Channel hacking: How cybercriminals could hijack your social media

cyber-security-1802604_640By Nori De Jesus

Without the huge marketing and advertising budgets of large enterprises, small businesses often rely on social media to get their message across. It makes sense, since social channels are easy to access, free to use and come with massive, built-in reach. According to Statista, Twitter now claims more than 313 million monthly active users, while Facebook tops the charts with over 1.2 billion.

However, the huge popularity of social media also makes these platforms an attractive target for hackers. Here’s a look at common ways cybercriminals can hijack your social media presence.

Kicking down the doors

First up is the old brute-force attack. As noted by Security Intelligence, big brands deal with at least one attempt to compromise their social media channels every day, while social providers like LinkedIn have experienced hack efforts that led to more than 117 million stolen credentials up for grabs on the Dark Web.

What does this mean for small businesses? It pays to watch for signs that you’ve been hacked — even if you’ve been practicing safe social behavior online. If your password suddenly stops working or you start receiving “change your password” notifications in your email, you may be the victim of a brute-force social hacking.

Engineering efforts

According to Security Week, cybercriminals may also use social engineering efforts to distribute malware using your social media channels. For example, the recent “Newscaster” cyberattack used fake personas on popular social sites to establish “trust relationships” with other users and then exploit those relationships to deliver malware or steal passwords. Social engineering attempts also include “likejacking” — where small business users are directed to pages containing fake “like” buttons that install malware and may allow cyber attackers to take control of your computer and/or social media accounts.

Lifting likes

Another attack vector is leveraging social media accounts to provide fake marketing boosts for online ad campaigns. As noted by Webroot, platforms including YouTube, Twitter, Facebook and Instagram are all vulnerable to these kinds of exploits.

Here are two possible scenarios: 1) Small business users are convinced to purchase services that promise “real” Facebook likes or shares of their content for a small fee. The problem? This goes against the term of service (ToS) of any major social site and many of these services use fake accounts to boost likes in addition to hijacking real user accounts. 2) Your account may be compromised by one of these services and used to like or comment on spam-type posts and product offerings. If you start receiving updates from a service you don’t recognize, check your security settings and enable two-factor authentication, if possible, to limit the chances of your social presence being used for fraudulent gain.

Stealing secrets

It’s also possible for cybercriminals to exploit your social media channels for usable information that they then leverage into spear-phishing attack. For example, a small business might list both basic company data and some information about founding members or their mandate on social media. This data could be used by a criminal to spark a conversation under the guise of an interested consumer or business partner.

Ultimately, however, the effort is designed to glean just enough information that it’s possible to impersonate SMBs online or access specialized services such as banking or web hosting using their credentials. Your best bet is to err on the side of caution when it comes to sharing information on social channels that could be exploited.

Social media is a powerful tool for small businesses, effectively granting them the reach of large enterprises at a fraction of the cost. Yet social platforms also come with an inherent risk: hacker hijacking. As a result, SMBs must actively monitor their social presence to reduce the chance of brute-force hacks, social engineering efforts, larcenous likes or stolen secrets.

___________
Author bio: Nori De Jesus is Global Director of Marketing at Column Information Security. De Jesus brings over 20 years of experience as an advent marketer and business strategist working with software manufacturers and launching proprietary software solutions into the market. With expertise in BPM and case-management B2B marketing, she focuses on innovation and making a difference by maintaining agility as the technology climate continues to shift. De Jesus is an evangelist in educating buyers through their technology-purchasing journey via content and research.

Footnotes:

 

Leave a Reply

The Self-Employment Survival Guide can help you succeed. Learn all about it here.

Self-Employment Survival Guide book cover