Bulacan State University

COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY

A Research Paper Final Requirement for

CC102 – Introduction to Computing

The Impact of Social Media on Cybersecurity: Analyze the Relationship Between Social
Media and Cybersecurity, and How Social Media Can Be Used to Improve or Harm
Cybersecurity

By:

Laurente, Katrina Ysabel B.

Battad, Katrina O.

Secuya, Jharlyn Mae D.

BSIS 1AG1

November 2023
Introduction to Social Media and Cybersecurity

The development of social media platforms in recent years has weaved a complex web that
connects individuals, communities, organizations, and businesses worldwide, reshaping the
fundamental structure of modern society. The continuous immersion of social media platforms such as
Facebook, YouTube, Twitter, Instagram, TikTok, and LinkedIn has gradually exceeded the boundaries
of geography, modernizing the form of communication, commerce, and how information is
disseminated. Furthermore, this digital modernization has led to the existence of the field of
cybersecurity.

Social media, in accordance with Dollarhide (2023), is a term used to refer to a variety of
technologies that allow individuals to share ideas and information among other users. On the other
hand, cybersecurity, as defined by IT governance, is the use of methods, technologies, and controls to
guard against cyberattacks on programs, devices, networks, systems, and data or information. It
attempts to reduce the possibility of cyberattacks and protect against unauthorized use of networks,
systems, and technology. Its origins are likely to be found in the early years of computers when
security measures were fewer and simpler than they are in the complicated cyber world of today.

Cybersecurity's early stages can be traced back to the 1970s, when the first computer viruses
emerged, or the birth of the computer virus. According to Cristello (2023), this is the year in which
the inception of cybersecurity marked 1970; it witnessed how the computer virus created the "Creeper
virus''. With the widespread use of the internet in the 1990s, the environment altered rapidly and new
security issues emerged. As social media emerged in the early 2000s, it brought a new dimension to
cybersecurity: cyber warfare. This term refers to the use of digital attacks by one country to disrupt
the computer systems of another, with the aim of creating significant damage, death, or destruction.

Social media has greatly modernized the overall lifestyle of individuals around the world; it
fosters connectivity and information sharing in the easiest way. The continued proliferation and
growth of social media platforms in the daily lives of individuals has pushed cybersecurity to the
forefront of digital concerns. The personal data and information provided by users become useful for
cybercriminals to use in their illegal intentions, which calls attention to the need for robust
cybersecurity. The widespread relationship between social media and cybersecurity highlights the
importance of securing digital assets in an era where the physical and digital realms are becoming
more interconnected, and this serves as a signal for strengthened security measures. whole throughout
all aspects of our daily lives.

The threat of cyberattacks has increased as cybercriminals take advantage of the vulnerability
of social media platforms. Phishing is one of the most common threats that utilizes SMS, phone,
social media, and social engineering techniques to deceive individuals into revealing personal
information. Hackers take advantage of this to earn the trust of users by creating persuasive messages
or masquerading as reliable sources in order to steal login credentials or personal information.
Another significant threat is malware. Malicious links or attachments on social media platforms have
the potential to infect computers with malware that could lead to hijacking, identity theft, the theft of
data and information, and the destruction of the computer and its system.

As stated in Infosecurity Magazine, the ZeroFOX team compiled the ten most notable
successful cybercrime incidents linked to social media that happened in the year 2017, one of these is
the fraudulent accounts where attackers created a compelling fake persona, using these social media
honeypot accounts, the attacker spread the PupyRAT Remote Access Trojan (RAT), which allowed it
to take advantage on the device of the victim. The character maintained profiles on various
well-known social media platforms.

Another successful cyber attack is because of the vulnerability in the third-party program
TwitterCounter gave Turkish-speaking attackers access to hundreds of well-known accounts.
Following a tense week marked by deteriorating ties between the Netherlands and Turkey and crucial
elections in both countries, they tweeted derogatory messages against the Netherlands. The
compromised accounts included a number of well-known international businesses and verified
accounts with a large following, such as Forbes, the official Bitcoin Blockchain account, Starbucks,
the European Parliament, UNICEF, Nike, and Amnesty International. The messages utilized swastikas
and referred to the Dutch as "nazis."

The widespread use of social media in modern life has elevated cybersecurity to the forefront
of the list of digital concerns. Strong cybersecurity measures are of greater significance than ever
because of the massive quantities of personal data that are shared on these platforms, which have
made them popular targets for hackers. In an age where the virtual world is becoming increasingly
incorporated into our daily lives, this introduction provides the groundwork for examining the
mutually beneficial relationship between social media and cybersecurity. It also highlights the vital
importance of protecting digital assets.

