Social Phishing! How Attackers use your Social Media Against You!
We talk a lot on this blog about cybersecurity and how to keep your business safe. Our focus is typically exposing new threats and helping you find safer ways to help your office operate correctly. In this article, you will learn about Social Phishing and how this can attack you.
However, no amount of security measures can protect you if people within your organization are not operating safely with social media.
Social media provides attackers with a wealth of information that can end up being harmful. This is why you need to be aware of what you post online and how this person's info can come back to bite you.
Social Engineering Attacks
Phishing is a huge problem. Fake Facebook links and logins are one of the most common types of phishing techniques but that’s not what we are talking about today.
Instead, we want to talk about the actual content that people post online. A socially engineered attack is typically done by collecting data about someone’s life. This data is then utilized to trick security protocols into thinking that a fake account is someone’s real account.
For example, when you create security questions there are some really common ones that people might choose. These could include:
- What is the name of a teacher from your past?
- What was the name of your pet growing up?
- What was the make and model of your first car?
- What was your mother's maiden name?
Now, how many of those questions have you chosen yourself? Most users have used one of those or a question that is extremely similar. These are very common.
The unfortunate side is that these questions usually have very easy to find answers. How many people post “throwback” photos with dogs from their past on their birthdays? Or how hard is it to find your mother’s linked account and lookup old records to find her maiden name?
You could even be talking to someone online that you think is a total stranger. Maybe you are chatting with someone on a dating app and they are asking about where you grew up and went to school. You may think you are just getting to know a nice stranger, but they might actually be collecting information about you.
There is so much information online that people are generally able to find out more than they realize. This is a socially engineered attack.
What Happens Next?
Once an attacker collects enough information it is only a matter of time until they get access to an account.
With enough information available it is easy to bypass most security protocols. This can be through answering security questions or calling customer support for certain companies.
These people don’t know your name or how you speak. How would they know it wasn’t you if someone had all of your personal information at hand?
This can become especially troublesome in Sim Swap attacks. If an attacker is able to get their hands on your Sim Card and transfer your mobile number then you are in big trouble.
Once you lose control of your mobile number it can become increasingly difficult to prove who you are. Someone can use this to gain access to your accounts and change the personal info so it doesn’t even look like your account anymore.
Once inside they can send money transfers, get access to other accounts, and so much more.
How Do I Stay Safe?
Always be safe about how much information you put online. You don’t just walk up to strangers in the store and start telling intimate personal details about yourself. Consider the same process online.
Make your accounts private and be sure to only allow trusted people to see what you post. It is so easy for people to create fake accounts. You may think that your online persona is getting more followers, but really you are just opening yourself up to new attackers.
Use 2FA correctly! Do NOT attach your mobile number to your 2FA system. If you are a victim of a Sim Swap attack then you will be vulnerable across all accounts. Use a separate 2FA app to stay safe and add one extra layer of protection.
Most importantly it’s about being smart and using common sense. Don’t put too much information online and be careful who you interact with. Keep ready at all times.
Don’t be paranoid that someone is going to attack you every day but you need to be ready. Stay cautious and assume that everyone around you is a POTENTIAL threat. If you stay vigilant then you are ready for new threats as they come.