Socially Engineered Security Risks Series
Social Media Fraudsters
Social media has become one of the most common methods for committing cyber fraud. There are several ways in which threat actors use social media to gain access to your information, your account, or your money.
– They may create fake profiles, such as using the same name as a friend or a famous person.
– They may create phishing posts or messages using a fake profile that appears to be from a legitimate company or trusted person.
– They may compromise someone else’s account and then use that to create scams or phishing posts, levelling up the trust factor and making you more susceptible to compromise.
Threat actors can also use the information you post, share, and like to gather information about you and your interests. Even sharing your list of friends and previous places of employment or education can be used against you.
By knowing what you like and your interests, a threat actor can create targeted phishing emails or messages, making you more likely to believe that you are communicating with someone you know. This is a common social engineering tactic.
Being able to see your close family members, pet names, physical location, and even photos can allow a threat actor to:
Create a list of possible passwords you might use – using pet names, and children’s date of birth is a common password weakness.
Use the photos and physical locations to determine where you live or work. This can be used to confirm your identity or combined with other information, such as data breaches, to create identity fraud.
Protecting Your Privacy
When creating and sharing posts, keep the audience in mind. Social media can help you communicate with your family and close friends, allowing family members to keep up to date with parties, birthdays, and other events. Use the inbuilt privacy functions of the platform to limit the people who can see your post, when the post expires and whether the post can be reshared, for example.
Regular Privacy Check-ups
Most social media platforms provide the ability to do a privacy check-up. It will help you ensure you don’t have excessive sharing or have old posts you can hide or remove.
Here are a few of the most common to get you started:
Instagram – https://help.instagram.com/116024195217477
Twitter – https://help.twitter.com/en/safety-and-security/how-to-make-twitter-private-and-public
Linkedin – https://www.linkedin.com/help/linkedin/answer/66/managing-your-account-and-privacy-settings-overview?lang=en
Tiktok – https://support.tiktok.com/en/account-and-privacy/account-privacy-settings
For those of us who have young children or elderly parents on social media, you may also want to consider taking the time to discuss what they share and do on social media.
For the younger generation, the risks to them are more likely to be ensuring that they understand the risks of over-sharing and sharing inappropriate content. They are less likely to be targets of threat actors as they do not have financial assets in most cases. They are still at risk of account takeover and having their account used to conduct fraud against others.
The older generation, those that grew up before online use became so prevalent, may need assistance and guidance in fixing their social media privacy and security settings. Many scams target older Australians so assisting benefits them and the community.
Next week I will post about the other aspect of social media and web privacy. I will cover how you can review and assess the privacy policies of websites, online services and even your mobile apps and make sure you limit the information you provide them when signing up.
If you are worried about the security of your pharmacy systems and want to know you can improve your pharmacy security, speak to your Corum Customer Success Manager or contact us on 1300 669 865.