Role of Social Media in Cybersecurity

According to the study of Buhari & Isa (2023), social media platforms have gained popularity
among users because of their distinctive communication and engagement characteristics. However,
because users disclose so much private information online, these platforms have also become targets
for fraudsters. This information is used by online criminals to launch a variety of assaults, such as
phishing, malware, and social engineering attempts. Since social media platforms operate in a
dynamic environment with continuously changing dangers and threats, social media also poses a
challenge for cybersecurity specialists.

Chin (2023), stated in his study that social media connections can pose another cybersecurity risk
because user engagement likes, shares, and comments expose relationships useful to cybercriminals
attempting fraudulent activity, such as phishing, spoofing, and impersonation. This increases cyber
risk by allowing cybercriminals to make inferences about the user. Even if they have hidden their
interests, location, and other information, analysis of a user’s profile can lead to potential identity
fraud or theft.

Attackers often use social media accounts during the reconnaissance phase of a social engineering
or phishing attack. Social media can give attackers a platform to impersonate trusted people and
brands or the information they need to carry out additional attacks, including social engineering and
phishing.

According to Sharma (2019), the social media network is an open source of information about
potential witnesses, suspects, and offenders and is also ideal for profiling. It provides a diverse and
modern subset of single sources of data, such as text messages, contact lists, photographs,
geo-location data, demographic information, etc. Social networks undeniably power the modern
world, and as digital technologies have advanced, cybercrime has also advanced, considerably
influencing the creation of new strategies, tools, and attacks that allow attackers to breach even
well-controlled environments.
 Physical security, endpoint security, data encryption, and network security are all examples of
information security. It is also closely related to information assurance, which safeguards data against
threats, such as natural disasters and server outages (Yasar et al., 2023). In short, information security
is concerned with protecting any type of data, not just data in cyberspace.

Corporate and Organizational Cybersecurity Challenges

In the contemporary business landscape, social media plays a crucial role as a marketing tool for
companies. Platforms such as Instagram, Facebook, and Twitter provide businesses with opportunities
to broaden their audience, engage with their target demographic, and establish credibility through the
dissemination of authentic content. However, alongside these benefits, the utilization of social media
introduces heightened cybersecurity risks.

Social media channels can increase a business' attack surface by displaying internal information or
employee contacts that cybercriminals can use to execute phishing attacks, credential theft, data theft,
or other scams. Cybercriminals exploit social media to extract valuable data, manipulate employees,
and leverage publicly available information to gain unauthorized access to company accounts.
Without adequate safeguards, the use of social media can pose a substantial security threat to a
business (Amos, 2022).

Several types of cyber attacks target employees, including phishing attacks, social engineering
attacks, ransomware attacks, and malware attacks. These attacks can take place on various channels,
from email to social media platforms, and are designed to trick employees into divulging sensitive
information or installing malicious software (MacKay, 2023).

In addition, the majority of successful cyber attacks, exceeding 90%, stem from employees
unwittingly sharing information. As network defenses strengthen, cybercriminals are shifting their
focus to target employees, recognizing them as the most vulnerable entry point to infiltrate networks
and pilfer valuable data.

People who post frequently and with personal information on social networking sites pose a
particular threat to businesses. Not only can they put themselves at risk by sharing confidential
information — such as travel plans, business data, or patient information — but they also provide
cybercriminals with a library of information they can leverage in the following ways:

● Spear phishing attempts: Targeting individuals with more detail and higher accuracy than typical
phishing attempts, such as current news or relevant financial documents.

A phishing attack, according to Amos (2022), is an attack where perpetrators can utilize
online information to create deceptive scenarios that appear entirely ordinary. For instance, while
most employees are aware of the risks associated with clicking links from unfamiliar email
addresses, such links could harbor malware capable of either disabling their computers or granting
unauthorized access to their personal data by hackers.

In a report by Wallace (2013), in the year 2013, the discount retailer Target had a major
breach that resulted in the theft of credit and debit card information from 40 million accounts. The
security breach impacted customers who made purchases at U.S. Target stores from November 27
to December 15. The compromised information included customer names, credit or debit card
numbers, expiration dates, and CVVs in the data breach. The CVV, or card verification value,
 commonly referred to as the security code, is a three or four-digit number typically required by
retailers during online or phone transactions. This information could be exploited by hackers to
create replicas of the cards. Robert Ahdoot, representing the California plaintiffs, reported
speaking to customers who claimed that their accounts had experienced unauthorized ATM
withdrawals.

Security experts think the hackers got into the point-of-sale data. This means they might have
gone into the machines where customers swipe their credit cards or got the data while it was going
from Target to the companies that process credit cards.

Another example by Tessian (2023), is considered one of the biggest social engineering
attacks to date, Lithuanian national Evaldas Rimasauskas orchestrated a massive spear phishing
scam targeting Google and Facebook, two of the world's largest companies. Rimasauskas and his
team established a fake company, posing as a computer manufacturer that worked with Google
and Facebook. Alongside this, Rimasauskas created bank accounts under the fake company's
name.

The scammers proceeded to send targeted phishing emails to specific employees at Google
and Facebook, presenting invoices for legitimate goods and services provided by the fictional
manufacturer. However, the emails directed the employees to deposit funds into fraudulent
accounts. Between 2013 and 2015, Rimasauskas and his collaborators successfully deceived the
two tech giants, resulting in losses exceeding $100 million.

● Whaling attacks: Using the wealth of information gleaned to target senior executives and trick or
manipulate them into performing a secondary action, typically performing a transfer of funds.

According to Tunggal (2023), a whaling attack is a form of phishing that focuses on

high-ranking executives, like the CEO or CFO, to steal sensitive data from a company. This may
involve obtaining financial details or personal information of employees.

In certain instances, fraudsters might impersonate the CEO or other top executives to deceive
victims into approving substantial wire transfers to overseas bank accounts or directing them to
fake websites that install malicious software.

Whaling attacks, similar to spear phishing incidents, present a greater challenge in detection
compared to standard phishing attacks because they are highly individualized and specifically
directed at chosen targets within an organization.

While basic whale phishing relies on social engineering tactics to deceive targets, most cyber
criminals engaging in whaling attacks invest significant effort and resources to enhance the
attack's authenticity, driven by the potential for substantial returns.

This may involve extracting information from publicly accessible social media profiles such
as Facebook, Twitter, and LinkedIn. Cybercriminals may also interact with the organization
through email to comprehend how the company structures email addresses and signatures.
Additionally, they may gather general company details, including job titles, colleague names,
third-party vendors, and any information exposed in previous data breaches.
 In addition, an example of a whaling attack occurred against the Belgian bank, Crelan
(Tessian, 2023). Although Crelan identified that its CEO had been targeted through a routine
internal audit, the culprits managed to escape with $75 million, and to date, no legal action has
been taken against them.

Crelan became a victim of "whaling," a form of spear-phishing specifically aimed at high-ranking

executives. Cybercriminals often pursue these significant targets due to their ready access to
financial resources.

● Spoofing: In which a cybercriminal impersonates an individual or organization to attain

confidential data.

As per Folger (2022), Spoofing is a fraudulent technique where a criminal alters an email
address, display name, phone number, text message, or website URL to trick a target into
believing they are engaging with a familiar and trustworthy source. Typically, spoofing entails
making slight modifications to the communication, such as changing a single letter, number, or
symbol, to create the appearance of authenticity at a casual glance. For instance, an email that
seems to be from Netflix might use a deceptive domain name like "netffix.com."

At the organizational level, spoofing may lead to infected computer systems and networks,
data breaches, and financial losses. For instance, a scammer might use a generic-sounding
identity, such as Joan Smith, and send emails to one or more employees from the address
[email protected]. Despite Joan Smith not being a legitimate employee of XYZ
Widgets, a large multinational company, the recipients within the organization may not be aware
of this and are likely to trust the request. The presence of the company logo and other brand
elements in the email further contributes to this trust (Terranova Security, 2023).

Similar to phishing tactics, spoofed emails employ compelling and urgent language to prompt
the recipient to take immediate action. This urgency minimizes the opportunity for hesitation and
skepticism, leading the recipient to believe that their swift response is necessary and appropriate.

An example of Spoofing by Tessian (2023), happened in January 2022, when Bleeping

Computer reported a sophisticated phishing attack aimed at stealing Office 365 credentials. The
attackers skillfully mimicked the US Department of Labor (DoL), illustrating the increasing
sophistication of phishing attempts.

The attack employed two strategies to emulate the DoL's email address: spoofing the
legitimate DoL email domain (reply@dol[.]gov) and acquiring similar-looking domains such as
"dol-gov[.]com" and "dol-gov[.]us." By using these domains, the phishing emails successfully
bypassed the security gateways of the targeted organizations.

