Cyber Security

80% of people share too much on social media, compromising security

2nd February 2021
Lanna Cooper

A new report from Tessian, the human layer security company, reveals that 84% of people post information to their social media accounts every week, with two-fifths (42%) posting every day, and are unknowingly giving away information that helps hackers launch successful social engineering or account takeover attacks.

The report, titled 'How to Hack a Human', includes findings from a survey of 4,000 professionals in the UK and US and interviews with hackers from the HackerOne community. It reveals that half of people share names and pictures of their children, nearly three-quarters (72% mention birthday celebrations, and an overwhelming 81% of workers update their job status on social media.

Most worryingly, 55% of respondents admit they have public profiles on Facebook, and just one third (32%) say their Instagram accounts are private, making it very easy for bad actors to access the sensitive information posted on these accounts.

Hackers interviewed in the report explain how cybercriminals use social media posts to help identify their targets and craft highly targeted and convincing social engineering attacks. For example, they can identify new joiners via LinkedIn and target them in phishing scams, spoofing a senior executive within the company that the new joiner has likely never met. With knowledge of who is within a person’s network, too, cyber criminals can easily impersonate someone their target trusts in order to manipulate them into wiring money or sharing information and account credentials.

Harry Denley, a hacker and Security and Anti-Phishing at MyCrypto said: “Most people are very verbose about what they share online. You can find virtually anything. Even if you can’t find it publicly, it’s easy enough to create an account to social engineer details or get behind some sort of wall. For example, you could become a ‘friend’ in their circle.”

Additionally, the ‘How to Hack a Human’ report reveals how Out of Office (OOO) emails are also being used to craft social engineering attacks. The majority of employees (53%) say they share how long they’ll be away in their OOO email, while 51% provide personal contact information and 42% announce where they are going.

According to Katie Paxton-Fear, cyber security lecturer at Manchester Metropolitan University, and a member of the HackerOne community, “OOO messages - if detailed enough - can provide attackers with all the information they need to impersonate the person that’s out of the office, without the attacker having to do any real work.”

The concern for organisations is that social engineering attacks are only rising. Tessian’s platform data reveals that social engineering-type attacks increased by 15% during the last six months of 2020, compared to the six months prior, while wire fraud attacks also increased by 15%. What’s more, 88% of respondents said they had received a suspicious email in 2020.

The report makes it clear that greater awareness of the threat and educating people on email security hygiene is an important first step to prevent these attacks from being successful. For example, Tessian found that just 54% of people pay attention to the sender’s email address while at work and less than half check the legitimacy of links and attachments before responding or taking action.

Tessian’s CEO and Co-founder, Tim Sadler also urges people to make securing data as normal as sharing it. He said: “The rise of publicly available information makes a hacker’s job so much easier. While all these pieces of information may seem harmless in isolation - a birthday post, a job update, a like - hackers will stitch them together to create a complete picture of their targets and make scams as believable as possible.

"Remember, hackers have nothing but time on their hands. We need to make securing data feel as normal as giving up data. We also need to help people understand how their information can be used against them, in phishing attacks, if we’re going to stop hackers hacking humans.”

Read Tessian’s full How to Hack a Human report here.

Featured products

Product Spotlight

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2021 Electronic Specifier