Social media has become highly pervasive in today's technologically narcissistic age. The lines between personal and professional life in the online world are now blurred, such that people's social media behaviour and activities can now have far reaching consequences for their employers.
A recent survey of 2,000 UK-based respondents conducted by Intel Security showed that one in five Brits (23.9%) have "connected with someone they do not know on LinkedIn, potentially opening up a wealth of information for any hackers intent on going through their personal information to launch a highly effective spear phishing attack".
Explaining the potential dangers of connecting to strangers on social media sites, even one like LinkedIn, which is more of a professional social media networking site, Raj Samani, CTO EMEA at Intel Security, told IBTimes UK: "We know social networking sites are used by scammers to garner information about potential targets. If we extrapolate that to the modus operandi of the initial attack vector for major cyber assaults, we see that criminals generally target individuals in the first instance. Known as 'spear phishing', this methodology is reliant on learning what they can about their potential targets."
Intel Security highlighted that this aspect of security vulnerability is not usually considered by most professionals. "Over two thirds (68.7%) of respondents admitted that they had never wondered if someone is not who they say they are on LinkedIn while the vast majority (87.1%) admitted that their employer had never made them aware of any specific corporate policies around LinkedIn use. A LinkedIn user with malicious intentions may quickly enter a highly influential circle within LinkedIn when sporting even one or two shared connections, encouraging other high status executives to connect with them too," the firm said.
Citing their research paper "Cybercrime Exposed", Samani explained: "Criminals understand that leveraging social networks is a very simple and cost effective method of efficiently researching targets in order to launch a successful attack." This indicates how vital a role "research" plays in ensuring cybercriminals' success and also how hackers capitalise on information displayed on social media to add to their knowledge of their targets. "Understanding your target and who they work with becomes so important when cyber criminals launch an attack, particularly as they begin by targeting specific individuals," he added.
How to avoid becoming a target
Fortunately, there are a few fairly simple measures that people can take to ensure that they don't fall victim to hackers on social media sites. "To protect ourselves, we need to undertake a sufficient level of due diligence around who we will allow onto our digital networks," said Samani. "For example, simply clicking accept on a new connection directly from an email is not recommended. Yet, doing this without determining whether the profile itself appears legitimate can be a very costly mistake."
Shedding light on the kind of simple measures people can use when considering accepting LikedIn requests, Samani cautioned: "When connection requests come through to your inbox, don't click on that link. Instead open the app or go to the website to verify it is a real connection and then ask yourself if you know that person. If not, who are your mutual connections and do you trust their judgement? Undertaking due diligence is key to ensuring we all use social networking sites in a safe manner without leaving ourselves – and our employers – vulnerable to cyber criminals."