These emails, adorned with official DoL branding, were professionally crafted and invited
recipients to participate in bidding for a government project. The purported bidding instructions
were embedded in a three-page PDF, featuring a "Bid Now" button.

Upon clicking the link, recipients were directed to a phishing site mirroring the actual DoL
site, hosted at a URL like bid-dolgov[.]us. The fraudulent bidding site prompted users to enter
their Office 365 credentials. Notably, the site displayed an "error" message after the initial input,
 ensuring that targets entered their credentials twice and minimizing the chances of typographical
errors.

How Social Media Can Be Used to Harm Cybersecurity

Digital social media serves as an exceptional communication platform, offering various
applications like online forums, chat channels, video streaming, and blogs. It stands out as a
remarkable technological innovation, rapidly gaining global popularity among internet users.
However, the use of social media brings along numerous risks, particularly in terms of cybersecurity,
which has the potential to significantly impact the cyber community (Khidzir et al., 2016).

While social media can be used to improve cybersecurity practices, it can also be exploited to
harm cybersecurity in several ways:

Identity Theft
Identity theft, as defined by Irshad & Soomro (2018), is the unauthorized use of someone else's
personal information for personal gain or advantage. This crime, although recently highlighted, has
been a significant concern even before the internet era. In the past, identity thieves engaged in
practices like "dumpster diving," physically searching through trash bins to find discarded bills and
documents containing personal information.

In social media, cybercriminals can mimic individuals or entities on social media with the intent
to mislead users. This involves the creation of fake profiles that appear legitimate and request
sensitive information, spreading misinformation, or engaging in fraudulent activities.

Uzialko (2023), stated that identity theft and fraud are multi-billion-dollar scams that impact large
segments of the U.S. population. It can affect individuals and businesses in the following ways:

1. Finances can be affected by identity theft. Identity theft scams primarily manifest their impact
in financial terms. Depending on the gravity of the scam, perpetrators may deplete bank accounts,
seize control of investment or retirement accounts, and potentially manipulate a victim's
mortgage. Identity theft cases can necessitate legal services that further compound the financial
impact.

2. Your career can suffer as a result of identity theft. Scammer activities involving the misuse of
your identity might be reflected in background checks, potentially influencing your prospects for
employment.

3. Your reputation can be damaged by identity theft. If scammers gain control of your social
media accounts, they can harm your online reputation, especially if you use social media for
business purposes. In more severe situations, scammers might hijack a social media account,
impersonate the account owner, and utilize the account for spreading malware, sending phishing
emails, or conducting further attacks on other individuals or entities.

4. Identity theft can lead to account bans. If identity thieves exploit your social media, platforms
may suspend your accounts, resulting in the potential loss of years of effort dedicated to growing
a social media audience.

Moreover, remain vigilant about the following prevalent identity fraud schemes:
1. Identity theft schemes involving impersonation. A hacker can contact friends associated with
the compromised account and request favors. While some messages may seem harmless,
inquiring about your weekend plans or work hours to ascertain when your home will be empty,
others are more direct. These messages might assert that your friend is in some kind of trouble
and urgently requires financial assistance. It's crucial never to send money without confirming the
authenticity of the request.

2. Identity theft quizzes. Quizzes related to identity theft disguise themselves as entertaining games
meant to be shared publicly with friends. These quizzes often inquire about details like your
childhood home's street, your first pet's name, or your favorite restaurants — information that
could be used in passwords or security questions. Sharing these completed questionnaires on
social media provides potential hackers with a convenient means to discover your passwords.

3. Identity theft fake business opportunities. When exploring business opportunities, keep in mind
a fundamental principle: If you're required to make payments, you're a customer rather than an
employee. Typically, these scams take the shape of pyramid schemes. The initiating party, usually
unsolicited, assures you of sending a starter pack for resale, but before that, you're asked to share
your credit card details. It's imperative to refrain from divulging credit card information unless
you're making a purchase through a secure company platform.

Data Leakage
The more information the user uploads, the greater the risk of cybercrime. Posting too much
personal information, such as birthdays, addresses, and phone numbers, can make it easier for
attackers to steal your identity or conduct targeted attacks. Hackers can exploit this data, using it for
identity theft, fraud, or to gain access to other accounts. An instance of this occurs when
cybercriminals use fake accounts on social media to deceive users into sharing personal information,
access credentials, or clicking on links that download malicious software.

