Phishing, Scams, & Spam

Happy Friday! I hope everyone has had an awesome week. If you've enjoyed my newsletter thus far, please head over to the Bastion Brief YouTube channel and subscribe to get my latest cyber security tips. Let's talk about current tech being used to bother everyone.

Phishing, scams, and spam are rampant across any platform users gravitate toward in the current digital age. We can consider how we got to a point of unavoidable messages, social engineering campaigns, and some of the strategies we can use to mitigate their impact in this week's edition.

The History:

Early messaging systems in the United States were modeled from the postal service on a send and receive basis. If you had someone's address, you could send them a letter. Email systems and messaging platforms adopted this system, using an email or phone number as the receive portion of the relationship. In these situations, senders are not checked or deterred from sending as many messages as they would like. All they need is the destination... your account information.

Popular platforms today rely on user reports to help manage fake accounts because general account creation is heavily endorsed to increase engagement across their platform. The more people, the more attention... the more money. It's tough to create systems that have a great acceptance rate for legitimate users and a high denial rate for bot accounts.

Even here on LinkedIn there is a high instance of cold direct messaging, spam, and frauds filling inboxes. The next dream job opportunity if you just provide your email and phone number? Want 1,000 new followers for cheap, organic accounts of course ;) ? A user reaching out saying you’re a perfect fit for a role, without even reading your profile of course...

It's a mess at this point and I think it will only get worse as users migrate to a few of the most popular platforms due to changes in third party data policies. When only a few options dominate the market, those looking to exploit others will show up in force.

My tips for building a defense against phishing, scams, and spam:

1. Reduce the information you put on the internet. Try not to over provide information when filling out fields. Make accounts private and close old accounts on platforms where security might not be the focus.

2. Install multi-factor authentication (MFA) on all of your accounts today, even if they are simple reward type accounts. Linking your phone to your account for a quick MFA check can reduce nearly all chance of attack. Malicious actors need to jump through hoops to even scratch at MFA secured accounts, so making it as hard as possible to get your information should be the goal.

3. Pay attention to sender domain group information. Attackers like to use email addresses or phone numbers that make it seem like they are a representative for a brand. A change in character or position in an email address might convince a user that an attacker is from their favorite brand. Follow up with brand customer support teams when you find their domain is being manipulated for potential harm.

4. Remember to be kind, even if frustrated with phishing, scam, or spam. You build your brand everywhere you go. It's best to block, report, and move on rather than engage with malicious actors you catch attempting to steal your information.

Thanks for reading this week and checking out my new series content I am publishing to YouTube. Have a wonderful weekend.

Have any tips? Send me a direct message, I would love to hear them.