Social Engineering via Social Media

Most people are aware of the many scams that exist on the internet these days. Just take one glance at your email inbox and theres guaranteed to be some sort of phishing email sitting waiting for you, and thats just an obvious one! Then, there’s, “We need you to update your account info, just click the link below,” emails. It can even go deeper with hackers physically talking with you or conning you into giving them personal and private information you shouldn’t. Lately, the largest influx of scams has come from social media, that’s right, social media.  As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target. A lot of people who are not expecting to be targeted.

Social Engineering on Facebook

Facebook has seen a lot of scrutiny lately revolving around fake accounts and social engineering. These profiles look legitimate on the outside but once you do a little digging you can quickly tell the difference. Same goes for the advertisements, they look as though they are from a real company or person, the ad does say sponsored like regular FB ad content. But when you click on it, you can either infect your computer with malware or unknowingly give away your login info.

Another example of social engineering via Facebook ads was back in 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices. We’ve talked about avoiding to good to be true advertisements or promotions in this malvertising blog post here.

What are the different types of social profiles?

Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk,  and they usually have very little original content on them, and usually a provocative photo as the main profile picture. Then they usually go around making friend requests in hopes that certain users won’t look into the profile and simply add them. The reason for this is to be able to eventually send you malware via FB messenger as well as post on someone’s FB “wall”.

The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends and content on their wall. If both of these raise even one red flag, it’s likely it’s a fake FIP profile. These are intended to target a specific person or vertical in an industry. This can usually be seen once you look into mutual friends or even do a reverse image search. It’s important to take these extra steps when accepting friend requests. We live in a world where we hit accept on every request we receive, but these accounts could be malicious.

So what next?

These are just a few of the main ways that social engineers are using social media to target people. While snooping on your friends, checking to see what crazy Uncle Bill just posted, or simply browsing through funny memes, always be diligent and aware of your internet surroundings. If that’s tough, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.