Like and Subscribe to Scams: Social Engineering on Social Media
In the age of endless scrolling and curated feeds, social media has become an integral part of our lives, whether you are swiping on dating apps or melting the time away on TikTok. We connect with friends and family, share our experiences, and consume information—often without a second thought. It’s something we all think, but you never truly think something bad or negative, like falling victim to a scam, will ever happen to you. But lurking beneath the surface of likes and comments, a sinister side of social media exists as a breeding ground for social engineering attacks and it can happen to anyone to get caught in the trap.
Social engineering attacks are the art of deception, using psychological manipulation techniques to trick victims into revealing personal information or transferring money. Cybercriminals exploit the strengths of social media platforms, posing as legitimate entities or trustworthy individuals, to lure users into clicking on malicious links, sharing personal information, or even transferring money. Not many give themselves the time to figure it out; they might see in big bold letters “FLASH SALE” on their favourite brands and without a second thought, they’ve typed in their bank account details.
These social engineering attacks can be incredibly sophisticated, preying on our emotions, trust, and desire for connection. They can range from seemingly harmless “like and share to win” giveaways to elaborate phishing attempts that mimic legitimate institutions and your favourite brands.
The skill of social engineering involves coercing someone into disclosing private information, such as banking account information or passwords, by deceiving them. Although it’s common to believe that something like this wouldn’t happen to us or our company, or even that we wouldn’t fall for a scam, 60% of workers reported becoming victims of social engineering attacks in 2016.
When people are targeted, it is easy to fool them into revealing personal information, executing a transfer that appears authentic, or even granting access to their computer. Instead of attempting to break into software, criminals prefer to use social engineering techniques because it is much simpler for them to trick people into giving them their trust.
Particularly when it comes to social media, businesses struggle to strike a balance between employee freedom and company security. Some businesses don’t have any rules at all regarding what can or cannot be shared on social media platforms like Facebook and Twitter, while others may have stringent guidelines in place to prevent any internet scams but they could also track anything like external thefts and attacks in those forms.
The issue is that social engineering attacks get harder to identify when combined with social media because they appear to be coming from people you would expect to be reliable, like friends, coworkers, or even relatives. You might want to reconsider if you believe you can identify social engineering attacks on social media.
Keep this information away from social media:
- Job Role / Job Roles.
- Work or private email addresses: have an email address that will merely be monitored rather than using any of your employee’s email addresses.
- Screenshots of conversations.
- Phone numbers: Have a landline business phone number to share with clients and potential clients.
- Financial status.
What To Avoid
In general, the plot that precedes the installation of malware, computer viruses, Trojan horses, and similar programmes is what social engineering attack avoidance is all about. The narrative becomes irrelevant as soon as a hacker manages to get a user to activate the bug. You can tell whether to believe inquiries from reliable sources if you are aware of the typical behaviour requests made by criminals from their victims.
Avoid clicking on any suspicious links from emails, chatrooms or instant messages. Surely we’ve all had those messages on Facebook that are in capital letters asking you to click a link to see something crazy. If the URL doesn’t look familiar, just carry on scrolling.
When in doubt, or every time you are about to click a link, just double-check it. Clicking on a bad link is like opening Pandora’s box- once it happens, you have no idea what you’re going to be left with. Avoid any of these red or even beige flags, run in the other direction and if you can, report it.
In a similar vein, until you confirm the source, you should refrain from sending money to charities or fundraisers that friends or family forward to you via email. This is a popular scam, especially around the holidays, when people are more likely to feel philanthropic.
Scammers on the internet can also contact you by sending phoney links from phoney organisations through the contact lists of your friends. Given that they are from personal contacts, these emails may appear to be normal. Has this person ever sent you a message similar to this before? ask yourself. If you cannot validate the website, do not donate.
The best way to stop financial or personal information from being lost or stolen is to train staff members about the dangers of social engineering and the consequences of oversharing on social media.
Raising security awareness about what your company considers inappropriate information to share and how this information can be used as ammunition for social engineering attacks to start a business is a good place to start. Even though it’s difficult to encourage employees to completely avoid sharing sensitive information on social media, if rules and regulations are in place, your employees should follow them accordingly.
It’s important that, while educating your employees, you also tell them to report any dodgy-looking things that might happen on the company’s social media, any impersonations and any peculiar emails that come through. This way, you are telling the social engineering attackers that it’s not that easy but getting rid of them and projecting other parts of the digital world and individuals
As mentioned previously, all businesses should have strong security policies in place that outline how employees should handle sensitive information, such as customer data, financial information, and intellectual property. These policies should also cover how employees should use social media and email and approach social engineering attacks.
This way, you aren’t leaving all the responsibilities up to your employees and you are putting preventative measures in place, not giving social engineering attacks an easy chance. This could include your operating systems, applications and firmware, all of which are updated to the latest version and compliance.
There are now tools in place where you can get your passwords tested; this way, hackers won’t be able to breach them. Businesses should make this a mandatory measure for all employees and enable multi-factor authentication wherever necessary.
By following these tips, businesses can help protect themselves from social engineering attacks. However, it is important to remember that there is no foolproof way to prevent these attacks. The best defence is to be aware of the threat and to take steps to mitigate it.
Photo by Leeloo The First