Anyone who is active in social networks reveals information about themselves. These are primarily intended for friends and colleagues. What many users of services such as Facebook, Google+ and Stayfriends often underestimate, however: “False friends” can sneak in who are looking for usable information.
Cyber criminals use the data provided free of charge by social media platforms for highly dangerous activities. The attacks are aimed at individuals, often high-ranking company employees. A multi-layered security concept is required to ward off such attacks.
Private & at work – people are just a part of social networks
According to the German high-tech association Bitkom, more than three quarters of German Internet users are currently registered with at least one social media platform. In other words, over 51 million Germans are on an online social network – and the number is rising. But engagement in social networks is not reserved for private individuals alone. According to Bitkom, almost 50 percent of companies in Germany now use social media platforms, be it for internal communication or for interaction with customers and interested parties.
The success of social media attracts criminals
However, social networks are not only associated with positive things, such as the fact that friends, acquaintances, relatives and work colleagues can stay in contact with one another and exchange information of all kinds. According to IT security experts, Facebook, for example, blocks more than 200 million illegal activities every day. These include posts with links to websites that contain malware or spam e-mails with unsolicited advertising messages or malware links.
In addition, about five to eight percent of the accounts in social networks are created by fraudsters and cyber criminals. They use fake profiles to send spam messages or to gain access to other users’ data as “friends”. For example, supposed friends ask for a transfer of a few euros via direct message because they are supposedly in an emergency. Or they try to elicit company-internal information or data about colleagues from employees.
Protect against social engineering and cyber attacks – this is how it works!
Targeted attacks on employees using such social engineering techniques are enjoying increasing popularity. Companies should therefore be aware that attacks on mobile devices and social networks can be much more dangerous for them than targeted attacks. Because in the service society, employees are the most important resource – for companies and fraudsters.
Even a small amount of data that attackers obtain via Facebook and Co. can be used as a starting point for further attacks. Information like
- First and Last Name
- date of birth
- E-mail address
- place of residence
are sufficient in some cases to activate recovery functions for other online accounts. Such “second-level attacks” are now the order of the day. This is especially true for attacks that target individuals, so-called spear phishing attacks. The target group are preferably employees of companies and authorities who have access to important information. These can be employees of development and sales departments, but also IT administrators with access to account information, passwords and data on network security settings.
The criminal scam: fake email with harmless links
For example, attackers send e-mails or messages to such employees via Facebook, Google+ or Twitter. As an author, you use the data of colleagues or friends of the victim that you have obtained by hijacking accounts or carefully evaluating the online activities of the person concerned. Often times, the target person is asked to open an attached document or click a link embedded in the message. The background to such advances: In this way, malware is to be installed on the computer or mobile device of the person concerned, which is intended to give the attacker access to the company network and he can spy out sensitive data.
A secure scope with social networks and social collaboration platforms is essential for companies. Companies should pay particular attention to the following five points:
- Maintain an open approach to social media instead of prohibiting the use of such services
- Education of employees
- Control of the company’s social media activities
- Involve security officers more closely in decisions
- Establish guidelines for the use of social media
Correctly plan social media guidelines in companies
In order to avoid data leaks within the company, it is also advisable to develop and implement binding social media guidelines. These guidelines regulate whether an employee is allowed to be active in his role as an employee in social networks and what he has to consider. In some industries, such as the financial sector, highly restrictive requirements apply. In other areas, such as the media and entertainment industries, less stringent requirements are the order of the day.
If you want to protect yourself sustainably from the dangers that the use of social networks can bring, you should also use the help of tools. They support users in eliminating malware and activating the “correct” privacy settings on Facebook and Co.