Most people are aware of the many scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails still in your inbox and those are the obvious ones! Not including the stealthy, “We need you to update your account info, just click the link below”, emails. It can even go deeper with hackers physically talking with you or conning you into giving them the information you shouldn’t. But the largest influx of social engineering has come from social media. As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target and you know they will target as many as possible.
Facebook has seen a lot of scrutiny lately revolving around Russian meddling in the 2016 election. Not only did they find literally millions of fake Facebook accounts, but they also found that there were FB ads created to sway American voters. This is a perfect example of the new age of social engineering. All of this comes from profiles that look legitimate on the outside but once you do a little digging you can quickly tell the difference. Same goes for the advertisements, they look as though they are from a real company or person, the ad does say sponsored like regular FB ad content. But when you click on it, you can either infect your computer with malware or unknowingly give away your login info.
Another example of social engineering via Facebook ads was back in 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.
Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, usually have very little original content on them, and usually a sexy or provocative photo as the main profile picture. Then they usually go around making friend requests in hopes that certain users won’t look into the profile and simply add them. The reason for this is to be able to eventually send you malware via FB messenger as well as post on someone’s FB “wall”.
The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends and content on their wall. If both of these raise even one red flag, it's likely it’s a fake FIP profile. These are intended to target a specific person or vertical in an industry. This can usually be seen once you look into mutual friends or even do a reverse image search.
These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. If that’s tough, make sure you’re firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.