In an era with billions of social media users who share everything from what they are eating to where they are going, cyber attackers have found a new way to penetrate these channels: a method commonly referred to as spear phishing.
This blog post will explore what it is, how individuals are fooled by it and how we can help.
It is a targeted attack in which a bad actor gains access to social media users on the same platform. Unlike email phishing, this method involves precise targeting of a company using real and robotic identities.
These offenders will get in one of three ways:
· Account hijacking: They will set up an account that mirrors another account. Once complete, they will analyze the other account and send out friend requests to the same group of individuals. Because they have scraped several accounts, they already know which ones are the best to access the company data.
· API weakness: If the Application Programming Interface (API) that connects devices to the internet has a minimal level of security protocol, it’s fertile ground for hackers to succeed.
· An external link: Within an innocuous social post, an enticing link has malware within it. In a recent Time article, Russian hackers promised seven to ten thousand Pentagon Twitter account holders a personalized vacation package when they clicked on a hyperlink within the tweet. Many took the bait and the hackers were in. It is estimated up to sixty percent of all spear phishing links are opened compared to thirty percent of email links.
Here are the five things that a phisher can put in motion:
1. Data theft, including intellectual property
2. Settlement of legal liability from fake news or libelous posts about others
3. Regulatory penalties if data privacy is breached
4. Brand confidence such as we have witnessed from Equifax, Yahoo and now Facebook
5. Confidential records exposed such as health or NDA agreements
Our anti-phishing solution offers a layered approach to existing anti-spam solutions. We look at every possible vulnerability, exploring it in a remote, sandbox environment. As a value-add service to our customers, we provide training sessions to your organization. We cover a variety of topics on social media safety. Give us a call at 516.876.8200 or fill out our contact form to discuss how we will keep spear phishing away from your organization. Let’s get started today!
The ProActive Technology Group
14 Plaza Rd
Greenvale, NY 11548