Social platforms are the current favorite target of cybercriminals, displacing financial institutions, providing cybercriminals with credentials to be used as launch points for further phishing campaigns.
Most cyber attacks we read about seem to involve an organization that was attacked because it was perceived to have a lot of money that could be parted with via ransomware, extortion, digital fraud, etc. But then we have initial access brokers that focus solely on obtaining valid credentials which can then be sold to a cybercriminal intent on attacking an organization.
And then there’s those cybercriminals that focus on targeting social media in an effort to compromise accounts that can be used in scams or to propagate social engineering attacks. According to PhishLabs, the focus on social media sites as attack targets jumped nearly 25% last quarter, making it not only the number one industry targeted, but single-handedly representing just shy of half of all phishing attacks last quarter.
Source: PhishLabs
The real risk in social media being compromised is that the accounts that are misused can have a wide reach that includes mobile and desktop devices, individuals and corporate users, and have more than just a credit card or digital currency scam in mind. So, users within organizations should be very familiar with the latest social engineering techniques used in social media, as well as taught to remain constantly vigilant – something provided through continual Security Awareness Training.
