What they DO know CAN hurt you

The popular encrypted messaging app, Signal, is making waves with its latest ad campaign.

As we've discussed multiple times, Facebook has a LOT of information on every one of your people. Unfortunately, tons of that data has been scraped and being used for targeted Phishing attacks. To add insult to injury, Facebook has sent internal messages, in which they discuss how to (not) communicate these scraping incidents.

The ad would simply display some of the information collected about the viewer which the advertising platform uses.

In an effort to show the "dimly concealed" ways Facebook/Instagram/WhatsApp use our data, Signal put together some simple Instagram ads (see below). Simple, in that they just show some text. Less simple, in that that they make your skin crawl if you're the recipient.

Courtesy Company

And their point is well taken! So well taken that Facebook canceled the company's ad account.

Facebook was not into that idea.

So just to step back and clarify - Signal is a privacy-focused, encrypted messaging app. They wanted to make a point about how much data we've given up to Facebook/Instagram/WhatsApp. To make this point, they created ads from automated data scrapes from the social media empire...

Instead of moving to protect data, Facebook silenced them.

Is this setting off any alarm bells for you yet?! Signal was doing this to make a point. What happens when malicious groups take the SAME information and use it for Phishing and Social Engineering?

Courtesy Company

Reality check - all of your your employees have data floating around the Internet, sometimes given up freely and sometimes breached and sold on the Dark Web.

It's important to understand how cybercriminals use this data in Phishing attacks.

What should you do about it?

You can start by finding out whose data has been exposed in your organization. INFIMA's Partners do that with Web Exposure Reports.

Your report details all of those publicly available emails and identifying information that Phishing attackers use to launch their weaponized emails.

Next, Train your users to avoid these incoming Phishing attacks.

We make that easy too...

Consistent Security Awareness Training is your next step in protecting against these exact same Phishing attacks.

Learn how we partner with you - hit us up here!