Cybercriminals are after your social media accounts!
Given that cyberattacks already target us through our emails, applications, search engines and SMS, it shouldn’t be a surprise that we are not safe on social media platforms either. But the statistics show that we let our guard down when we visit our favourite social networks.
According to Zerofox, a whopping 66% of spear phishing attacks sent via social media were opened, and this statistic is compounded when compared to the 30% of email spear phishing attacks opened. It makes sense; we’ve all been told for decades now not to open suspicious emails! But our pervasive use of social media is something we’re still getting used to.
Businesses are prime targets for a social media cyberattack
Social media isn’t just for personal use; it’s big business. All types of companies, of all sizes and in all kinds of industries now have social media accounts to interact with their customers. By 2019, it is expected that there will be 2.77 billion social media users around the world! It makes sense to tap into this if it is in your interests, but, once you take your business online, you need to think about security in a whole new way.
Not only is it important to have enterprise-grade security for your business processes and operations, but user training is essential. Cybercriminals are often banking on human error for their success. A Ponemon Institute report gleaned the opinions of 612 Chief Information Security Officers and 70% of them agreed that “lack of competent in-house staff” was a primary cause of cyber attacks. This is why cybersecurity is now being understood as a culture and not solely a technical defence.
Types of cyber attack you’ll find on social media
Machine learning has become a very useful weapon for the cybercriminal. By being able to automate the distribution of social media posts, they can target more people, more often and across many types of social networks. Just like in a phishing attack via email, malicious links can be circulated to thousands of people on social platforms in mere seconds. Remember when Rowan Atkinson (Mr Bean) was declared online as being deceased even though he is very much alive? That wasn’t your typical hoax – it was clickbait designed to trigger a malware attack.
Fake accounts and social engineering
Social engineering is how cybercriminals rely on deceiving and exploiting human psychology to gain access to the information they want. This is why cyber attacks can only be properly defended against with user training.
You probably have heard of “catfishing” at some stage or another, but if not, it is when “a person who sets up a false personal profile on a social networking site for fraudulent or deceptive purposes” (Merriam-Webster). Often what will happen is the cybercriminal will research the real profile of the person or company they are targeting and then create a replicant account. They will then use their influence for a variety of malicious activities. For example, just last week Facebook announced it had identified and closed 652 fake accounts from Russia and Iran trying to influence political outcomes in the United States, United Kingdom, Middle East and Latin America.
If a fake account is managed by a bot, and usually they are, they can not only proliferate malicious links, but they can also engage with content in the form of likes and shares. In this scenario, an army of fake accounts can seem to validate each other by simulating fake activity. How can this affect a company? If a cybercriminal wants to hurt a brand’s reputation, they could employ their army of bots to spread negative content about the brand and then give the appearance that many people agree with its sentiments by generating false activity around the content. Individual members of your company could even be subjected to an automated smear campaign.
Distributed denial of service (DDoS)
We know that malicious bots on social media can influence people’s opinions and spread false information, but they can also be used to compromise accounts. By overloading a company page with comments, likes and shares in a very short amount of time, the cybercriminal can render the page useless. If the account owner doesn’t have the skills to tackle the cyber attack, it can spiral out of control very quickly. If the company had a promotion or an important update it needed to share with its customers on social media, it is now lost in a sea of spam!
You can arm your company against these kinds of cyber attack with a combination of enterprise-grade security and a strong social media policy. This policy should include guidelines regarding confidentiality, personal use, effective password management, copyright, how to identify and avoid an attack, the steps to take when a user encounters suspicious online activity, etc. Keep your employees regularly updated with changes in the cyber landscape so that the potential of an online threat is always at the front of their minds. Knowledge really is power when it comes to protecting your company from the threats of the digital world.