How Enterprises Can Better Defend Against Social Media Threats

Digital protection platform maker ZeroFOX helps eWEEK provide a look at the most prominent social media threats plaguing users today and ways to defend against each.

No person and no company is completely immune from attacks via the internet. Social networks, too, have been weaponized by all sorts of bad actors—including election meddlers, misinformation peddlers, fraudulent accounts, cyber-criminals and scammers.

The networks are doing their best to clean up the platforms, but it’s an uphill battle, to say the very least; it doesn’t look like the good guys are gaining any ground on the bad guys yet.

In this eWEEK Data Point article, using industry information from social media and digital protection platform maker ZeroFOX, we provide a look at the most prominent social media threats plaguing users today and ways to defend against each.

Data Point 1: Human Error

Have you ever scrolled your feed or browsed the web carelessly and clicked on an article or post without even realizing you did it? It happens more often than you think, especially in office settings. In fact, 77 percent of respondents to the 20th EY Global Information Security Survey said that a careless member of staff was the most likely source of a cyber-security threat. With malware-ridden links, scams and more running rampant across the social networks, users need to be on high alert and aware of their every move.

It’s a fact: One wrong click can indeed compromise an entire system.

The best way to combat this risk is education and training. Everyone needs to be aware of the risks that are on social media. Most employees have received training on email risks, but few have received training on social media security specifically.

Data Point 2: Steganography

In a much more sophisticated approach than the average “click this link” scheme, bad actors will embed malicious content or links into seemingly harmless messages, posts and even photos. Posts like these can be particularly threatening if they come “from” someone you trust, in the form of a direct message or a tagged comment/post.

The best way to prevent against these kinds of attacks is to not open messages, accept requests or click links/files from people you don’t know, or you were not expecting to receive something from. First, verify the source, then choose how to proceed.

Data Point 3: Dis/misinformation

For better or for worse, we are living in the era of “fake news.” The only upside of this era of misinformation is that more users are questioning sources and information on social networks, whether real or fake. Facebook has created a new tool that is meant to help solve this, but this is only the first step. In a time where it’s increasingly difficult to discern what to believe, it’s important for social users to follow trusted sources that consistently disseminate factual, accurate messages.

At the end of the day, users themselves need to be vigilant about what sources they read, trust and share. The social networks are doing everything they can to help mitigate the trend of fake news, but they still have a long way to go.

Data Point 4: Imposter and Fraudulent Accounts

The number of fraudulent social accounts continues to grow, despite Facebook and Twitter removing them in droves. These accounts target users, tricking them into handing over confidential information, login credentials, credit card numbers and more. The accounts are set up to look like celebrities, executives, customer support reps and more based on the information the malicious actor is trying to gather. They often look just like a real account, using very similarly spelled names and replacing characters with dashes, spaces and/or homoglyph characters. For example, a scammer might use a zero (0) instead of an O or a number one (1) instead of an l.

Users should ensure the accounts they are engaging with are really the person or company they say they are. The verified check mark is a good place to start, though fake profiles can also include fake verification symbols to trick users. It takes a keen eye to spot the minute details that can accompany a fraudulent account.

Data Point 5: Account Hacking and Takeovers

You’ve surely seen the Facebook post “My account was hacked ... if you received a message from me, it wasn’t me, don’t click the link!” or maybe you’ve been the one to “post” it before. From U.S. journalists to Elon Musk to Buffalo Wild Wings, it appears that nobody’s safe anymore.

Account hacking has happened to even the most secure users. However, deploying more sophisticated passwords and enabling two-factor authentication are good steps to mitigate this risk.

Data Point 6: Phishing Attacks and Scams

Social media allows scammers to target a brand’s followers or a business’s customers as their follower lists can be easily obtained. Scammers can further subdivide a brand’s customers into segments based on the information they share with the social networks, all in the interest of making an attack more specific and targeted, and therefore more successful.

Beware of scam websites; if the site doesn’t have an SSL/TLS website certificate and is not encrypting your information, it’s probably not safe to trust it. Also, beware of coupons and promotions distributed through sites other than the official retailer, especially during the upcoming holiday shopping season.

Data Point 7: Hashtag Hijacking

Hashtag hijacking is the process of piggybacking trending hashtags like #cybermonday and brand hashtags like #aarp to ensure the scam is seen by as broad of a population as possible.

Generally, beware of coupons and promotions distributed through sites other than the official retailer. For hashtag posts that contain links, hover over them to get a preview and look closely for impersonator URLs and characters meant to look like others (i.e., 0 for O).

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...