Protecting our organizations from social media cyber attacks requires awareness and vigilance among all employees.
Psychological manipulation, creation of fake profiles, information gathering, cybercrimes on social networks continue to grow. A trend that does not spare companies that have a key role in raising awareness and training employees.
Recent years have highlighted the challenges of cyber security. Indeed, cyberattacks are becoming more numerous and sophisticated, and in addition to business sites, social networks (Facebook, LinkedIn, Instagram, Twitter, etc.) are increasingly targeted.
Bank card fraud, remittance fraud, solicitation of humanitarian aid, donations, promises of easy money or paid work, these cyber attacks are increasing through these channels.
According to a study by FIDO (Fast IDentity online) in 2021, 40% of French users (45% worldwide) have seen their social media profiles compromised or a loved one the victim of a cyber attack. But how do cybercriminals operate and what behaviors should they adopt to protect themselves?
Identify the most used attacks
While there are hundreds of social media scams out there, some are more prevalent than others. In 2023, psychological manipulation is very popular among cybercriminals.
After initial contact and establishing a relationship of trust with the user of a social network, the cybercriminal encourages the Internet user to acquire a product that he will never receive or to buy cryptocurrencies by directing him to a malicious site that will steal money. He can also convince him to provide him with personal information, which can then be used by the cybercriminal to commit fraud or identity theft.
Cybercriminals also use fake linkedin profiles to impersonate a colleague. Similarly, once a relationship of trust is established, he encourages his victim to click on a link related to software that will allow him to hack into their devices or perform cyber espionage by stealing strategic business information.
Another popular tactic: scraping. This process consists of collecting from several social networks the personal data (name, date of birth, photos, video, etc.) that the Internet user has shared there in order to usurp their identity for new scams, including fake videos and audio recordings generated by generative artificial intelligence.
Adopt good reflexes
But it is possible to protect yourself from such scams. You just need to learn some good reflexes. Therefore, it is highly recommended that you limit the number of people authorized to see your social media posts. This restriction reduces any visibility and therefore any possibility of interaction with a hacker.
Another way: disable targeted advertising to avoid falling victim to a fake ad campaign encouraging people to buy fake products or click on a phishing site.
Third technique: question their motivations before accepting a connection request, and then block anyone who pretends to be an acquaintance and asks for money or personal information. Behind this behavior is most often a hacker who has stolen the identity of a loved one.
Be proactive, not reactive
To penetrate the information systems (IS) of companies, hackers target employees in 99% of cases. Also, raising their awareness and training them in various cyber-attack techniques, especially those using social networks, has become a major business concern.
Without appointing cybersecurity ambassadors whose mission it is to lead communication, organizations may struggle to reach their audiences.
Communication campaigns can cover topics such as: how to change your privacy settings, how to disable targeted ads or how to spot a fraudulent message (typos, incorrect dates, wrong domains, etc.).
Organizations must therefore be proactive in protecting themselves and their employees from cyberattacks on social media, as these platforms are attractive targets for a variety of threats, including social engineering, data breaches and reputational damage.
By developing and enforcing clear social media usage policies that outline acceptable and unacceptable behavior and providing awareness resources to their employees, organizations can reduce their exposure to this mode of attack.