What do you share on social media? Do not become an easy target for criminals

You post a holiday photo on Instagram. Harmless? Not really. Not everyone uses social media with good intentions: criminals misuse the information from your (business) profile to prepare a phishing attack, for example. That nice holiday photo can lead to CEO fraud. And there are more risks.

CEO fraud

Suppose a criminal sees your holiday photos on Instagram. On LinkedIn, he additionally finds information about your network and the projects you work on. The hacker misuses this information in a fake message ‘on behalf of the manager director’ to one of your employees. And asks the employee to quickly transfer money for an important project. He or she trusts the message because the scammer uses personal information in it. Think of your name, holiday location and a specific project name. Your employee falls for the scam and you lose your money.

Identity fraud

In business identity fraud, criminals pretend to work for your business. To do this, they use personal data and company information they find about you on social media, steal from you or get through a data breach. Anyone, including a criminal, can find extensive resumés of entrepreneurs, employees and job seekers online. Platforms like LinkedIn ask for as much personal information as possible about education, network, and certificates. Criminals use that data for phishing attacks. But they can also use it to make purchases in your company name or send fake invoices.

Fake accounts and fake messages

Cyber criminals have fake accounts on social media. For example, they use them to send you a connection request. If you accept such a request, the criminal has broader access to your network and profile information. They then misuse this information for phishing or identity fraud. They also send harmful messages via their fake accounts. These contain, for example, a link to harmful software, or malware. Or to a fake website where you unsuspectingly enter personal information. This is how criminals infect your computer or steal your confidential data. In the fight against fraud, online platforms constantly search for fake accounts and messages. LinkedIn, for example, removes millions of fake accounts every year.

Real accounts

Cybercriminals also send fake messages via real accounts. If your e-mail address and password are leaked, a criminal can take over your account. And then send messages to your network ‘on your behalf’. Or you may receive such a fake message from someone. How do you recognise this? Suppose you suddenly receive a message from an acquaintance with the subject ‘business proposal’. You do not expect such a message from this person. And the acquaintance addresses you differently from what you are used to. They also urge you to open the attachment of the message as soon as possible. All your alarm bells should start ringing by now. Chances are this person's account has been hacked. And that the attachment contains malware.

Reputation damage

Social media can increase your brand awareness, but it can also damage your reputation. Think of negative statements about you as an employer, or employees (unknowingly) posting confidential information about projects or processes from the organisation on social media. Or employees spreading fake news or hateful texts via social media, for example. This reflects negatively on your business. And it can damage the good name of your business, product or brand.

Tips

How do you reduce the chances of criminals misusing the information you share online? 3 tips:

1. Know what you are sharing

Social media networks want you to show a lot about yourself. Think carefully about what you share about your work, your experience, your projects, your education and your network. Do you find it necessary to mention your phone number, your e-mail address, your birthday and your memberships? Think about what acquaintances may (or should) know about you. And what information everyone should see. You can shield information and make it visible only to your direct contacts. Put on paper what you are allowed/willing to share about your business. Such a social media protocol also makes it clear to your employees what they can and cannot do.

2. Do not accept all connection requests

You can find new customers and increase your brand awareness on social media. But do not just accept a connection request from a stranger. Check it first. This person might seem like an interesting addition to your network. Can you not find anything about this person on the internet? Then be careful, it might be a fake account. Do you unexpectedly get an interesting message from your network? Do not respond through the network where the request came in and do not click through on links. Contact them in another way. Call the sender, for example.

3. Use your account safely

Always be careful with your own account. Use a strong and unique password for your social media accounts. A password manager will help you do this. Also use 2-factor verification. With 2-factor verification, or authentication,  you use an extra access code or your fingerprint in addition to your password. This way, even if a criminal knows your password, he or she will still not be able to access your account.