Social Media and Their Exploitation in Social Engineering

facebook-dislike-button-1Phishing is most commonly associated with email, but social media are quickly becoming a major hunting grounds for scammers, according to Elliot Volkman from PhishLabs. Social media present many of the same problems faced by email, such as impersonation, credential theft, and various types of scams, but it also facilitates intelligence gathering for targeted attacks. Additionally, attackers can interact with other accounts to confuse users, rather than being restricted to one-on-one conversations.

“Because phishing is the malicious use of social engineering, impersonation plays a huge role in the success of an attack,” he explains. “By posing as someone with any kind of authority, it’s easy to damage that person, the brand associated with them, and trick users into taking a specific action....One of the most common examples is that when a celebrity posts a Twitter, a threat actor replies to it, posing as that user, saying they are giving away free bitcoins. Hint: they aren’t.”

Volkman also points out that attackers shift their tactics as the market changes in order to target the largest number of potential victims.

“Take for example your organization,” he says. “As a brand, there is a good chance there are set profiles on the largest networks; however, what about your users and employees? The more prevalent and engaged a digital medium, the greater the likelihood that a threat actor will attempt to abuse it.”

One of the benefits of the increased connectivity offered by social media is that users can band together to call out scams when they see them. All organizations can benefit from providing new-school security awareness training to help their employees better defend themselves against social engineering attacks. PhishLabs has the story:

Free Social Media Phishing Test

Would your users fall for a phishing email that looks like it originated from a credible social media site such as Facebook, LinkedIn or Twitter? Attackers use social media to target both your brand, your users, and even your customers by distributing malware or using social engineering to phish for credentials. These platforms have become a goldmine for the bad guys to carry out social media phishing attacks against your organization. Don't get hacked by social media phishing attacks!

SPT-monitorHere’s How the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

Don't like to click on redirected buttons? Copy & paste this link into your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews