Not So Social

Hackers are hiding cyberattacks in social media and phishing schemes through friendly emails, according to an article in The New York Times and a release from the FBI.

“Pentagon officials are increasingly worried that state-backed hackers are using social media sites such as Twitter and Facebook to break into Defense Department computer networks,” writes Sheera Frenkel.

Spear phishing through social media is a growing concern, says Frenkel.“It’s something that you don’t hear as much about, but the problem is pervasive,” former Defense Department cybersecurity expert, senior cyberanalyst at the National Security Agency and current CEO of Synack Jay Kaplan told The Times. “Social media gives a number of indicators to an attacker, on a state-sponsored level, that you couldn’t get through email.” Links through email may contain malware, which infects the network and often those of employee family members.

The FBI released the following tips to help employers ensure that their networks aren’t vulnerable to these schemes.

  • Don't use free web-based e-mail accounts for your business.
  • Ensure that your firewalls, virus software, and spam filters are robust and up-to-date.
  • Immediately report and delete suspicious e-mails, particularly those that come from people you don't know.
  • If you receive an e-mail from someone who appears to be a legitimate contact; but you are wary, make sure you “forward” it back to the sender. Do not hit “reply.”
  • Don't click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.
  • Consider two-factor authentication for employee e-mail.
  • Create a security system that flags e-mails with similar — but incorrect — formatting.
  • Make sure your e-mail is encrypted in-transit if you are putting sensitive information into it.