Malicious Misinformation In Action And What You Can Do To Stop It

As a follow-up to last Friday’s post about reviewing your cybersecurity plans, I have a real-world example for item #5 from that list: “Keep a very close eye on your websites and email clients to make sure they are not compromised and being used to spread malware or misinformation.”

Since the invasion of Ukraine, there’s been a huge uptick in spam misinformation from malicious Russian sources submitting comments that use compromised computers from countries outside of Russia.

This tactic is used to circumvent country wide blocks you can put in place for all web traffic originating from Russia. Hackers circumvent the process by using computers compromised from EU, UK, or North American locations. In these instances, hackers use a compromised computer to submit spam messages. In these instances, they are less concerned about gaining access to information. The only thing of value is the ability to hide the source of misinformation.

Here’s an example of two misinformation campaign messages that arrived Monday morning:

  1. The messages contain unique content. In this example, both are spreading misleading and false information. Repeating it here only serves their purpose, so I won’t bother.
  2. In an attempt to make the comments seem more legit, the username, email and website are unique between messages.
  3. This is the bit demonstrating that hackers are using compromised computers: this IP Address is in Stockholm, Sweden.

While most of this misinformation spam won’t see the light of day, that doesn’t matter to bad actors; for them, it’s all about quantity. It’s as simple as “throw enough mud against the wall…”

Don’t contribute to this unwittingly.

No doubt, it’s a pain in the ass to update passwords but doing so at your email clients, email marketing platforms, domain registrars, and websites will help cut down on this sort of malicious activity.

About Drew McManus

"I hear that every time you show up to work with an orchestra, people get fired." Those were the first words out of an executive's mouth after her board chair introduced us. That executive is now a dear colleague and friend but the day that consulting contract began with her orchestra, she was convinced I was a hatchet-man brought in by the board to clean house.

I understand where the trepidation comes from as a great deal of my consulting and technology provider work for arts organizations involves due diligence, separating fact from fiction, interpreting spin, as well as performance review and oversight. So yes, sometimes that work results in one or two individuals "aggressively embracing career change" but far more often than not, it reinforces and clarifies exactly what works and why.

In short, it doesn't matter if you know where all the bodies are buried if you can't keep your own clients out of the ground, and I'm fortunate enough to say that for more than 15 years, I've done exactly that for groups of all budget size from Qatar to Kathmandu.

For fun, I write a daily blog about the orchestra business, provide a platform for arts insiders to speak their mind, keep track of what people in this business get paid, help write a satirical cartoon about orchestra life, hack the arts, and love a good coffee drink.

Related Posts

Leave a Comment