Phishing is still the #1 threat action used in social engineering attacks, and spear phishing, in particular, takes advantage of your users’ socially networked lives.
Many of your users are active on social media sites like Facebook, LinkedIn, and Twitter. Attackers use social media to target both your brand, your users, and even your customers by distributing malware or using social engineering to phish for credentials. These platforms have become a goldmine for the bad guys to carry out social media phishing attacks against your organization!
Attacks related to social media accounts have increased by 43 percent, with social media phishing attacks growing at an astonishing 75 percent. Users often fall prey to social media-related schemes because they feel they can trust messages coming from their ‘verified’ connections without understanding their personal information has been scraped and they are being directed to a landing page that looks real but is not.
“Social media platforms have become commonplace, yet many users are unaware of the risks associated with using various platforms,” said Stu Sjouwerman, CEO, KnowBe4. “It’s also more difficult to regulate in an office environment because employees access social media sites from their phones or even their work computers if the organization has a corporate Twitter, Facebook, LinkedIn or Instagram page. Training and testing are crucial to raising the level of awareness when it comes to social media because your users can be your biggest asset for security.”
Since IT and security professionals often don’t have visibility or control of the environment on which social media is used – such as cell phones – it becomes imperative to train users what to look for and how to spot threats. With KnowBe4’s Social Media Phishing Test, it’s simple to test users, train them on the ‘red flags’ they should recognize, and quickly review the percentage of clicks or data entered on a spoofed landing page in order to provide more targeted training.