PROTECTING YOURSELF OR REALESTATE BUSINESS FROM SOCIAL ENGINEERING
PROTECTING YOURSELF OR REALESTATE BUSINESS FROM SOCIAL ENGINEERING
Social engineering is a type of cybercrime that involves manipulating someone into taking a specific action or divulging confidential or personal information, often (but not always) in an online setting. This can take the form of a hacker posing as a trusted source, such as a work colleague or a friend on social media. In this way, hackers take advantage of the trust we have in people we know, those in positions of authority, or even trusted institutions. This piece will focus on social engineering in relation to social media.
The way social engineering on social networks can play out is twofold. First, there are the cyber-attacks that are carried on your actual social media account. Second, there’s the matter of information you share on social media being used against you, or someone else you know, in an alternative setting. This is often email, but social engineering attempts can also occur over the phone (which is known as voice phishing, or “vishing”), SMS (smishing), and in messaging apps like WhatsApp.
In this article, we’ll go through the three most common social engineering tactics on social media, what they look like in action, and what you can do to protect yourself. Let’s get started.
1. Account Takeovers and Cloning
This kind of social media hacking usually works by taking over a person’s social media profile and either posting to their profile and tagging contacts or private messaging all their contacts. This is known as contact spamming. Sometimes an account doesn’t even need to be taken over. Clever scammers can create a very convincing copy of your account by simply using your profile picture and other publicly available information.
Contact spamming is a common form of phishing and chances are, you’ve seen this kind of social engineering attack in action. It’s often used via email, too. Although it’s the most basic kind of social engineering attack and is very frequently used, there’s no denying that it’s effective. According to a survey by Proofpoint, 83% of respondents experienced a phishing attempt in 2018.
2. Targeted Scams
Social media scams can take countless forms, from fake fundraisers, competitions, and giveaways to fake Facebook groups, questionable ads, and even catfishing. However, when it occurs on social media they are typically more targeted and align with your interests, so it can be more difficult to spot, particularly if something is posted by a trusted contact, a legitimate-seeming business, celebrity, or influencer you follow.
These kinds of scams can be most convincing when scammers take advantage of current events. A great example of this is when scammers purporting to be Apple following the death of Steve Jobs, claimed to be giving away 1,000 free iPads, Macbooks, and iPhones in his honor. It wasn’t real of course, it turned out to be a phishing scam.
3. Data Gathering
Even if they don’t target you specifically on social media, cybercriminals can use it as a means to an end, gleaning personal information about you to use for malicious purposes. Hackers can use even the most innocuous information and smallest details you share to build a believable profile that can either be used on a social media network (to carry out some of the scams we’ve mentioned already) or elsewhere.
Such information may include the people you socialize with, your personal interests, where you’ve been on vacation, the services you use, and where you live. They can also peruse websites like LinkedIn to find your job information, educational background, as well as your working relationships. This information can be used to create convincing phishing emails or sms messages that align with your interests. It could also be used by a social engineer to approach a colleague or friend via these avenues and very convincingly claim to be you. This is known as spear phishing.
HOW TO PROTECT YOURSELF AND BUSINESS
This article covers only a handful of forms of social engineering on social media. The unfortunate reality is that attack types are constantly evolving and becoming more sophisticated, so there’s no way of covering absolutely every single possibility. Fortunately, using a bit of common sense and being mindful about what you share publicly online should go a long way in protecting yourself. To recap the advice given throughout, here’s a checklist for protecting yourself against social media social engineering:
While the easiest solution would simply be to delete all your social media accounts, in this day and age it’s simply not realistic. Social media has become an intrinsic part of life for many people, and online connections are more important than ever, particularly for those trying to build a professional profile. That said, be mindful of the kind of information you share publicly. For Facebook, Instagram, and Twitter, make sure your geotagging settings are turned off, particularly when it comes to local establishments you visit frequently.
With regards to Facebook, make your personal profile completely private and set up a separate public profile if necessary. Ensure your personal profile content is visible to friends only. Speaking of “friends”, do a quick sweep of those, too. If there’s anyone you’re unsure about, err on the side of deletion. Better to offend a person you spoke to for two minutes at a party 10 years ago than potentially put yourself at risk.
If a contact or someone you follow shares fundraiser, competition, or giveaway, always verify its legitimacy before sharing any information or handing over your cash
Remember that just because a social media advertisement or company profile might seem legitimate, it doesn’t mean it is. Do a quick Google search for the official website to compare URLs.
Treat anyone promising you easy money as a scammer, especially when you have to pay an advance fee for it.
Treat unexpected messages and posts (especially containing links or attachments) with caution
Enable 2FA
Always double-check the source of giveaways and fundraisers
Don’t automatically trust social media ads, pages, or groups
Be mindful of what you post on social media
Optimize your privacy settings
Check your friend lists
Don’t unwittingly give away security data on “fun” shared posts
As for general best practices, try to avoid logging in to other sites via your social media credentials. If a social engineer ends up hacking into that particular account, it could result in a domino effect, where several of your online accounts are compromised. Similarly, use unique, strong passwords for every site you use.