How Social Engineers Use Social Media

Social Engineers Use Social MediaPeople need to be aware of how their social media posts can be used against them, according to Darren Millar, senior vice president of operations at PiiQ Media. In an article for International Business Times, Millar explains that open-source intelligence is extremely valuable for launching social engineering attacks, particularly against executives.

“As PiiQ Media researchers found, most executives publicly list information on a regular basis,” Millar writes. “In general, identification of a personal email address for executives was found in 61% of the profiles, with a business email address for 98% of them. And more than 60% had three or more social media profiles that were easily discovered. All these pieces of information can be used to craft phishing emails that target executives.”

Millar adds that executives are also more likely to be targeted by sophisticated social engineering attacks.

“From the bad actor's perspective, company executives are an especially appealing target for attack for the simple reason that they likely have more access to more assets within a company,” Millar says. “That means the potential payoff is larger. And at the same time, there's too often a sense of invincibility when it comes to many executives – a feeling that social engineering attacks and data breaches are things that happen to other people but not them.”

Millar notes that since executives are such valuable targets for social engineering, they need to be trained in how to thwart these attacks.

“Executives are prime targets due to their level of network access, so they must be included in thorough training about proper social media use that doesn't give away anything criminals can use,” Millar concludes. “Executive participation will send a message to all employees that this is a serious matter worthy of their full attention and vigilance.”

New-school security awareness training can enable all of your employees to follow security best practices.

International Business Times has the story.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews