Social media has completely changed the way we interact with one another on a daily basis, both on an individual and company-wide level. But in the wake of this social media revolution, cyber criminals are increasingly leveraging the trusted nature and anonymity of these platforms to launch a new breed of highly-effective attacks (ranging from phishing campaigns to customer fraud).
In fact, a staggering 40 per cent of organisations have fallen victim to spear phishing on social media. The key to remaining digitally secure is knowing who is most commonly targeted, the various types of threats, and best practices that individuals and organisations should implement to protect themselves.
Who’s At Risk?
In short, anyone with an active social media presence is at risk. Hackers target everyone, from the average Joe’s of the world to Mark Zuckerberg. Whether through Twitter, Instagram, Facebook, or LinkedIn, cyber criminals take advantage of social vectors to exploit and steal confidential information from millions of victims. They not only look to exploit individuals, but hackers leverage individuals as a means to gain access to corporate networks, conduct fraud or steal sensitive business data.
As we tweet, post, snap and share more information, we are willingly exposing our private information for public consumption. Attackers can gather a significant amount of data about a target from visiting a social media profile for only a few minutes – including birthdays and current locations. A perfect example lies within the recent gunpoint robbery of Kim Kardashian. During Paris Fashion Week, Kardashian documented her entire trip across multiple social media channels – and the robbery occurred just days after posting her diamond ring on Snapchat.
Would the robbery still have happened if she had not been publicly sharing a continuous stream of updates? Maybe so. But sharing her location and posting photos of her jewelry made it that much easier for the criminal to track her.
What Are the Most Prominent Social Media Threats?
Cyber criminals have increasingly turned to social media due to its ease of use, low cost, scale and accessibility, and most importantly, anonymity. Adding to this, social platforms are highly-unregulated and under-prioritised to security teams.
With this, numerous threats present themselves to everyday social media users including:
- Targeted Phishing & Malware
- Customer Fraud & Scams
- Brand & Executive Impersonations
- Account Compromise
- Piracy & Counterfeit Goods
Threats facing users can have a ripple effect on your enterprise. ZeroFOX recently released a report around Instagram Money-Flipping Schemes discovering over 4,574 unique scams across the platform resulting in an estimated $420M in global losses to banks – and this is just one type of fraud plaguing the web.
While the majority of enterprise security teams focus on email as the primary target of hacking attempts, it’s time for CIOs and employees alike to start taking social media security seriously. This remains a blindspot for most organisations because it exists outside of their corporate network within online networks they don’t manage.
The threats outlined above are only the tip of the iceberg. And, as we saw with the Kardashian case, it’s not just our digital security that’s in jeopardy – it’s also our physical safety.
How Can We Protect Ourselves?
First and foremost, it’s important to implement multi-factor authentication into your social profiles. This should be a standard security practice for every single individual that’s online today. Applying this means identifying your organisation’s social media footprint including: corporate, subsidiary, dormant, executive and employee accounts. Once foot printed, ensure all accounts are leveraging multi-factor authentication to force anyone logging into an account to supply a code sent to an external device, or use other 3rd party software.
Second, avoid password reuse at all costs. There’s a fine line between creating a password that’s difficult to crack while also being memorable, but in today’s threatening digital landscape, it’s important to do so. Tips include transforming a familiar sentence into a password (ex: “password protection is key in today’s age!” = ppikita!), not using a “dictionary word” and making sure passwords are original across all accounts (do not use the same password for multiple purposes). Secure password utilities exist today for managing all of your passwords. Consider adopting a corporate wide solution for your organisation.
Third, when in doubt, don’t click links. Does it seem “phishy”? Remember, one wrong click and your entire system can be compromised. There are too many threats floating around to carelessly be lured by suspect links, and antivirus/firewall systems can only do so much.
Some social networks also offer verified accounts, which are identified by a checkmark next to the account profile. This provides an additional level of assurance to employees and customers against impersonators. In the ZeroFOX Instagram report, we identified that one-third of the top financial institutions still had not added the verified account option to their main Instagram page.
Lastly, monitor for social media threats to your organisation’s accounts and brand. Impersonations, hijacking, scams, fraud, piracy, counterfeit goods and social media phishing and malware all represent a growing threat landscape impacting virtually every organisation. Visibility is key to identifying these threats early before they result in a breach or damage brand reputation. The social media landscape holds more potential than we can fathom. It’s a constantly evolving market – just look at the new Workplace by Facebook platform – and it’s only going to keep growing.
Social is undeniably a business platform, but securing it is not like other applications we’ve implemented. It takes a different approach and a recognition of the potential threats associated to continue growing our businesses in a safe manner.
Mike Raggo serves as Chief Research Scientist at ZeroFOX
Image source: Shutterstock/Twin Design