Social media are the preferred communication channel for many in today's world. However, it comes with a new wave of social engineering attacks that most do not understand.
First Published 1st June 2016
Hacks of social media accounts are attractive due to the 'trust transfer' that already exists between the recipient and the perceived sender.
3 min read | Reflare Research Team
This past couple of weeks, we saw quite a few social media accounts get hacked. Twitter, LinkedIn, and even Tumblr accounts fell prey to hackers who used the accounts to send their own messages.
Social media accounts are some of the newer targets for hackers. Most people consider their social media account innocuous and useless to an attacker. This couldn't be further from the truth. Social media accounts can and are often used as a foundation to gain access to higher-level credentials.
With a social media account in hand, an attacker will usually follow one of two patterns to maximize the impact of the attack: The first approach is to send out messages masquerading as the real user. Many security professionals advise users to avoid messages from "untrusted sources." With the social media account in hand, the attacker becomes a "trusted" source and can use that trust to gather additional information from the real user's list of contacts. These contacts could be higher-ranking employees within an organization. The social media account serves as a foundation to further promote the hacker's intentions.
The second use is for political purposes. This past week several celebrity Twitter accounts were hacked. Instead of sending out-of-character tweets, the hackers can send a couple of messages throughout the month that stay in character for the real owner but send specific political statements to the owner's followers. The idea is to stay in character so that the original owner does not realize that they have been hacked. With very few messages sent and staying in character, the attacker can accomplish his mission of sending political messages to several thousand (even millions) of followers.
The recent social media attacks remind us that we need to be vigilant with social media security and passwords. Facebook is at the forefront of security research and social media account protection, but users should also be diligent when creating passwords and know the red flags when replying to any email or entering information on a website that asks for social media credentials.