Staying in touch with family and friends, surfing through the latest batch of memes, or even interacting with our favorite brands—social media is ubiquitous in the world today. It’s all about sharing, and, well, socializing.
While social media does have a good purpose, there are, unsurprisingly, threat actors who use all that shared information for nefarious purposes.
Primarily, they use social media profiling to learn about an individual’s life. The information on social media profiles is public, and that data is a commodity for brands and cyber criminals alike.
What is social media profiling?
According to SentinelOne, social media profiling is “building a composite of a person’s identity and lifestyle from publicly available information.”
And it doesn’t just stop at your name. If you have shared a resume, information about special events, family member names or vacation data, it’s easy for a hacker to build a full picture of your life over time.
If your page is business oriented, then you’ll likely have an About Us, Achievements, and other info listed for your ideal customers, but they aren’t the only ones who can take note of this information.
Threat actors use this data to manipulate companies, too.
How do hackers use the information gathered from social media profiles?
Once hackers have learned everything they can from your social media profiles, they commonly use that information to manipulate you into giving up more data or money. To do so, cyber criminals craft targeted advertisements and malicious phishing emails based on personal information.
Let’s go into a more specific example of social media profiling.
Say you recently decided to shop around for new computers. You browse a few websites like Nebraska Furniture Mart, Best Buy, etc. You post on your Facebook page that you’re looking for computers, asking your social network for recommendations.
As you do your research, your browser collects cookies that then retarget you with specific advertisements. These are the ads that show up later in your social media feed—the ones that make it seem like your smartphone is reading your thoughts or eavesdropping on private conversations.
It all may seem harmless on the surface, but there’s more to it than just making one status update and surfing e-commerce sites.
What if one of those specific ads wasn’t for a legitimate site, but was malvertising that, when clicked, delivers a dangerous payload to your computer, and infects your device with a keylogger?
Now, the next time you visit your financial institution or bank’s website and log in, that keylogger sends your private credentials to a hacker on the other side of the world, who now has free rein over your bank account.
The situation can get worse from there, too.
If you’re like 50% of the planet’s population, you’re recycling passwords in some way, shape, or form.
Hackers capitalize on this, and if they have the password for one of your accounts, they likely have it—or something very close to it—for several others. It won’t take them long to crack the variations, either.
This dangerous rabbit hole starts with the information you’ve posted publicly, and hackers gather that personal information during social media profiling. Then, they use it against you in future manipulative cyber attacks.
How can you avoid being profiled on social media?
Use common sense when using social media. Be skeptical about connection requests you receive from people you don’t know—and even people that you do. Profiles can easily be duplicated.
Ultimately, you want to err on the side of caution. Really think about whether the information you’re about to post needs to be shared publicly. Consider the potential impact of that status update.
In addition, be careful what you click on. If you want to view a website, don’t click on the ad, simply go to the URL for that website. Educate yourself on what to watch out for when on the web and use a password manager to keep your passwords secure.
Cyber security starts and ends with the end user—including their use of social media.
Of course, you still need robust cyber security solutions in place, but your end users need cyber security awareness training. Otherwise, even the most intricately woven IT security strategy can be unraveled with a single click.
Every phishing attack requires the cooperation of an often-unwitting end user. Make sure you’re informed and aware of the latest hacker tactics.