The New Cyber Threat on the Social Scene: Spear Phishing
This blog post will explore what it is, how individuals are fooled by it and how we can help.
What is Spear Phishing?
It is a targeted attack in which a bad actor gains access to social media users on the same platform. Unlike email phishing, this method involves precise targeting of a company using real and robotic identities.
How do the Hackers Get In?
These offenders will get in one of three ways:
- Account hijacking: They will set up an account that mirrors another account. Once complete, they will analyze the other account and send out friend requests to the same group of individuals. Because they have scraped several accounts, they already know which ones are the best to access the company data.
- API weakness: If the Application Programming Interface (API) that connects devices to the internet has a minimal level of security protocol, it’s fertile ground for hackers to succeed.
- An external link: Within an innocuous social post, an enticing link has malware within it. In a recent Time, article, Russian hackers promised seven to ten thousand Pentagon Twitter account holders a personalized vacation package when they clicked on a hyperlink within the tweet. Many took the bait, and the hackers were in. It is estimated up to sixty percent of all spear phishing links are opened compared to thirty percent of email links.
What’s at Risk?
Here are the five things that a phisher can put in motion:
- Data theft, including intellectual property
- Settlement of legal liability from fake news or libelous posts about others
- Regulatory penalties if data privacy is breached
- Brand confidence such as we have witnessed from Equifax, Yahoo and now Facebook
- Confidential records exposed such as health or ND agreements
Proactive Technology Group Can Help
Our anti-phishing solution offers a layered approach to existing anti-spam solutions. We look at every possible vulnerability, exploring it in a remote, sandbox environment. As a value-add service to our customers, we provide training sessions to your organization. We cover a variety of topics on social media safety. Give us a call at 516.876.8200 or fill out our contact form to discuss how we will keep spear phishing away from your organization. Let’s get started today!