How Cybercriminals Target Social Media Accounts

8 January 2014

Social platform attacks target websites with large user bases, such as Facebook, LinkedIn, Twitter, and Instagram. A majority of current attacks simply use the social platforms as a delivery mechanism, and have been modeled after the older Koobface malware. However, researchers are now anticipating that advanced attacks against social media networks will be able to leverage a user’s contacts, location, and even business activities. This information can then be used to develop targeted advertising campaigns toward specific users, or even help spark crime in the virtual or real world.

Most often, social platform attacks are able to breach users’ accounts by stealing their authentication credentials upon login. This information is then used to discreetly pull personal data from users’ online friends and colleagues. A recent Stratecast study states that 22% of social media users have fallen victim to a security-related incident, and recent documented attacks support the numbers. The Pony botnet affected Facebook, Google, Yahoo, and other social media users, stealing more than two million user passwords. Facebook estimates that anywhere from 50-100 million of its monthly active user accounts are fake duplicates, and as many as 14 million of those are "undesirable" on the site.

Another social media attack that is expected to take a stronghold of user information in 2014 is the "false flag" attack that tricks a user into revealing personal information or authentication credentials under the guise of the site itself. Upon changing the password, the attack will steal the username and password information to then steal personal information about the user. Users should remain alert to any "urgent" request from the site to reset a password.

Enterprises are also expected to leverage social platforms for "reconnaissance attacks" either directly or through third parties to collect valuable user and organization information about rivals. This data can provide businesses with a competitive edge in future business endeavors, and these attacks are expected to climb in 2014.

To prevent social media breaches, protect user information, and secure company data, increased vigilance by individual users and enterprise policies are the best ways to ensure data breaches are avoided.