#that i have to go online myself and send a whole email with two identifications to request | Explore Tumblr Posts and Blogs

smartphone-science · 5 years

Link

Malicious Takeovers Happen – and It Could Happen to You Too

So I want to use this post to get straight to the point. Recently I lost all admin rights on my own Facebook page, Cat. I was the creator of the page and only person with admin rights to the page. Over the last few years I have used the page to share my love of cats and certain aspects of my life with a steadily growing base of followers. To some people it is probably “just a Facebook page” – and that is a fair assessment, but without going on about it in detail I will say that it means quite a lot to me. Losing the page even for a short amount of time freaked me the heck out, and rather than pretend it didn’t happen because it was a bit embarrassing – I want to talk about how it happened so it doesn’t happen to anyone else.

If you are owner/admin of a Facebook page with a relatively large audience or high amount of cyber traffic – then you are a vulnerable target in the eyes of people with malicious intent. You may think that you are far too clever or internet savvy to fall for an online scam. I know I certainly thought I was. And that was the first of several mistakes I made on the way to losing admin rights on my own page.

Mistake Number 1: “I know that online scams exist, but I’m not actually silly enough to fall for one.”

I guess at the end of the day I’m quite quick to self-blame but I actually do see this as probably one of the most important factors. I’m not completely naive to the world of internet scammers, in fact, I ignore hundreds of fake requests to my page inbox on a regular basis. I don’t forward chain emails. I see friends fall for a scam and I think, “that wouldn’t happen to me.” The entire time I was being led on, I did have a bit of a bad feeling and on reflection can look at what happened and think “wow I was foolish,” but at the time my feelings of doubt were dampened significantly by thoughts of “surely this isn’t a scam because it’s different. SURELY I would know if it was a scam.”

Mistake Number 2: A scam by any other name is still a scam.

Scammers pretty much rely on changing their tactics to adapt to changes in the information people have about them that exposes their schemes. Most of us have stopped thinking we will win an iPhone for sharing that giveaway post, and so the people wanting to rip us off have to change their game in order to keep up with the people cottoning on to their plans. It’s easier to get caught by a scam that is set up differently than all the others you’ve seen and it was one of the first things that led to me dropping my guard. In these screenshots I’ve given an example to the type of message the page has sent to it on a regular basis that I usually just ignore.

Most of the time, when I look at the inbox at a later date the profile is no longer available and the messages removed as they have been identified as spam or abuse. I’m very accustomed to getting them and very accustomed to ignoring them.

So what happened? How and why did I drop my guard?

I’ve thought quite a lot about this as it was ultimately my own fault that the page was stolen and frankly I felt pretty bad during the whole ordeal. There were a couple of factors that aren’t really within my control that contributed and they are interrelated. I am struggling with an ongoing mental health battle due to a seemingly malevolent trifecta of PTSD, depression and anxiety. This has led to having a financial struggle as this mental state has meant I’ve been unable to continue my medical school education at the present time and have not been able to work. Feeling like a financial burden on my family and wanting to provide some economic relief was a driving factor in the entire debacle. However, what I thought would happen and what actually happened were two drastically different things.

What I thought would happen: I would be providing links to relevant products for the people who like and follow the page – cat T-shirts and fun products for cats and their humans – while generating some income so I don’t feel terrible about staying home and making cat memes.

What actually happened: I woke up one morning to find I had no control over my page and another person had been added who was posting irrelevant spammy content every few hours. People in the comments section were saying I had sold the page and basically I went into a complete state of panic. I felt stupid, angry, and absolutely devastated that my cat page had been stolen after all. Ultimately I got it back – but this is overwhelmingly not the case for all such takeovers and so I want to write about what happened in case anyone else finds themselves in a similar position.

The details:

I receive a message to the Cat page from a person claiming to work for an advertising company. I see the message and initially get annoyed as I assume it is yet another scammer so I grouchily message them back to tell them I’m not interested in doing any business with them unless they will email me with the details. Not too sure why I set this strange invisible condition of a person’s legitimacy but for some reason I felt like those who were dodgy would refuse to email me.

“Velma” sends an email to me with her terms of business.

3. I agreed to proceed and “Velma” begins the next step in her process of fooling me into losing administrative rights on my own page. First she sent this email, carefully worded in a way that leads me to believe the process is to PROTECT my security.

4. “Velma” sends the invitation from Business Manager; the email comes from Facebook because the scammers are using an official Facebook tool to carry out their plot.

