Do you know someone who spends a lot of time on Social Media? Someone who’s posting nearly daily about their activities?
Even if you avoid Facebook, Instagram, Pinterest, TikTok, and other Social Media outlets, your friend could still be putting you at risk. During Cybersecurity Month – and all year – the U.S. Cybersecurity and Infrastructure Security Agency (CISA) wants you to understand how to avoid risk to yourself and your employer through Social Media.
This is especially important as foreign state actors have increased their attacks on U.S. assets. Some seek to stop U.S. support of Ukraine, some want to ruin their enemy, the U.S., and some want to steal your assets for profit.
Consider an example of how can an innocent post of you and your friends could hurt you.
Let’s say you and your friends are all tagged in a public photo on Facebook and Instagram, showing the world that you attended a charity event. It suggests you might be interested in the work the charity does.
A cybercriminal can harvest that information and design a malicious email specifically for you.
It could appear to come from one of the friends in the photo. Perhaps their email has been compromised, or their email is on a list of accounts stolen in a large breach and they don’t use multifactor authentication.
The criminal may have sat for months undetected in the friend’s email, simply adding a forwarding rule to copy the criminal on all the emails the friend sends. The criminal learns how the friend writes – to you and others.
Then the criminal crafts a fake email, posing as your friend, suggesting a new way to support the charity. Unfortunately, the brochure pdf your “friend” sends you or the link they included are malicious. They may install malware on your system to learn your critical corporate access logins.
Or they may get in and steal YOUR contacts and start scamming them.
Either way, the attack started with a Social Media post full of valuable personal information.
CISA recommends you keep some information private – places you like to go, specific personal dates, possessions you own, and travel plans.
Also, connect only on Social Media with people you’ve met and trust. Disable the device location where you can so strangers can’t see where you are.
“Remember, there is no ‘delete’ button on the internet,” a CISA tip sheet says. Even if you delete something, “information is permanent in cyberspace.”
To get more tips regarding ways you can protect yourself, visit the CISA’s Cyber Awareness Month site.
And visit ImageQuest to learn more about our cybersecurity and IT compliance services – including Cybersecurity Awareness Training.