Time
1 hour 44 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:02
hi and welcome to lessen to datu off the end user cyber fundamentals course.
00:09
This lesson will be focused on the risks of social media.
00:16
In this lesson, we will review specific risks off social media.
00:27
What are the risks of social media
00:30
not paying attention?
00:32
Most people tend to use social media on their phone
00:36
because of the way we use our phones and it being such a big part of our daily lives and everything we dio,
00:44
we tend to not be as careful as we are. When we are on our PCs or laptops.
00:51
We are more apt to interact with an unknown person,
00:55
click on a fishing link or even fill out a form requesting sensitive personal information.
01:03
As we know, by clicking on an unknown link, you can inadvertently downloaded malicious software, which can be designed to steal your personal information or even install ransomware or other malicious software.
01:21
Not refreshing and maintaining your online presence.
01:26
It is very important to refresh and maintain your online profile on social media.
01:32
You should take the time to review your friends.
01:34
Does everyone still belong?
01:37
Do you know who they all are?
01:38
Did you even accept them as a friend.
01:42
Delete old photos, posts and other information.
01:46
The more personal information about you online, the easier it is for social engineers to trick you into giving out the information they want.
01:57
Most people tend to do this with physical photos and papers,
02:00
but neglect their online photos, files and data.
02:06
This is just as important,
02:07
if not more so, as the more information that is available about you online. The greater you are at risk with social engineering,
02:15
which can lead to a breach of your personal information and potentially identity theft or other fraud.
02:24
Also put into much detail about your company's technology can also put your company at risk.
02:31
For example, most people will post technology they are responsible for in their resume, knees or linked in or other websites.
02:39
Instead of just saying I am responsible for routers and firewalls for the organization,
02:46
they will post that they are responsible for a specific firewall and put the brands and model.
02:52
I know recruiters want you to do this because it makes their job easier,
02:57
but it does put the company at risk.
03:00
Ah, Hacker is going to see that company A uses a particular brand and model of firewall,
03:06
and we'll look for known vulnerabilities for that brand and model
03:10
and then look to see how they can exploit it in your company.
03:15
They even know who is responsible for it,
03:19
thanks to your linked in profile
03:23
social engineers usual Linton Page and other social media websites to educate themselves on you, your company where you work, where you used to work and you co workers
03:34
this way, when they reach out via phone, email or social media, it is much easier
03:42
to trick you into breaking normal security procedures because they have enough information to sound believable and entitled to the information.
03:52
These are fishing techniques.
03:53
Most fishing techniques rely on social engineering, and social engineers love social media sites.
04:03
Most people think of e mails when they think of fishing,
04:06
but scammers use social media sites for fishing as well.
04:12
Social media users will see an attractive sale
04:15
click on the social media sale post,
04:18
and all they have to do is fill out some information like their name, address, email and birthdate.
04:28
Social media sites are the perfect venue for social fishing.
04:32
Think about it. Those ads, offers and sites blends right in and hide in plain sight.
04:41
You barely look or notice as you scroll by.
04:45
Always apply the same safety standards to social media, like do not click links, open attachments or give personal information to anyone who asks
04:58
compliance and brand issues.
05:00
Employees accidentally sharing sensitive company customer or personal information
05:08
on these public forums.
05:10
It is very important to ensure employees are aware
05:14
off the company's policies, such as your social media policy, data classification policy,
05:20
end user accessible use policy
05:24
and any regulatory requirements such as GDP are or CCP A. If applicable,
05:31
disgruntled employees can purposely share sensitive company or customer information or post inappropriate contents
05:42
on the company's social media page with the intent to cause damage to the company's reputation.
05:50
Brands Impersonation
05:53
Hackers will impersonate and duplicate your business profile to get you to click and end up on the bed after spoof site,
06:02
which can put you at risk for drive by downloads, other malware tricked into logging in and exposing your credentials and potentially other sensitive information.
06:14
We discussed website spoofing in more detail in less than one.
06:18
Exactly the same applies here for social media profiles.
06:26
People are not always who they say they are.
06:30
Here are some of the most common social media stands.
06:33
Fake customer service accounts,
06:36
fake comments on popular posts,
06:40
fake online discounts and fake online surveys and contests.
06:46
Fake customer service accounts, which is called angler fishing, is very popular amongst bad actors on social media sites such as Twitter, Facebook and Instagram.
06:59
They will create a fake support page on the social media sites in order to read their customers to phishing websites.
07:06
They impersonate the social media, teams off various businesses to gain trust of clients
07:15
who then feel safe and willing to share sensitive personal data,
07:19
since they assure they are communicating with genuine staff from the brand they reached out to in the first place.
07:28
Although big social media sites try very hard to eliminate fake social media accounts, evidence clearly shows they are not succeeding,
07:39
according to a study published by researchers
07:42
at the NATTO Strategic Command Center of Excellence.
07:46
The study found that it is surprisingly easy to purchase tens off thousands of comments, likes and views on Facebook, Twitter, YouTube and INSTAGRAM,
08:00
fake online discounts, surveys and contests are basically phishing scams, and they are harder to recognize on social media
08:09
saw always go directly to the vendor website and check them out on the Better Business Bureau to verify legitimacy.
08:20
Should I connect with everyone on social media?
08:26
No
08:28
Onley connects with people you know or people you are genuinely interested in.
08:33
This will help protect you from social fishing and malicious activity.
08:41
In today's lesson, we discussed the risks of social media.
08:46
We covered specific examples of risks such a social fishing angler fishing. And we even talked about how to maintain your online presence.
09:01
Here are my references.
09:03
Thank you and I will see you in the next lesson.

Up Next

End User Cyber Fundamentals

This End User Cyber Fundamentals course covers Internet risks such as typosquatting, website spoofing, drive-by downloads, Malvertising, and how to protect yourself using security best practices.

Instructed By

Instructor Profile Image
Lisa Martino
Director, Information Security Governance, Risk & Compliance
Instructor