In addition, weak or reused passwords can be a vulnerability on social media. If an attacker gains
access to a user's social media account, they may use it to post malicious content, impersonate the
user, or access sensitive information.

Phishing
According to the study of Gillis (2023), in the present day, phishing schemes have become more
diverse and potentially more harmful. The integration of social media and login methods, like
Facebook Login, adds complexity, allowing attackers to potentially execute multiple data breaches on
a victim using a single phished password. This leaves individuals susceptible to ransomware attacks.
Additionally, more advanced technologies are now employed.

Cybercriminals use social media platforms to collect details about individuals, including their
interests, social connections, and group affiliations. They can use this data to create deceptive
phishing emails or messages, increasing the likelihood that recipients will interact with harmful links
or download malicious software. Phishing links direct users to fraudulent websites or sites
contaminated with harmful software, commonly referred to as malware.
 In addition, cybercriminals may create fake social media profiles or pages that appear legitimate
but contain malware-laden content. Users who interact with such profiles or click on links can
unknowingly compromise their devices.

For instance, in 2019, the CEO of a U.K. energy firm, thinking they were conversing with their
superior on the phone, was deceived into transferring funds to a specified supplier. In reality, it was a
phishing scheme utilizing AI to replicate the voice of the CEO of their parent company.

In 2020, a hacker and their associates executed a spear phishing attack by developing a website
that resembled Twitter's internal virtual network provider. The attackers posed as help desk personnel,
contacting Twitter employees and requesting them to provide their login credentials. With these
acquired credentials, the attackers successfully infiltrated numerous prominent accounts, including
those belonging to individuals like Barack Obama, Elon Musk, and Joe Biden.

Phishing scams manifest in various forms and sizes. Users can ensure their safety by staying
vigilant and informed about some of the recent techniques employed by scammers. According to
Gillis (2023), a few instances of contemporary phishing attacks include the following:

1. Digital payment-based scams. These fraudulent schemes take place when well-known payment
applications and websites are exploited to deceive individuals and extract sensitive information
through phishing. In these scams, the perpetrator pretends to be an online payment service, like
PayPal, Venmo, or Wise.

Typically, these attacks are executed via email, where a counterfeit version of a reputable payment
service prompts the user to confirm login details and other personal information. The attacker
commonly asserts that this information is required to address an issue with the user's account.
These phishing endeavors often involve a hyperlink leading to a deceptive imitation page.

2. Finance-based phishing attacks. These attacks rely on the expectation that victims will react
hastily and provide the scammer with personal information. Typically, the scammer adopts the
guise of a bank or another financial institution. Through emails or phone calls, the scammer alerts
their potential victim that their security has been compromised, often using the fear of identity
theft to manipulate them.

Two examples of this scam include:

1. Deceptive emails regarding money transfers aim to bewilder the victim. In such phishing
attempts, the recipient receives an email containing a receipt or rejection notice for an electronic
fund transfer. Frequently, the victim assumes unauthorized charges have been made and promptly
clicks on a malicious link in the email, exposing their personal information to potential theft.

2. Direct deposit scams are commonly employed on new employees. Victims are notified that
their login credentials are not functioning, generating concern about not receiving their salary.
Anxious about this, the victim clicks on a link in the email, directing them to a deceptive website
that installs malware on their system. This makes their banking details susceptible to harvesting,
leading to possible fraudulent charges.

3. Work-related phishing scams. Phishing scams targeting the workplace are particularly
concerning due to their personalized and subtle nature, making them challenging to detect. In
these instances, the attacker assumes the identity of the recipient's boss, CEO, or CFO and solicits
 actions such as wire transfers or fake purchases.

A prevalent work-related scam involves password harvesting, with a specific focus on

executive-level employees who might be less suspicious of emails from their superiors. The
deceptive email often appears mundane, discussing routine workplace matters, such as the need to
reschedule a meeting. The victim is then prompted to fill out a poll via a provided link, redirecting
them to a fake login page for Microsoft Office 365 or Microsoft Outlook. Upon entering login
information, the scammers gain access to the victim's password.

Another tactic involves malicious actors using AI voice generators to impersonate a manager,
CEO, or CFO over the phone, instructing the employee to make a fraudulent money transfer.
While the employee believes they are engaged in a legitimate business transaction, they are
unknowingly transferring funds to the attacker.

