{"id":11477,"date":"2016-03-04T09:00:33","date_gmt":"2016-03-04T14:00:33","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=11477"},"modified":"2020-02-26T11:05:48","modified_gmt":"2020-02-26T16:05:48","slug":"social-media-threats","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/social-media-threats\/11477\/","title":{"rendered":"Is your social media profile a target?"},"content":{"rendered":"<p>At the <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/rsac2016\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">RSA Conference<\/a> in San Francisco, I sat in on a panel that raised an interesting question in the insecure big data world that we live in. Ian Amit of Zerofox gave a talk on how social media usage could be leveraged by cybercriminals to target individuals to infiltrate a company.<\/p>\n<p>The theory is quite simple \u2014 we put a lot of personal data out there that can be accessed by pretty much anyone. This includes cybercriminals and it is a variable that they can leverage to help infiltrate a company.<\/p>\n<h3>What makes you a target?<\/h3>\n<p>In theory this idea is quite plausible. We already know that social media sites are <a href=\"https:\/\/www.kaspersky.com\/blog\/1-in-5-phishing-attacks-targets-facebook\/5180\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">prime targets for phishing<\/a> schemes, and if we know that, so do the criminals. By leveraging the big data, they can look at people who they feel could be easy prey, or a prime target for attack.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Did you know that <a href=\"https:\/\/twitter.com\/hashtag\/socmedia?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#socmedia<\/a> sites are prime areas for phishing schemes? Find out more: <a href=\"https:\/\/t.co\/eNlAvarhAy\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/eNlAvarhAy<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/SMM?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#SMM<\/a> <a href=\"https:\/\/t.co\/8k12NuAdIp\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/8k12NuAdIp<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/675469021257572352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 12, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In the talk, Amit noted that some factors that could increase the risk for someone being targeted is to look at people who actively post on polarizing topics like sports, politics, religion and certain social causes. In some of these areas, you could see a person who is highly interested in a given politician, we\u2019ll call him Bernie Trump, potentially clicking on or sharing links from accounts that could be a spoof of the real one with similar posts, but instead of campaign messaging they are sending a phishing link.<\/p>\n<p>You could also be a target if you are in your company\u2019s IT, Corp Communications or Finance department as all have ties into sensitive corporate information. High ranking executives and board members can also be potential targets.<\/p>\n<h3>What can you do?<\/h3>\n<p>The quick and easy answer to this is to follow basic cybersecurity best practices. This means no clicking on links that you are unsure of, only opening files that you know are verified and also knowing sender. The last one is perhaps most important as we recently learned with <a href=\"https:\/\/www.kaspersky.com\/blog\/snapchat-phishing\/11441\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Snapchat falling victim to phishing<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/ICYMI?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ICYMI<\/a> Snapchat caught in a <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a> campaign <a href=\"https:\/\/twitter.com\/hashtag\/somedia?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#somedia<\/a> <a href=\"https:\/\/t.co\/9F9dgrnzuS\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/9F9dgrnzuS<\/a> <a href=\"https:\/\/t.co\/7TYjKZOIAW\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/7TYjKZOIAW<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/704438995980316672?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 29, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>You should also be careful of <a href=\"https:\/\/www.kaspersky.com\/blog\/dont-be-facebook-friends-with-strangers\/904\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">who you follow back<\/a> on social sites as spoof accounts could really come back to hurt you.<\/p>\n<h3>Should companies use this type of profiling?<\/h3>\n<p>This use of big data to assess risk seems to be a little bit of too soon for the market. Many companies do not fully leverage the power of big data while having millions of customers, so it seems unlikely for mass adoption when it comes to companies looking at thousands of employees.<\/p>\n<p>I am sure that there are plenty of use cases and companies doing this, but think that these would fall into highly sensitive or controversial industries.<\/p>\n<h3>How can I keep my social profiles safe?<\/h3>\n<p>The team at Kaspersky Daily has you covered with these articles on best practices from a security standpoint for social networks:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/google-privacy\/10572\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Google<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/check-facebook-privacy-now\/10366\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Facebook<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/keep-instagram-secure\/11045\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Instagram<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/snapchat-privacy-security\/11151\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Snapchat<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/vk-privacy\/10743\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">VK.com<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Does your use of social media make you a liability to your company?<\/p>\n","protected":false},"author":636,"featured_media":11489,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[1042,36,76,4210,211,1473,422,131],"class_list":{"0":"post-11477","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-big-data","10":"tag-malware-2","11":"tag-phishing","12":"tag-rsa2016","13":"tag-social-media","14":"tag-social-profiling","15":"tag-threats","16":"tag-tips"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/social-media-threats\/11477\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/social-media-threats\/6797\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/social-media-threats\/7874\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/social-media-threats\/7650\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/social-media-threats\/11094\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/social-media-threats\/6067\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/social-media-threats\/7124\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/social-media-threats\/10651\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/social-media-threats\/11094\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/social-media-threats\/11477\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/social-media-threats\/11477\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/tips\/","name":"tips"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=11477"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11477\/revisions"}],"predecessor-version":[{"id":33647,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11477\/revisions\/33647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/11489"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=11477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=11477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=11477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}