Social Engineering & Social Media Threats

Social Engineering and Social Media: What to Look Out for and How to Stay Safe

Social media is undeniably woven into the fabric of our personal and professional lives, serving as a vital communication tool. However, it also poses substantial cybersecurity threats. Cybercriminals frequently employ social engineering tactics, exploiting trust and manipulating users to access sensitive information. Let’s explore how social media can become a gateway for these attacks and discover actionable steps you can take to safeguard yourself and your business.

What is Social Engineering?

Social engineering is all about crafty manipulation, where attackers trick people into giving up confidential information or making risky decisions. On social media, these tactics often play on trust, emotions, and simple human mistakes to reach their harmful goals.

Common Social Engineering Tactics on Social Media

Phishing Links in Direct Messages or Posts
Tactic: Cybercriminals send deceptive links masked as legitimate content, leading to malicious sites or malware downloads.
Stay Safe: Never click on unsolicited links, even from familiar contacts and confirm the sender’s identity through another channel before responding.
Tactic: Impersonation through fake accounts, posing as colleagues, influencers, or trusted entities to gain your trust.
Stay Safe: Validate profiles before accepting connection requests and exercise caution when sharing personal or professional information with unknown accounts.
Oversharing Information
Tactic: Attackers mine social media for personal details like birthdates, addresses, or answers to security questions (e.g., pet names, favourite places).
Stay Safe: Keep personal information private and adjust privacy settings to control who can view your posts.
Job Scams and Fake Opportunities
Tactic: Fraudulent job offers or investment opportunities trick individuals into sharing sensitive data or sending money.
Stay Safe: Investigate the company or individual offering the opportunity and refrain from sharing financial or personal information on social media platforms.
Malicious Attachments
Tactic: Sending files disguised as resumes, reports, or invoices containing malware.
Stay Safe: Open attachments only from trusted sources and use antivirus software to scan files before downloading.
Social Proof Manipulation
Tactic: Fraudsters use fake likes, comments, or testimonials to make their scams appear legitimate.
Stay Safe: Verify the authenticity of content and endorsements and don’t equate popularity with trustworthiness.

Best Practices for Staying Safe on Social Media

Fortify Your Passwords

Craft strong, unique passwords for each of your accounts.
Activate multi-factor authentication (MFA) for enhanced security.

Be Sceptical

Be wary of unexpected requests or messages, even those from familiar faces.
Spot-check for grammatical errors or odd language, as these could be red flags for scams.

Empower Your Team with Knowledge

Provide training for your team on the dangers of social engineering and prudent social media practices.
Share examples of recent scams to keep everyone vigilant.

Keep Tabs on Your Digital Footprint

Consistently review for any fake profiles pretending to be you or your organisation.
Promptly report any suspicious accounts or content you encounter.

Think Before You Click

Refrain from clicking on links or downloading files from unfamiliar or unverified sources.
Always confirm the legitimacy of the source before interacting with social media content.

While social media can sometimes provide information that cybercriminals use, social engineering tactics don’t rely solely on this. Attackers use a range of methods to manipulate individuals into revealing sensitive information or granting access. That’s why security awareness training is vital, it helps your employees recognise and resist these deceptive techniques, no matter how the attacker tries to gain their trust.

Build a Safer Business with Expert Security Support

Contact us today to find out how we can help your business build a strong security culture and protect against cyber threats.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	6 months	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::b	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::f	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__oauth_redirect_detector	past	This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
_mailmunch_visitor_id	never	Mailmunch sets this cookie to create a unique visitor ID for the Mailmunch mailing list software.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
mailmunch_second_pageview	never	Mailmunch sets this cookie to manage subscription service to mailing lists.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
fr	3 months	Facebook sets this cookie to show relevant advertisements by tracking user behaviour across the web, on sites with Facebook pixel or Facebook social plugin.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Social Engineering and Social Media: What to Look Out for and How to Stay Safe

What is Social Engineering?

Common Social Engineering Tactics on Social Media

Best Practices for Staying Safe on Social Media

Build a Safer Business with Expert Security Support

Latest resources

What You Need to Know About the Microsoft 365 E5 Security Add-On

Team Takeover: Tom Neilan, Service Delivery Manager at Everything Tech

Team Takeover: Mollie Jacques, Senior Account Manager at Everything Tech

Find us

Policies

Contact us

Follow us

Our accreditations

Cookie	Duration	Description
__gpi	1 year 24 days	No description
__racnt	session	No description available.
__racplx0	session	No description available.
__racplx1	session	No description available.
__rafm	session	No description available.
__rasel0	session	No description available.
__rasel1	session	No description available.
__rasesh	2 years 9 months 23 days	No description available.
__ratel0	session	No description available.
__ratel1	session	No description available.
_cfuvid	session	Description is currently not available.
_hjSession_2674997	30 minutes	No description
_hjSessionUser_2674997	1 year	No description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
li_sugr	3 months	No description available.
lpv271502	30 minutes	No description
visitor_id271502	10 years	No description
visitor_id271502-hash	10 years	No description

Share

What is Social Engineering?

Common Social Engineering Tactics on Social Media

Best Practices for Staying Safe on Social Media

Build a Safer Business with Expert Security Support

Latest resources

What You Need to Know About the Microsoft 365 E5 Security Add-On

Team Takeover: Tom Neilan, Service Delivery Manager at Everything Tech

Team Takeover: Mollie Jacques, Senior Account Manager at Everything Tech

Find us

Policies

Contact us

Follow us

Our accreditations