News & Resources
Phishing isn’t just for emails anymore
Phishing isn’t just for emails anymore
A web browser is a portal into a world of information…and threats. So, what can you do about it to protect your business?
Web browsers have a lot to answer for. In a recent survey of 400 CIOs, 68% said that cyber criminals are now so sophisticated, their staff struggle to differentiate between safe and unsafe sites(1) . With that in mind, it’s no surprise that 70% of IT professionals experience weekly phishing attacks – and not just via email(2).
Despite greater awareness and investment in security software and employee education, there’s been a 232% jump in cyber-attacks on notebooks and desktops over the last six years(3). Cyber-criminals are still getting through, because the numbers are on their side. It takes a huge amount of effort to safeguard data, but it only takes one employee clicking on one malicious link to bring down your business.
Social media cyber-attacks are a large part of this problem. Platforms, like Facebook and Twitter, are rich hunting ground for cybercriminals. Not only are they designed for engagement and communication, they’re also simple to use and cheap to run. It’s incredibly easy to set up fraudulent accounts and start posting malicious content, from links and data harvesting to landing pages with unreliable pop-ups.
Most of these online activities are based on phishing techniques, which used to be reserved to email. Social media enables connections between people, and it doesn’t take much to build up a substantial, credible persona and following with genuine users of the platforms.
Vevo, the streaming service, was the recent victim of a massive data breach. One of its employees was targeted by a LinkedIn phishing scam, which led to 3.12TB worth of internal files being leaked online. This included, videos, office documents, promotional material, yet to be used social media content, and information about recording artists signed to the participating record companies(4).
Hacking squad OurMine claimed responsibility for the attack, after an altercation over email with a member of staff at Vevo. This shows the danger of spear-phishing, a targeted attack that tries to steal specific details from a specific target. Most often hackers disguise themselves as a friend or trusted source (i.e. your bank) to trick the target into releasing information – which accounts for 91% of attacks.
For most businesses that fall victim to a phishing attack, like Vevo’s, the consequences can be both damaging and longstanding. Not only can they result in the loss of employee productivity and customer data, but in the loss of customers themselves. The trust your customers have in your business could take a huge hit due to a security breach – to them, you’re no longer a trustworthy holder of information. And, although this can be salvaged, more often, the implications are permanent.
In Q4 2017, social media phishing attacks spiked to 500%, with a trend for fake accounts posing as customer support for big name brands(5). This development became known as angler-phishing, because hackers set bait and wait for social media users to come to them. By using the same branding and an authentic looking account name, the millions of people who rely on web-based social media are often fooled by a convincing attack. Then, as soon as a user engages, the fake account sends them a link to a phishing site and asks them to log in, allowing the phisher to reach the ultimate goal of obtaining private data.
One of the easiest ways to prevent your employees from engaging phishing via social media is to instigate behavioral change at work. It should help your staff to avoid making the kind of simple mistakes that lead to devastating consequence for your business:
- Limit interactions to users you can trust
- Don’t click through links from an unverified source
- Never download file attachments from social media
- Enable two-factor authentication on all social media accounts and devices – it’ll make it harder to hack them
- Give extra training to employees with high-access privileges or social-facing roles
Ultimately, having a well-trained team and devices that are optimized for security will help you combat social media cybercrime, one of the top cyber threats out there. It’s only going to get bigger and more sinister, so now is the time to upscale your defenses.