Social Media as an Emerging Source of Cyberthreat

The cost of data breaches is expected to reach $2.1 trillion globally by 2019

In 2016, cybercrime cost the global economy over $450 billion, and over 2 billion personal records were stolen. Moreover, rapid digitization of consumers’ lives and enterprise records is projected to increase the cost of data breaches to $2.1 trillion globally by 2019.

Given the scale of the issue, 2017 research suggests that the majority of cybersecurity budgets (59%) are set to increase over the coming 12 months by at least 5%, and one in five firms (21%) will lift spending by a double-digit amount. Nearly half (47%) of firms plan to increase spending on staffing by 5% or more.

Clearly, even the blockchain-focused crowd can only envy the tenacity of businesses when it comes to security spending and attention to the matter. However, there is a different side to the problem of ever-increasing threat in the cyberspace, which, unfortunately, has little to do with the quality of security systems, and everything to do with consumer behavior.

Leaving aside enterprise-level breaches, let's turn to fraud that happens on the individual level and has a direct relation to the action of a victim. The human factor is difficult to address even with the most advanced fraud detection systems in place.

Furthermore, as we adopt the diversity of connected devices for everyday use, and pour an endless amount of personal and professional life-related information into the web through various channels – mostly social media – the issue sharpens in relevance.

What’s even more important, the diversity of social media channels and emphasis on various types of data that's being transmitted – video, photo, voice, location information, connections, phone numbers, educational and professional information – all can be put together for a surprisingly rich and clear profile. Having no problem obtaining and replicating one’s voice from social media, fraudsters face little to no barriers in tricking biometric firewalls.

The culture of oversharing and blind trust in social media-bred a new type of fraud. Nearly 20% of social media accounts associated with ten major global brands are fraudulent

Nearly 20% of social media accounts associated with ten major global brands are fraudulent. The results of a study published this March suggest that the fastest-growing social media threat is phishing, where fraudsters pose as legitimate brands: that increased 150% from 2015 to 2016. (A study for the UK, for example, reveals that in 2016, the number of victims of identity theft rose by 57%, with fraudsters ‘hunting’ on social media.)

In addition, professionals share that one of the major security issues with social media is how the technology works and how people are connected – especially the sharing of posts, which is an integral part of social media. Many platforms are also heading toward further integration with the ‘real’ world; user interest in live video and other ‘in-the-moment’ posts is enormous.

It's clear that social media channel become increasingly saturated with personal information of all types, and, increasingly ‘successful’ in utilizing the human factor with malicious intent. Experts emphasize that while corporations and government agencies around the world are training their staff to think twice before opening anything sent by email, hackers have already moved on to a new kind of attack, targeting social media accounts, where people are more likely to be trusting.

Just to understand the scale – the number of Facebook users, for example, has blown up from 20 million to nearly 2 billion in the last 10 years. While we wouldn't share much private information with 2 billion unfamiliar people if we were to meet them randomly, the rule does not apply to social media, where individuals have little to no barriers in exposing personal information to the same number of people.

Christie Terrill, Partner at Bishop Fox, a global cybersecurity consulting firm, recently brought up an important point in the matter, saying that the information individuals freely post to social media can (and probably will) be used against them.

Many times, attackers will use social media as a reconnaissance tool to socially engineer their targets. Suddenly, the fact you publicly tweeted that you went to a leadership conference can be used to craft a targeted phishing email containing a malicious link. While the Nigerian princes of yesteryear might instantly raise eyebrows, if an email is customized to the recipient, the likelihood of the intended response (in this case, a click-through), increases, Terrill notes.

Moreover, as Terrill shared, LinkedIn is also being used to mine email addresses, so a phishing email containing a link to a malware-infected site or ransomware could very well be directed at organizations that individuals work for.

With the increased global use of social media, there are more opportunities than ever before to steal identities or perpetrate fraud online.

Marketing professionals also agree with the increasingly relevant problem of social media-related fraud. Kent Lewis, the President and Founder of Anvil Media, explained how social media networks facilitate identity theft and fraud, saying, Social media sites generate revenue with targeted advertising, based on personal information. As such, they encourage registered users to provide as much information as possible. <...> On the marketing front, Google recently patented an algorithm to rate individual’s influence within social media. Once publicized, it will likely encourage greater participation by active users in order to boost their influence score.

With the increased global use of social media, there are more opportunities than ever before to steal identities or perpetrate fraud online. <...> When it comes to stalking or stealing an identity, use of photo- and video-sharing sites like Flickr and YouTube provide deeper insights into you, your family and friends, your house, favorite hobbies, and interests, Lewis adds.

Whether as a result of increasing social media-related cyber threat, or other, privacy, reasons, Apple, for example, announced at the Worldwide Developers Conference in San Jose that system-level integration with social networks is going away: social accounts have been removed from Settings iOS 11, and will possibly replaced with autofill function. According to notes accompanying the beta release, Apple is no longer allowing third-party social media apps access to stored account credentials.

With similar thoughts or not, at the end of 2016, Salesforce removed LinkedIn integration from social accounts, contacts, and lead feature. With that, all data related to LinkedIn, including LinkedIn user profiles and profile images, was removed from Salesforce.