Social media accounts for 56% of all cyberattacks. Therefore, it has become paramount for everyone to be alert and be well-informed about the dangers social media poses on cybersecurity.
This post will look at some of the challenges and ways cybercriminals can leverage social media to attack you or your company.
So, without wasting much time, let’s dive into it:
Why Cybercriminals Love Social Media?
The reason why cybercriminals love social media is because of two reasons:
First, almost everyone with a smartphone has a social media account. Currently, there are 3.78 billion social media users. This is nearly half the world’s population. This means there are tons of potential victims out there who cybercriminals can attack without having to sweat it.
The second reason why cybercriminals love attacking people on social media is that most people on these social media platforms share details about their life and work without having any cybersecurity awareness. The hackers capitalize on the information they get from social media and then launch attack vectors.
Unfortunately, there are tons of people out there who aren’t educated on cybercrime and how vulnerable they are to cyberattacks on these social media platforms. As a result, most people gratuitously share their information on social media.
In this post, we will take a look at ways you can be vulnerable to social media attacks and how to mitigate these attacks.
The Challenge Of Cybersecurity On Social Media:
1) Lack Of Social Media Policies At Workplaces
One main cybersecurity challenge on social media has to do with some companies not having any social media policy at their workplace. Sadly, 45% of businesses do not have any social media policy in place. Hackers exploit these opportunities to get information about a company.
For example, one way not having any social media policy in place can go against the company is through companies hiring interns or new employees. I mean we all know it– companies love interns. However, these interns serve as a gold mine for hackers to get sensitive information about companies through what employees and interns post on social media.
Interns and new employees can pose a security threat to companies because most interns and employees are Gen Zs, and most Gen Zs love to share most of their lives on social media.
60% of college students get at least one internship opportunity before graduating, and this goes to show the number of Gen Zs getting into a working environment with no cybersecurity awareness. Interns and new employees at job sites become a problem when given company credentials and security badges without proper cybersecurity awareness.
Sharing updates about their lives on social media by itself is not a problem, but in situations where they take pictures at their workplace and post them, they could end up disclosing some confidential and sensitive information.
For example, when they take a picture and have their security badges, the software the company uses, or even the company’s strategy written on a whiteboard in the picture frame, hackers can capitalize on unintentional revelations and then attack the company.
How this happens is when hackers know the type of software a company uses for its operations, they can easily engineer malicious attacks to compromise the software. Also, when new employees and interns post pictures of the credentials to the company’s WiFi network in the frame of the picture, hackers can easily penetrate the company’s network.
This goes to show how much damage companies can do to themselves if they do not have any social media policy in place that deters workers and interns from posting pictures or information about their workplace on social media. Cybersecurity experts cannot control the policies companies have about what employees can and cannot post on social media, which becomes a challenge.
2) Kids On Social Media
Another challenge has to do with kids on social media. Most kids might not have the knowledge to detect when hackers are targeting them. For example, hackers can fabricate spear-phishing attacks that create fear and panic among kids and teens and cause them to share confidential information about themselves or their parents. This makes kids on social media a significant challenge in combating cybercrime on social media.
3) People Sharing On Social Media
The fact that there are no rules as to how much information you can share on social media makes it another challenge for cybersecurity experts to combat cybercrime. Most people love to overshare on social media, making it easy for hackers to engineer attacks to exploit victims. Sadly, 62% of Americans have shared extremely personal news on social media. This shows the extent to which cybercriminals can leverage social media to exploit victims regardless of their age.
For example, many people use information such as birthdate, city they were born, the name of the street they grew up in as security questions to access their email or banking application in case they forget their passwords. These same people then go on their social media profiles and post all this information in their profile which is open to the public. A hacker can use this information, select the forgot password option and then answer your security questions to get into your email or banking applications.
4) Social Engineering Attacks:
Most hackers use social engineering attacks to hack people on social media. Social engineering attacks refer to malicious ways hackers lure you into sharing your personal or confidential information or providing access to your resources.
The way they do this is simple: generally, these hackers study what you post on social media and the way you interact with others. And by studying you through what you post, they can engineer attack vectors that you will most likely fall for if you aren’t cybersecurity aware. The most common social engineering attack through the information hackers get on social media is a phishing attack.
5) Phishing Attacks: The number one way cybercriminals attack you on Social Media:
A phishing attack involves hackers mimicking reputable entities to steal your credit card data, login credentials, and any valuable and confidential user data. They usually do this by sending fraudulent messages that seem to come from a trusted source.
For example, hackers may send text messages and emails that contain attached files with malware or links to a malicious website. These emails and text messages will prompt you to click on a link or download an attachment. Once you do click on these links or download the attachments, you become a victim. And this is how they get access to either your login credentials, bank account, or credit card information.
Phishing emails mostly come in the form of an urgent message from your bank. Or as a message asking you to log into your social media account via a link. They may also come as an email from your company. The goal here is to create some sense of urgency or fear among the victims and compel them to take action immediately, especially those that may seem from your bank or your employer.
For a phishing attack to be effective and successful, the attacker needs to have some prior information. Usually, they extract this information such as your email addresses or telephone numbers from your social media handles. With the information they gather, they can create a targeted attack tailored for you and not generic. And this is why phishing attacks are so effective.
How To Mitigate A Phishing Attack?
The first step in mitigating a phishing attack is to read every urgent email or message you get twice. You want to cross-check every detail before you take any action. Usually, these phishing emails and text might not look professional or they may have some grammatical errors. So, you want to double-check to make sure it is professionally written and has no mistakes or weird wording.
If you receive an email requesting you to click on a link– don’t. Make sure you visit the official website (without using the link in the email) of the entity on a different device or another web browser and then execute any urgent action from there.
Finally, we recommend you do a quick Google search to find out the official telephone number of the company involved. After you get the number, call them to inquire about the email sent to you.
Here is an article from the Federal Trade Commission that provides more insight into phishing attacks.
How To Stay Safe On Social Media:
1) Companies Should Put Social Media Policies In Place
It is paramount that companies outline well-defined social media policies at their job place. Doing this will deter employees and interns from posting pictures about their working environment. For example, your policy can allow employees to take pictures in the bathroom or lunch area but not at their working desk or meeting room. These rules can go a long way to save the company.
People need to educate their kids, friends, and family about the dangers of oversharing on social media and how it can be used against them. This article goes into detail about the dangers of oversharing on social media. We also recommend that parents manage their kid’s social media accounts until they are grown enough to handle them on their own
3) Using Privacy Setting
Most social media accounts will offer you some sort of privacy or security setting to help you choose the people who can see what you post, who can contact you, and so many more settings. Be sure to use these settings to your advantage to shield yourself from attacks on social media.
4) Limit What You Share
We highly recommend you limit how much information you share on social media. These hackers are clever, and they can leverage any useful information. Know when to share certain details and when not to. For example, if you are on vacation, make sure to share your vacation pictures on social media after you return. This will prevent any form of physical or digital attack.
Social Media sites have been a target of cyber-crimes as they gain popularity. Cyber-crime is a growing threat to national and economic security. At risk are both public and private institutions, in all sectors of information and telecommunications, defense, banking and finance. Cyber-crime can be prevented by taking appropriate security measures. Users should also protect their personal information to prevent identity theft and misuse.
Interested in kickstarting your career in Cybersecurity no matter your educational background or experience? Click Here to find out.