FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdayMcAfee Blogs

How to Protect Your Social Media Passwords from Hacks and Attacks

By: Jasdev Dhaliwal

What does a hacker want with your social media account? Plenty. 

Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes. 

Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA). 

What is multi-factor authentication (MFA)? 

MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.  

Examples of MFA include: 

  • Sending a one-time code via a text or phone call, often seen when logging into bank and credit card accounts. 
  • Sending a one-time code to an authentication app, such as when logging into a gaming service. 
  • Asking for the answer to a security question, like the name of your elementary school or the model of your first car. 
  • Biometric information, like a fingerprint or facial scan. 

With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have. 

This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information. 

How to set up MFA on your social media accounts. 

Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”  

Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results. 

For quick reference, you can find the appropriate help pages for some of the most popular platforms here: 

  • Facebook two-factor authentication help page 
  • Instagram two-factor authentication help page 
  • Twitter two-factor authentication help page 
  • TikTok two-factor authentication help page 
  • Snapchat two-factor authentication help page 

Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.  

MFA – a good call for your social media accounts, and other accounts too. 

In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way. 

More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password. 

On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack. 

Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.   

The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.

Scammers Follow the Rebranding of Twitter to X, to Distribute Malware

By: McAfee Labs

Authored by: Vallabh Chole and Yerko Grbic

On July 23rd, 2023, Elon Musk announced that the social networking site, Twitter was rebranding as “X”. The news propelled Twitter and X to gain headlines and become the top trending topics on popular social media platforms. 

Scammers pounced on this opportunity and started renaming various hacked YouTube and other social media accounts to “twitter-x” and “twitter fund” to promote scam links with new X branding. 

Figure 1. Twitter-X-themed YouTube Live Stream by scammer 

 

Figure 2. Twitter X Crypto Scam 

 

This type of scam has been active for some time and uses an innovative approach to lure victims. To make this scam more authentic, attackers target famous Influencers with sponsorship emails that contain password-stealing malware as email attachments. When password stealer malware is executed, the influencers session cookies (unique access tokens) are stolen and uploaded to attacker-controlled systems. 

Figure 3. Malware Flow Chart  

 

After the influencers account has been compromised, the scammer starts to rename channels, in this case to “Twitter CEO” and then the scammers start to live stream an Elon Musk video on YouTube. They post web links for new scam sites in chat, and target YouTube accounts with a large number of subscribers. On other social media platforms, such as Instagram and Twitter, they use compromised accounts to follow users and post screenshots with captions, such as “Thanks Mr.Elon”. If we look for these terms on Instagram, we observe thousands of similar posts. Compromised accounts are also used to post videos for software/game applications, which are malware masquerading as legitimate software or games. These videos demonstrate how to download and execute files, which are common password-stealing malware, and distributed through compromised social media accounts.

Protection with McAfee+: 

 McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites.

Figure 4. McAfee WebAdvisor detection 

 

Below is a detection heatmap for scam URL’s targeting twitter-x and promoting crypto scams  

Figure 5. Scam URL Detection Heatmap 

 

Figure 6. Password stealer Heatmap 

 

Indicators of Compromise: 

Scam Site  Crypto Type  Wallet   
twitter-x[.]org  ETH   0xB1706fc3671115432eC9a997F802aC79CD7f378a   
twitter-x[.]org  BTC   1KtgaAjBETdcXiAdGsXJMePT4AEGWqtsug   
twitter-x[.]org  USDT   0xB1706fc3671115432eC9a997F802aC79CD7f378a   
twitter-x[.]org  DOGE   DLCmD43eZ6hPxZVzc8C7eUL4w8TNrBMw9J   

 

The post Scammers Follow the Rebranding of Twitter to X, to Distribute Malware appeared first on McAfee Blog.

❌