Why social media is a top phishing threat to businesses
October 2019 by Matt Middleton-Leal, General Manager EMEA & APAC at Netwrix
“Data is a highly valuable commodity these days, and with most of us regularly using social and professional networking sites such as LinkedIn, Facebook, Twitter and others, it’s never been easier – or quicker – for cyber criminals to generate a comprehensive picture of our lives, allowing them to more strategically target their victims. While the majority of internet users are aware that not all emails they receive will be genuine – spelling errors and random email addresses being obvious give-aways – more sophisticated and successful attacks are also in circulation. A little goes a long way when it comes to the effort put in by scammers. Even those who don’t target their victims individually can craft highly convincing emails and cast the net wide for high returns.
“We’ve all heard of many examples of organisations being targeted with well-crafted spear-phishing emails directed at senior leadership teams, or even via the supply chain. Take the incident of a CEO receiving an email purporting to be from their child’s school requesting an attached form be filled out. It’s surprisingly easy to find personal information such as this online, and supplemented by a few informed calls to the right people, it can prove very fruitful indeed. In short, with minimal effort an attacker can generate profiles of their targets and significantly increase their chances of success. If an email is relevant to you, not unexpected and convincing, would you suspect foul play? With high-value targets, the potential returns are significant and the risk versus reward ratio highly favourable for attackers.
“Cyber security awareness is essential. Being mindful about the information we share online and being vigilant to correspondence from expected, as well as unexpected sources, is also key. As for businesses, reminding employees of the risks is a start, but equally important is being aware of the bigger picture when it comes to overall risk, mapping out third-party suppliers and potential weak links.”