Share this article with anyone who may find this helpful!
Subtle updates we make to social media are all clues for malicious actors to work against you – and your company.
Every ‘like’ you tap on Facebook, a link to your resume at a job site, every photo shared on Instagram; it’s all a treasure trove for cyber criminals.
Hackers are now using powerful AI software to scan posts made everywhere in social media. It can harvest the smallest ndetails about your life in minutes. I spoke with a renowned 25 year veteran of cyber security, David Melnick, who says he’s watching how online criminal rings are now getting more effective, more dangerous, and more able to find rich targets.
“With the advent of AI and machine learning they can now scan millions of profiles and anyone that happens to be particularly vulnerable where they find something, that can be when they begin a more targeted attack,” according to Melnick.
The most effective is a spear phishing attack. It’s a fake out sent to you in the form of a legit-looking email with tones of familiarity designed to trick you into clicking a link.
For example, you post a photo from a meal out at restaurant celebrating the moment. A caption might read.. ‘Loved dinner at Dusty’s Diner with friends’.
Even without that sophisticated help, you can learn enough about someone through social media in less than 30 minutes in order to pose a serious threat.
A hacker accessing your restaurant post targets you with an email like this:
‘Hey thanks so much for dining with us at Dusty’s. I’m the GM and just want to say thank you personally. We’d love to see you and your friends again soon, please enjoy this link to a 20% discount good for your next visit. Thanks again! It was great to have you with us!’
Instead of a discount, the link is a trick that leads you into inadvertently installing malware without you knowing it’s a hacker fake-out. Now that malware is invisibly sharing everything on your screen and everything you type to a criminal hacking ring.
As more and more people return to work, they are eagerly taking spontaneous selfies with office colleagues. In those shared photos are often compromising details such as the company’s security id hanging around necks or clipped onto clothing shown in the photos.
Hackers are also able to enhance items in the photo’s background like work computer screens and post-it notes. These can be used to further confirm identity of others, impersonate an employee, and target the company or co-workers in this new intimate form of hacking.
Criminals are good at it. Since it’s working, criminals are investing in expensive tools to help with the scams.
“Just like companies today are using A.I. to make their systems better, the adversaries we fight here are making substantial investments in improving the quality of their techniques, the efficiencies, the speed.” David Melnick, with his 25 years of hands-on cyber security experience goes on to say, “And so a machine learning based system is one great example of how they are honing their craft.”
There are some actions you can take to help block these social media sourced attacks and also check to see if you have already been scammed into downloading an identifiable malware threat.
How to Outsmart Social Media Hackers
- Pick unique profile pictures for each social network so that it’s more difficult for hackers to use one photo to find you on all the others.
- Re-examine your privacy settings on all social networks.
- Think like a hacker before you post.
- Avoid sharing your company email address in social media.
- Use Malware Detection security protection software and apps
How to Spot Malicious Emails
- When you look closely at the sender’s email address, it’s not correct.
- Something about the tone is slightly off. At first glance it may seem right, but take a beat longer with a skeptical eye, and you see something not as expected.
- Hover over a link or email address without clicking to see if it looks off. Such as added characters or numbers.
- Links in the email may show a misspelled or strange web address. Such as “TrustedSiteName-02920423.com”
- Most companies do not ever send email asking for credentials.
- When you encounter a call-to-action link or button, let that raise a red flag. It means someone could be phishing for personal information to compromise your security.
- If you should ever get an email like this, never click on any links. If you want to double check, again, don’t click on any links in the email but instead, open up a new browser and type in the company web address and log into your account. If the email you just received is true, the information should be reflected in your account. Odds are, the email you just received is malicious and you should mark it as “junk” or delete it.
What to Do If You Think You May Have Clicked on a Malicious Link
Use trusted anti-virus security software or apps to scan your device for a previous attack. Malware can be placed on your device unknowingly. Hackers spend day and night thinking of ways to trick you. If these criminals weren’t succeeding, I would not be sharing these important links below to some of the most powerful tools to use for detecting malware.
Best Anti-Virus Software and Apps to Protect Against Malware
Norton’s Antivirus security products offer one of the most comprehensive protections. From a password manager, dark web personal data monitoring, identity theft, parental controls, VPN and malware detection, Norton has everything you would ever need. Of their nine products, I like the Norton 360 Deluxe and Norton 360 Norton 360 with Lifelock Select the most. On the downside, Norton does not offer file encryption, file shredding, or secure web browser but still surpasses the rest with its commitment to maintain a strong level of protection. Note Norton’s sale on these items until June 13.
Panda Security Antiviruss from the company that has been around for 30 years is outstanding. I’ve toured their headquarters and threat center in Spain and understand their level of protection first hand. They are out front with their smart technology monitoring everything with an outstanding track record of detecting attacks before they cause extensive damage. Panda has a very good grasp of using AI for your security based on behavior intelligence and real-time threat analysis. I recommend the Panda Complete as a starting point. However if you are looking for a VPN which would provide secure, private and unlimited Internet browsing, I would recommend their Premium product.
McAfee Internet Security total protection starts as low as $29.99 (for 2 years) while protecting a lot of different devices for a low cost. They did a really good job with their password manager and the malware protection already at the top of the game keeps getting better and better. For moms or dads, the lack of parental controls on the middle level products are a disappointment, but not enough to knock it out of the top 3 best security tools.
No matter what protection you decide to use, awareness is half the battle. Keep second and third guessing every suspicious sense you feel in your gut when engaged in technology, reading email and texts.
Share this with anyone who may find this helpful by clicking the share button at the top of this article.