<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Podcast: How to Monitor Social Media from Phishers

Greg Mooney| November 23 2017

| Podcasts, security

monitor-social-media-phishing

Think hackers can only get you through email, and not social media? Think again.

Arun Vishwanath discusses the two levels of phishing through social media:

Level 1: by connecting with you as a friend, and

Level 2: by reaching out for information.

As an IT professional, it is important that you train your coworkers on the importance of social media monitoring.

Level 1: The Connection

The first step that phishers take when trying to get information from others, is by reaching out to them with a request from a common name and vague information. It is important to monitor who becomes a “friend” on social media, because now they have access to everything about that person. It just takes one person within the network to blindly connect that can lead to infecting the whole batch.

Don't let your business data fall into the wrong hands. Download this free  eBook.

Arun did a study to see what type of account would be more successful in phishing others, and the results came in, that people who had common connections were more likely to get connected than people who didn’t, whether or not they had a photograph on their profile.

So once connected, it can lead someone to believe that they know the connection through mutual friendship, and that’s how they phishers/hackers get in.

PICNIC_-_13_(QUOTE).jpg

Level 2: The Outreach

Now mobile devices make it easier, according to Arun, to connect with strangers. There isn’t an easy way to access the credentials that can validate the person. It becomes harder to find the authenticity of the person who is trying to connect when viewed through a mobile device. Same goes with email.

It is harder to authenticate an email when it is through mobile since the source header isn’t visible. This includes receiving emails from “people you may know” who are in fact phishers that used what they could find on social media to create relatable content. They can even pose as the boss who needs certain information, or a credit card number.

People trust other people when it comes to social media, they like to put a person behind the facade. Once they’ve been hacked, they have a name or face to blame for the event. Which is important to make sure that the connections are legitimate.

Related Podcast: How To Help Your Users Stop Falling For Phishing Attacks

How to Stop the Social Media Phishing:

Don’t cut off social media from the work environment completely. Arun has found that psychologically “If you prohibit people from doing something they normally do, they are going to find a way to do it.” This may lead to mobile interactions, which can be more harmful than helpful.

The best approach would be to scare people into not accepting every/any one. Arun ran a test with some people in the office, with full permission, and found that 25% of the employees linked with his phishing account. He presented that information which scared the employees to monitor who to accept.

Arun looks at the psychology of why people are susceptible to the phishing and diagnoses the catalysts that cause people to fall.

His work can be found at ArunVishwanath.us

To listen to the whole podcast click here.

Topics: Podcasts, security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Greg Mooney

Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.