Thursday, June 19, 2014

Social Media and Online Scams

The dangers of social media has now extended itself into the realm of industrial espionage. SG Corporate Training has published an interesting article on how corporate spies and online scammers are now using social media to launch sophisticated attacks.
In their article, SG Corporate Training elaborated on the increasingly use of two-phase attacks by scammers as identified by the counter-industrial espionage team at CW Fong & Associates. In the two-phase attack, scammers first seek to enter the target's "inner social media circle" by cloning an acquaintance and then sending an innocuous friend request. Once the scammer has entered the circle, they then monitor the target for vulnerabilities which they then exploit. As the "attack" comes from within, the target's defences are down and the rate of success high.
The dangers posed by social media is not new. As early as 2009, Thomas Ryan (an online security specialist) demonstrated this via what has become known as the Robin Sage experiment. More recently, Cascade Insights ran a similar experiment to demonstrate to their clients the importance of having a robust social media policy.
In the end, users of social media must be aware of the dangers that lurk. While social media is a great way to stay connected with friends, this same tool creates vulnerabilities which criminals can exploit. One good example which the article by SG Corporate Training gave was the criminal exploitation of travel information. If you had posted on Facebook that you would be away on vacation in the Philippines and a friend suddenly receives a message from you that you had been robbed and needed an urgent loan to get back to Singapore, chances are your friend would not think twice about sending you the money.
Given the wealth of online information available and the ease with which anyone can create an online identity, users of social media must be careful about who they include in their "inner circle" and the information they share.

No comments:

Post a Comment

CyberSecurity Training in Singapore - Social Engineering Workshop

The recent SingHealth COI Report noted that employees remain the weakest link in any security system. Hackers used social engineering tec...