Social media offers an outlet for people to connect, share life experiences, pictures and video. But too much sharing—or a lack of attention to impostors—can lead to a compromise of business and personal accounts.
Attackers often use social media accounts during the reconnaissance phase of a social engineering or phishing attack. Social media can give attackers a platform to impersonate trusted people and brands or the information they need carry out additional attacks, including social engineering and phishing.
How Social Media Threats Happen
Businesses can’t control what people do in their private lives. But unfortunately, attackers can take advantage of employees who post too much information on social media.
The types of social media security risks depend on the platform targeted. Facebook allows users to keep their images and comments private, so an attacker will often friend a targeted user’s friends or directly send a friend request to a targeted user to access their posts. If an attacker can connect to several of the targeted user’s friends, then it’s more likely that the targeted user will accept the friend request based on the number of connected friends.
LinkedIn is another common social media phishing target. LinkedIn is known for business networking, and users’ networks are typically filled with colleagues and other employees within the same organisation. If an attacker targets a business, LinkedIn is an excellent platform to collect business emails for a social media phishing attack. A large enterprise could have several networked employees who list their employer and their titles. An attacker can use this public information to find several employees who have access to financial information, private customer data or high-privilege network access.
Collecting information to steal data isn’t the only reason to use social media for reconnaissance. The information posted on social media could be used to obtain passwords or impersonate business users. Many online accounts allow users to reset passwords if they enter a security question. With enough information from social media posts, an attacker could guess the answer to these security questions based on the private information posted by a targeted user.
Brand impersonation is another social media threat. With enough gathered information, an attacker can impersonate a business brand to trick users into sending money, divulging private information or provide an attacker with account credentials. Attackers also use this threat to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) attacks. These attacks can lead to more massive data breaches and business infrastructure compromise.
What a Social Media Threat Looks Like
Because many social media platforms publicly display user posts, attackers can silently collect data without a user’s knowledge. Some attackers will take further steps into gaining access to user information by contacting targeted users or their friends.
The way a social media security threat is carried out by an attacker depends on their goals.
If an attacker is looking for a high-stakes reward, the best way to quickly earn monetary rewards for their efforts is to target businesses. An attacker might first review LinkedIn for a list of possible targets. Targets can be a mix of high-level corporate employees and low-privilege users who could be tricked into sending additional corporate data or fall for a social media phishing attack that gives the attacker access to account credentials.
With a list of targets, an attacker could then review social media accounts for personal information. Personal information can help the attacker gain the target’s trust in a social engineering attack. It can also be used to tackle social media cybersecurity and guess answers to security questions for an account takeover or used to get closer to a user with higher privileges. The names of pets, favourite sports teams and education history are all potential password clues or answers to questions used to verify the user’s identity to reset a password.
After the attacker collects all the data needed, the next step is to launch the attack. Social media security risks can be seen in any of the following methods:
- Social engineering. An attacker might call employees to trick them into sending private data, proving credentials or wiring the attacker money. In a complex attack, the attacker can pretend to be a high-level executive to trick the targeted user into transferring money to the attacker’s account.
- Social Media Phishing. An attacker may use collected social media information to spoof the sender of an email message and trick users into clicking links or sending the attacker private data. A high-level employee’s email address could be spoofed with a message instructing the recipient to send money, click a malicious link or reply with sensitive data.
- Brand impersonation. Using brand employee names, the attacker can trick customers into thinking requests are from the legitimate brand. This could be used to trick users into divulging personal information or account credentials.
- Site compromise and data theft. With enough information from social media, an attacker could write malware explicitly targeting the business or perform an attack that would provide internal network access where the attacker can then exfiltrate data.
- Spread malware. Like brand impersonation, an attacker could create domains and websites that claim to be the legitimate business and trick users into downloading malware or providing credentials.
- Data breach. If an attacker gains access to account credentials, it could lead to a significant data breach targeting an organisation.
Because there are several social platforms on the internet, an attacker can perform social engineering and social media phishing using a variety of threat methods. There is no “one size fits all” social media threat for an attacker. But basic reconnaissance and research using social media are the same. Any public information on private and business social accounts could be used in further attacks.
Ways to Prevent Social Media Threats
Most social media threats stem from employees disclosing too much private and business information publicly. These accounts are personal, so businesses can’t stop users from having a social presence. But they can educate users on the best practices for social media cybersecurity and ways to protect data and their credentials.
Education is key to stopping social media threats. Individuals can educate themselves. But businesses must conduct training programs for every employee so that they can detect and prevent social engineering and phishing. The first step is educating users on the dangers of disclosing too much information online to the public. Even social media accounts set to private could be used in an attack should the attacker gain access to private feeds. Users should never post private corporate information on their social media accounts or information that could be used in an account takeover.
Some organisations hand out mobile devices and allow users to install social media apps. These companies should provide an acceptable usage policy that determines what users can post using company devices. It’s also critical to protect these devices from malware to avoid increasing company social media security risks. Remote wiping software should be installed should an employee physically lose their device or it gets stolen.
Some social media security risks that employees should look for:
- Use ad blockers on corporate devices. If ad blockers are not feasible, instruct employees to avoid clicking ads, especially on popups that instruct users to download software to view content.
- Employees should not share passwords—even if it’s within the same department.
- Attackers use fear and urgency in their engagements, and employees should recognise this tactic as suspicious. Any messages or social media posts that urge employees to act quickly should be ignored.
- Don’t accept friend requests from unknown people even if the user has several friends in common.
- Avoid using social media sites on public Wi-Fi hotspots. Public Wi-Fi is a common location for attackers to snoop on data using man-in-the-middle (MitM) attacks.
- User account passwords should change regularly. But users should also be encouraged to change their own private social media account passwords.
IT staff should have social media cybersecurity defences in place to help users avoid being victims of an attack. Email servers can use artificial intelligence applications to catch suspicious emails with malicious email attachments and links.
Suspicious messages can be quarantined and reviewed by administrators to determine if the organisation is the target of an attack. Browser isolation is also an option for organisations that let users browse the internet. This technology allows users to freely browse the internet, but confines personal web activity to a protected container that prevents downloads, uploads and form fills to keep threats out of the environment.
Proofpoint Social Media Fraud Protection Solutions
Find fraudulent social media accounts associated with your brand with Proofpoint's Social Discover. Explore how to categorize, monitor, and audit such imposter accounts.
What is Social Media Protection?
Modern compliance and governance requirements include regulation for social media. Discover how Proofpoint's Social Media Protection software can help ensure you are compliant.
White Paper: Social Media Brand Fraud Report
More and more, cyber criminals are using fraudulent social media accounts that imitate your brand to attack your company or customers.