Content & Communication

My Battle with Fake Social Media Accounts. By Agnes Banks

Written by Agnes Banks
Category: Content & Communication Published: Thursday, 23 November 2017 10:12
Hits: 453

I am always amazed by the number of colleagues who accept invitations from fake accounts on LinkedIn. This, without checking the credentials of the person behind the account. Some fake accounts have reached over 500 connections. Is social networking all about the number of followers? The problem is that when you accept connections from fake accounts, you are exposing all your genuine connections who might now be targeted by email-based phishing campaigns, using social engineering and inviting them to click on a link.

fake accts

When I receive an invitation on LinkedIn from someone who wants to join my network, I check his contacts. My interest increases in proportion to the number and quality of their contacts. But when I see a profile with reasonable expertise, and lots of contacts, I lower my scrutiny. 

Of course, we all say "not me...", but, unprepared or too busy, you and I may end up accepting and opening invitations or messages. Then, without thinking, we click on a link, thereby downloading malicious software onto our devices. Hackers then are able to use our devices to launch the attack and encrypt files. We all know that, right?

Another common way for malicious software to be installed on our device is through ads on websites, or downloading questionable apps and programs. We need to exercise caution when opening unsolicited emails or visiting unfamiliar websites. It helps to read reviews about programs before you download them.

As much as possible, I try to check the credentials of the person sending an invitation. We can never be too vigilant. You can call me paranoid, but paying attention to recommendations on how to protect my professional social accounts is a priority. I think that I'm most exposed on my personal social accounts, where I tend to trust my connections. So I keep this list handy:

Digital protection priorities

1-  Backup files and data on a daily or weekly basis

2-  Be suspicious of emails, websites, and apps

3-  Use an antivirus program 

4-  Always install updates 

5-  Create a security plan before you are exposed

What to do if devices are infected by ransomware

If you've been infected by ransomware, immediately disconnect your computer from the internet to avoid infecting devices of family, friends. and colleagues. Report the case to your local law enforcement. If you have seen the The Good Wife series, you may be tempted to pay the ransom, but by doing so, you are encouraging the hackers. If you had the foresight to carry insurance covering such risks, contact them immediately and follow their instructions. Contact professional developers to assist you with recovering data and reinstalling software.  

I found the following article, "Cyber Security Threats in 2017 That You Can't Just Ignore... [How Vulnerable Are You?]" by Lois McConnachie Then Lois gives some hints on possible methodology used by a successful hacker. I smiled when reading her description of the methodology used by a typical hacker: 

Are you even aware of the methodology used to employ a successful hack? You may be wondering; why do I even need to know this? I’m not interested in developing this particular set of skills. Well, if you want to beat a hacker then you need to start thinking like one! Some brave hackers will take a chance and go straight for the exploit but following the proper methodology tends to be successful and lessens the risk of being caught red-handed. [...]

To support Lois' thinking, I will add that hackers love site owners who need content and users (like me). One of their approaches used is to friendly offer articles for publication, or to become contributors on your site. I have tracked several of them through their multiple profiles on social networks. Their activities and postings, often with various IDs, are often attached to one person. If you do an online background check, you will likely find that it is loaded with nefarious information, listing their colorful activities, confirming your suspicions. 

Yes, I learn a lesson. I better trust my friends and colleagues. So, if you are among them, don't be surprised if I call on you for articles...


Do you want to read more about such exploits? Read the Comodo Threat Research Labs Report extract:

The malware was designed to avoid detection by sandboxing and artificial intelligence technologies common in many endpoint protection systems," says Fatih Orhan, head of Comodo's Threat Intelligence Lab (CTIL). You may think that this malware is targeting mostly businesses, dream on, it's directed at individuals as well. 

In Q3 2017,  (CTRL) detected nearly 400 million malware incidents from around the world – and some within every nation-state on the planet. Even the tiny island nation of Kiribati has malware. Malware is a global security challenge that is only growing: in Q3, Comodo detected roughly four times the number of malware incidents as in Q2 (97 M). Cyber spies and criminals are busy, so it is critical that enterprises develop a sound cybersecurity strategy as soon as possible...

