You receive a LinkedIn message from an event organizer you worked with last year. They’re interested in having you give a talk at a conference this summer. They send you a link to log in to the conference portal and register your interest. To make things easy, in just a couple of clicks, you can log in to the portal using your Gmail-logged email credentials.
It turns out the LinkedIn profile was a fake, and the portal was a credential skimming phishing tool. Having been targeted on social media, you’ve now given away your company email login credentials.
As social media use has proliferated, this type of phishing has grown in prominence. Social phishing is a digital pandemic. According to Data Breach research, 50% of attacks in large organizational breaches involve social phishing.
How can enterprises protect themselves from social phishing?
Social Phishing 101
A phishing attack happens when a cyber attacker leverages a trusted relationship to trick a victim into sharing personal information – usually through clicking a malicious link.
Traditionally, phishing attacks have happened via emails. As a result, email security is a multi-billion dollar industry. However, phishing on social media is fast catching email up as the place where bad actors launch their attacks.
And third-party cloud channels don’t enjoy nearly the same protections that email inboxes do.
Security for collaboration, chat, and social channels are often under-developed. Certain applications might promise security measures such as end-to-end encryption, but once those security measures are bypassed, it’s basically a free-for-all for your attackers. The average cybersecurity team traditionally wields no tools that protect them from social engineering and phishing attacks mounted through LinkedIn, Slack, or WhatsApp.
Bad actors know this, which is why they are shifting their resources to focus on social media phishing and breach attacks that leverage a trusted relationship to get inside your perimeter.
The Anatomy of a Social Engineering and Phishing Attack
The spear-phishing techniques deployed on email and social channels are very similar and involve social engineering to enable the initial compromise to succeed.
As in the example at the beginning of this blog, in social media phishing, the attacker can often perform their target recon on the channel itself. Most often, for businesses and organizations, it’s LinkedIn. Then, they make a simple connection request to the target to begin establishing the trusted relationship. The more connections the attacker makes within the organization, the greater the found sense of trust.
At this point, the threat actor is in an excellent position to launch the attack by doing either one or both of two things:
- Send a malware-laced attachment to the targeted victim, under the pretext of a legitimate purpose, to compromise their host device; or,
- Send a link that redirects victims to a bogus website or page that either skims their login credentials or tricks them into wiring money and currencies to an account that the attackers control.
Both instances not only wreak havoc on the financials and the equipment of the company but also causes brand and reputation damage, as well.
Moreover, social phishing attacks give birth to more attacks, as access to one employee’s credentials can lead to stolen credentials from other coworkers, outside contractors, or business partners and clients.
Guide: Learn how to foil spear phishing attempts
to protect yourself and your company.
How Enterprises Can Protect Themselves
Many companies are shifting or have shifted to long-lasting hybrid or work-from-home scenarios. However, since home offices are inherently less secure than traditional offices, the risk of more people falling victim to social media phishing and social engineering attacks grows exponentially.
There are simple, basic ways to safeguard employees and executives from social phishing:
- Smarter Password Protection - All employees should be using Two-Factor Authentication (2FA). According to Microsoft, activating 2FA successfully blocks 99.9% of automated attacks.
- Constant Security Software Updates - Missing patches and late updates on your security software (e.g., firewalls) can lead to vulnerabilities in the system, which hackers can explore and exploit. Constant updates and patches improve your security and prevent at least simple social phishing attempts.
- Train Your Staff on Spear Phishing Detection and Security - If possible, staff should be trained to recognize potential phishing on social media and email.
However, beyond these simple steps, a cloud-based security solution is still needed, as most social phishing attacks are perpetrated through cloud-based apps. The best thing you can do is deploy a cybersecurity solution capable of the following:
- Enhanced Visibility - Security teams need to be able to discover and onboard all authorized accounts for protection, inspect messaging for malicious content, and view all new connection requests for bad actors. All this while maintaining the privacy and integrity of the personal missives and private messages.
- Total Privacy - Your cybersecurity solution should also enable total privacy for your messages. That is, it should single out the digital risk – a link, a digital document, or an executable file – within the surrounding private conversation while keeping the conversation 100% private. The system should be able to flag and prevent file entry/exit while ignoring details of the background conversation. This total blindness to message content should complement the enhanced visibility feature stated previously.
- Threat Detection - Channels need to be monitored 24/7 for suspicious activity and messaging. All fields, attachments, and links should be automatically scanned and protected against social engineering, malware, phishing, insider threats, and data exfiltration attempts. Connections should also be evaluated to root out known or suspicious bad actors. An automated cybersecurity solution that can establish and consolidate visibility into an enterprise’s and employees’ social media communications and apply consistent analysis to detect third-party risks, including social engineering and ransomware attacks, should be a priority.
- Incident Response - A solution should enable rapid MTTD/MTTR capabilities for all social media threats. Malware must be quarantined in real-time at the app level, and IOC notification details sent to SOC/SIEM for evaluation. Social engineering and phishing attacks need to be correlated with EDR.
Instances of social phishing will only continue to grow as more companies and businesses adapt communication and collaboration tools. However, this is not to say that organizations should give up on these applications. In fact, they can’t. These are now mission-critical business tools.
Enterprises must never be complacent in terms of protecting their brand and employees. Taking the initial steps to safeguard yourself from phishing on social media and other applications is great. But taking that protection a step further through a robust cybersecurity solution ensures that social phishing won’t ever become a serious problem for you.
Solutions: Check out how we protect social media apps here.