Even tech-savvy HR pros can fall for social media scams
Social media platforms are growing in popularity and users by the minute. Today, the figures confirm this trend, with 4.2 billion social network users worldwide, indicating a year-on-year growth of more than 13% (490 million new users). In addition, more than 53% of the world's population are now members of one.
Cybersecurity specialist Check Point Software Technologies warns of the danger posed by cyber-attacks aimed at stealing accounts on these platforms because of the great value of the information recorded on them for cybercriminals. For this reason, we want to highlight the different techniques used by these individuals to succeed in usurping social media accounts in order to warn users of their danger:
Fake website: One of the most common techniques used by cybercriminals is to fake an official website in order to carry out a fraudulent action. The fake website replicates the design of the original, even using a similar URL, making it very difficult for the user to detect the deception. An attempt is usually made to get the victim to click on the fraudulent link, usually via an SMS from a well-known brand to inspire confidence in the recipient. It requests an identity check or alerts them that someone is trying to break into their account, so that they can enter their personal login details and use them to their advantage.
Read more: 5 private PC files you don't want colleagues to see
DNS hijacking: This method consists of impersonating the email address of any trusted social network with the aim of acquiring the victim's personal data through deception to later be used for malicious purposes. If the cybercriminal manages to acquire a person's social network data, it can be sold on the Dark Web and used to send mass spam emails or chains of hoaxes or other frauds.
Infected router: Another of the systems through which cybercriminals can get into computers and therefore into users' accounts is by infecting them with malware that allows them to access their victim's router. Once inside the router, they are able to modify its DNS so that when the victim tries to access a certain website from their browser, they are taken to another website chosen by the attacker. In this way, once again, the criminal has a clear path to acquire all the assaulted user's data and use it to his advantage.
Read more: Malicious emails are driving a cyber-crime pandemic
It is essential to carefully check the URL that you are going to access to identify differences with the original and thus avoid falling into the trap. Another detail to look out for is that the website has an SSL Certificate. This technology keeps the internet connection secure and protects any confidential information that is sent between two systems and prevents cybercriminals from viewing and modifying any data that is transferred, including information that could be considered personal. It is recognised at the beginning of the URL itself by adding an "s" at the beginning of the acronym https://.
When you receive an email or SMS from any social network email, it is advisable never to click on the link in case it is malicious. It is advisable to use the search engine to go to the website of the company you are writing to avoid a possible scam.
Information theft is a common target for cybercriminals. For many people it is very common to use the same names and passwords on different social media accounts, so stealing data from one gives the attacker the opportunity to do so on the others. Not sharing personal information and not using the same password is one of the best ways to protect yourself.
If you receive an unsolicited email asking you to change your password, it is essential to go directly to the page (do not click on the link in the email) and renew your password from the same page (and from other accounts where you have the same one). Not having a password is one of the problems that cybercriminals face when trying to access an online account. To get it, they send the user a fake email to change it, redirect them to a phishing website, and there they ask them to enter their personal data and provide it to them for their purposes.
When an attacker sends an email impersonating the identity of any social network, pay special attention to the language used. It is important to look for possible spelling mistakes in emails or on websites, as finding an "o" where there should be a zero, or misspelled company names is one of the signs that should set off all the alarm bells.