Most people are aware of the many scams that exist on the internet now. But not many are aware of social engineering. It’s tough to look at your emails without noticing several phishing emails sitting in your inbox, and those are just the obvious ones. Then, there’re, “We need you to update your account info, just click the link below” emails. It can even go deeper with hackers physically talking with you or conning you into giving them the information you shouldn’t. Lately, more and more scams have come from social media.
The reason you are so popular is that hackers from around the world are sending you Socially Engineered Ads, Emails, and Malicious Email Links to try and trick you into clicking on them. If you click on one of those fake Ads or Links, we hope your Security Software is up to date!
What is Social Engineering? Google defines it as: “the use of deception to manipulate individuals into divulging confidential or personal information for fraudulent purposes.” As of right now, worldwide social media users total 4.2 billion, according to Statista. That is a lot of people to target. And you’re in there too!
Facebook has been through a lot of investigations in the past few years. When the Russians were posing fake ads for the 2016 election, everyone was concerned about Facebook’s vetting process. Authorities found millions of fake Facebook accounts, as well as ads created by the Russians. This scam is a perfect example of the new age of social engineering. All of this comes from profiles that look legitimate on the outside, but once you do a little digging, you can quickly tell the difference. The same goes for the advertisements — they look like they are from a known company or person. And, usually, the ad says it is regular FB ad content. But when you click on it, you can either infect your computer with malware or unknowingly give away your login info. This breach shouldn’t happen at all, but it’s something to be mindful of.
Another example of social engineering via Facebook ads was back in 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral, and thousands of people clicked on the link, which in turn infected their computers and devices. As you can see, hackers use greed to get the response they wanted.
Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found on Facebook and LinkedIn. MIPs are created in bulk, and they usually have very little original content, but will usually show a sexy or provocative photo as the main profile picture. Then they’ll go around making friend requests in hopes that certain users won’t look into the profile and just add them. The reason for this trickery is to eventually send you malware via FB messenger, as well as post on someone’s FB “wall”.
The FIPs that get created take a little more time and effort, but they are more efficient because they look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends and content on their wall. If both of these tests raise even one red flag, it’s likely a fake FIP profile. These tricks intend to target a specific person or vertical in an industry. This trap can be uncovered once you look into your mutual friends’ page, or just do a reverse image search.
These are just a few of the ways social engineers use social media to target all of us. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. If that’s tough, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information. Contact us to learn more about protecting your business.