The Fight Against Corporate Social Media Engineering And Fraud
Our main online hangouts are also the focal point for hackers looking to take advantage of any vulnerabilities. That is true for social media, one of the main online activities which is expected to reach 3.6 billion users this year. Recent events like the hacking of 130 executive Twitter accounts prove their attraction. The main targets for such cybersecurity threats may include:
- Corporate, end users and customers: Fraudsters love using social impersonation to perform customer-facing attacks; taking over corporate accounts or creating fake (imposter) duplicates to get customers’ personal and financial details.
- Vendors and partners: Fraud and phishing attempts including real or imposter company executive accounts and fake business forms.
- Employees of all seniorities: C-level are not the only attraction for cyber criminals; all employees are fair game and attractive as a weak gateway to company and customer assets
How fraudsters manipulate social media channels
There are a number of security risks worth taking into account:
- Human error & link clicking: “The error exists between the keyboard and the chair”. With more than 99% of cyberattacks requiring someone to click a link, the human factor plays a major role in the process and uninformed employees or customers pose a serious and almost unavoidable risk.
- Phishing attacks: Social media messages and posts can contain phishing links or forms to extract sensitive information from employees and customers.
- Third-party tools: Unprotected social media extensions and integrations might lead hackers directly into the company’s accounts and core applications.
- Fake accounts and pages: Creating a fake social media account is incredibly easy, and so is pretending to be the corporate itself or one of its executives, employees, customers, and partners. In many cases a short, trust-building online correspondence using a fake account is all it takes.
- Personal information and privacy settings: The information we share online can easily be used for fraudsters, as it helps personalize scams to make them more effective.
- Unprotected devices and networks: The issue doesn’t end with social media apps. If the device itself ends up in the wrong hands, scammers can use it to access social media accounts and even reach out to the owner’s contact list. The networks people use, especially public Wi-Fi connections, may also involve risk.
- Malware distribution: A recent study showed that social media networks make life easier for hackers looking to distribute malware, and are considered major blind spots for enterprise security. One in five companies reported receiving malware via social media and more than 12% consequently suffered a data breach.
6 steps to protecting your social media channels
All hope is not lost and there are a few things you can do to protect your company on social media:
- Form a clear policy: Map your vulnerabilities to expose all the blind spots and form a clear document that explains the risk and how it should be handled and avoided. Much like your security standards and practices, this policy must be regularly updated.
- Train your team identifying social engineering: It’s not enough to create documents, you also need to make sure that everyone reads and follows the instructions. Dedicate time and attention to this issue. Here’s an example for a fun and informativePhishing Quiz created by the US Federal Trade Commission that you can use to establish employees’ level of understanding about employee-facing risks.
- Limit social media access: Sure, employees are always scrolling their Facebook feed at work, but you can still limit the networks that are being used, how corporate devices are handled, and who has access to the company’s business accounts.
- Place someone in charge: You don’t expect any other form of compliance to manage itself, and there’s no reason for social media activity to be any different. Make it someone’s official job to stay up to date on the newest networks used by employees and how they may be exploited by hackers.
- Perform regular checks: Everything we’ve mentioned here can and must be put to the test. Want to know just how well-trained your employees are? Test them using different testing tools that are available online. The same goes for monitoring the access to your organization’s social media settings, the protocol for corporate device use, and more.
- Invest in a security product: Choose solutions that understand your company’s social media exposure and can help prevent, detect and mitigate social cybersecurity threats.
BrandShield’s social media defense
BrandShield knows the risk of corporate and private social media use and offers a solution that takes into account the unique characteristics of such fraud and phishing attacks. The company’s product monitors a wide and ever-expanding range of social media networks and places a special focus on C-level impersonation and a variety of phishing attempts.
Upon discovering any suspicious activity, BrandShield examines it and removes threats immediately, before they are able to scam employees or customers and access private or corporate information. This way, any sensitive details, including credentials, financial data and core applications remain safe, while employees and customers can continue to enjoy the positive side of social media networks.
To learn more about BrandShield’s social media protection capabilities, we invite you to sign up for a personal demo and receive all the relevant information directly from our corporate cybersecurity experts. Take your first step towards a safer online activity.