For organizations, social media is vital for the success of their business. It forms a central part of their efforts to build brand awareness, establish their community, do market research and gather intelligence. However, because of the frequency with which it’s used and the importance of the role it plays, social media cybersecurity threats can have a very tangible impact on an organization through reputational damage, data breaches, or worse.

In a recent survey by Statista, it was revealed that 22% of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. Due to the constantly changing nature of technology and trends, it’s difficult to pin down a defined set of best practices. 

In this article, we take a look at why and how attackers target social accounts as well as reviewing some of the current best practices for mitigating the risks.

Why Do Hackers Target Social Media Accounts?

A successful account takeover can enable threat actors to achieve a variety of malicious objectives, from the distribution of malware to the spreading of misinformation. Some of the most common uses for a compromised account are as follows:

Continuing the Attack: Generally speaking, most people are wary of random messages from strangers. However, if you can gain access to someone’s account and launch your phishing campaign against their contacts you can leverage the trust already established as a personal contact to dramatically improve the success rate of the phishing campaign. In the case of an organization’s account, these attacks are particularly harmful as they can target thousands or even millions of followers and can come with serious associated reputational damage.

Gathering Intelligence: The actual account takeover might not be the endgame of the attack. Instead by taking over an account, they gain access to intelligence, from an individual's messaging history to extensive personal details on an individual and their contacts.

Reputational Damage: We’ve already mentioned the potential for reputation damage as a by-product. However, there is a chance that reputation damage is the entire objective of the attack. Attackers might have a grudge against an organization or person, for example. Once they have access to the account they could do a range of things, such as posting racist slurs from the account or directly targeting followers through the account.

Credential Stuffing: Many people use the same login credentials across websites. Once attackers have successfully compromised an account, they then attempt logins at other popular websites using the same credentials to see what else they can gain access to. Often the objective is a financial reward.

Blackmail: If embarrassing or damaging information is surfaced through the account attack then hackers are unlikely to miss the opportunity to blackmail the individual or organization to further their other objectives.

4 Examples of Successful Social Media Attacks

LinkedIn Hacked, Exposing 117 Million Credentials

• When: May 2016

• Tactic: Data Breach, Account Takeover

• The 2016 LinkedIn data breach exposed 117 million records of its users including email and password combinations. These were sold on the dark web and allowed hackers to gain access to and control thousands of accounts as well as use the data for credential stuffing.

Vevo Hacked Via LinkedIn Phishing

• When: September 2017

• Tactic: Targeted Phishing & Malware

• In 2017 the streaming service Vevo suffered a breach when one of its employees was phished via LinkedIn. Through this attack, hackers obtained and publicly released over 3TB worth of the company’s sensitive internal data.

HAMMERTOSS Malware

• When: July 2015

• Tactic: Malware/Data Exfiltration

• HAMMERTOSS is a malware which was created to automatically search and extract data from social networks and was controlled by commands posted by attacker profiles. This novel approach to weaponizing social media shows the need to analyze social media as part of the full lifecycle of a cyber attack. 

Twitter Bitcoin Scam

• When: July 2020

• Tactic: Account Takeover

• Through a series of targeted phishing campaigns, hackers were able to get access to internal systems and tools at Twitter. They used this access to take control of numerous high profile accounts, including verified accounts such as Kanye West, Barack Obama, Apple, and Joe Biden. The attackers used the platform to Tweet a message requesting Bitcoin be sent to a specific wallet number with a promise they’d return it doubled. In the short time the message was up the attackers collected over $100,000.

6 Quick Tips to Improve your Organizations Social Media Cybersecurity

1. Employ strong unique passwords.

Avoid the risks of credential stuffing by ensuring that all accounts are locked with strong unique passwords.

2. Keep personal and business accounts separate.

Linking personal and business accounts just make it easier for hackers to gain access to both. So, when possible, keep a separate and distinct login and password for both. 

3. Restrict access and permissions.

Not everyone needs to have the ability to login to the organization’s social media accounts. Not everyone needs to be able to post, share or send messages through it. Additionally, when an employee leaves make sure to revoke their access to all social media accounts.

