It’s no big secret that social media accounts are often compromised. How many times have you been on Facebook and come across a spammy link on your friend’s wall that you suspect wasn’t posted by them? Or received a friend request from a person you don’t know and with whom you share no mutual friends? It happens all the time. Cybercriminals are becoming smarter and smarter, playing to our greatest vulnerabilities.
BBC News describes social media platforms as a “hunting ground for cybercriminals.” So many people use social media and so many people blindly place their trust in it. For instance, it is so easy to replicate accounts on Facebook and LinkedIn and often so difficult to distinguish between and real one and a fake one, so cybercriminals create fake accounts in your name, reach out to your contacts saying you had to create account, and then those clients receive messages that their accounts were compromised, asking them to enter their personal information to rectify the issue- and they often do because they believe it. Same goes with Twitter- criminals are setting up fake bank customer service accounts and tweeting at customers experiencing issues to get their information in order to correct the problem.“The problem with social media is that people have an inherent trust, and that is what is being tapped into by those cybercriminals,” says Mark James, an employee of IT security firm, ESET.
That statistics don’t lie. According to DarkReading.com, Facebook reported in 2015 that up to 2% of its monthly average users (31 millions accounts) are fake, Twitter reported up to 5% of its accounts are false, and LinkedIn admitted it is not sure how many of its accounts are false: “We don’t have a reliable system for identifying and counting duplicate or fraudulent accounts,” it said.
Some of the most common forms of social media security breaches are malware and ransomware attacks that encrypt data on the victim’s computer, and reconnaissance, which is when a cybercriminal targets a specific person (such as an employee of a company) in order to infiltrate an entire system. It is reconnaissance that causes the most concern in the business world, especially among banks. Cybercriminals are now taking their time to get to know their targets before striking, reading emails and learning their behaviors on social media in order to craft the perfect attack to obtain the information they seek. This type of criminal activity is particularly alarming for financial firms because of the huge volume of information at stake.
Luckily, the technology exists to hopefully outsmart these criminals and catch a potential problem before it happens. Traditional anti-virus software is “signature-based,” meaning it compares any problems it encounters to a database of signatures to determine if it’s a virus- but by that point, it will be too late. The hackers will probably have already gotten what they wanted. The key to fighting cybercrime, according to Vice President of Technology Strategy at Crowdstrike, Michael Sentonas, will be utilizing technologies like machine learning to search for suspicious patterns of behavior in order to detect an attack before it happens. Security experts are hopeful that using the technology at our disposal to search for suspicious behavior will put them one step ahead of cybercriminals, instead of always one step behind.