XKCD ‘Fan Theories’ – Security Boulevard
XKCD ‘Fan Theories’ Security Boulevard
XKCD ‘Fan Theories’ Security Boulevard
If you’re a mobile app developer, chances are you’ve heard of bot protection. Bots are programs that run automated tasks over the internet. Although criminals can use them for malicious purposes, such as spamming or denial of service attacks, they can also be used for legitimate tasks, such as web crawling and data collection.
Regardless of their purpose, bots are becoming increasingly sophisticated and account for a significant amount of internet traffic. In fact, some estimates suggest that bots now create up to 25% of all online accounts. The problem is so severe that it can have significant consequences – it appears to have led to the collapse of what would have been one of the largest company takeovers in the tech sector when Elon Musk backed out of a deal to buy Twitter, claiming the platform has a major bot problem. In addition, 93% of Internet attacks are now bot-driven.
Source: arkoselabs.com
Given the sheer volume of bot traffic, it’s not surprising that many organizations are now looking to implement bot protection measures. By protecting their websites and applications from bots, they can reduce the risk of abuse and improve the quality of their user experience.
Bot protection is a measure taken by developers to protect their apps from illegitimate traffic or activity that can skew analytics and impact business decisions. It filters out bad actors, like scrapers and spammers, and allows developers better to understand their app’s true usage and engagement.
There are a few reasons why bot protection is so important:
By protecting your app from bots, you can avoid all of these issues.
There are a few different ways to protect your platform from bots. As always with…
Zack Kaplan, Author at Security Boulevard Security Boulevard
SMiShing attacks continue to soar as more companies transition to a remote/hybrid workforce. According to a Pew Research Center survey, 59% of U.S. employees work from home all or most of the time. This transition means that employees are now more likely to use mobile devices such as a phone or tablet to access corporate information and accounts. Bad actors are taking notice and exploiting this reliance on mobile devices. They are using popular mobile messaging apps and digital channels that aid the productivity or remote workers such as Facebook Messenger, WhatsApp, LinkedIn, Zoom, Microsoft Teams, Google Meet, and Slack to facilitate attacks. As a result, SMiShing is a threat that companies can no longer ignore.
The word SMiShing comes from combining SMS (Short Message Service), the original technology which started mobile texting, with phishing. In either instance the goal of the bad actor is to steal personal or financial information.
A sophisticated Teams attack. As reported on by VentureBeat, a bad actor posing as a CEO (Chief Executive Officer) known to be on a business trip to China, sent a WhatsApp message to several of the company’s employees asking them to join a Teams meeting. When the employees joined the Teams meeting, they thought they were seeing the CEO live on video. However, it was really a scraped video feed of the CEO from a past TV interview. To make the fraud more convincing, the bad actor added a fake background to make it appear that the CEO was really in China. Now for the twist, there was no audio feed for the Teams meeting. The “CEO” chatted that he was experiencing issues with the audio feed and told the employees, that “since I can’t make this work, send me the information on this SharePoint link.‘”
Image: VentureBeat
How can you protect your company from SMiShing attacks such as mentioned above? It’s important that your employees can identify an attack. At Social-Engineer, LLC our fully managed, enterprise scalable program measures and tracks…