their session has expired.  To resume the chat, they must log back in with their password.  By delaying
            the ask for the sensitive piece of information and then suddenly requesting it, they get the victim engaged
            with the scam, and increase the likelihood that they will supply the password.

            Once supplied with the password, the adversary will delay the victim while they test the credentials.   If
            the credentials are invalid or two factor authentication is enabled, the criminal will further interact with the
            victim to bypass these obstacles before claiming that their appeal has been successfully submitted and
            they  will  receive further communication  within  a few  days.   In  reality, the  account  has  already been
            compromised.



            How to Protect against this Threat

            The  targeting  of  Meta  using  multiple  unusual  and  advanced  tactics  is  a  clear  indicator  of  the  value
            cybercriminals place on social media business accounts.  Consider the following tactics to effectively
            defend against threats in this area.

               •  Best practices around Email Security and end-user Security Awareness Training are paramount.
                   By  using  a  multi-layered  email  security  solution  that  can  block  malicious  emails  from  being
                   delivered to end users and educating end users on how to identify and report suspicious emails
                   that evade security you greatly decrease the risk of having your credentials compromised
               •  Secure  your  organizations’  social  media  accounts  using  the  most  advanced  identity  features
                   available to them (MFA, Security Keys, and unrecognized device alerts as of this writing).
                              ▪  Consider directing executives or other high profile individuals to secure their own
                                 personal accounts in the same way.
               •  Limit access to account credentials to those individuals who absolutely require them.
                              ▪  While not feasible in all organizations, an even more secure implementation is to
                                 consider having different individuals control different authentication factors.  For
                                 example, have the main user of the account own the password, but a separate
                                 individual own the device which receives MFA codes.



            About the Author

            Michael Tyler is the Senior Director of Security Operations at Fortra. Overseeing
            Managed  Cybersecurity  Services  for  the  company’s  Digital  Risk  and  Email
            Security  solutions,  he  also  leads  the  Managed  Threat  Intelligence  group
            supporting  companies  aiming  to  gain  deeper  understanding  of  adversaries
            targeting  their  organizations.    With  more  than  15  years  of  experience  in
            cybersecurity, Michael has a passion for uncovering the “why” behind attacker
            tactics and developing effective countermeasures to disrupt their operations.  He
            also loves buffalo chicken pizza.  Michael can be reached online via email at
            [email protected] or on LinkedIn at https://www.linkedin.com/in/michaeltyler7/, as well as via our
            company website at https://fortra.com





            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          94
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.