Over 80% of British and American employees overshare on social media, potentially exposing themselves and their organization to online fraud, phishing and other cyber-threats, according to Tessian.
The email security vendor polled 4000 UK and US professionals and interviewed 10 hackers specializing in social engineering to compile its latest research: How to Hack a Human.
It revealed that half of respondents share names and photos of their children, 72% mention birthdays and even more (81%) update their job status on social media.
Even worse, over half (55%) admitted they have public profiles on Facebook, and only one third (32%) have a private Instagram account.
An overwhelming majority (84%) post on social media every week and over two-fifths (42%) do so every day.
The report highlighted numerous ways scammers can use this readily available online information to target individuals; for example, by spoofing a senior exec in a new company they have just revealed as joining.
“Most people are very verbose about what they share online. You can find virtually anything,” explained MyCrypto security and anti-phishing expert, Harry Denley. “Even if you can’t find it publicly, it’s easy enough to create an account to social engineer details or get behind some sort of wall. For example, you could become a ‘friend’ in their circle.”
Even out of office messages, if they contain too much information, could be used against the individual, by giving the green light to a hacker to impersonate them online, Tessian warned.
The vendor claimed its own analysis reveals that social engineering attacks and wire fraud attacks both increased by 15% during the last six months of 2020, versus the previous six. Some 88% of respondents said they had received a suspicious email in 2020.
The vendor’s CEO, Tim Sadler, argued that the vast volume of personal information being shared online is making cyber-criminals’ jobs much easier.
“While all these pieces of information may seem harmless in isolation — a birthday post, a job update, a like — hackers will stitch them together to create a complete picture of their targets and make scams as believable as possible,” he added.
“Remember, hackers have nothing but time on their hands. We need to make securing data feel as normal as giving up data. We also need to help people understand how their information can be used against them, in phishing attacks, if we’re going to stop hackers hacking humans.”