Many people are sharing too much personal data online, leaving them vulnerable to hacking and social engineering attacks.
This is the conclusion of a new report from security firm Tessian, which claims that even making accounts private has little effect, because the majority of friend requests are accepted.
Based on a poll of 4,000 professionals in the UK and US, the report shares insights on how the mind of a hacker operates and how people are serving up pivotal information on a platter.
Most people post on social media at least once a week (84 percent), with almost half (42 percent) posting daily. In many cases, they post material that can be used to guess a password or craft a social engineering attack: names and pictures of their children, birthday celebrations, job changes etc.
Most people (55 percent) have a public profile on Facebook, and just a third (32 percent) have privacy filters on their Instagram account, which makes the work of a malicious actor easy.
The report details how a criminal may make use of data posted online to craft a phishing scam. For example, if they were to identify a new employee at a company via LinkedIn, they could spoof a message from a senior executive.
According to Tessian, workers also share too much information in automatic Out of Office replies, such as length of absence, which could be used as part of a spoofing attack.
- Best antivirus software of 2021