Attackers use many techniques to gain access to our systems. In this video, you’ll learn about misinformation campaigns and brand impersonation.
One very effective social engineering technique is to disseminate incorrect information to others. Unlike something that’s a difference of opinion, misinformation and disinformation contains factually incorrect details. And it’s usually designed to divide or confuse different groups of people. We see this often online with influence campaigns. These are campaigns that are usually on social media sites, and they’re based around political issues or social issues.
There are documented cases where a third-party government or nation state is creating this dissension within different ranks of people. This may be designed to persuade people to believe something that’s not true or to distract from something that is obviously true that perhaps would be damaging to that particular nation state. This may not even be something related to a website or location that you’re visiting online. Instead, it might be delivered through the advertising that you see.
And the engine of social media is a perfect place to begin disseminating this misinformation. The attackers are very good at using these social media sites and the tools available to them to create articles and then share and like these articles to get them in front of as many people as possible.
This is how the misinformation process commonly occurs. The first step is for the attacker to create multiple accounts that contain fake users. These are not an actual person. All of these accounts belong to the attacker. Now the attacker needs to get this misinformation posted online. They’ll use one of their fake user accounts to create some content and post that on a social media site.
Once it’s posted online, the social media sites commonly have a like, a share, or a follow option. And this will allow the attacker to amplify that message to a larger group of people. The algorithms within social media recognize when a particular post is being liked or shared and will present that post to others as well. Once this algorithm shares this with others, there will be actual users that see this information, and they will share it with other people that they know.
And once this misinformation reaches a certain level of popularity, the mass media will recognize how popular it is and create their own stories to publish on something that from the very beginning was misinformation.
Another interesting social engineering technique is to use brand names. These are names of companies that you probably know, things like Coca-Cola and McDonald’s. These brands are instantly recognizable to most people. So the attackers will create hundreds or even thousands of sites with this particular brand name. Google will then index these sites, and it goes into the Google search engine. If someone searches for those brand names on Google, it’s very possible that they might be redirected to one of these impersonated sites.
You may have even seen this when you do your own Google searches that you think you’re going to a legitimate site, but when you visit the site, you get a pop-up message or an image that says you won, there’s a special offer, and here’s some software that you should download. Obviously, that software is not legitimate. It probably contains malware, and now your computer is infected. It will display ads. It may track what sites you go to. Or there may be data that’s exfiltrated from your computer and gets into the hands of the attacker.