5. At this point I have reached a state in which I am simultaneously suspicious that something is up, while also thinking that no harm can be done if I proceed with the invitation. After some excruciating internal debate I decide to accept the invitation. “Velma” directs me through with the following screens to add my page to the advertising account. Note that at this point I was actually kind of worried but “Velma” convinced me that it was ME sending the invitation and only me who could give anyone admin rights.

6. I sent “Velma” a message with the screenshot of the page ownership request, because to me it seemed like accepting the request would be handing over the page to her business. She convinced me that was not the case (spoiler, she lied, it was the case).

7. Up until this point, “Velma” had been kind of pushy with her messages. Once the page transfer was done, she became strangely quiet. I became very concerned that I was making a big mistake and messaged her asking why she was no longer responding.

8. After a day or two of politely waiting for “Velma” to continue the process of sponsored advertising, I became too anxious to continue and sent her a message saying I was going to contact Facebook and ask them to reverse the process because it didn’t seem like I had done the right thing by handing over ownership of the page. “Velma” insisted that she would contact Facebook herself to sort out the issues. I went to sleep. I did not screenshot the last messages, which is a same because the next morning I woke to find I had lost control of the Cat page completely. I could no longer access the messages, post as the page, remove posts by the page, or anything else other than viewing the insights, because my page role had been downgraded to “analyst” instead of admin. There were three strange, click bait, spammy videos that had nothing to do with cats posted on the page. Fans were irate and each of the posts had comments about how the page had been sold or hacked.

It felt like a bad dream but it slowly sunk in that I had in fact been duped. For an hour or two I freaked out and tried finding SOME WAY, ANY WAY, of contacting Facebook to tell them what had happened. Friends commented on how similar things had happened to them or someone they knew and the success rate of page return was quite low, involving a lot of effort. Ultimately I became extremely worried that I had permanently lost the page due to my own foolishness and finding a way of getting it reinstated seemed virtually impossible.

I found a way of submitting a report through bug feedback and wrote the details in the form, hoping for the best. Hundreds of people supported me by commenting on Cat and reporting the page for intellectual property threat. Many people encouraged me to set up a new page and start again – but to me it seemed pretty half hearted since the other page was already so large. I set a new page up anyway but felt completely devastated by the loss of Cat and furious with both myself AND the hijackers for the whole situation. However, I DID ultimately get the page returned to me – and it was much quicker and easier than I thought it would be.

Getting it Back:

During the whole ordeal I tried many different ways of getting to speak with someone at Facebook, well aware that this is pretty much impossible most of the time. A friend of mine who lost a Facebook page in the same kind of way told me about his method to get his page back and it sounded pretty arduous to be honest, involving providing identification etc. However, he also gave me this link which is a simple form that you submit when you have lost access to a page which is yours because an admin was hacked: https://m.facebook.com/help/contact/1280439701975125

Several hours after I used the above report to let Facebook know I had lost access to the page, I received a notification from Facebook with a message to say that my page admin rights had been restored.

So there you have it. Yes, I am embarrassed that I fell for this scam. Part of me did not want to tell other people how silly I can be, but I think it is important for other people to see how it can happen to just about anyone. If you are one of the people who supported me during this time, thank you! I wanted to give up several times but the large movement of people behind me really helped. And of course I found it pretty amusing to read all the messages demanding that the page be returned to its rightful owner – don’t screw with cat people…we are a different type of human, that’s for sure. I guess it’s safe to say I probably will have a much higher degree of caution going forward.

Until next time, Love from,

Cat’s Human

via Science Blogs

#IFTTT #Science Blogs

0 notes

airoasis · 5 years

Text

Why Legal Firms Should Use IAM and PKI for Cybersecurity - Talk

New Post has been published on https://hititem.kr/why-legal-firms-should-use-iam-and-pki-for-cybersecurity-talk/

