Hackers Using Social Media Posts To Steal Data
By now nearly everyone has heard about the recent “WannaCry” ransomware attack, which affected thousands of computers in over 100 countries. While this attack came in through a vulnerability in Microsoft Windows operating systems that had not been updated, most ransomware is the result of “phishing.” Phishing, sometimes called “spear-phishing,” occurs when someone opens an attachment or link in an email that appears to be from a legitimate source. That attachment or link unleashes malicious software, called “ransomware,” that invades the computer or the network, if the computer is attached to one. The ransomware then freezes or encrypts the network’s data until a “ransom” is paid to the hackers. At that point, the hackers may, or may not, provide the affected person or organization with the tools to free up their data.
Hackers are very inventive, and keep a step ahead of the good guys. They are increasingly using a new approach: social media sites. Recently, the U.S. Defense Department detected hackers using social media posts, such as those on LinkedIn, YouTube, Twitter and Facebook, to penetrate networks. The New York Times reported in a recent article that Pentagon employees received a link attached to a Twitter post, promising a vacation package, that allowed Russian hackers to get into an employee’s computer.
Hackers increasingly send personalized messages based on information publicly available on social media, such as school affiliations, sports interests, hobbies, and all of the other “stuff” that users put online. These attempts are effective: Verizon found in 2016 that only 30 percent of phishing emails are opened, but the cybersecurity company ZeroFox reported that 66 percent of recipients opened phishing messages sent to their social media accounts. Earlier this month hackers used fake coupon promotions for Mother’s Day and Memorial Day on Facebook to steal personal information. The fake coupons appeared to come from legitimate retailers such as Lowe’s, Safeway, and Aldi.
Social media users tend to trust posts on their accounts and are more likely to click on the links in those posts. Once someone does that, the malicious software can spread through the person’s social media network as well as a company computer network.
Facebook has taken note of this practice; in its April 2017 report Information Operations and Facebook, the company listed steps it is taking to defend its users. These include: customizable security features, notifications to specific people targeted by hackers, proactive notifications to people whom Facebook believes may be at risk for an attack, and working with government agencies to notify and educate users who may be at greater risk of attack.
How can you protect yourself and your organization from cyberattacks using social media posts? Some steps belong on any checklist for stopping hackers, including strong passwords, anti-malware and anti-virus software, and keeping software and web browsers up-to-date by accepting patches and updates. Others are more particular to social media, such as:
- use the social media site’s privacy settings to restrict access to your site, and to limit who can contact you
- use verified accounts if the site provides them; Twitter and Facebook offer the use of verified accounts or profiles to ensure authenticity
- limit access to your company’s social media accounts
- use monitoring tools to help protect your company’s social media sites
- limit what information you post online
- be wary of strangers contacting you on social media
It is never possible to be 100% secure, but taking these steps can protect your company’s network, as well as your personal social media sites, from cyber attacks. If you have more questions, call me at 720-575-0440, or email at mark@spitzlegalcounsel.com.