Social Engineering Is Still Here – Spotlight #395

1. Good Monday Morning

It’s August 30th. Housekeeping: no Spotlight next Monday due to the Labor Day Weekend. Be nice to each other, and wear a mask while you’re out and about.

Today’s Spotlight is 1,350 words — about a 5 minute read.

2. News To Know Now

Quoted:”This is the worst cloud vulnerability you can imagine, This is the central database of Azure, and we were able to get access to any customer database that we wanted.” — Ami Luttwak, CTO of Wiz, describing how Microsoft customer databases for big and small companies were left exposed online. (The Verge)

a) OnlyFans quickly reversed its upcoming ban on sexually explicit content last week. The platform offers more than porn — plenty of musicians, artists, and even fitness teachers use the site, but it is best known for nude imagery, and you won’t be shocked to learn where most of the money came from.

b) TikTok user engagement doesn’t rely on porn, but is pretty darn impressive, according to data in AdAge that cites CreatorIQ. Q2 engagement is 2-3 times — and as much as 5 times — greater than engagement on Instagram, Facebook, YouTube, and Twitter.

c) Executives from Amazon, Apple, Google, Microsoft, and IBM met with President Biden at the White House last Wednesday and agreed to spend tens of billions on cybersecurity initiatives over the next 5 years. That made the end of last week an especially bad time for Microsoft Azure database issues to come to light.

3. Search Engine News — The Week Every Marketer Cursed At Google

Google confirmed last week that it is overwriting title tags using a “new system” that works better than search marketers or its previous method of matching the searcher’s query with words it picks. This is the type of work that Google says its algorithms are better equipped to handle.

We’re not seeing big changes on our clients’ sites or sites that we own as much as some other practices are.

Title tags are the hyperlinked line that appears in Google above the text snippet. Google would previously adjust them if its algorithm detected an opportunity to improve the clickthrough ratio. Now, Google exec Danny Sullivan, a former marketer who is widely credited as the Father of SEO, says that his thinking has evolved and that Google’s software will do a better job.

Sullivan added that he hopes for an opportunity to allow website owners to flag “5 or 10” pages that need exceptions to the new policy. He says that he wants to limit website owner input because “That way people wouldn’t make wholescale (sic) long-term mistakes accidentally.”

I’ve spent a lot of time over the last two weeks watching well known marketers unsuccessfully scream at Google online. Consider: Google’s revenue and head count is more than double that of Coca-Cola, Exxon, or JPMorgan Chase.

There is most definitely more to come on this issue, but for now, the changes are done regardless of who agrees. Everyone will cheer if click rates and conversions increase while Google will have to reverse things as fast as OnlyFans allowed porn back if they don’t.

 4. Spotlight Explainer — Social Engineering

Social engineering occurs when someone attempts to get information from you in a social media setting that helps them access your information or device. You might not be (probably aren’t) the target, but could be an online acquaintance, friend, or relative of a target. 

It’s Often Tied To Ransomware: There are too many instances of simple phishing emails triggering ransomware or other cybersecurity issues. In 2017, top White House officials fell for emails that were purportedly from Jared Kushner and offered a dinner invitation. That same hacker also got Goldman’s CEO to respond to a fake email that was not from Barclays’ Chairman.

About half of all ransomware is triggered by a malicious link in a fake email. Now imagine if a White House official or top bank executive had clicked a link instead of pressing the reply key.

Knowledge Is Power: Imagine a message on LinkedIn or Facebook from a colleague who uses the right jargon or knows in-house slang. Now imagine it’s a former colleague who writes that they’re trying to reach another old co-worker. They know you’ve got to be in touch. 

Or consider the image that I came across on Facebook last week. A cute cartoon of a crying puppy in a halo carried the message, “Honor a Pet Who Is No Longer With You, Who You Miss Dearly. What Was Their Name?”

That post was made on April 25 and has racked up 3.5 million comments and 202,000 shares in four months. Yet it contains your name, whatever info you’ve left open on Facebook, and the answer to a common password challenge question. Even if these people were legitimate, the comments are open for anyone to scrape.

The same holds true for other questions on social media when you reminisce about high school (tag a friend from high school with your best pep cheer), cars and jobs (it’s race time — what was your first car?), and more.

Does This Stuff Work? Yes! It works great. Two years ago we published a report by a Strategic Communications team at NATO in Latvia. Using ONLY public information, they targeted military personnel engaging in exercises and found they could create influence activities for the actual soldiers.

From the report: “Overall, we identified a significant amount of people taking part in the exercise and managed to identify all members of certain units, pinpoint the exact locations of several battalions, gain knowledge of troop movements to and from exercises, and discover the dates of the active phases of the exercise. The level of personal information we found was very detailed and enabled us to instill undesirable behaviour during the exercise.”

How Can You Protect Yourself? The Plymouth (CT) Police Department said it as well as anyone could.

5. Debunked — People Taking Livestock Medicine

It is indeed true that many Americans are ingesting livestock medicine used to protect animals from worms and other parasites. Things have gotten bad enough for the FDA’s official account to tweet to Americans, “You are not a horse. You are not a cow. Seriously, y’all. Stop it.”

Even after that, calls to the Texas Poison Control Network for ivermectin poisoning increased more than 50%.

NBC’s Ben Collins and Brandy Zadorzny traced the demand for the deworming medication from the Trump-endorsed “America’s Frontline Doctors” to anti-vaccine and anti-mask groups to physicians actively selling the medication online. Read and watch their work here.

6. Following Up — Amazon To Back Third Party Sellers Up to $1,000

After courts in Texas and California issued differing opinions on whether Amazon is a seller when third parties use the platform, the company announced that it will honor customer claims about third party sellers for up to $1,000. A company release said that the amount would cover “more than 80%” of cases.

 7. Protip — How to Scan A QR Code

Every year or so, QR codes (those funny squares of machine readable stuff) make a splash. Maybe you want to aim your phone at one, but don’t know how to scan the code. We’ve got you covered for apps, iOS, Android, or Google Lens.

Screening Room — Serena Dons Wonder Woman’s Costume

Serena Williams becomes Wonder Woman to fight off tennis ball robot—, you know what, just watch it. (There’s one cameo I won’t spoil.)

9. Science Fiction World — Elon Musk’s Space Billboard

This is a really bad idea. SpaceX and a Canadian startup are combining to put equipment on an orbiting satellite that will include advertising that “anyone” can purchase. 

10. Coffee Break — How I Experience The Internet

You’ll want to click on each button and message on this site if you want to experience the internet as I do.

11. Sign of The Times

Leave a Reply

Your email address will not be published. Required fields are marked *
You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.