Social network spamming and scamming based on compromised accounts is a bit like Business Email Compromise (BEC), where crooks go to the trouble of getting access to an official email account inside a company. IUnfortunately, it’s not enough just to trust the sender, because you have to trust the sender’s device and their account as well. In other words, if scammers can get into to your social media accounts, they not only get access to your people-I’m-happy-to-chat-to list, but also acquire the ability to spam that list of people-who-are-happy-to-hear-from-you with messages that were apparently sent with your blessing. …but even if you know that your cousin Chazza is prone to sharing groanworthy memes and eyebrow-lifting videos, you probably still take a look at them, because you know what to expect already, and, hey, it’s your cousin, not some totally random online sender.
You’re unlikely to open documents or click on links that clearly came from an email sender you’ve never met before, don’t want to meet, and never will… Of course, the flip-side of a closed-group messaging ecosystem is that you’re more likely to believe, or at least to take a look at, stuff you receive from people you know. Indeed, we know plenty of people who hardly use email at all any more, preferring to communicate with friends and family via exactly this sort of closed group, mainly because it sidesteps the flood of intrusive and unwanted garbage they face via email. This sort of online world isn’t anywhere near as easy for spammers and scammers to infiltrate. Unlike the email ecosystem, where anybody can email anybody (or, in the case of bulk message senders, where somebody can email everybody), messaging and social media apps such as WhatsApp are based on closed groups. Loosely speaking, self-compromise in this context refers to app-based phishing: create a bogus login dialog that keeps an unauthorised copy of anything you enter, including personal data such as passwords.Īs you can probably imagine, and as WhatsApp claims in its court filing, the primary value of these compromised accounts to the alleged infringers was that they could be used for “sending commercial spam messages”. WhatsApp, together with its parent company Meta, has started legal action against three companies whom it claims “misled over one million WhatsApp users into self-compromising their accounts as part of an account takeover attack.”
0 kommentar(er)
