Most people have a handful of popular apps that have rightfully earned their place on the home screen. However, a quick look over the shoulder of anyone in a public space highlights how many front screens contain the same popular social media apps such as Facebook, Instagram, TikTok, Twitter, YouTube, Linkedin, and Snapchat.
Despite our love-hate relationship with social media platforms, there is no avoiding the increasing dependence on these apps in our personal and work lives. Predictably the ubiquity of social media platforms is making it one of the fastest-growing attack surfaces where consumers have already lost $770 million to fraud.
Worryingly, most users are blissfully unaware of how their social media usage could be unwittingly exposing themselves and their place of work to online fraud, phishing, ransomware attacks, and much worse. In addition, the fact that 84% of users are posting on social media apps and 77% of them are reusing the same passwords makes everyone an easy target for cybercriminals.
The dangers of oversharing
Almost every aspect of our lives is shared on social media. As a result, it’s becoming effortless for people to quickly learn about you from your hobbies, family members, and geotagged location check-ins. Even if you do not participate or are very careful what you share online, others can tag you in posts making it almost impossible to stay away from watchful eyes.
Holidays, birthdays, conferences, nights out, and even your job title on LinkedIn can all help provide malicious actors with the sensitive information they need before launching an attack. For example, sharing photos of yourself living your best life on multiple platforms could leave you susceptible to thieves who know that your home is currently empty.
Although insurance companies don’t monitor social media posts, they are beginning to warn policyholders to be mindful of what they post online and check into the airport or post images. As a result, we could see insurers take a different stance against victims who have been guilty of oversharing and maybe it could eventually prompt users to recalibrate their relationship with big tech.
There is also increasing concern around the rise in synthetic ID fraud (SIF), where attackers combine a user’s social media profiles with leaked personal data to create a so-called Frankenstein identity. But these are just a few examples of the rise in sophisticated attacks made possible by the digital footprints that our obsession with social media leaves behind.
Don’t fall for LinkedIn phishing
If an attacker wants to target a business, they can easily browse through all employees on LinkedIn. Then, with a few more searches, they can also check out an employee’s other social networking profiles to better understand who someone is and identify their interests or passions in life. Finally, a quick visit to the company website will reveal the email domain to enable the attacker to send a spear-phishing email that can be personalized around the target’s hobbies, favorite airline, bar, or retail store.
As for a business network, an attacker could also use a public post on LinkedIn from a CEO who has just checked in to an overseas conference as an opportunity to send a spoof email to a finance manager asking to approve an urgent invoice. With enough information, attackers can easily impersonate a business brand to trick users into sending money or sharing their login credentials.
In a business environment, a seemingly innocent LinkedIn post could be leveraged to add credibility to phishing emails or even phone calls where criminals will attempt to complete money transfers and almost any account fraud you can imagine. But although the debate around social media vs. cybersecurity in the office can feel daunting, safely using social media at work can be achieved by following a few simple steps.
The growing digital attack surface
As big tech begins to build multiple metaverses and users start to explore new digital worlds, we can expect the digital attack surface to expand with our aspirations. Once again, our current and past cybersecurity concerns will follow us into the metaverse by introducing an entirely new infrastructure that contains advanced devices, apps, and a smorgasbord of data.
Security and privacy around social media activity will continue to dominate conversations in the months ahead. There are numerous ways that scammers can use readily available information online to perform attacks around social engineering, phishing, brand impersonation, and data theft. But as the seriousness of these attacks comes to light, many are beginning to ask who is responsible when cyberattacks result in deaths?
Despite the rise in high-profile attacks and numerous warnings, you don’t need to search too far to find groups of individuals face down in their smartphones, all using the same apps while reusing their passwords across continuously expanding social networks. Unsurprisingly, social media has become the fastest-growing attack surface. But the bigger question is, what are you and your business going to do differently?