Despite the possible risks, more than half of the respondents said they do not believe their personal devices pose any threat to their organization, whereas twenty-seven percent admitted that their companies don’t have any existing policies to secure both work and personal devices. The article pointed out that “a lack of awareness turns an employee into an easy target for a cybercriminal looking to access an organization’s network via a phishing attack or social engineering”. Therefore, organizations can reduce the possibilities or success of an attack by normalizing a security awareness culture. At every level, employees should be taught how to identify malware-laced emails and other invasive attempts at credential theft so that they do not become easy targets for cybercriminals.
This article is about social media scam, which is called Twitter bots are tricking users into making PayPal and Venmo payments into fraudsters’ accounts.
Bots will search for “PayPal”, “Venmo” and other keywords to find tweets, and obtain the personal information of legitimate users to pretend to be legitimate users. Then Bots would block the account it imitated, and in their case copied the entire configuration file and added an underscore to the end of the name. (For example, the legal user’s name is “Lin”, but the name impersonated by Bots will be “Lin_”)
The bot will use similar usernames to pretend to be other users and provide false payment information to the original Twitter user to obtain payment. Bots usually don’t delete posts, but often change names. These fake accounts are hard to find, and they even have fans.
(Personal experience: I was scammed once on Facebook, it was not a bot but a person. He changed the lowercase L(l) to the uppercase i(I) to imitate legitimate users.)
The National Institute of Standards and Technology plans to publish various volumes of its forthcoming Cybersecurity Practice Guide throughout 2022 and beyond.
Zero Trust Network Architecture:
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Link: https://www.fedscoop.com/nist-cybersecurity-practice-guide-2022/
I obtained the article, “Awareness of cyberattacks and cybersecurity may be lacking among workers” by TechRepublic. A survey administered by Armis to business professionals discovered the lack of knowledge about recent incidents and proper cyber hygiene. The respondents were from a variety of different professional backgrounds such as education, finance, healthcare, IT & telecom, manufacturing, sales, media and marketing. Twenty-one percent of the respondents had not heard about the attack against Colonial Pipeline and forty-five percent of the respondents were unaware of the hack against the Florida water treatment plant; some of those that were familiar with the attacks did not see a lasting impact. Now that businesses are starting to open up again, many employees are moving to a hybrid model of working both at home and in the office. Despite the possible risks, more than half of the respondents said they do not believe their personal devices pose any threat to their organization, whereas twenty-seven percent admitted that their companies don’t have any existing policies to secure both work and personal devices. The article pointed out that “a lack of awareness turns an employee into an easy target for a cybercriminal looking to access an organization’s network via a phishing attack or social engineering”. Therefore, organizations can reduce the possibilities or success of an attack by normalizing a security awareness culture. At every level, employees should be taught how to identify malware-laced emails and other invasive attempts at credential theft so that they do not become easy targets for cybercriminals.
Link to article: https://www.techrepublic.com/article/awareness-of-cyberattacks-and-cybersecurity-may-be-lacking-among-workers/