Twitter Is a Vulnerable Attack Vector: Protect Yourself and Your Customers

Twitter Is a Vulnerable Attack Vector: Protect Yourself and Your Customers

Tweet
Share
Share4
Pin2
6 Shares

At this point, you are using social media not only for marketing purposes but also to speak to your customers. Twitter Is a Vulnerable Attack Vector: Protect Yourself and Your Customers

But when your customers speak to you are they following proper security measures, or are they using social media inappropriately? And if they are, what are you going to do about it?

Furthermore, what are you going to do to prepare your employees for using social media? You need to have policies in place to protect your account.

Hackers know that people are using social media for many more purposes than just talking. They are sharing information others can exploit. You need to know how you can protect your company, customers, and your employees.

Social Media Hacks You Hear About Are the Tip of the Iceberg

Major social media hacks come up every so often. About two or three times a year, someone hacks a CEO or major company. Those are the attacks that make the front page headlines.

The most common hacks on Twitter and other social media networks involve malware distribution. Click To Tweet

Has your social media been involved in a malware attack? Think back. Malware is often not what it seems.

Have you or any of your followers tried to sell you some Ray-Ban sunglasses? That attempt was likely an effort to distribute malware. There were no Ray-Ban sunglasses for sale.

Sina suspected malware distribution Tweet

I could go find 100 messages just like the one above. Something that might surprise you is that most social media hacking does not happen to the big name companies.

These hacks can happen to your company or to a company with whom you work. One of your employees could bring malware from home. You need to be aware of these issues, you need to educate employees, and you need to get started right now.

Table of contents

Common Social Media Vulnerabilities

Supervisor Impersonation

You can create a fake account on any social media site in less than five minutes. A hacker can create a profile for a supervisor or boss at a company and use it for all sorts of activities, including:

  • Messaging a company account and requesting changes
  • Messaging a company account and doing a phishing scam of some sort
  • Slandering the company after a fake firing
  • Scamming customers

Impersonating someone costs next to nothing to do, but can cause untold amounts of financial damage. What you can do to protect yourself is make sure that your employees know the proper channels to go through for supervisor requests such as these.

Namely, they should know it is completely inappropriate for such request to occur through social media. Make sure that employees know to go directly to their supervisor.

Social Media Account Takeovers

This is the kind of attack that gets all of the headlines. For the most part, what happens is relatively harmless. Many people who do this do so strictly for a laugh. Sometimes they do it to prove a point.

WWE Twitter Takeover Image

Once the laughing is over, however, you need to take a look at whether or not any of your customers had their privacy violated. Customers often reveal information through social media that they should not:

  • They’ll take pictures of their credit card and send it to you.
  • They will give out their addresses.
  • They will reveal personal payment details.

You will need to do something about removing these conversations, if possible. Or direct your customers to other communication platforms before they start sharing info that is this sensitive.

Another step to take is two-factor authentication. Two-factor authentication is available on many of the top social media sites and makes it so that if people do try to hack you, they will need access to your phone in order to get a special code.

The final piece of protection you need ensures that your social media accounts are not vulnerable to password theft via public Wi-Fi. Attackers can purposely set up wireless access points they use to steal unencrypted credentials.

Be sure to give your employees a VPN account for corporate devices that will encrypt all of their information on any network with which they connect. You’ll be less vulnerable to account takeovers with a tool such as this one.

Waterhole Phishing

When you say this type of social media vulnerability out loud, it sounds like a good Sunday afternoon. In the context of a social media vulnerability, it instead means that a hacker is going to insert themselves during some sort of viral moment.

For the love of everything, do not click on the link in this tweet:

Example Phishing Tweet

That is a water hole phishing scam. Kristaps Porzingis was trending on Twitter, and a hacker sent this out hoping that someone would click on whatever that link is.

It is most likely going to distribute malware. Make sure that your employees who are handling your social media accounts know not to click on them as well.

Customer Support Scams

Interacting with your customers on social media is the new normal. Unfortunately, hackers have noticed, and they are creating fake support accounts to trick your customers. Here’s what usually happens:

  • A fake account will be created that purports to be your support account.
  • This account will offer support to your customers, typically asking for credit card details.
  • The fake account will also offer discount codes, and the way to access them is by clicking on a malicious link.

It is difficult for the average customer to figure out whether or not the account is real. You wind up taking hell over it because they think that they’re talking to you. You need to take steps to minimize the risk:

  • Create your own support account.
  • Mention it directly on the main account.
  • Link to it from your website.
  • Refer people to it often.

This strategy is still not going to be foolproof, but is the best that you can do to help your customers.

Social Media Clickbait Attacks

There are a wide variety of clickbait attacks on social media all the time. They change constantly, but they all usually share an incredible headline promising something that must be too good to be true:

Again, please do not actually click this link:

Another Example Phishing Tweet

This is a classic piece of clickbait. It is probably hiding some sort of phishing scam or malware link. You’ll likely have to give access to your social media in order to view the content which does not actually exist.

Making sure that your employees are aware of this is essential. Monitoring your accounts for this type of hacking is also essential.

Hashtag Theft

Hashtag theft is when an attacker distributes malicious links or spam by stealing your company’s hashtags.

You put a lot of effort into getting people to pay attention to your hashtags and building your audience. What a hacker loves more than anything else is a great big audience to exploit.

The point of all spending is to hijack traffic. It gets even worse when hackers do so while impersonating your accounts.

https://twitter.com/FemaIenike/status/876680867053260800

You should not trust whatever comes out of this account. It is not actually associated with Nike, and can be used for hashtag theft.

There is little that you can do to stop people from using your hashtags. But you can minimize this risk by being certain to get your account to have some sort of official status on each platform.

Apply for the Twitter verification check mark, the equivalent on YouTube, or whatever other verification there is on your social media profiles.

Want to know more about Twitter? Check out our Twitter Best Practices content and SlideShare:

Tweet
Share
Share4
Pin2
6 Shares

Leave a Reply

Your email address will not be published. Required fields are marked *