Re:Scam.Bot

Next time you get sent a scam email FORWARD it [email protected], created by Netsafe as a sophisticated A.I. email program to keep bad guys busy.

The A.I. will reply to the bad guys with conversation and keep them busy until they realize that they aren’t going anywhere. When the conversation is over, re:scam will email you a copy of the chain so you can get a good laugh at the exchange the A.I. and the bad guys had. This is security awareness!

The video is kind of creepy, but fun at the same time.

Facebook Photo Analysis

I was having some connectivity issues at the hotel I was staying at recently, while I was checking out how many likes I got on my photos in my post on Facebook. Some pictures weren’t loading and I was shocked… (maybe not that shocked) to see that the tech behind the uploader analyzes the photos and writes the metadata descriptions of what the photo is or maybe about.

 

RSA Charge 2017

I haven’t been doing a lot of posting this year, as my involvement at work on keeping many folks abreast on industry news has been waning. I have been focusing a lot more on several other areas within the Governance, Risk, and Compliance space, including building our processes to be used for our Archer platform and keeping those developers on track. A lot of what I’ve been up to, can’t really be shared, but what I can say is that I’ll be going to RSA charge next month. I am looking forward to it. If you are going, let me know!

The Lovely Mia Ash

Have you ever seen that spam on Facebook where someone posts, if you see a friend request from so-and-so, don’t accept it, it’s a hacker! Yeah, this post is ‘kind-of‘ like that.

Well, Mia Ash is a whole online persona that is leveraging catfishing techniques to lure men (or women) in power. She would reach out to the victims via LinkedIn, Facebook, Snapchat, etc, asking a question or two about photography, and would keep talking to them via social networking and email about all sorts of subjects, slowly creating trust. Social engineering them! She had numerous profiles across the social networks that were well aged and used and was entirely personable. It didn’t hurt that she wasn’t bad to look at too…

After working a target, she would ask them if they could open a file for her, in an innocent way, and the file would contain PupyRAT. The Group behind Mia Ash weren’t after credit card numbers, but company secrets.

It just kind of goes to show you, social engineering and going after human vulnerabilities is the best way in!