Social media leaves companies vulnerable to spear phishing

March 4, 2015 Arctic Wolf Networks

The ubiquity of social media use leaves room for another type of threat: precisely-crafted emails that appear legitimate but are intended to install malware or redirect traffic, if opened. It is a practice called spear phishing, the most prominent culprit behind viruses, according to SC Magazine.

The right kind of information
Of particular note are the ways in which spear phishers obtain their information. Social media creates the most vulnerabilities, especially for companies, said information security writer Sue Poremba writing for Forbes. While Twitter and Facebook are effective and often necessary business marketing tools, they are also prime phishing spots.

Most social media users are habituated to hearing cautions about what is posted on social media but these warnings usually apply to protecting oneself from termination by not posting negative comments a company. Because these warnings are so ubiquitous, it might be easy to ignore them altogether.

Unexpected dangers
Take heed, though: posting seemingly innocuous information to personal or corporate social media sites can be dangerous. Cyber attackers love to mine these posts for information and even details that seem inconsequential, such as the name of the person an employee reports to, can serve as ammunition for cyber attackers. Nicknames, titles and even the tone of posts are all signifiers that allow a spear phisher to pose as someone writing a legitimate email, composed well enough to mask a threat on first read. 

These are not emails that carry the subject line: "URGENT: Unred messAge: plse update account info needed." In fact, spear phishers won't use subject lines that prompt immediate deletion.

Even the most savvy are susceptible to opening these messages, as cybersecurity professional Carlos Pelaez  told Forbes: "If someone  posts or tweets that William Smith is the VP of IT Technical Support, I could call on one of their employees and say that 'Bill asked me to confirm your password was reset, so please give me your current password so that I can validate it.' You would know William went by 'Bill' because of his social media account and how references were given to him on LinkedIn as well as how friends tweeted to him."

As reported by CFO, spear phishing is the vehicle that recently enabled attackers to steal from 100 banks in 30 countries. 

Spear phishers' predatory emails are not sent solely to a company's employees but their customers, as well. To protect against an infiltration, business should take extra steps toward information security management. 

Thwarting spear phishing attacks
Awareness the first line of defense. Social media users can take proper caution in editing posts to exclude the types of details spear phishers seek.

Since caution isn't 100 percent foolproof, SC Magazine contributor Mark Parker suggested the next step is to utilize the cloud in your security measures. Cloud-based security can detect threats and filter these harmful messages before they reach an inbox and cause major problems. 

Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. Firebreak, when your firewall fails.

Previous Article
Cybersecurity shaky for U.S. air traffic control

The Government Accountability Office recently reported that U.S. air traffic control is susceptible to the ...

Next Article
Privacy of 720 Ontario welfare recipients breached

On March 2, Ontario's Ministry of Community and Social Services informed the public of the accidental relea...

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!