Most organisations and people have information about themselves on the internet. Companies advertise and promote themselves using it, people share tonnes of personal information with their friends and families. With this wealth of information so widely available, it is little wonder that cyber criminals can and do use it for malicious purposes.
Malicious individuals, rival companies and even foreign spy agencies can use the information found online to learn more about a target. This method of collecting information is known as reconnaissance.
Social media profiles in particular leave us exposed to hostile or nefarious acts as they reveal both personal and professional information that can be exploited and used to plan cyber-attacks, or in some cases physical attacks.
A hacker’s job is made a lot easier if they have certain details about a network and its users. By using reconnaissance techniques on online profiles, company websites or blogs, the hacker can learn employee job roles, contact details and addresses.
Using the information gleaned from online profiles, a cybercriminal can gain access to an organisations system or target a malware campaign at an individual. Learning a target’s email address for example would allow the hacker to launch Spear Phishing attacks.
Do not panic
Before you rush off to close your social media accounts in a panic; stop and think.
What is the likelihood of a spy agency monitoring you? Have you done something to warrant such attention? Do you work for a company that could be an appealing target? If not, then aside from taking common sense precautions you are likely to be safe. However, if you do fall under those categories you should consider taking extra security steps.
Thanks to better education and media attention, most people will not open a random, obviously dodgy email. As a result hackers have altered their game to make Phishing attacks more targeted, hence the name Spear Phishing. By using the information taken from online profiles, the hacker can tailor the malicious email to better entice the target into opening it. Once on a system, the malware contained in the email will signal to IP addresses owned by the hacker, who may then task the malware to transmit sensitive information from the network, across the internet.
Reducing the Risks
If using social media, ensure that you set the security settings correctly. Never have your profile be public and never share sensitive information in your posts. Ideally, your social media profile should be set so that only your friends and family can see your posts. Posting your phone number, your address or pictures of your workplace should be avoided at all times.
For organisations using social media for marketing purposes the marketer should avoid posting any sensitive information and should keep a close eye on the profile for any sign of hostile reconnaissance taking place.
Make sure that your username does not include any personal information. For example: Rob@Liverpool is a bad choice.
You should also set up a separate email account to register and receive email from the site. That way if you want to close down your account/page, you can simply stop using that email account. Always use strong passwords that have no relation to any of the content on your online profiles and keep an eye on what others say about you online too. A friend could post some private information that could give a hacker a way in.
As well as taking these steps you need to ensure that you have up-to-date antivirus/antispyware software installed.
Don’t become a target, invest in protection and seek the advice of the professionals such as those at PGI Cyber.
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.