It would be safe to say that social media has become an integral part of most of our lives. Be it to make friends, find jobs, seek validation, or simply find an antidote to boredom, these algorithmically-draped platforms can be the perfect breeding ground for social engineering attacks.
Research by Tessian has revealed that every photo we post and tag people, leads to the leak of valuable information that can be abused by hackers to design targeted attacks. Around 90% of users post info associated with their personal and professional lives on social media and the number is higher among people aged between 18 and 34. Moreover, 55% of users have public accounts.
What does this imply?
With all this information, reconnaissance is extremely easy for hackers. They can find new employees from LinkedIn and involve them in phishing scams by impersonating senior executives from the company. This knowledge can also be used to find out people in the networks of targets and impersonate someone the target trusts. To simply put it, threat actors look for vulnerabilities for their social engineering attacks and these vulnerabilities are people.
Recent social media threats
Social media threats are not limited to social engineering attacks. Here are a few instances when hackers leveraged social media for their malicious intent.
- A North Korean state-sponsored threat actor was discovered creating fake Twitter profiles and blogs on existing vulnerabilities to build fake personas as security researchers. Using these fake yet convincing accounts, the group attempted to contact the targeted security researchers via Twitter, LinkedIn, and Telegram.
- Another North Korean threat actor, Zinc, was found targeting security researchers by building its reputation on Twitter.
- Just recently, scammers were impersonating real HR employees and sending fake job offers to job seekers on LinkedIn in an attempt to lure them into giving up their financial credentials.
How not to be a victim
Should you stop posting on social media? Well, that may not be the perfect route to take. However, social engineering attacks can be minimized by organizations providing cybersecurity training to employees. Other than that, using MFA, reviewing privacy settings, and carefully checking the information posted can help avert most social media-related threats. One should remember that while individually the posts seem harmless enough, collectively, they are a treasure trove of information just waiting to be exploited.