How to Protect Your Business from Social Media Scams: Expert Insights
01/08/2024The Financial Implications of Social Media Scams Aimed at Employees in Businesses
05/08/2024In the digital age, social media is a double-edged sword—while it facilitates communication and connectivity, it also opens the door to a range of sophisticated scams targeting employees. Here’s a deep dive into some of the most common social media scams that staff members should be aware of.
1. Phishing scams
Phishing remains one of the most prevalent types of social media scams. According to a report by the Anti-Phishing Working Group, the number of phishing attacks reached an all-time high in early 2022, with over 1.2 million attacks recorded in the first quarter alone.
Scammers often send messages that appear to be from a trusted source, such as HR asking employees to update their passwords via a suspicious link. Once clicked, the link directs the victim to a fake login page designed to steal their credentials.
Microsoft reported a large-scale phishing campaign that targeted over 10,000 organisations. This campaign involved adversary-in-the-middle (AiTM) phishing sites that successfully bypassed multi-factor authentication (MFA), leading to significant financial and operational disruptions for the affected companies.
2. Fake friend requests
Scammers create fake profiles that mimic real industry professionals to connect with employees and extract sensitive information. A study by the security firm Bromium found that one in five companies had experienced a security breach due to social media scams.
This fraudulent tactic often involves employees receiving a friend request from a seemingly credible person within their industry. After building a rapport, the scammer may ask for confidential company information or personal data under the guise of a professional inquiry.
In 2019, a sophisticated LinkedIn scheme involved fake profiles of supposed executives from Fortune 500 companies. Scammers use these profiles to gather information and launch targeted phishing attacks. For example, KrebsOnSecurity reported that cybercriminals set up fake LinkedIn profiles, often claiming to be Chief Information Security Officers at major corporations. These profiles were convincing enough to deceive other LinkedIn users and even made it into professional listings such as Cybercrime Magazine’s CISO 500. The intent was to establish trust and then exploit that trust to extract sensitive information or direct individuals to malicious sites.
3. Job offer scams
Job offer scams are particularly insidious, preying on individuals’ desire for career advancement. The FBI’s Internet Crime Complaint Center (IC3) reported that job scams led to financial losses exceeding $59 million (£45.43 million) in 2021.
These scammers pose as recruiters offering lucrative job opportunities that require sharing personal information and banking details. Victims often realise too late that the offers were fraudulent, which happened to a scam victim, Alexandra Mateus Vasquez, who fell victim to a fake job. The scam included an interview via email and an attractive hourly wage, which led Vásquez to provide her personal information, including her Social Security number and ID details. She realised it was a scam only after receiving a suspicious call from an identity verification service asking about unrelated job applications as detailed by ProPublica.
4. Ransomware links
Ransomware attacks can start from something as innocuous as a social media link. Cybersecurity Ventures predicted ransomware damages are predicted to reach $265 billion (£204.05 billion) globally by 2031.
Employees might click on a link promising entertainment content, like a viral video, only to download malware that locks them out of their systems. The attackers then demand a ransom to restore access.
In 2020, Forbes reported a significant ransomware attack targeted the University of California, San Francisco costing, the institution over $1.14 million (£877,800) in ransom payments. The attack started when malware encrypted the School of Medicine’s servers, rendering them temporarily inaccessible. The university negotiated with the attackers and eventually paid the ransom to regain access to the encrypted data, which was crucial for their academic work.
Conclusion
Protecting your business from social media scams requires a proactive and comprehensive approach. By educating employees, implementing robust policies, leveraging advanced security tools, conducting regular audits, and fostering a culture of vigilance, businesses can significantly reduce their risk of falling victim to cyber threats. Stay informed, stay watchful, and ensure your digital interactions remain secure.