Ordinary fishing, where you hope for a simple-minded fish to latch onto your hook, relies on using a proper lure. The same can be said for the virtual method of phishing, where a hacker will use a similar type of “lure” to convince the target to bite. These phishing scams are especially useful for hackers who want to take advantage of social media to find new targets. A recent study has shown that this is a surprisingly effective method of phishing.
A report from phishd by MWR InfoSecurity orchestrated a simulated phishing attack that attempted to target a million users. ITProPortal told of their findings: “Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.”
This means that about 10 percent of users fell victim to the first two stages of the simulation and gave up their account credentials. Now, compare this rate to how often a normal scam, like spam, accomplishes its goal. While the typical spam message will only have a fraction of a percentage point rate of success, social media provides a substantially larger chance of success to hackers.
James Moore, the Managing Director of phishd by MWR InfoSecurity, states: “More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.” This is especially a problem, as there are so many people who connect their social media accounts to their work accounts–risky business for any organization that wants to avoid a critical data breach.
If anything, this study shows why your business needs to keep data safe. This includes being capable of identifying phishing scams and responding to them properly, but also the implementation of security tools like antivirus, spam blocking, and content filtering. If you’re very concerned about social media phishing, you can go so far as to block social media websites completely on your network. Additional measures such as comprehensive training can help your users identify phishing attacks both in and out of the office, on a variety of platforms. Often times, the lures used by hackers can be so tantalizing that they’re able to bypass your security, so the only thing standing between you and a data breach is the knowledge you’ve imparted to your users.
You can’t trust anyone on the Internet, be it a new friend on social media, a new entry into your address book, or a seemingly-legitimate website. You have to be ready for anything, but this can be a daunting task. Thankfully, you don’t have to endure it alone.