Many of us take extra effort both at work and personally to guard ourselves against malicious actors and unwanted intrusion. This takes many forms—spam guards in our mail, training to not click bad links, etc. But how often do we think about the items we voluntarily make public? And how those items may be used?
Many of us are frightened to learn the nature of personal data collection and sales thereof. One popular documentary, The Social Dilemma, explores the darker side of social media and some of the hazards that accompany the wonderful aspects of sharing with friends online.
Following is a graphic showing the collection and distribution that occurs on commonly used sites (original blog link):
Outside some aspects of social media that we know but may not like, such as the sale of personal information or addictive nature, it may surprise some that it has become commonplace for criminals to use social media as a basis for identity fraud, impersonation, and other aspects. For example, a criminal may look at various sites to identify family members, workplaces, coworkers, and other information that may then be used in a targeting phishing attack. This is called spear phishing and at times can result in a very effective imitation of a real email which makes the dangers of phishing very real.
Another technique is referred to as whaling, in which case a member of upper management or an owner is impersonated to lure an employee to doing something s/he otherwise likely wouldn’t. For example, if Susan in Finance for a business Sally owns, and suddenly Sally is asking her to click a link to log into their bank to transfer funds to cover an unexpected cost, then Susan may be more likely to do so than if it were a more random name or “HR Dept”.
Also, please be wary of fraudulent accounts: if suddenly a business associate (or a friend, for that matter) has a new account, it is best to verify with that person prior to disclosing any information you would not publicly post.
Similar tactics may evolve from the virtual world to the real: a criminal may impersonate an employee or approach an employee in a fraudulent manner in an effort to conduct IP theft. This may be via actual postage/parcels, attempted access to controlled buildings, or other tactics.
The short version is this: Depending on the amount of social media that is publicly available, you may be inadvertently exposing you or your business to increased risk!
If you’d like an audit on your business’s exposure via social media, WE CAN HELP! Click the “Contact Us” link or give us a call at (443)283-0666!