Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

Social Media – Hunting Ground for Fraudsters

Date: Jul 5, 2016

Category: Blog

As the BBC has reported today, research published by Cifas, the UK’s leading fraud prevention service, shows identity fraud is up by 57% as thieves target social media.

The data, taken from 261 companies in the UK, suggests fraudsters are increasingly accessing people’s personal information from social media sites:

“The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they are now a hunting ground for identity thieves. We are urging people to check their privacy settings today and think twice about what they share. Social media is fantastic and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.” Simon Dukes, Cifas, Chief Executive.

Cifas has also launched a new short film, Data to Go, to raise awareness of this type of fraud.  Filmed in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

With the promise of a free coffee and a croissant, participants were asked to ‘like’ the café’s Facebook page. A team of background researchers, within a maximum time period of three minutes, searched across public websites to find as much personal information and data as possible. That data was then radioed through to a barista, who wrote it on to a cup and handed it to the unsuspecting customer.  Hidden cameras captured their ‘baffled’ reactions and the film ends with the line ‘Don’t make it easy for fraudsters. Set your privacy settings’.

How Private is your Data video

Cyber criminals are also using social media personal information to launch high value phishing, or ‘whaling attacks’, targeting C-Level executives. A whaling attack involves targeting executives with forged emails asking for urgent payments. Usually they are spoofed to appear to come from a trusted colleague or business partner.

In May, SC Magazine reported that the CEO of an Austrian aircraft parts manufacturer was sacked after the company lost €40.9 million (£31 million) to a whaling attack.

The messages often ask employees to keep things confidential and bypass normal approval channels. Employees should be suspicious if they receive a request for unusual information or a wire transfer via email. Check the reply-to email address and always call to confirm the request.

Find out how to train your IT End Users to be Security Aware >>

Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks