There is very little people can do other than being forever suspicious about some of the requests from services provided by Google, Twitter, Facebook and other online services that use OAuth with an un-vetted application developer program.
Twitter’s users were attacked using these techniques a few years back. Attacks on open developer systems using OAuth (an open standard for token-based authentication and authorization on the Internet) have been vulnerable to similar attacks for a long time.
Scammers have transitioned from information-rich emails to more simplistic emails, but the goals remain the same, to hack you. A big misconception about phishing scams is that they only want money. In many cases, cyber criminals are interested in stealing company data (medical or student financial records) or intellectual property (research).
Phishing emails are crafted to exploit human nature. They rely on people making quick decisions without thinking, almost as if clicking on the link were a reflex and not a cognitive decision, stated the research by University of Florida. This is because of how our brains are created.
When it comes to decision-making, our brains can work in two ways, the researcher said, referencing the dual process theory. Your brain works automatically for daily activities, like brushing your teeth. Big decisions, like buying a house, take a lot of deliberation and thought.
The latest report made by the Communication Authority showed that for the three months to December 2018, the National Kenya Computer Incident Response Team – Coordination Centre (National KE-CIRT/CC), detected 10.2 million cyber threats. This was a dramatic spike given 4,589 cyber threats were detected over the same period in 2017.
There were also 737,289 web application attacks detected during the review period which included website defacement and illegal access to online applications, 453,371 denial-of-service threats which hampered the availability of computer services and 3,449 attacks perpetrated through the exploitation of misconfigured systems, said the report.
The only reliable way to not fall victim is to never accept apps connecting to your account and requesting access to read/write your mail and contacts, or just about any other thing they might request access to unless you are specifically trying to hook into some new service, which you still may not be able to trust.
When attacks like this happen, it’s a good reminder to go back to your social media accounts and review what applications you’ve given permission to access your information and revoke permission if you no longer trust or use that particular app.
