Conversation

Notices

1. Embed this notice
   Brewster Kahle (brewsterkahle@mastodon.archive.org)'s status on Friday, 01-Nov-2024 10:22:55 JST Brewster Kahle

   More bad behavior towards libaries. This from a library partner: 1/

   We've recently received several suspicious calls asking for book titles and specific information to be read aloud. These requests, which do not appear to be for real book titles, raise concerns about potential social engineering. Social engineering refers to malicious attempts to manipulate people into divulging confidential information or performing actions that compromise security.

   • Blaise Pabón - controlpl4n3 repeated this.
   • Embed this notice
     Brewster Kahle (brewsterkahle@mastodon.archive.org)'s status on Friday, 01-Nov-2024 10:25:24 JST Brewster Kahle

     in reply to

     2/

     For example, in one case, a caller asked a staff member to repeat phrases like "improve HR analytics," "by email," and "6-12 months." When asked for more details, the caller became evasive and requested additional information such as the staff member's name, library hours, address, and phone number—typical signs of a social engineering attempt.

     Blaise Pabón - controlpl4n3 repeated this.
   • Embed this notice
     Brewster Kahle (brewsterkahle@mastodon.archive.org)'s status on Friday, 01-Nov-2024 10:25:24 JST Brewster Kahle

     in reply to

     3/

     Attackers may ask you to repeat phrases for several reasons, including recording your voice for fraudulent activities like voice authentication systems or testing whether they can extract information for future attacks. These tactics can subtly build rapport, lower suspicion, and gather useful details for more advanced schemes.

     Plotting and penning repeated this.
   • Embed this notice
     Brewster Kahle (brewsterkahle@mastodon.archive.org)'s status on Friday, 01-Nov-2024 10:30:13 JST Brewster Kahle

     in reply to

     4/

     We ask that you remain vigilant and take the following steps when handling suspicious calls:

     If a caller asks you to repeat unusual phrases or requests information that doesn't seem related to normal library services, politely ask for their name and their relationship to the library—whether they are a student, researcher, or another type of patron.

     Blaise Pabón - controlpl4n3 and Plotting and penning repeated this.
   • Embed this notice
     Brewster Kahle (brewsterkahle@mastodon.archive.org)'s status on Friday, 01-Nov-2024 10:32:41 JST Brewster Kahle

     in reply to

     5/

     Document the call by noting the caller's name, the time of the call, and the nature of their request.
     If the conversation feels suspicious or out of the ordinary, it's important to keep the interaction brief. Do not share specific book titles or any internal information if the request seems unusual.
     Even if the call feels like a prank, document it and report the details to your supervisor

   • Embed this notice
     Henner Zeller (hzeller@mastodon.social)'s status on Friday, 01-Nov-2024 10:34:50 JST Henner Zeller

     in reply to

     @brewsterkahle sounds a bit like the spammers need specific words to build a voice model to subsequently launch the actual attack tricking someone using an artificial voice that resembles someone the target knows.

   • Embed this notice
     Brewster Kahle (brewsterkahle@mastodon.archive.org)'s status on Friday, 01-Nov-2024 10:34:58 JST Brewster Kahle

     in reply to

     6/6

     and a colleague related:

     "A number of libraries in my social groups have reported this as well. Some were asked to repeat titles such as, 'I’d like to change my provider.' "

     yuck.