Most organisations and people have information about themselves on the internet. Companies advertise and promote themselves using it, people share tonnes of personal information with their friends and families. With this wealth of information so widely available, it is little wonder that cyber criminals can and do use it for malicious purposes.
Malicious individuals, rival companies and even foreign spy agencies can use the information found online to learn more about a target. This method of collecting information is known as reconnaissance.
Social media profiles in particular leave us exposed to hostile or nefarious acts as they reveal both personal and professional information that can be exploited and used to plan cyber-attacks, or in some cases physical attacks.
A hacker’s job is made a lot easier if they have certain details about a network and its users. By using reconnaissance techniques on online profiles, company websites or blogs, the hacker can learn employee job roles, contact details and addresses.
Using the information gleaned from online profiles, a cybercriminal can gain access to an organisations system or target a malware campaign at an individual. Learning a target’s email address for example would allow the hacker to launch Spear Phishing attacks.
Do not panic
Before you rush off to close your social media accounts in a panic; stop and think.
What is the likelihood of a spy agency monitoring you? Have you done something to warrant such attention? Do you work for a company that could be an appealing target? If not, then aside from taking common sense precautions you are likely to be safe. However, if you do fall under those categories you should consider taking extra security steps.
Thanks to better education and media attention, most people will not open a random, obviously dodgy email. As a result hackers have altered their game to make Phishing attacks more targeted, hence the name Spear Phishing. By using the information taken from online profiles, the hacker can tailor the malicious email to better entice the target into opening it. Once on a system, the malware contained in the email will signal to IP addresses owned by the hacker, who may then task the malware to transmit sensitive information from the network, across the internet.
Reducing the Risks
If using social media, ensure that you set the security settings correctly. Never have your profile be public and never share sensitive information in your posts. Ideally, your social media profile should be set so that only your friends and family can see your posts. Posting your phone number, your address or pictures of your workplace should be avoided at all times.
For organisations using social media for marketing purposes the marketer should avoid posting any sensitive information and should keep a close eye on the profile for any sign of hostile reconnaissance taking place.
Make sure that your username does not include any personal information. For example: Rob@Liverpool is a bad choice.
You should also set up a separate email account to register and receive email from the site. That way if you want to close down your account/page, you can simply stop using that email account. Always use strong passwords that have no relation to any of the content on your online profiles and keep an eye on what others say about you online too. A friend could post some private information that could give a hacker a way in.
As well as taking these steps you need to ensure that you have up-to-date antivirus/antispyware software installed.
Don’t become a target, invest in protection and seek the advice of the professionals such as those at PGI Cyber.