Are you among the many business tapping social media to promote your products and services? 96% of small business owners include social media in their marketing strategy, mainly for paid ads and connecting with current and potential clients. But, just as your business uses these platforms to seek out prospects, cybercriminals are lurking in the corners, on the prowl for inattentive victims, including your employees, through social media phishing.
What is social media phishing?
Social media phishing is any digital attack that is connected through social media platforms, such as Facebook, LinkedIn, or Instagram. Many business hackers use social media to steal personal data or gain control of your social platform to attack your customers and colleagues. Hackers can also use Facebook or Twitter to access your cell phone, since most user’s access it on their mobile device.
This is nothing new. At some point, you’ve received weird messages from your friends on Facebook. Then, a couple of minutes later, you see on your feed that they were recently hacked. Keep in mind, if it can happen to one of your friends, it can happen to one of your employees and to your business accounts. And, for a lot of businesses, it has.
In January 2021, businesses experienced, on average, 34 social media-related phishing attacks that month. There was a 47 percent increase in June, when the phishing attempts increased closer to 50 monthly attacks. By September 2021, companies dealt with an average of 61 social media-related phishing attacks per month, resulting in an 82 percent increase of hacking attempts for three quarters of last year. What does this mean? That more hackers targeting businesses are using social media as an opportunity to gain access to your systems, and the chances of it happening to you are growing rapidly.
What scams should you look out for on social media?
It depends on the platform, as Facebook, Instagram, LinkedIn, and Twitter all have different aspects to them that make them unique. But, because they all share the profile feature, captions, attached photo, hashtags, and link features, the consistencies become tools for hackers to use in manipulating and entrapping their victims. Here are some tailored scams to watch out for:
- LinkedIn Scam- As much as we’d all like to be contacted by a CEO or prominent business on social media, chances are it’s someone pretending to be them to steal information or money. Make sure the account has been verified before contacting them further.
- Facebook Quizzes- While Buzzfeed has added a bit of fun by letting us see what kind of Disney Princess or cupcake we resemble the most, the Better Business Bureau warns users that launching quizzes from social media may give creators permission to pull information from your profile.
- “Is that you in this photo/video?” – If a post like this comes across your feed, immediately hit “delete,” no matter how embarrassing they claim the information might be. If you do click on the link, it will lead you to a mimicking social media site, asking you to login while recording your credentials.
- Missing persons- The FBI has recently issued alerts letting the public know that criminals will contact people who post about a missing family member or friend, posing as kidnappers and demanding a ransom.
While these aren’t all the scams hackers might use, they are some of the most common ones you or your employees might come across.
How does this affect my business?
Ever so determined, business hackers gather information about your company by studying your posts, as well as your employees. Tessian, a security company, reported 84% of people post on social media every week, with 42% posting daily. This becomes a gold mine for hackers, especially when your employees are posting about their jobs. During the pandemic, it became a trend to post photos about working from home, where many ignorantly included computer screens showing email addresses, video call numbers, and names of coworkers or clients. When this happens, hackers scope these posts to later impersonate you or your employees through email, including attached malware disguised as relevant content to download or click on.
Your employees might also post about the names of children, pets, or a birthday date, all answers that could be used in a password or to common security questions. As we have mentioned in previous blog posts, people tend to recycle their passwords, and hackers know it. So, they will try using the information they have collected to crack into accounts, such as your bank accounts or email.
In addition to hackers gaining access to company information, realize that your company’s reputation and identity is also at risk. You’ve spent effort, time and money to build your brand, establishing yourself as a trustworthy company that is worth partnering with.
But cybercriminals love to profit off other’s work, using every opportunity to make an income. One of the ways they can tarnish your reputation is by contacting your customers or vendors, creating a fake social media account to impersonate your business. They use this connection to gather information and obtain credentials that enable them to launch compromised email schemes. Once your partner realizes the content they are receiving from “you” is malware, your relationship with them takes a hit. Unfortunately, they might be more cautious continuing business with you in the future.
Do I need to restrict my employees from using social media?
Simply put, no. As said earlier, social media has become a powerful tool for businesses and consumers alike to mingle and build relationships. Since 41% of local businesses depend on social media to drive revenue, you and your employees might be using Facebook and LinkedIn to scope out prospects and leads. Even so, you will want to provide cyber security training, which includes a social media component, so that your employees are alert for what scammers might be doing to compromise your business.
Here are some tips when you, or your employees, are online:
- Check and update privacy settings on your social media accounts
- Use different passwords for different accounts, and set up two-factor authentication
- If a “friend” or “colleague” is asking for money, confirm the identity of the person offline
- Be careful about what you post online, and how it could be used to connect to your accounts
- Don’t click on suspicious links or take quizzes that ask for personal information
- Refrain from posting information that includes your phone number or home address
How else can I protect my business?
As you continue to expand your online presence through social media, you don’t want to leave your business vulnerable to hackers' schemes. We offer a FREE guide covering layered security solutions to be certain your business is protected from a cyber-attack. You can check it out below, or you can contact us for more information about cyber security and IT support!