In this month’s newsletter, we take a look at social media and the security risks it poses for its users. As a reader of Cybersecurity Magazine, you are surely aware of some social engineering techniques used by malicious actors to attack or abuse your online personas. However, it is important to remember that these techniques keep evolving, and it is essential to stay vigilant at all times.
How social media impacts cybersecurity
To start with, Zac Amos recently wrote a great primer on the security risks social media carries for both businesses and individuals. He outlines five ways in which these platforms can be abused and, importantly, what you can do to make sure yourself and your employees are using them securely.
Leveraging classic social engineering principles
What can go wrong if security best practices are not followed highlights a recent phishing campaign, targeted at Twitter and Discord accounts. Utilizing the classic principles of urgency and intimidation, the attack attempts to trick people to surrender their account credentials to the attackers.
Attackers know how to blend in
Of course, phishing attacks are not limited to just a few platforms. Every popular website can be abused to become the channel for this sort of schemes. And some are particularly difficult to spot. Recently, phishing campaigns have been reported to use fake Facebook pages and Messenger features to lend them credibility and blend in.
Phishing attacks keep evolving
A novel social engineering threat that is likely to become more widespread is that of Artificial Intelligence used to create so-called “Deepfakes”. While most people will have seen this kind of video mimicking celebrities saying something funny, it is really just a matter of time until the same technology is abused for malicious purposes.
Online identities can easily be leaked
Lastly, a recently published piece of research serves as a reminder that there is very little that is anonymous about your online activities. Researchers from the New Jersey Institute of Technology showed that it is possible for malicious actors to determine which public identifiers their victim controls just by making them visit a specially crafted website. This could include email addresses and social media profiles, making it a prime target for data brokers and malicious actors gathering information.
Cybersecurity Magazine Editorial Team