Threat Intelligence Blog

Posted July 16, 2015


By: Greg Ogorek

I always wonder what some job seekers are thinking when they post on their personal social media accounts that they’re looking for work. One posting that recently caught my eye was a friend of a friend who posted on Facebook that she was seeking a receptionist role, a position that carries a fair amount of responsibility and visibility at an organization. Her profile was wide open. One click and I was able to preview the personality that I would be hiring; with a few more clicks, I was able to see pictures of her with her dog and friends, see who her brother and sister were, and other personal details.

Although social media usage is near ubiquitous now for most Internet users – with more than two billion active accounts worldwide and growing – and is a common method for personal communication, marketing, brand promotions, and other activities, many people still don’t fully grasp the security implications of using these sites, and how it can impact things like job searches.

By no means am I saying to avoid social media, as evidenced by the fact that I’m posting this on a public blog, and have personal Facebook and LinkedIn accounts! However, you do need to be aware of the amount of information you’re sharing on the Internet about yourself, and how it could be potentially used to target you and your place of work, or keep you from getting the job you want. Below, I’ve listed five things to be mindful of when you’re creating – or using – your social media accounts.

Don’t Fall for These Social Media Scams

1. Secure Your Account and Your Location: Take advantage of your privacy settings. Make sure you turn off your location services, geotracking, and other location settings, and unless you’re a public figure, make posts viewable only to your friends instead of friends of friends or the general public. It’s best to minimize advertising your whereabouts when your information is publicly accessible in order to avoid someone using this information to target you with a spear phishing campaign. Be aware that insurance companies, attorneys, and others are searching social media profiles and YouTube to calculate premiums, investigate accidents, and deny claims. If you’re job hunting, be sure the image you present on social media isn’t one that’s going to scare off potential employers or cause them to think twice.

2. Hacked/Impersonator Accounts: If you haven’t heard about the fake Twitter verification story, read up on it now. Don’t let fake accounts trick you into giving away personal information, or trust an online persona as if you know them in real life. Never give away personal information or details of your activities online, even if your friends and followers are the ones asking. Fake and impostor accounts are rampant on sites like LinkedIn, where fraudsters may amass a number of contacts in order to present themselves as legitimate business people. Be especially weary if your connections claim some sort of emergency that requires you to send money overseas, as this is a very common scam when email accounts are compromised by criminals. Use a strong password and multi-factor authentication if available to make it difficult for someone to access and takeover your account.

3. Social Engineering Scams: Social engineering involves duping people into giving away confidential information, either about themselves or their company. Two common social engineering scams are spear phishing emails that appear to come from contacts and phishing emails that appear to come from companies. Both will look like they are coming from legitimate sources – maybe a friend, family member, or major business – but the intent is to get you to click on a malicious link. If you have an open or non-private profile, it is easy for social engineering scammers to use your information to use your own information against you. This is a common method of building trust and authenticating relationships in social engineering scams that can end up costing you or your company through the theft of personal information such as account details, or by downloading malware to your computer.

4. Malicious and Rogue Mobile Apps: Understand what you are downloading to your mobile device or tablet and be mindful of malicious apps that can easily be shared via social media links. There are also many third-party apps that can add functionality to various social media platforms, but that may be malicious or easily exploited by hackersMalicious applications come in all shapes and sizes, and do serious harm to your device and your information if you’re not careful about what you install. Only download apps from reputable sources, authors and online app stores. For more sensitive apps like banking and privacy management, start at the company website to find legitimate application links. Be diligent with what you install – it pays off in a better user experience and peace of mind.

5. Oversharing: Do you list all your political affiliations, favorite bands, movies, and TV shows on your social media profiles? Do you brag about protests you’ve attended? What you allow strangers to learn about you from online posts can aid them in targeting you for scams, or influencing potential employers who may Google you. Be aware. Be diligent. Use some common sense and patience. Following these principals will help you achieve a successful online presence and help to promote your online privacy.

While security professionals are likely already aware of these scams, I’m regularly surprised by how naive some of my friends, family members, and colleagues are when it comes to social media safety. If you have the same concerns, share these tips with them!

Cyveillance Social Media Watch can help with social media monitoring. Contact us to learn more.

Additional Posts

There’s A Plan to Immediately Purge Some Governmentwide Network Surveillance Data

After a series of stinging government hacks, the Department of Homeland Security said scans of ...

Cyveillance Weekly Cyber Security Trends Report – July 14, 2015

Welcome to the Cyveillance Weekly Cyber Security Trends Report Since threat intelligence is ...