Home / News & Analysis / Don’t Let Your Guard Down When Using Social Media

Don’t Let Your Guard Down When Using Social Media

I use Facebook almost exclusively for personal use to connect with friends, family, or business acquaintances, while Twitter is for news and commentary I find interesting. On the business-focused LinkedIn, however, I'm more liberal when it comes to connection requests.

OpinionsI reason that since the Microsoft-owned LinkedIn is for business networking, the more people I network with, the better it will be for my career and business relationships. I suspect that millions of LinkedIn users take the same approach.

However, I recently was made aware of a report from Dell-owned cyber-security firm SecureWorks. Its Counter Threat Unit (CTU) observed phishing campaigns targeted at the Middle East and North Africa that delivered PupyRAT, an open-source, cross-platform access Trojan using a fake person named Mia Ash.

In short, this report reveals that a known Iranian hacker group called Cobalt Gypsy created a fake profile of a woman named Mia Ash, who claimed to be a celebrated photographer. When I looked at Mia Ash's profile, it looked like many I'd connected with on LinkedIn or Facebook over the years.

The goal of the fake Mia Ash profile was to connect with individuals who were inside legitimate companies in the Middle East and trick them into opening a Word document via their company's email. That would deliver the PupyRat Trojan, infecting the company's network and potentially allowing the hackers entry to steal information.

Some years ago, Cobalt Gypsy used LinkedIn to spread malware-laden job applications. In that case, the fake persona was someone called Timothy Stokes, who said he was a recruiter for a well-known company.

I have also had suspicious requests on Facebook. A recent one came from a person who claimed to be CEO of a Minnesota company, but when I looked up the company, it did not exist.

I'm the last person to discourage anyone from being active on social media. LinkedIn, Facebook, Twitter, and others are legitimate ways to make connections and develop relationships. However, after reading about Mia Ash, I will carefully vet connection requests on LinkedIn.


I suspect that social media will be used more and more for phishing schemes. These two instances focused on the Middle East, but in talking to other security companies, I'm told that similar scams are becoming more common in the US. They use the same approach—befriend a person and over a few weeks or months get them comfortable with communicating and sharing personal information. At some point, they will say they have a friend who is a recruiter and suggest you send your resume—from your corporate email. Then, once the "fake" person can reach them through their corporate email address, they ask the target to open a malware-laden document, putting a company network at risk.

If you work for a company that uses social tools like LinkedIn, SecureWorks says your company should have a system in place whereby you can report any unusual or suspicious activity they receive from an unknown third party. They also suggest that individuals or organizations disable macros in Microsoft Office to mitigate the threat posed by malicious documents.

For consumers of all types, I highly recommend they be very cautious about whom they friend on any social media and never open a document from anyone unless it comes from a person you know and trust.

Read more

Check Also

Microsoft’s Twitch rival Mixer gets a revamp, including new developer tools for interactive gameplay

Microsoft is celebrating the one-year anniversary of its game streaming service and Twitch competitor, Mixer, with a host of new features, including a refresh of the user experience and the launch of an expanded developer toolkit called MixPlay. The new streamer tools will roll out along with the revamped version of Mixer .com across desktop and mobile web, and will initially be available to Mixer Pro subscribers. The company claims the service saw more than 10 million monthly active users in December 2017 – a figure, we should point out, may be higher because of holiday sales and the accompanying bump in game downloads and playtime seen across platforms. However, Microsoft also says that the Mixer viewing audience has grown over four times since its launch, and the number of watched streams has grown more than five times. These are still not hard numbers, but third-party reports have put Mixer well behind Twitch’s sizable and still-growing lead in terms of both concurrent streamers and viewers. (Those reports aren’t 100% accurate either, though, because they can’t track Xbox viewership.) Microsoft says the updated Mixer.com rolls out beginning today, with a focus on making it easier for viewers to find the games and streamers they want to watch, as well as those broadcasting in creative communities. While Pro subscribers will gain access first, they’ll have to opt-in by visiting their Account Settings and turning the new look on manually. (To do so, select the “Site Version” dialog, then the “Feature/UI Refresh” option, Microsoft says.) The full refresh will arrive to all Mixer users later this summer. As part of the new experience, the company is also rolling out more tools for developers with the launch of MixPlay. As Microsoft explains, instead of just adding buttons below a stream, MixPlay lets developers build experiences on top of streams, in panels on the sides of the video, as widgets around the video, or as free-floating overlays – all of which can be designed to mimic the look-and-feel of the streamed content. Basically, this means the entire window is now a canvas, not just a portion of the stream itself. One example of what MixPlay can enable can be seen in April’s launch of Mixer’s “Share Controller” feature, which created a virtual Xbox controller that could be shared by anyone broadcasting from their Xbox One. This allowed gamers and viewers to play along in real-time from the web. In addition, MixPlay will enable other games that are only playable on Mixer where controls blend into the stream – like Mini Golf, which launched this month and now has 300,000 views, or Truck Stars, for example. Three new MixPlay-enabled games are launching today, as well, including Earthfall, which lets viewers interact with streamers or even change the game; Next Up Hero, where viewers can help a streamer by taking control or freeze the streamer at the worst possible moment, depending on their mood; and Late Shift, a choose-your-own-adventure crime thriller you control. These sorts of MixPlay experiences shift the idea of Mixer being just another game streaming service to one where viewers can actively participate by playing themselves, or at least guiding the action. That could also serve as a differentiator for Mixer as it tries to carve out a niche for itself in the battle with Twitch and YouTube Gaming. But MixPlay isn’t just for interactive experiences, Microsoft notes. It can also help developers build experiences that simply enhance streams with additional content, too, like a stats dashboard. Another update involves the Mixer Create app, which offers mobile support to streamers. Now, streamers can kick of a co-stream by clicking the co-stream button on their Mixer Create profile, then send out invites, among other things. This is live on Android in beta today, and will launch soon on iOS beta, with a full rollout in early June. In terms of perks, Microsoft is running an “anniversary” promotion offering $5 of Microsoft Store credit along with any Direct Purchase of $9.99 or more. A second promotion is giving away a free, 1-month channel subscription and up to 90 days of Mixer Pro to anyone who reaches Level 10 on their account between May 24th, 2018 at 12:00AM UST and May 28th, 2018 at 11:59PM PDT. The company additionally announced a new partnership with ESL on esports, which will bring over 15,000 hours of programming from top competitive games to Mixer, including Counter-Strike: Global Offensive, League of Legends, and Dota 2. These tournaments will take advantage of Mixer’s FTL technology for “sub-second latency,” the company says. Other announcements around games and esports are mentioned in the Mixer blog post, too.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.