Hackers are trolling social media for photos, videos, and other clues that can help them better target your company in an attack. I know this because I’m one of them.
Fortunately, in my case, the “victim” of these attacks is paying me to hack them. My name is Snow, and I’m part of an elite team of hackers within IBM known as X-Force Red. Companies hire us to find gaps in their security–before the real bad guys do. For me, that means scouring the internet for information, tricking employees into revealing things over the phone, and even using disguises to break my way into your office.
Social media posts are a goldmine for details that aid in our “attacks.” What you find in the background of photos is particularly revealing–from security badges to laptop screens, or even Post-its with passwords.
No one wants to be the source of an unintended social media security fail. So let me explain how seemingly innocuous posts can help me–or a malicious hacker–target your company.
The first thing you may be surprised to know is that 75% of the time, the information I’m finding is coming from interns or new hires. Younger generations entering the workforce today have grown up on social media, and internships or new jobs are exciting updates to share. Add in the fact that companies often delay security training for new hires until weeks or months after they’ve started, and you’ve got a recipe for disaster.
Knowing this weak point, along with some handy hashtags, allows me to find tons of information I need within just a few hours. Take a look for yourself on your favorite social apps for posts tagged with #firstday, #newjob, or #intern + [#companyname].
So, what exactly am I looking for in these posts?
There are four specific kinds of risky social media posts that a hacker can use to their advantage. more>