September 11, 2017 Uncategorized

Social Media and Social Engineering

Reading Time: 3 minutes

This week we are discussing the topic of online security on social media. Love it or hate it, it’s tough to avoid. Between Twitter, Facebook, Snapchat, Instagram, and other platforms, 79 percent of U.S. adults claim to have at least one social media account. Nearly two-thirds of U.S. adults with a social media account say they have been hacked.

Spear phishing through social media

33 percent of people that are spear phished through email click on a link or open a document that was sent to them. In addition to that, a staggering 66 percent of people that are spear-phished through social media click on a link. Because of the high percentage of success, social media has become a big target for hackers. Not only do hackers use social media to trick you to install malicious software or give up your credentials, your social media accounts contain a treasure trove of data about you. The amount of data that these social networks have is mind-blowing. Because hackers are using big data to learn more about you, social media is a high-value target.

Some examples of data on social media:

  • Every picture you post can have embedded GPS data. Coupled with date and time, this becomes a map of your life.
  • Access to all your contacts.
  • Applications like Facebook and Instagram are logging tons of information about you and your habits, including your location, even when you aren’t using the app.
  • Behavior patterns, where you go, and who is in your vicinity, whether or not they are part of your network.
    • Frequent bars/restaurants
    • Gym schedule
    • Children’s school locations and schedules
  • Preferred brands like restaurants, clothing, stores, etc.

With this much data floating around that can be accessed publicly, you need to be careful what you post. Securing your social media accounts can prevent hackers from planning a robbery or selling your information.

Two primary areas to focus on:

Making sure your accounts are locked down tight isn’t just beneficial for you, it’s beneficial for everyone in your life. Hackers can use your connections and contacts to further spread their malware if you aren’t careful.

  1. Secure your social media accounts. If your account is compromised, hackers will go after your contacts.
  2. Limit the personal data you post so hackers can’t easily spear-phish you.

It’s easy for hackers to pretend to be someone they are not if research is done. If your accounts aren’t private, hackers can access anything about you that they want.

Social media attacks are happening right now. You should always assume there is always someone trying to get your information.

Remember, these spear-phishing attacks are:

  • Advanced: Targeted, coordinated, purposeful.
  • Persistent: Always happening!
  • Real: Person(s) with intent, opportunity, and capability.

You are not too small: all targets are valuable. Hackers will go after your information.

How to secure your accounts:

What can you do to make sure your accounts are safe? They will never be 100 percent fool-proof, but keeping these tips top-of-mind will help make it harder for hackers to cause damage.

  • Set your social media accounts to private.
  • Implement good password policies for social media accounts
    • Password managers can simplify this process
    • Use multi-factor authentication when available
  • Don’t use your social media accounts as authentication methods for other accounts. In my opinion, this makes an unnecessary link from a social media account like Facebook and gives the platform much more access to your other accounts than what is required.
  • Limit the social media accounts you follow or only connect with  people who are verified or you personally know.

Keeping an eye out for suspicious links from your friends and having them do the same can be a good way to prevent your accounts from being compromised. You should report compromised account credentials on the social media site and immediately change your password.

Limit personal data:

  • Pictures can have GPS data embedded in them, so you may just be telling strangers where you live. Check your social media settings and verify that you are not allowing the application to use location services.
  • Don’t post pictures while you are on vacation. You are letting everyone know you aren’t home.
  • Limit the number of posts you share. The more you post, the easier it is to identify your patterns and places you frequent.
  • Online content is never deleted. Always consider this when posting to social media.
  • Don’t surf social media on an unsecured network.
  • Control what posts and information are publicly shared.
  • Be cautious about what you post and share:
    • Angry posts about your boss or company
    • Political posts can make you a target
    • Don’t share news or links from unknown sources


At SUCCESS, we get reports all the time from targeted companies. Targeted spear-phishing attacks use information gathered from social media and other online resources like blogs and websites. In today’s world of sharing and instant communications, it’s important that we show restraint and exercise caution. It’s all too easy to give hackers data they need to breach our systems.

If you want additional articles that are end-user focused and allow you to take back some control of your digital life, please visit our Technology News Page or contact SUCCESS’s cybersecurity team at 763-593-3000.