Social media is a goldmine for social engineering attacks

Hackers are using information on people in 'sensitive roles' they find on social media to organise 'social engineering' attacks against various businesses, a new study shows.

According to a new report by Digitalis Reputation, although knowing of the security risks social media brings, businesspeople often fail to take simple measures to protect themselves, and their company.

The report says that 51 per cent of business leaders restrict who can view their social media profiles, and what can be seen on those profiles. Moreover, 36 per cent react when certain changes to privacy settings on social media sites occur.

Only 24 per cent check, proactively, what information about them can be found online.

“Even firms with state-of-the-art computer systems and software are being caught out by criminals targeting a staff member who has given away too much personal information on social media. Criminals use information from social media to craft bespoke phishing emails which show a very convincing understanding of the staff member’s life and habits,” says Dave King, CEO of Digitalis Reputation.

“In these situations, staff members are often caught out, either directly by giving away company secrets or transferring money to criminals, or indirectly by clicking on links which allows hackers access to the company network. Our research shows that company boards need to rank these “human factor” risks much higher, as they are often relying on technical countermeasures alone.”

Business leaders are, in some cases, aware of security risks social media bring – 20 per cent use encryption services and 18 per cent never use social media.