4. Be mindful about what you share.

Even harmless posts might unwittingly share sensitive data that could be used by attackers. For example, you might share an employee update, maybe congratulating an employee for having a child, information which could be used in a targeted spear-phishing campaign.

5. Protect the physical access points.

Make sure devices are password-protected, don’t leave USB devices lying around, ensure that wi-fi networks are private and secure. These physical security threats are particularly prevalent currently with many employees working from home. 

6. Be wary of third-party apps.

Third-party apps like scheduling softwares are invaluable, allowing you to save a huge amount of time. However, they also provide an additional way for attackers to gain access to your social media accounts. 

The Role of OSINT in Securing Social Media Platforms

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. 

OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively.

Social media is a powerful tool that allows organizations to reach new audiences, communicate and engage with customers, build brand loyalty, share promotions and ultimately achieve new growth. However, because of the very public nature of it, social media opens up new opportunities for cyber criminals to target an organization.

Companies which don’t take the proper precautions in securing their social media channels could find themselves reeling from unexpected attacks. These attack could implement a wide variety of threat vectors, from employees to malware, and could evolve into serious and costly threats.

In this article, we explore some of the commonly exploited risks that are associated with corporate social media use as well as what a company can do to best mitigate these risks and how Open Source Intelligence (OSINT) can play an important role in preventing and protecting an organization.

The risks of social media for corporate security

Phishing and Scams

Phishing is a predominant attack strategy by cybercriminals with an estimated 90% of incidents and breaches including a phishing element. 

Phishing is defined as social engineering using digital methods for malicious purposes. Generally, the goal is to get the victim to hand over private information such as passwords, banking or credit card information.

In the case of social media, there are numerous forms that phishing can take. For example:

• Impersonation

• Credential theft

• Propagating attacks

• Data dumps

• Romance scams

• Intelligence gathering (for account takeover and spear phishing)

Social media platforms still offer only minimal controls to prevent the further propagation of account takeovers. Additionally, because social accounts typically need to be approved prior to connecting with people, account takeovers allow hackers to utilise trust associated with that account. Which is why it’s important for organizations to understand and prepare responses to these evolving threats.

Human Error

One of the key security weaknesses that many organizations face is human error. Everyone makes mistakes and in today’s digital world it is all too easy for cybercriminals to take advantage of these mistakes. In fact, according to EY Global Information Security Survey, employee weakness was responsible for 20% of all cyber attacks. Something as simple as clicking the wrong link or downloading the wrong file could cause havoc with a company's security systems.

When it comes to social media, one attack vector that many users don’t realize cybercriminals utilise is online challenges and quizzes. These quizzes often ask for or obtain by way of an answer personal information which is then used to hack passwords. 

For example, the answers to a social quiz might require you to give up letters from your mother's maiden name, your date of birth, or your first pet's name. This information combined with the details publicly available on your social media profiles could very easily offer up common password and security question combinations.

Third-party Apps

Even if your company's social media accounts are locked down tight, hackers may be able to gain access to an otherwise secure social media account through vulnerabilities in connected third-party apps.

Imposter Accounts

A cyberattack doesn’t always take the form of a hack. Instead, it is fairly easy for an imposter to create a social media account that looks like it belongs to your organization. This is one reason having a verified account is so valuable.

• LinkedIn’s latest transparency report notes that they took action on 21.6 million fake accounts in just six months.

• Facebook estimates that about 5% of monthly active user accounts are fake.

Impostor accounts can target your customers with fake deals, disinformation, or nefarious links. When a customer is tricked like this, not only does your brand suffer but often the organization is held responsible.

One recent example found on Twitter was a fake account fraudulently collecting money on behalf of President Trump’s 2020 reelection campaign. The account “@realDonaldTrump_” is set up as an almost exact replica of the real Trump’s account with only an underscore at the end of the handle to indicate it is not the real account. And of course, it lacks that tell-tale blue verification tick.

Unsecured Mobile Phones

More than 50% of the time spent online is done through mobile phones. Using social media apps allows us to access and engage on social channels with just a single tap. This is great, as long as you are the one in possession of your phone. However, this ease also creates a security risk. 

Should your phone be stolen and accessed all it takes is one tap for the thief to access your social accounts and then they can message all your connections with phishing or malware attacks or spread disinformation using your accounts.

And, worryingly more than half of people leave their phones unlocked.

Malware and Hacks

By its very nature, social media is about social interaction. For personal accounts, this means interacting with friends or acquaintances online in some form or another. For organizations it means interacting with customers, for celebrities or influencers it means interacting with fans.

This is actually a barrier for many cybercriminals. People are generally distrustful of communications where they have no prior experience with the person or people behind them. 

Generally speaking, strangers on the internet are still strangers and it takes a while to build an audience and gain their trust. For a cybercriminal to utilize social platforms then, they often have to go through a rather troublesome and lengthy process of building this trust. And while there are certainly numerous ways for a cybercriminal to sidestep these issues, if their end goal is to get people to click links or share information then their success rate will obviously be much higher should they originally share from a trusted account. 

Related: The Crucial Role of Social Media Monitoring in Corporate Threat Intelligence

5 actions to securing your companies social media presence

The best policies for social media security operate around prevention. By implementing a few basic social media security protocols organizations can massively reduce the potential threats that social media might otherwise present.

Have a clear social media policy

A clear and properly implemented social media policy is the first place to start. This will allow you to not only protect against security threats but also help prevent bad PR or legal trouble that might ensue should your social media be compromised.

You social media policy should include the following things:

• Outline of your brand guidelines that explain how people are allowed to talk about the company on social media.

• A list of social media activities to avoid, such as the quizzes that we mentioned earlier.

• Guidelines related to copyright and confidentiality

• A guide on the best practices for password management to avoid threats like credential stuffing.

• The expectation that employees will keep all their devices updated with the latest software.

• Examples of scams and attacks and educational material on how staff can avoid these and other key security threats,

• Information on who to notify and how to respond should an employee notice a security concern.

Train staff on best security practices

Building on from the previous point, because human errors are such a prevalent factor in hacks and other cyber attacks it is incredibly important to properly and routinely train staff in proper cybersecurity measures. Even the best social media policy won’t protect an organization should the staff not know how to properly follow or implement it.

Training employees routinely will also give them the opportunity to ask questions, engage and get a sense of the importance of the issue. Additionally, because cybercriminals are constantly evolving their strategies, training is an opportunity to update staff on new threats or examples of current scams.

As an added bonus, social media training also equips your team to use social tools effectively. When employees understand best practices, they feel confident using social media for their work. They’re then well-equipped to use social media for both personal and professional purposes and ultimately your company will see better results.

Limit access and permissions

One of the best ways to keep social accounts secure is to strictly control who has access and the exact permissions they have. Not everyone after all needs the ability to post, not everyone needs the ability to see the stats. And should an individual leave (especially if they leave under a dark cloud) it is important to be able to and remember to revoke their access so that they can’t use the social accounts to cause harm to the company.

Have a designated person in charge

This isn’t just a security concern, having a designated person in charge of and responsible for the running of your social channels will, first of all, ensure consistency but also ensure that someone is constantly on top of and routinely checking the social media security which will go a long way to mitigating any risks.

This person will likely be a senior person on your marketing team. They should maintain a good relationship with your company’s IT department to ensure marketing and IT work together.

Social media monitoring for threat detection

As we have mentioned several times already security threats, especially those around social media accounts are constantly evolving as cybercriminals implement new and innovative new methods for attacks. Using OSINT you can not only closely monitor not only your own social media accounts but the entirety of the web. This will allow for your security team to catch risks as they appear and neutralize potential threats early. 

For example, careful monitoring of social channels will allow you to discover imposter accounts and get them shut down quickly before they can do real damage. It will allow you to spot inappropriate use of your brand by employees or others associated with your company such as a new partner.

The role of OSINT for social media monitoring and corporate security

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. Moreover, you could monitor for negative emotional sentiment concerning an event you're hosting and identify people who may decide to turn those threats into action.

Finally, OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat, when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively

Conclusion

Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses can emerge at any time. Researchers are now anticipating that advanced attacks against social media networks will be able to leverage a user’s contacts, location, and even business activities. This information can then be used to develop targeted advertising campaigns toward specific users, or even help spark crime in the virtual or real world.

To prevent social media breaches, protect user information, and secure company data, increased vigilance by individual users and regular audits of your social media security measures are necessary to ensure organization security.

An estimated 2.94 billion people globally use social media. This is roughly a penetration of about 40% which is only expected to grow. However, in developed countries, this penetration rate is even higher. Facebook and Instagram are currently the two most used platforms, but there are numerous channels with hundreds of millions of active users daily. 

On any one of these channels, attackers might voice their intentions, spread false information concerning your organisation, or partake in more obscure but potentially equalling dangerous activities such as cyber-bullying or phishing. Because of the high number of users paired with the social nature of discussion, potential threats often emerge on these channels and forums first, even before they become a tangible risk.

On top of this, many companies have active social media presences which enable them to engage with their target audiences for positive brand growth. However, because of the saturation, companies are opened to several new vulnerabilities that come hand in hand with the opportunities that social media presents.

A fundamental challenge with social media monitoring, then, is knowing where to look and how to identify credible threats amidst overwhelming noise in a timely fashion that doesn’t require immense resources.

In this article, we explore some of the key threats that evolve and can be monitored using social media channels as well as how to overcome the fundamental difficulties surrounding effective social media monitoring.

The Challenges of Social Media Monitoring

Using social media monitoring as part of your comprehensive cybersecurity strategy has several key benefits unique to the platforms involved. However, leveraging social media for increased security and situational awareness can be a challenge and, without the right tools, it is next to impossible to effectively monitor these channels and form timely responses.

The amount of chatter on social media channels is both a boon and a curse to security professionals. People discuss everything from the inane to clearly threatening conversations and actions. All of this happens though, across dozens of social media channels. On Twitter alone, there are some 500 million tweets a day. In one study, it was found that five new profiles are created on Facebook every second - and it’s quite possible that some of those are fake or could be a threat to your business.

An example of using social media to gain increased situational awareness is the 2019 Christchurch shooting. Parts of the event were live streamed through social channels. Those security teams monitoring these channel were amongst the very first to know of the event as well as gain valuable situational awareness that allowed them to respond more effectively than without this information.

To overcome the key challenges presented by social media monitoring it is vital to employ the right tools and resources. For example, Signal OSINT platform allows you to monitor your chosen social media channels continuously and set up tailored lives streams and customised filters to help user identify potential threats from the noise of online chatter. To further refine the data gathered through the use of Signal you can run things through our sentiment analysis tool. 

Signal enables users to monitor not just social media but the surface, deep, and dark webs in their entirety forming the crux of many organisations’ security efforts.

Identifying Threats 

Intertwined in the comments, posts, pins and tweets are a multitude of information security and business risks. From targeted phishing to full-on account takeovers or even emerging threats against physical assets. As social media continues to dominate business communications, security teams must understand and address the risks posed by social media, the largest unsecured IT network on earth.

Here are a few of the key identifiable security threats associated with social media.

Targeted Phishing

Phishing attacks have been evolving over the years to incorporate and take advantage of the everyday tools that both businesses and consumers use. One such method is by using social media to gather data on targets through phishing attacks and other strategies. 

For example, is your mother’s maiden name listed on your Facebook? Where did you go to school? Did you post pictures of your first ever pet? All of this data commonly used for security questions is freely available for determined fraudsters. For those that are a little more enterprising, they might even get you to volunteer particular details disguised as a fun quiz. Phishing attacks are generally used to gain valuable data which can then be used for monetary gain. 

Social Engineering

By using social platforms criminals can build trust and through the use of deception manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. This can take on several different aspects whether it’s targeting employees to divulge information about a company or manipulating customers to share personal information that would allow them login access to their accounts for the purposes of identity fraud.

Account Takeover

An account takeover is a form of identity theft. This is when fraudsters illegally use bots to gain access to a victims account. There are several reasons this could be valuable to a hacker. For example, what they might do is launch a phishing attack from this account which will allow them to utilise the trust associated with that individual’s personal account to increase the chances of success. 

Physical Threats

Social media is a public forum where a huge number of people go to express their opinions. What this inevitably means is that both positive and negative sentiment is expressed about companies, organisations and people. Some of this sentiment holds serious reputational risks or may even evolve into a serious physical threat against an employee or asset. 

Final Words

Experienced hackers and cyber-criminals, understanding the public nature of the channels will attempt to avoid actions that expose their intentions. Social media threat monitoring in this way has its limitations, which paired with those relating to privacy protections inhibit it from being a comprehensive intelligence source.

That being said, social media, when monitored effectively can catch negative sentiment as well as expose potentially dangerous or threatening information or conversations in real time - some of which will prompt further investigation or other actions to be taken. Social media monitoring can provide critical real time information on threats increasing situational awareness, but organisations and their security teams are well-advised to not lose sight of the forest for the trees. 

The usefulness of social media monitoring is best leveraged in a holistic risk management approach, one that incorporates diverse security strategies, including a range of cyber security measures.

It’s no secret social media is now a key source of intelligence for corporate security professionals. But with so many social media monitoring tools to choose from; departments can easily end up choosing software that hasn’t been developed with their needs in mind, i.e. social media monitoring software built for marketing purposes.

This poor choice often impacts efficiency, results, and ultimately hurts the bottom line and, in some cases, employees.

Here are 5 tell-tale signs that’ll help you work out if the social media monitoring tool your corporate security department uses, needs an overhaul.

1.     Sometimes they’re the “last to know”

News travels fast these days. Some call it “the speed of internet”. What this means is, everyone and anyone with an internet connection can learn about and/or spread the breaking news happening at your corporation.

This increases the chance that a staff member might find out things before your corporate security department does. Especially when it’s happening in a retail store or near the event your CEO is speaking at.

Corporate security departments using operationally focused social media monitoring tools give themselves a better chance of being in the “first to know” camp.

2.     Reports are missing known threats

Lack of awareness can linger long past the date something occurred (especially for potential threats that are yet to fully develop).

When regular reports are missing developed or developing threats, that are already known to senior executives (whose lives and lively hoods depend on it), it may result in a loss of confidence from the executive team. Even when the corporate security department think they are being as effective as possible.

The wrong tooling might provide you with what looks like the most relevant and timely information, but you’re often missing the complete picture.

The right tooling, developed specifically for protecting executives, assets and supply chains, provides more advanced and targeted search capabilities (e.g. Boolean search) than typical marketing related tools. For those such tools, the focus is generally on social engagement and brand and reputation management rather than detecting potential and developing cybersecurity and physical threats.

3.     Incident response times are slow

Further to point 1, if your team is unaware of a threat, or simply hear about it too late, this can have a butterfly effect impacting the overall incident response time. This can potentially put the safety of staff and executives at risk, impacting “Duty of Care” responsibilities and even impacting revenue or costs.

Having the right monitoring tool often means you can plan ahead (building out a calendar of events to monitor), giving you a better chance of being the “first to know” and therefore speeding up incident response times.

4.     Small incidents often escalate

You guessed it! Catching threats early can keep small incidents… well, small.

This will save you and your team from having to deal with larger and more troublesome incidents in the future. So, how does Social Media come into this?

Sometimes the earliest signals come from the most unusual sources. Social Media, if used with the right monitoring software, can act as an early warning system for you and your team. It can even supply this early intelligence directly to your phone via SMS or email so you are always on top of new incident’s.

5.     Your team is too reactive

If you’re the Head of Corporate Security and you can’t understand why your team never seems to be prepared for events such as executive travel and retail store/office openings, it could be a sign they need to move to operationally focused social media monitoring software where they can plan ahead and schedule monitoring at certain locations over certain dates, times or seasons.

This not only instils a more active team culture allowing you to get ahead of potential issues, but it also reduces stress and allows your team to be in a better frame of mind when things really matter.

Conclusion

It wasn’t that long ago that there was very little in the way of social media monitoring software tailored for corporate security professionals. Early adopters persevered, as a stop gap, with tools designed for marketers.

These days’ things are a little different:

• The role of corporate security in any large corporation is becoming more important;

• Social media is an open source of intelligence when it comes to protecting executives, digital, physical assets and supply chains;

• Access to social media is now in the hands of the majority (wherever they are);

• Threats can be indirectly identified via social media posts made by the public and media.

And, most importantly, tools have been created specifically for corporate security professionals to make use of this free intelligence source.

Are you already making the most of these new tools or is it time to make the shift?