Friendly Fire: Social Engineering And Phishing Techniques Haven’t Gone

Social Engineering

People often believe there are too many rules about how they should and shouldn’t use social media and so ignore them all as a result. The same goes for employees who probably haven’t attempted to find their organisation’s policy about using social media, confident that it’s likely to consist of overcomplicated regulations that ultimately suggest social media should be avoided at all costs.

The Trojan horse

The reality, however, is that the risks to individuals in sharing personal information online are much the same as they have always been, it’s merely the packaging that has changed; and who wouldn’t be tempted to open an expensive looking parcel that an old friend appears to have sent out of the blue?

Signalling systems

The more information about ourselves that we make publicly available, the more signs there are to watch for if we are to avoid falling victim to scams. Social networks allow cybercriminals to gather not only information about individuals, but also enable them to identify those social connections to which their victim is most likely to respond. Once one account has been compromised by a hacker, the potential for a criminal to manipulate many more users who are associated with the initial victim has significantly increased.

I tend to believe in the invisible parameters set by our privacy filters and instinctively trust online connections with close friends before taking a moment to consider whether their identity is being used to conceal a fraudster. Before you know it, you’ve clicked on the link to the ‘HILARIOUS video of you!’ and simultaneously downloaded 37 Trojans.

Training, tactics and technology

Social media facilitates a wealth of beneficial activity; however it remains fundamental to educate users that social engineering and phishing attacks are becoming more prevalent in this sphere as email usage declines. Organisations must continue to prioritise clear communication about online security with employees as they encounter and adopt different social media tools.

An effective communication aims to gain employee trust by reassuring a workforce that the same simple rules apply regardless of which online communication channel is used. Make those guidelines accessible in a concise social media policy and promote it using campaigns that show how employees need only one set of armour to protect themselves in both professional and domestic arenas.

The question is how long will it be until information security teams exploit the medium of the moment and use it to raise awareness of how their workforce can protect themselves? Employees just won’t be able to resist…

Hannah Tufts has been a Communications Assistant with The Security Company (TSC) for one year. She is responsible for internal communications within TSC in addition to managing client communications campaigns and providing marketing support. Hannah graduated in July 2011 from the University of Reading with a 2:1 in English and American Literature. Whilst studying Hannah was a regular contributor to the Travel, Comment and Debate sections of the university newspaper. Hannah has gained experience in the Communications field through her time spent with a variety of organisations including WEXAS Traveller Magazine, Penguin Group and CSC, where she developed her writing skills and in-depth understanding of different target-audiences.