Human factors in targeted attacks on social networking sites

Author: Raimund Genes, CTO of Trend Micro

Because of social networking sites, it's now easy to identify key targets within a company, send them information, and sneak in a little poison - such as a malware attachment or a link to a malicious website. But that's not all. We've seen an increasing number of attacks coming via the phone, with callers having accents that sound like they're from India's call center sweatshops. Our receptionist in the UK office received a lot of these calls. Luckily, she works for a security company and has security awareness, so she didn't divulge any information about our staff.

Also, ask yourself, what are your company's policies on social networking? Do you have such policies? If so, do they clearly define what kind of company information can be shared? Have you ever held any awareness campaigns regarding social media threats and educated employees about the negative impacts of leaking information or clicking on links on social networking sites?

You definitely don't want to stop using social networking sites. They offer certain benefits, but just like every cool new thing (and compared to email, social networking is a new technology), we need to learn how to manage it. Consider this, quite a few users' reputations have been negatively impacted, and the sole reason for this impact is that they became victims of the latest wave of malicious links, clicking on one link resulted in a bunch of inappropriate posts automatically appearing. If after encountering such a situation, you tell your friends that it wasn't intentional but caused by malware? It's too late! Your reputation on social media has hit rock bottom.

As information security professionals, we really have a responsibility to protect our company's assets, and educating and raising user awareness is key. At the same time, we not only need to protect the company's reputation, but protecting the reputation of employees is also part of our job. So, please start incorporating relevant regulations into your corporate policies and begin advocacy activities, informing all employees how easily social engineering fraud can succeed on social networking sites. This is mainly because users share too much personal information. These attacks primarily occur in the digital world, exploiting human weaknesses. We always want to trust others, so in terms of information security, we are always the weakest link, and we will forever be the weakest link. That's life.

@Original Source: The Human Factor of Targeted Attacks

This article is copyrighted by Trend Micro. For non-profit websites or media, please indicate the author and the original link when reprinting. Thank you for your cooperation!

iQushi Community -- Download/Forum/Share http://www.iqushi.com

Official Weibo - Get Gifts/Share Latest IT News http://t.sina.com.cn/trendcloud

Trend Micro CEO: Eva Chen's Weibo http://weibo.com/evatrendmicro

Customer Service 360 is a platform that provides online services for businesses, helping with various business applications on the internet and overall enhancing your corporate competitiveness. When potential customers visit your site, customer service can initiate an invitation for conversation through Customer Service 360. Through friendly exchanges and leaving contact information, Customer Service 360 can improve and optimize all stages of marketing and after-sales services.

This allows you to spend less time tracking more sales opportunities, make more accurate marketing decisions, provide more precise after-sales services, and achieve continuous growth in sales performance.