Social Media and Their Exploitation in Social Engineering



facebook-dislike-button-1Phishing is most commonly associated with email, but social media are quickly becoming a major hunting grounds for scammers, according to Elliot Volkman from PhishLabs. Social media present many of the same problems faced by email, such as impersonation, credential theft, and various types of scams, but it also facilitates intelligence gathering for targeted attacks. Additionally, attackers can interact with other accounts to confuse users, rather than being restricted to one-on-one conversations.

“Because phishing is the malicious use of social engineering, impersonation plays a huge role in the success of an attack,” he explains. “By posing as someone with any kind of authority, it’s easy to damage that person, the brand associated with them, and trick users into taking a specific action....One of the most common examples is that when a celebrity posts a Twitter, a threat actor replies to it, posing as that user, saying they are giving away free bitcoins. Hint: they aren’t.”

Volkman also points out that attackers shift their tactics as the market changes in order to target the largest number of potential victims.

“Take for example your organization,” he says. “As a brand, there is a good chance there are set profiles on the largest networks; however, what about your users and employees? The more prevalent and engaged a digital medium, the greater the likelihood that a threat actor will attempt to abuse it.”

One of the benefits of the increased connectivity offered by social media is that users can band together to call out scams when they see them. All organizations can benefit from providing new-school security awareness training to help their employees better defend themselves against social engineering attacks. PhishLabs has the story: https://info.phishlabs.com/blog/how-social-media-is-abused-for-phishing-attacks


Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/social-media-phishing-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews