Security blogs

Malware, scams and ransomware on social media

The problem with social media is that people have an inherent trust and that is what is being tapped into by those cybercriminals. People still believe that you have to click on something and download a file to be infected.

This really isn’t the case anymore. There are things like drive-by-downloads, infected adverts and things like that. It’s very easy to be compromised on your machines.

In many cases the initial malware is just a gateway into the system. It doesn’t do any real harm, yet. But once a back door is established to the infected computer, that access may then be put up for sale.

One of the most profitable scams is installing ransomware, malicious software that encrypts the data on a victim’s computer and then asks for payment before restoring the system to its original state.

Reconnaissance

Social media is also an ideal research facility for anyone who wants to target someone to attack, be it an individual or a company.

If you want to see who works in which company and in which position, or who they are friends with professionally and privately, this information can often be easily picked up on social media.

Any attack on a specific individual will be much easier if the target has made a lot of private information publicly available on their profiles.

Many times, people place lots of private information on social media. The fact that you are overseas on holidays, a sick relative or even the death of a beloved friend. Recently, an executive lost a close friend. Grief stricken, he placed notice on social media, announcing that he would inform his friend of the date and location of the funeral, once he was advised.

Later that day, an email arrived at work advising him of the funeral arrangements, location and time as well as a link to confirm his attendance. The link was a Ransomware attack.

Recently, on the local radio, I heard the morning announcer, during discussions around the recent issues with Facebook and Cambridge Analytica, divulge what she personally put on social media, including the fact that her grandfather’s medical condition had caused him to be hospitalised.

All a criminal would need to do is to send her an email now, commenting on her grandfather’s condition, asking her to click a link.  Now the whole radio station could be taken off the air.

Most organisations allow their users to connect to Facebook, to Instagram, to Twitter and other platforms and that’s where an attack – even if it was targeted at a home user – can have a significant impact on the workplace.

You may also like
Social Media Engineering
Social media Tips