Are you among the many business tapping social media to promote your products and services? 96% of small business owners include social media in their marketing strategy, mainly for paid ads and connecting with current and potential clients. But, just as your business uses these platforms to seek out prospects, cybercriminals are lurking in the corners, on the prowl for inattentive victims, including your employees, through social media phishing.
Social media phishing is any digital attack that is connected through social media platforms, such as Facebook, LinkedIn, or Instagram. Many business hackers use social media to steal personal data or gain control of your social platform to attack your customers and colleagues. Hackers can also use Facebook or Twitter to access your cell phone, since most user’s access it on their mobile device.
This is nothing new. At some point, you’ve received weird messages from your friends on Facebook. Then, a couple of minutes later, you see on your feed that they were recently hacked. Keep in mind, if it can happen to one of your friends, it can happen to one of your employees and to your business accounts. And, for a lot of businesses, it has.
In January 2021, businesses experienced, on average, 34 social media-related phishing attacks that month. There was a 47 percent increase in June, when the phishing attempts increased closer to 50 monthly attacks. By September 2021, companies dealt with an average of 61 social media-related phishing attacks per month, resulting in an 82 percent increase of hacking attempts for three quarters of last year. What does this mean? That more hackers targeting businesses are using social media as an opportunity to gain access to your systems, and the chances of it happening to you are growing rapidly.
It depends on the platform, as Facebook, Instagram, LinkedIn, and Twitter all have different aspects to them that make them unique. But, because they all share the profile feature, captions, attached photo, hashtags, and link features, the consistencies become tools for hackers to use in manipulating and entrapping their victims. Here are some tailored scams to watch out for:
While these aren’t all the scams hackers might use, they are some of the most common ones you or your employees might come across.
Ever so determined, business hackers gather information about your company by studying your posts, as well as your employees. Tessian, a security company, reported 84% of people post on social media every week, with 42% posting daily. This becomes a gold mine for hackers, especially when your employees are posting about their jobs. During the pandemic, it became a trend to post photos about working from home, where many ignorantly included computer screens showing email addresses, video call numbers, and names of coworkers or clients. When this happens, hackers scope these posts to later impersonate you or your employees through email, including attached malware disguised as relevant content to download or click on.
Your employees might also post about the names of children, pets, or a birthday date, all answers that could be used in a password or to common security questions. As we have mentioned in previous blog posts, people tend to recycle their passwords, and hackers know it. So, they will try using the information they have collected to crack into accounts, such as your bank accounts or email.
In addition to hackers gaining access to company information, realize that your company’s reputation and identity is also at risk. You’ve spent effort, time and money to build your brand, establishing yourself as a trustworthy company that is worth partnering with.
But cybercriminals love to profit off other’s work, using every opportunity to make an income. One of the ways they can tarnish your reputation is by contacting your customers or vendors, creating a fake social media account to impersonate your business. They use this connection to gather information and obtain credentials that enable them to launch compromised email schemes. Once your partner realizes the content they are receiving from “you” is malware, your relationship with them takes a hit. Unfortunately, they might be more cautious continuing business with you in the future.
Simply put, no. As said earlier, social media has become a powerful tool for businesses and consumers alike to mingle and build relationships. Since 41% of local businesses depend on social media to drive revenue, you and your employees might be using Facebook and LinkedIn to scope out prospects and leads. Even so, you will want to provide cyber security training, which includes a social media component, so that your employees are alert for what scammers might be doing to compromise your business.
Here are some tips when you, or your employees, are online:
As you continue to expand your online presence through social media, you don’t want to leave your business vulnerable to hackers' schemes. We offer a FREE guide covering layered security solutions to be certain your business is protected from a cyber-attack. You can check it out below, or you can contact us for more information about cyber security and IT support!