Social media sites: An open door for fraud
Hackers can steal owners, shareholders and employees personal data, commit various types of fraud just by browsing there social media sites. They use lies and manipulation to trick people into connecting with them and then gather personal information on their new friends and their connections. This presents a challenge to financial organizations that are already spending a fortune on firewalls, secure managed file transfer and secure systems. It’s difficult to monitor employees willingness to leak sensitive company data when they are befriended by hackers.
Dell computer reported that fraudsters, created dozens of fake LinkedIn accounts, posing as corporate recruiters to entice employees at telecoms, government agencies and defense contractors to give up sensitive information, including business emails. Symantec’s investigation also uncovered dozens of fake social media accounts across a variety of industries used by hackers to target employees.
Hackers impersonate employees, owners or shareholders
Once hackers have successfully stolen personal data, including reporting structures, titles and emails they are able to conduct phishing campaigns. By using fake emails and social media accounts, hackers can pose as a senior executive, often the CFO, controller or CEO and issue a communication directing a lower-level employee to urgently execute a financial transaction to a fraudster’s account.
Hackers can also send bogus emails to employees, impersonating legitimate suppliers. Vendors’ emails are spoofed by adding, removing or subtly changing characters, making it difficult to distinguish the perpetrator’s email address from the legitimate address. The scheme is usually detected only when employees are asked to verify the transaction. According to the Internet Crime Complaint Center (IC3) the average Euro loss per victim is approximately €55.000, although IC3 has received complaints reporting losses that exceeded €800.000.
Emails and social media accounts often are used to infect computers. For example, the Carbanak cyber gang stole one billion Euro from more than 100 financial institutions by sending links that, once clicked, triggered the download of malware that was used to identify employees responsible for software. Next, the hackers installed a remote access tool on their computers, collected snapshots of their screens and used the information collected to dispense money remotely and transfer money to fake accounts. All of this was accomplished by initially sending supposedly legitimate messages to employees.
Social media increases the risk
Financial institutions or intermediaries that use social media are more vulnerable to brand hijacking where hackers can blatantly copy and misuse company logos, names, documents and website content. Fraudsters can impersonate a business online presence and deceive unsuspecting visitors into believing they are visiting the real website and social media accounts, opening them up to the risk of divulging personal information.
Education and monitoring is the best defense
Organizations that want to protect their assets and reputation need to invest in employee training to raise awareness of the risks of using social media.
Employees should be instructed to adopt a position of sensible caution when engaging with members of colleagues or friends networks who they don’t know personally. When evaluating inquiries originating from social media, users should seek confirmation that the individual is legitimate. In addition, it may be prudent to monitor user behavior and applications on corporate networks to detect potential takeover of social media accounts and identify suspicious activity early, before damage is done.
Companies have competing priorities when it comes to social media. The best way to go is, no social media, but they want to reach customers, recruit new talent and drive up online visibility. They also have a driving need to protect their data, especially in regulated industries like finance, where a data breach could cost them not only customer loyalty, but also countless Euros.
Source: Corporate Compliance Insights