Usage of social media: New source of phishing attacks

Untitled-2qww
Cybersecurity

Usage of social media: New source of phishing attacks

Phishing attacks are on the rise these days. Today’s hackers target the overgrowing mobile using population for launching their attacks. E-mails, text messages, social media, or any other app which involves link sharing are some of the ways through which they try to attack. With more and more of our personal data being available online, the hackers customize the attacks in an attempt to disguise themselves from being shown up. Thus they make their attacks harder to detect and more likely to succeed.

Social media is all about connecting with people we know. Also, it is common for people to connect with random people over these mediums who share common interests or business backgrounds. It is also used as a form of dating where people try to get acquainted with new people. And here lies the catch. Cybercriminals try to pose as co-workers or mutual acquaintances by creating false accounts to connect to people and then gain access to their personal data.

The criminals will often join social media groups and post malicious links to gather personal information or login credentials to seem more authentic. This accumulated data is then used to make more phishing attacks on other people and organizations. So, it is evident that phishing is the reason for almost one quarter (around 22%) of all the data violations. With a lot of companies shifting to remote work nowadays, cybersecurity is becoming a more critical issue. At the beginning of the COVID, 19 lockdown companies focused mainly on maintaining the workers’ productivity. Now the emphasis has to be shifted to security, as remote work is not going to end any time soon.

Cybercriminals are fully aware of the mass shift to work from home. They know that with just a little information about a person and their company (which can be easily obtained from social media profiles), they can launch a phishing attack against an organization, the results of which can be dangerous.

For example, the July 15 attack on Twitter in which several accounts of VIPs were hacked. In it, the main attacker was only 17 years old. He first contacted a Twitter employee and tricked him into sharing the user credentials by somehow gaining his trust as a colleague. He then hoaxed the Twitter employee’s phone number through SIM swapping. He got other information about the employee through his social media profiles. Thus he was able to disguise himself as an employee. Once he was able to re-route the employee’s phone number, he was able to seize the One Time Passwords (OTPs) used for Multi-Factor Authentication (MFA) and thus able to gain access inside the company.

Therefore, it was clear that any small hacker could inflict damage to a company such as Twitter. And if it has happened to them, it may well happen to others as well. With many workers currently under work from home and using a mix of personal and company-provided devices to stay connected, cybersecurity is a huge issue. Any company primarily relying on MFA and OTPs to secure access is vulnerable to cyber-attacks. Anyone with a cunning personality, essential details from social media accounts, and SIM swapping skills could quickly access a company.

Companies need to provide security awareness to protect employees from such phishing attacks. But the IT department also needs to enforce some zero trust security approaches which can prevent such scams from reaching employees in the first place. Ensuring that remote workers can only access business apps from only company devices can be a solution. Implementation of Mobile Device Management (MDM) solutions by certain companies were also inspired by this. But with phishing attacks on the rise, MDMs need to go way beyond just basic configurations.

Leave your thought here

Your email address will not be published. Required fields are marked *

Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
  • Attributes
  • Custom attributes
  • Custom fields
Click outside to hide the compare bar
Compare