Social Media and Social Engineering: How We Make the Hacker’s Job Easy

By:  Gizzelle Sandoval

Sharing everything about our lives has become an essential item in the mental checklists of millions of people. Dating or making friends with anyone in the world is now at the tips of our fingers. These perks came with the expansion of the accessibility of social media. It’s now easy to share everything about yourself with an audience of millions of people. With the ability to access and share information with a push of a button, are we potentially taking it too far and compromising our security? 

October is Cyber Security Awareness Month (CSAM), also known as one of the busiest times of year in the cybersecurity industry. Now’s the time that businesses evaluate how safe their “crowned jewels” are, like their employee data, finances, and client lists, to name a few. Unfortunately, bad actors never take a vacation, including this month.   

Here are some typical scenarios you may want to keep in mind when it comes to social engineer attacks: 

1. Account Takeovers and Cloning 

This happens when someone decides to take over Person A’s social media account by either hacking them or creating a new account that looks similar to theirs. They then contact the Person A’s connections through social media with a hyperlink to get Person B to click on it. This tends to work because there’s already trust established between Person A and B, so it’s likely Person B will click on the link and unknowingly download malware. 

2. Targeted Scams 

This can take many forms, such as fake fundraisers, giveaways, and questionable ads. Another example, and a growing phenomenon, is catfishing, or taking on someone else’s identity to gain some benefit. This could be money or personal information. According to the Federal Trade Commission, romance scams rank number one on total reported losses, with the median reported loss being $2,600 in 2018. 

3. Data Gathering 

This method makes it very easy for attackers to identify their targets. The more information someone shares about themselves online, the better the attackers can use it against you for their own gain. They’ll scrub people’s social media for information such as your personal interests, where you’ve been (i.e. geotagging), and your job and educational background (LinkedIn). The more you share, the easier it is to hijack your identity online and scam others, leaving you to pick up the pieces of potential reputational damage. 

Fortunately, there’re ways to minimize your risk of being successfully targeted for these attacks. The most important one is thinking twice before you post anything that isn’t already public information. The next tip is to always be in investigative mode. Are you sure that your sister was really the one who sent you a hyperlink over messenger when she’s rarely online? I recommend sending a message to them on a different platform to verify that it was them. Lastly, enable multi-factor authentication on all of your accounts to minimize the risk of being hacked. 

Leave a comment