People need to be aware of how their social media posts can be used against them, according to Darren Millar, senior vice president of operations at PiiQ Media. In an article for International Business Times, Millar explains that open-source intelligence is extremely valuable for launching social engineering attacks, particularly against executives.
“As PiiQ Media researchers found, most executives publicly list information on a regular basis,” Millar writes. “In general, identification of a personal email address for executives was found in 61% of the profiles, with a business email address for 98% of them. And more than 60% had three or more social media profiles that were easily discovered. All these pieces of information can be used to craft phishing emails that target executives.”
Millar adds that executives are also more likely to be targeted by sophisticated social engineering attacks.
“From the bad actor's perspective, company executives are an especially appealing target for attack for the simple reason that they likely have more access to more assets within a company,” Millar says. “That means the potential payoff is larger. And at the same time, there's too often a sense of invincibility when it comes to many executives – a feeling that social engineering attacks and data breaches are things that happen to other people but not them.”
Millar notes that since executives are such valuable targets for social engineering, they need to be trained in how to thwart these attacks.
“Executives are prime targets due to their level of network access, so they must be included in thorough training about proper social media use that doesn't give away anything criminals can use,” Millar concludes. “Executive participation will send a message to all employees that this is a serious matter worthy of their full attention and vigilance.”
New-school security awareness training can enable all of your employees to follow security best practices.
International Business Times has the story.