Every day around the world, the number of phishing emails has reached 3.4 billion, with just over 50% of these emails being created using the target’s information found online.
For every two minutes someone spends aimlessly scrolling, liking, and checking in, they are secretly creating a dossier for anyone with bad intentions. This is not just some far-off threat contained in the latest published report about cybersecurity.
This is the reality of a hyper-connected world where global loss from cybercrime is expected to exceed $10.5 Trillion by 2025 and where 91% of all cyber attacks did not start with sophisticated code but with an individual email that has personal information about you, your employer, and in some instances, even your dog.
The two most dangerous minutes in digital security are when you are scrolling on your phone. There is a gift in every post, every like, and every check-in you do. And somewhere, someone with bad intentions is already unwrapping it.
A birthday post declaring, "I just turned 30!" could reveal things about the user that they do not wish to reveal. The post provides information about the user’s age, approximate date of birth, and other demographic details that could later be used by cybercriminals in identity-profiling or social-engineering attacks.
This information would not necessarily be enough alone to compromise the user’s account; however, it creates part of a much larger pool of information that the cybercriminals could later use to isolate their targets. In many ways, social media serves as a nearly infinite source of open-source intelligence (OSINT) that gives attackers access to data.
Cybercriminals now have access to a large volume of publicly available data and have the ability to use this publicly shared information to create targeted and compellingly deceptive attacks.
A LinkedIn account gives attackers information about your job, co-workers, and title. Instagram images may provide clues on whether you're away from your home.
Older posts on Facebook may show details about your banking relationships, your travel patterns, or important events in your life. All of this is public information that attackers can use to assemble an extensive digital dossier on you, which they then use for tailored social engineering and spear phishing.
Research indicates that spear phishing is among the leading causes of data breaches. Cybercriminals often succeed because they take advantage of human trust, acquaintance, and human psychology rather than technical vulnerabilities.
Although generalized phishing scams continue to exist, many modern spear-phishing efforts are highly tailored. This level of personalization makes duplicitous messages appear genuine and significantly increases the possibility that victims will engage with them.
Deepfake technology has been used to copy executives, bureaucrats, and reliable contacts, enabling progressively convincing fraud schemes. At the same time, cyber actors and organized criminal groups have leveraged social media data to identify targets, gather intelligence, and conduct influence operations.
Cybercrime continues to grow worldwide. The FBI's Internet Crime Complaint Center (IC3) recorded an astounding total of $12.5 billion dollars lost to cybercrime in the United States in 2023. All individuals who are on the internet today have the ability to be victimized by fraud, identity theft, or social engineering.
Democratic countries face a complex dilemma regarding social media. Social networking platforms can offer opportunities to freely express oneself, participate in civic life, and share information.
At the same time, however, they also can be manipulated or exploited by actors with malicious intent for purposes such as deception, manipulation or spying on others. In democratic nations, limiting online expression is not only impractical but also not in accordance with the values and principles of such societies.
On the other hand, if democratic societies do not protect their citizens from such threats, then many will feel increasingly unsafe in their civilian lives. Therefore, effective governance is required in order to create balance between freedom, privacy, security and accountability.
Cybersecurity in the social media era is no longer solely a technological issue. It is equally a challenge of digital literacy, platform design, and governance.
Human behavior often represents the weakest link in security systems, as curiosity, trust, and convenience can be exploited more easily than technical defences. As digital interactions become increasingly integrated into everyday life, security must be embedded into the design of platforms and services rather than treated as an afterthought.
You can take a number of steps to help protect yourself from cyber threats. One of the best security measures available today is multi-factor authentication (MFA).
According to Microsoft, MFA blocks more than 99% of automated attempts to compromise accounts. Some forms of authenticators (applications) as well as hardware security keys give more protection from compromise than SMS-based authentication methods.
When you share your personal information online, be careful about what you share; attackers can use this information (such as your current location, where you work, a schedule of your travels, and your everyday routine) in order to create very convincing social engineering scams.
It's also vital that you verify other instances of unanticipated or urgent requests. For example, regardless of whether the message looks to be from a co-worker, a family member, or another friend, if the request has anything to do with sending you money or providing any of your sensitive information (e.g., your credentials), you should always verify the request by using an alternate method to contact the source of the initial message.
It is also important that software updates are performed in a timely manner, because many cyberattacks take advantage of existing vulnerabilities that have been patched for that particular piece of software.
The challenge that social media and cybersecurity presents goes far beyond technology. Because social media has fundamentally changed the way people communicate with one another, obtain information, engage in public life and do business, it presents criminals, businesses, and governments with opportunities to collect and analyze previously uncollectable amounts of personal information about people. The question is not whether social media can be used as a weapon against individuals; rather, it has already occurred.
The question now is whether societies, institutions, technology companies, and governments can establish digital literacy; regulatory frameworks; and secure-by-design systems to protect people, without losing the value of an open, accessible internet
ISSUE
Leave a Comment