world of internet security, latest cyber security news,information,updates on technology,it job vacancies,internet security,breaches,and safeguards

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

 Facebook page set up to chronicle the extremely short life of a baby with the rare, terminal condition of anencephaly was hijacked within days of the infant's death and set to display lewd images.
The child, Shane Haley, was born on Thursday and lived a brief but intensely celebrated life of less than four hours.
Because of his parents, by the time he died, Shane was already an internet celebrity.
The couple, Gassew and Dan Haley from the US city of Philadelphia, had made a "bucket list" for their unborn child after he was diagnosed in utero with the birth defect that would give him only a few hours to live after being born.
They also created a Facebook page, Prayers for Shane, earlier this year to store the memories they created for the unborn child as they took him, while still in the womb, to places and events they would have taken him if he had lived: football games, the beach, museums, the country, on a ride on an old train.
#shanesbucketlist went viral. The Facebook page at this point has nearly 1 million Likes.
Baby Shane Facebook
That must have been too tempting for scumbags to pass up.
According to NBC, the Haleys received a message on Saturday, around 1:30 p.m.
The message asked them to verify the Prayers for Shane account, Gassew said, and looked just like one they'd received from Facebook previously:
The email looked very, very similar to one we got before.
Thinking it was legitimate, Gassew typed in Dan's name and password.
Unfortunately, it wasn't from Facebook. It was from somebody who yanked control of Shane's page away from his parents.
The explicit photos posted by the con artist quickly met with the condemnation of the page's many followers.
Gassew immediately reached out to Facebook to wrestle the page back, and NBC threw its weight behind her to try to expedite the process.
Their efforts paid off. Facebook might sometimes react slowly, but not this time.
Within hours, Facebook yanked security.
Reset links that ask for user login details are used too often to cajole logins out of victims - just like was done to Shane's parents.
It would be nicethe offending posts and handed control of the site back to Shane's parents.
We report on vile acts by cyber fraudsters all the time, but a phisher who goes after a mother who just lost her baby? That's stunningly inhumane.
But phishers will do that. They'll exploit whatever chink they can find to crack open people's online lives.
Take, for example, Heartbleed. Legitimate businesses were so eager to protect users and reassure them that their data would be safe that they just couldn't resist sending reset links to customers.
Unfortunately, as Naked Security's Paul Ducklin pointed out when Heartbleed data leakage revelations were all over the news, this is the wrong way to tell people how much you care about their  to think we're all too savvy to fall for scams like that, or, say, from the Apple phishing duo who were jailed in July after phishing bank account details out of over 150 Apple users by sending them scary messages about their accounts having been compromised.
Unfortunately, many of us aren't smart suspicious enough to see through phishing come-ons - true even for security pros!
Or, to get statistical about it, we fail about 37% of the time, according to an in-house awareness test run late last year that managed to persuade 1,850 of the Canadian Justice Department's 5,000 staff to click on scammy links.
If you're curious about your own gullibility or lack thereof, you might want to check out an article we wrote to not only help businesses avoid crafting phishy sounding emails but also to help recipients sniff out the difference between phish and real:Phish or legit - Can you tell the difference?
That article is by John Shier - Senior Security Expert at Sophos - and picks apart two real emails from his inbox, both containing links and requests to click on them for fill-in-the-blank goodies, be they yummy Apple rewards, or you-better-do-this-or-you'll-rot-in-hell-and-lose-your-bank-account threats.
Were they a phish? Or were they real? Read it to find out, and also to understand how to dissect a phish.
After you dissect a phish, you well might understand how these poor people got reeled in.

0 comments:

Post a Comment