A recent report revealed that social media activity is exposing many users to cyber threats. Read on to know more about it…
Nowadays, it’s obvious that social media has become an integral part of most of our lives. Be it to make friends, find jobs, seek validation, or simply find an antidote to boredom, these social media platforms has become a way of life for many of them. But, as the truth is stranger than fiction, these algorithmically-draped platforms can be the perfect breeding ground for social engineering attacks.
The Eye-Opening Report
According to a new report from security firm Tessian, nearly three quarters of people post information on social media that could make them vulnerable to a cyberattack. Research by Tessian has revealed that every photo we post and tag people, leads to the leak of valuable information that can be abused by hackers to design targeted attacks.
The report, titled “How to Hack a Human,” found that 84% of people post on their social media accounts every week, with 42% posting every day. Many of these people, Tessian found, are unwittingly revealing information that could help hackers launch social engineering or account takeover attacks.
Around 90% of users post info associated with their personal and professional lives on social media and the number is higher among people aged between 18 and 34. Moreover, 55% of users have public accounts.
The report included findings from a survey of 4,000 professionals in the UK and US, and interviews with hackers from the HackersOne community. It found that 50% of people share names and pictures of their children. Seventy-two percent mentioned birthday celebrations, and 81% of workers update their job statuses on social media.
Implications of Social Media
With all this information, reconnaissance is extremely easy for hackers. They can find new employees from LinkedIn and involve them in phishing scams by impersonating senior executives from the company. This knowledge can also be used to find out people in the networks of targets and impersonate someone the target trusts. To simply put it, threat actors look for vulnerabilities for their social engineering attacks and these vulnerabilities are people.
Recent Social Media Threats
Social media threats are not limited to social engineering attacks. Here are a few instances when hackers leveraged social media for their malicious intent. A North Korean state-sponsored threat actor was discovered creating fake Twitter profiles and blogs on existing vulnerabilities to build fake personas as security researchers. Using these fake yet convincing accounts, the group attempted to contact the targeted security researchers via Twitter, LinkedIn, and Telegram.
Another North Korean threat actor, Zinc, was found targeting security researchers by building its reputation on Twitter. Just recently, scammers were impersonating real HR employees and sending fake job offers to job seekers on LinkedIn in an attempt to lure them into giving up their financial credentials.
Staying Safe
Should you stop posting on social media? Well, that may not be the perfect route to take. However, social engineering attacks can be minimized by organizations providing cybersecurity training to employees. Other than that, using MFA, reviewing privacy settings, and carefully checking the information posted can help avert most social media-related threats. One should remember that while individually the posts seem harmless enough, collectively, they are a treasure trove of information just waiting to be exploited.