Is your organisation exposed to social media scams?

A new study by ESET UK has warned how employees could be exposing their companies to cyber attacks through their social media accounts.

80% of IT professionals in the poll believe that social media is an easy way for hackers to gain access to corporate networks because it is an area often neglected in terms of security.

The study, which looked at the attitudes of 200 IT professionals, was carried out in May 2015 and also revealed that 12% of organisations have already had a virus enter their network via social media.

> See also: Could social media networks pave the way towards stronger authentication?

But although many in IT are aware that social media can be an attack entry point, simply handing out directions on policy may not be enough – although 56% of respondents revealed that their organisation does have a policy which limits social media usage, 56% admitted that the policy wasn’t actually enforced.

The root of the problem may lie in a lack of employee awareness about the risks – when 1000 employees were also quizzed as part of the survey, 36% said that when their organisation limited social media usage, they believed it was to increase productivity, rather than prevent security threats entering the network.

Worryingly, when consumer respondents were asked if they, or anyone they know, has had their Facebook identity stolen or attempted to be stolen a quarter of respondents said yes.

'Social media is often entirely overlooked within an organisation’s security posture because it is not recognised as a threat, this however is wrong. Hackers are continuously looking for ways to access corporate networks, and social media can often be an open door,' said Mark James, security specialist at ESET UK.

'Cyber criminals use social media as a way to sneak malware and exploits past corporate firewalls, and scammers also trick social media users into visiting sites which they think are legitimate in a bid to steal information. However the biggest concern is that IT professionals have no visibility into what their employees are doing on social media and if the pages they are visiting pose a threat to the organisation.'

The study also warned of Facebook 'like-hacking' scams that trick users into posting a Facebook status update for a site they did not intentionally mean to like, which then enables the spreading of hoaxes and spam.

These types of scams, said James, are very common and usually involves an enticing video and that directs users to a compromised website, which then tries to install malware on their computer.

> See also: Cyber security guide to the 10 most disruptive enterprise technologies

Like-jacking is a big threat to consumers and they should be cautious about what they are liking on social media sites as it can be a lot more harmful that they would think, continued James.

But when employed consumers were asked if they would unlike a page of Facebook if they realised it was a scam and 12% said they would not as there would be no point.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...