Social media may seem to be far removed from the workplace, but it’s become a major vulnerability for corporate networks. Cyber criminals are using company and staff social media accounts as a source of valuable information and easy access.
This is the word from Tony Walt, co-founder and director at Port443, who says: “Even supposedly ‘non-sensitive’ personal and company information can be used for cyber crimes such as identity theft, impersonation and ransomware attacks. It potentially exposes employees’ work passwords and puts both them and their employers at risk.”
Identity theft
Says Walt, “Cyber criminals gather public corporate and personal information during the first stage of the cyber attack ‘kill chain’ – reconnaissance. They identify potential targets and their connections. Information staff share on social media provides a wealth of information that criminals can use against them.
For instance, birthday wishes on your social media profile can help threat actors work out the first six digits of your South African ID number. Your social media profile also gives criminals clues about the seventh to tenth digits of your ID number (females 0000-4999 and males 5000-9999). The 11th digit of your ID number (0 or 1) can be deduced based on whether you’re a South African citizen or a permanent resident.
Armed with your ID number, and public information about your children’s and pets’ names and favourite bands and hobbies, criminals can make educated guesses about your passwords and use this to hijack your email, online accounts and business system logins,” Walt continues.
Insta phishing
“Your public posts can also support targeted phishing attacks. Say, for example, your profile says you’re head of finance at your organisation, and you share pictures of your family holiday. This arms cyber criminals with enough information to sound credible should they carry out a business email compromise (BEC) attack on a colleague,” he notes.