Over the past couple of months Facebook and LinkedIn have been subject to massive leaks of Personally Identifiable Information (PII). In the case of Facebook this involved 533 million subscriber’s data, and in the case of LinkedIn this amounted to 500 million subscriber’s data. This data included phone numbers, date of birth, email addresses and locations.
This information is exceedingly useful to marketing companies, threat actors and cyber criminals. Cyber criminals, in particular, may share this information with other criminal groups thus making the data more available.
These threat actors and cyber criminals can then use this data to target specific organisations, via a supply chain or third-party attack. The information allows them to carry out very plausible social engineering attacks. These can be in various guises including:
- Distributed malicious PDF, RTF and Word documents. These documents can include malware which if clicked on will infect your device.
- Spyware, keyloggers (records keyboard keystrokes) and other malware – this can be used to track your passwords, bank details etc.
- Specific COVID-19 related phishing attempts – these are usually pretending to offer help with Covid related issues to trap you into giving personal information.
The above highlights the need when using social media to only store the minimum information about yourself that can be used in the attacks described. This includes only sharing your profile with people you can trust. It is also advisable to keep your security settings at the highest level.
The risks in using social media in your business incorrectly include:
- Damage to your reputation
- Inconsistent Usage
If you wish for any more advice on using social media safely, please contact us.