Q3 2017: Most Dangerous Malware

The most dangerous malware types were:

  1. Trojan horses (13.7 M) were the most common malware type, and Ukraine was the top victim.
  2. Viruses (5.4 M), with Brazil as the most vulnerable.
  3. Worms (2.8 M), and Russia was the most victimized nation.
  4. Backdoors (553 K), with the U.S. in the lead.
  5. Packers (384 K), with Russia in first place.

Phishing Goes Global, Spearheaded by “Zombie Computers” The Comodo Threat Intelligence Lab (CTIL) was the first cybersecurity analysis firm to discover a number of new, large-scale and global email-based phishing campaigns this quarter. Three were related to the “Locky” Trojan and used social engineering to get users to click on links, which delivered a ransomware payload.

“This attack was unique in its combination of sophistication and size, backed by a botnet spread across more than 11,000 IP addresses in 133 countries in just the first stage of the attack,” said Fatih Orhan, head of CTIL. “Also, the malware was designed to avoid detection by sandboxing and artificial intelligence technologies common in many endpoint protection systems.”

CTIL detected the phishing campaigns from August to September 2017. They were launched primarily from the IP addresses of infected “zombie computers,” owned by telecom companies and ISPs. Of the enterprise customers attacked, only the ones with a “default deny” security posture were truly safe.


The strategic analysis included in this Comodo report can help cyber defenders at the tactical level by helping them to see where they fall in the global malware landscape. Remember, cybersecurity is much more about brains than brawn. Businesses must integrate security into their corporate culture, and metrics are key to the decision-making process. Cyber spies and criminals take advantage of the mazelike, international architecture of the internet to achieve a high degree of anonymity. Therefore, it is important that enterprises collaborate with partners, both within their national borders and in other countries, in order to understand who is attacking them, and why...

The Comodo Threat Research Labs Q3 2017 Report is the third quarterly publication of the Comodo Threat Research Labs, a group of more than 120 security professionals, ethical hackers, computer scientists, and engineers, who work for Comodo full-time analyzing malware patterns across the globe. Comodo is a global innovator of cybersecurity solutions. For more detail on malware, countries, and even whole continents, please download the Comodo Threat Research Labs Threat Report Q3 2017[…]


 Agnes Banks is a contributor and director at FrontMatter 

  Your current access does not permit you to view the comments under this section

My Battle with Fake Social Media Accounts. By Agnes Banks

I am always amazed by the number of colleagues who accept invitations from fake accounts on LinkedIn. This, without checking…

The incomplete bridge. By Mark Baker

On Every Page is Page One:In the Top Gear Patagonia Special, the presenters come upon an incomplete bridge and have…

Global Content Strategy: A Primer. By Val Swisher

On The Content Wrangler: Our world revolves around content. These days, buying decisions are often based on experiences not with products,…

Let The Robots Do The Work. By Tom Johnson

On I'd Rather Be Writing: "Write the Docs Podcast Episode #7: in this podcast, we first explore the flourishing community…

The problem with Frequently Asked Questions (FAQs) in documentation. By Tom Johnson

On I'd Rather Be Writing:"On Many tech writers have a heavy disdain for Frequently Asked Questions (FAQs) in documentation. At…

The future of ad blocking. By Arvind Narayanan

On Freedom to Tinker: "There’s an ongoing arms race between ad blockers and websites — more and more sites either…

In Praise of Long-form Content. By Mark Baker

On Every Page is Page One: "Yesterday I wrapped up work on my new book on Structured Writing and delivered…

Who Has All the Content? By Roger C. Schonfeld

On The Scholarly Kitchen: "Our contemporary media landscape is characterized by fragmentation. Every publisher seemingly has its own platform, and…

Technical Writing Trends and Predictions for 2017. By Tom Johnson

On I'd Rather Be Writing: "My 2016 technical writing trends/predictions turned out to be pretty accurate. For 2017 technical writing…

Cron Job Starts