Why Legal Firms Should Use IAM and PKI for Cybersecurity - Talk

Howdy every person and an extraordinarily heat welcome to the session today the subject for modern-day discussion is do not fall sufferer to cyberattacks use pki and i am for cozy on-line communications globalsign world website online is one of the oldest publicly depended on certificate authorities on the planet in short we are the business of issuing on-line identities just to the whole lot it could be a human being it could be a server it would be a computing device would be some thing we can do this myself my title is golden Yadav i’m earnings engineer for the emea area and i’ve been working with international signal for roughly two years now at present we talk concerning the developing dangers for authorized corporations feasible options we mentioned a few tactics execs and cons with these strategies and if time enables maybe we are able to do a rapid demo Israel with the intention to speak in regards to the growing dangers for authorized organizations i can’t speak concerning the information the percent of legal organizations who have been attacked or the varieties of threats which are be used and stuff like that which I traditionally do but i’m no longer doing it today within the interest of the time we will just speak about one understanding to maintain the assault which show up in the Telegraph on sixteenth of may just 2015 6 greater than a yr now on this exact attack what happened is that this family has bought the property just about 300 thirty thousand instances and while this sale was once happening they had been interacting with their solicitors or e mail or unprotected clear textual content email after the property was bought the sunlight sitters requested the victims to give them the bank account small print so that the proceeds from the sale could be transferred they reply to the email giving the financial institution account important points and the solicitors did the white transfer a few days down the road we eventually understand that money has not yet reached our account and the chase of solicitors they usually said well we pay the money to this account the victims then say no this is not our count our depend is much less they match the emails and they were different they realise what had happened is that while the email used to be in transit it was once intercepted the info was once converted within the e mail and then it was sent out to these different sitters so what basically occurred was once the mail was once manipulated by using the hackers they put their own account important points and they got the money by the time the victims and the solicitors realized what occurred they reached out to the bank they usually got the account frozen sixty two,000 pounds had best been withdrawn the leisure of the cash used to be certainly given back to the victims but the question was once who is liable to pay 62 manufacturers due to the fact you two grants some huge cash soul etc stated no we can now not pay that we abided by means of what you had given in the e-mail the bank said an obeah just a banker we are right here to only keep your cash and provides it to pay where you want to we aren’t accountable so the talk went on for a number of months and the specialists on this specific article within the Telegraph and otherwise steered and said as an alternative that it is the solid sitters we will have to have paid the cash back seeing that they are the BB each intermediate between the victims and the financial institution anyhow that was once it a little what is more major here is to appreciate that exclusive knowledge or ship over an e mail which is not a just right suggestion so what will we do about it one method to that is comfy your emails and how you are able to do that the two approaches of doing it clearly earlier than we talk about those two ways let’s talk speedily contact upon what is digital certificates so any individual and everybody who wants an identity has a key pair and then there is a certificates related to the important thing pair certificates are issued by way of publicly it used to be the style of any authorities like ourselves after D waiting approach and what we do within the vetting procedure we try to figure out who the person is whether the applicant is particularly is who he says he’s after we verify that we problem the certificates and which basically acts like a digital passport so certificates does the identical factor in an internet world what a passport does in the true world it helps authenticate the user after getting a digital certificate you could click on the digital certificates create an electronic mail signal it and ship it throughout to the recipient the recipient gets an e mail almost always he’s going to have icon or some symbol to inform there may be a beam that it’s k it can be a just right male you could believe it there is whatever improper with it and the person click on with that what you are seeing here is outlook specific e mail customers behave another way what you reap with visible signature is that foremost knowledge integrity so whilst you compose an e mail and now not most effective e-mail you are able to do to design records and PDFs and phrase something you wish to have it integrity means that you can not alternate the report or the information patrick has been signed in case you try this this purple ribbon would have trade into some sort of warning sign the same occurs with electronic mail equal happens with documents PDFs and work if the loop tones had finished this when the email used to be intercepted the solid sign would have acquired a purple sign and they’d have proceeded they would have acted on the email second you get is non-repudiation someone signs the information cannot deny later on that I didn’t do it it might be the patron it might be your solicitors it could be the bank it would be this we will state agency in there many different situations selling a property is solely one of the most eventualities there will likely be many other eventualities and 1/3 of direction is authentication when you signal an email the recipient is aware of exactly who it’s come from due to the fact you’ll discover the small print as I just confirmed you here on the screen digital signatures give you three capabilities however the information remains to be readable that you can still print the information in transit that you would be able to discontinue see what is going on and then that you may let it go if you wish to make this their exclusive that you could then encrypt the e-mail this is how you do it you’ve the same virtual certificates compose an