Social Media Deception | Lakhani, Muniz (RSA Europe)

Aamir Lakhani, Joseph Muniz; Social Media Deception; At RSA Europe; 2013-10-30; , Session: landing; 28 slides.

Aamir Lakhani

Joseph Muniz

Mentions

  • Emily Williams
    • Patterned after Robin Sage
  • Men trust Attractive Women
  • Click Jacking

Parting References

  • Hot, Warm, Cold Data Threats
  • Trending & Predictive Analysis
  • Kill Chain
    • concept
    • a metaphor riffing on the military doctrine

Referenced

Promotions

Lucian Constantin (IDG News); Fake social media ID duped security-aware IT guys; In IT World; 2013-10-31.
Teaser: Penetration testers used a faked woman’s identity on social networks to break into a government agency with strong cybersecurity defenses

Via: backfill

(Firefox) AutoPager & TeeSoft shady murky scammy ‘Click here to scan for System Errors & Optimize PC Performance’?

AutoPager for Firefox is really really neat, and to date is highly recommended.  But the headline banner promotion today sure feels shady…

Points

  • The old Free Scan Your PC, Optimize Your Performance For Free scam.
  • Clickthrough link
    • Is at www.teesoft.info
    • Redirects 301 into www.uniblue.com
    • Redirects again into a synthetic domain name in an anonymous cloud: d2iq4cp2qrughe.cloudfront.net
    • Clickthrough landing page gets a severe WOT warning for shady reputation
  • The ultimate landing page at www.uniblue.comhas lots of provenance and honorifics in the logos, alleging:
    • Industry pundit quips & quotes.
    • Editors Pick from some magazine.
    • Microsoft Partner status and a logo.
  • Then they ask you to download a Windows exe file and run it on your machine.

Why wouldn’t this be scammy?

  • They’re not doing the most basic OS detection.
  • I’m not running Windows!
  • They want me to run an exe on my machine.

Counterpoints

  • Cloudfront is Amazon, and they police all their customers to warrant their veracity, don’t they?
  • Microsoft Partner status is worth something isn’t it?  Surely not just anyone can put that logo on their web site!
  • The WOT bad reputation is from a single unhappy customer type comment, written in Russian.

You don’t run into this very much in Mozilla Addon culture.  Usually it’s all brightly-lit, brand-safe you-are-safe stuff.  But here, as they say in the trades: sounds legit.  Love the autopager, hate the phishing.

Actualities