July 2023 - Social Media Hygiene for Your Key Personnel

When you think about the cyberthreat vectors targeting your key personnel, your mind probably doesn’t immediately gravitate towards social media.

Just because social media may not be directly tied to your organization does not mean you should ignore its potential dangers. Cybercriminals can compromise an executive’s personal account and cause a great deal of headaches, and these cyberscams never stay static.

In fact, a social media cyberscam making the rounds involving social media impersonators and bots highlights another reason why you should take the time to ensure your key personnel take the proper precautions when using social media platforms.

Social Media Impersonators Cause Headaches in Evolved Scheme

Social media impersonation schemes are nothing new. In traditional cases, cybercriminals may collect information and photos of the person they wish to impersonate.

Then, they could reach out to the friends and family of the person who they have impersonated and send them messages that could contain malicious links or attachments. Since the person’s friends and family may believe they are talking to the real individual, they may click on the malicious content and cause them harm.

However, a new variation of social media impersonation has started to arise. Cybercriminals will duplicate a person’s social media account and send friend requests to those who are connected to the target. The person whose account was duplicated will believe their account was hacked and may perhaps inform their friends that their profile has been compromised.

What’s different about this form of social media impersonation is that the victim will receive a slate of messages from the victim’s “friends,” claiming they know people who can fix the issue for them. These messages will contain email addresses and possibly even phone numbers for the victim to use. However, these “friends” are not actually the people they claim to be, but are another slate of impersonated profiles aiming to further harm the victim.

Here’s an example of the scam in action:

By interacting with these bots, the victim is at risk to have their personal information stolen, which could lead to a lot of problems for both the victim, and possibly their organization as well.

Cybercriminals can obtain enough information about an individual to possibly find out where they work. From there, they could either conduct spear phishing attacks where they pose as the executive in question, and possibly use that status to obtain valuable data about their company. Since the messages appear to be coming from a respected member of the organization, the employee may not think twice about sending over any valuable assets.

They could perhaps leverage their email address to conduct business email compromise attacks, possibly leading to the further loss of information, and perhaps even money. And with any data breach, the organization runs the risk of a significant hit to their reputation.

It’s why you should make sure your executives and other key personnel take the proper steps to secure their social media accounts as soon as possible.

How to Make Sure Your Key Personnel Practice Good Social Media Hygiene:

Here are some ways to ensure the key personnel in your organization practice good social media hygiene:

• Limit the amount of information (personal or sensitive) shared on social media platforms.
• Enable strong privacy settings for any posts and pictures that are shared on social media. It’s also a good idea to set your whole account to private and to also lock down your friend list as well. You can set your friend list to either be seen by just you, or only by people who are also connected with you on the platform.
• Be cautious about accepting friend requests or connections from unknown individuals. If you receive a friend request from someone who is already following you, reach out to them directly to see if they requested you again
• Educate yourself and your employees about social engineering and phishing tactics.
• Use strong and completely unique passwords or passphrases. Do not reuse passwords from other services.
• Use dual factor authentication to secure social media accounts. Use an authentication app if the social media platform allows it, as it is the best way to implement dual factor.
• Regularly monitor social media accounts for suspicious activity.
• Encourage employees to verify any unusual requests, especially financial or confidential information, through other communication channels before taking action.
• Implementing comprehensive cybersecurity training and awareness programs throughout the organization.

By taking these steps, you can save your employees, your organization and yourself a lot of troubles and protect your valuable assets from the wanting hands of cybercriminals.