email you sign it and now you are taking the recipients public key encrypt and send it to the recipient on the recipients part he’s going to observe his or her personal key after which decrypt the email very simple same procedure rather of only one red ribbon you could possibly see a blue lock as well lock way encrypted and while you picked up the mail you get the small print that is what the electrons should have finished I play to signal and to enter the e-mail and fingers going out from your outbox should be signed some thing confidential should be integrated quite simple nevertheless there is a challenge with this strategy the plus aspect is i’ll talk in regards to the excellent things first is that this will also be setup up and going for walks in simply days time so all we have got to do is to moist a user most of the time takes one or two days depending upon how speedy the vetting can approach certificates may also be issued and you must run day one handy to established the downside is what you just saw signing and encryption is sincerely about s mind signing an encryption now the webmail consumers for illustration Yahoo Gmail scorching mean that do not support a smile out of the field for you to be ready to signal and encrypt these emails you want down load a plug-in or a program and then configure the program which is not easy which is truly clunky works well on your corporate users who run o clock lotus notes or different e mail purchasers however does no longer particularly work good for your freedom users handiest half of of the populace gets covered what’s the technique to this the approach to that is the second procedure 2d solution it’s known as net portal established approach so what we’re suggesting right here is that as an alternative of sending or sharing personal know-how over e-mail you do that on an internet portal so you create an account for the user the consumer logs in and then he can upload or share private knowledge now not best content personal information you can even share contracts illegal contracts some thing one of a kind types of Taylor you have got to get signed file you have to get website online so you use electronic mail most effective as a fellow mechanism when one social gathering requests know-how the 2nd get together will get an e-mail alerting that any person is inquiring for know-how please log on to your portal you could have comfy authentication mechanisms and build around the portal we are able to help various distinct applied sciences you log in securely you furnish information than you sign off when you do that and you have got massive number of customers you may need identification and access administration so you may need to enable the customers to be log in to log into into this tool from considered one of their own applications they do not ought to open a browser sort the URL from some thing they’re doing this click on a link and they log in to click on a button let me just login so you need some thing like single sign-on you want users to log into the system from their possess credentials which they have already got so that you want identification federation and then of direction you manipulate these identities is why you need an identification and entry administration portfolio which anybody like globalsign can support you with that with a view to further discuss this thought this procedure I want to use a rapid demo which is the last part of my session so i will rapidly jump on to browser over right here and that i go browsing to this tool which is referred to as signal glide it’s from certainly one of our science companions what I see here once I login is my dashboard i will be able to see what is happening 7 pending which means that i’ve seven pending documents i have records that are accomplished and records which might be in circulation the documents that have been despatched to me and that i rejected them and so forth and many others let’s with pending so i click on pending and i can see the entire document that are they within the record i click on plus sign it gives me an audit path when the file was initiated who’s asked for it and stuff like that it’s me myself due to the fact that i am simply doing a testing right here I click on on open and that i see the document it is proper there in entrance of me and i learn the file the pattern contract and say okay everything is fine there are three signatories who’ve already signed this before I did and so they’re two text fields over right here now this text discipline to now ask aspect add so i will say london signal on i say 12 july two thousand sixteen 2016 and then I say proceed to sign I say yes what is going down now is that this knowledge that i added as text area is being embedded into the report it becomes part of the record as doc men would have created previous as soon as that’s performed the healthcare professional will be capable to be signed which you are going to peer subsequent now the knowledge that i entered over here is visible it might be some thing it could be financial institution account important points that you are asking your purchasers some thing every other piece of knowledge does not topic and i say sign here i will draw a graphical signature as well which is nothing however just to effectively show to the readers who signed it with the initials and what is going down now is that my pki digital signatures are being up out of this document and the report is already you can download this report so to read it open it with Adobe Reader and your entire signatures may also be validated so what i am trying to say is that you don’t have to be logged in to this device to be capable to validate your signatures you can do it via the redress 12 which is thoroughly free that you could then ahead it to your two different recipients and whoever is the creator at the start most likely gets these files so I click on on that I click on my dashboard overview and i see that one document has long gone under I had seven pen in files I’ve got six and the quantity of report which had accomplished it can be gone up by using 1 so this can be a rapid overview what you can do when that you can gain the portal like this so some other questions you could have I will probably be pleased to take them offline thanks all on your time women and gentlemen have a fine day forward bye-bye

0 notes

batterymonster2021 · 5 years

Text

Why Legal Firms Should Use IAM and PKI for Cybersecurity - Talk

New Post has been published on https://hititem.kr/why-legal-firms-should-use-iam-and-pki-for-cybersecurity-talk/

Why Legal Firms Should Use IAM and PKI for Cybersecurity - Talk

0 notes