Malware
Malware stands as a common form of cyber-attack, encompassing a range of malicious programs
that are distributed and installed on end-user systems and servers. Crafted with the intent to inflict
harm on computers, servers, or computer networks, these attacks are orchestrated by cyber criminals
seeking to acquire data for financial motives (Yellari et al., 2017). Malicious users may use social
media to distribute malware. By gathering sufficient information from social media, a malicious actor
could develop malware specifically tailored to target the business. This could involve executing an
attack to gain access to the internal network, enabling the attacker to extract sensitive data. They can
post links to infected websites or distribute malicious files through messaging platforms, luring users
into downloading and installing malware on their devices.

While malware typically operates discreetly in the background, certain indicators such as resource
consumption and payload display can reveal a computer infection. Though detecting infections may
require expertise, there are discernible signs for users to investigate further. Indications that your
computer might be infected with malware include

1. Sluggish performance. Malware like cryptojackers can demand significant CPU and memory
resources, causing persistent slowdowns even after a system reboot.

2. Frequent pop-ups. Adware integrated into the operating system leads to a continuous display of
advertisements in your browser, with one ad popping up after another.

3. Blue screen of death (BSOD). While Windows crashing to a blue screen and displaying an error
is uncommon, recurrent BSOD occurrences may signify a malware-infected computer.

4. Unexplained changes in disk storage. Malware could delete data, resulting in a sudden release
of significant storage space or the addition of large amounts of data to storage.

5. Unusual internet activity. Excessive activity on your router, even when your internet connection
is not in use, may indicate potential malware presence.
6. Alterations in browser settings. Malware may modify browser home pages or search engine
settings to redirect users to spam websites or sites containing malicious programs.

7. Disabled antivirus. Some malware disables antivirus software to carry out its payload, and this
disabling may persist even after attempting to re-enable antivirus protection.

Social Engineering Attacks

Social engineering attacks involve manipulating individuals to divulge sensitive information,
download unauthorized software, visit malicious websites, transfer funds to criminals, or commit
other actions that jeopardize their personal or organizational security. Unlike exploiting technical or
digital system vulnerabilities, social engineering relies on psychological manipulation and takes
advantage of human error or weaknesses. This approach is occasionally referred to as 'human
hacking.'

Social engineering tactics are frequently employed by cybercriminals to acquire personal data or
financial information, such as login credentials, credit card numbers, bank account details, and Social
Security numbers. This information is then utilized for identity theft, enabling criminals to make
unauthorized purchases, apply for loans using someone else's identity, claim others' unemployment
benefits, and more. Additionally, a social engineering attack can serve as the initial phase of a broader
cyberattack. For instance, a cybercriminal may deceive a victim into disclosing a username and
password, subsequently utilizing these credentials to deploy ransomware on the victim's employer's
network.

Cybercriminals find social engineering appealing as it allows them to gain entry into digital
networks, devices, and accounts without having to navigate the challenging technical aspects of
bypassing firewalls, antivirus software, and other cybersecurity measures. Most social engineering
attacks utilize one or more of the following strategies:

1. Impersonating a trusted brand. Scammers often mimic well-known companies or brands that
victims frequently engage with, exploiting the familiarity and trust associated with these entities.
Some use readily available tools to create fake websites resembling those of major brands.

2. Pretending to be a government agency or authority figure. Leveraging the trust, respect, or

fear people have for authority figures, social engineering attacks employ messages claiming to be
from government agencies (e.g., FBI or IRS), political figures, or even celebrities.

3. Creating fear or a sense of urgency. Exploiting the tendency of individuals to act impulsively
when frightened or pressed for time, social engineering scams employ various techniques to instill
fear or urgency. This could involve false claims about unapproved credit transactions, computer
viruses, copyright violations, or triggering the fear of missing out (FOMO).

4. Appealing to greed. Exploiting individuals' desire for financial gain, scams like the Nigerian
Prince scheme promise substantial rewards in exchange for sensitive information or a small
upfront fee. This approach combines appeals to greed with an alleged authority figure and a sense
of urgency.
5. Leveraging helpfulness or curiosity. Social engineering tactics may also play on victims'
altruistic tendencies. For example, a message appearing to be from a friend or a social networking
site might offer technical assistance, request participation in a survey, claim a post has gone viral,
and provide a deceptive link to a fake website or malware download.

How Social Media Can Be Used to Improve Cybersecurity

Social media can play a significant role in improving cybersecurity in various ways. While social
media platforms themselves can be susceptible to cybersecurity threats, they can also be utilized as
tools to enhance overall cybersecurity efforts.

Approximately 4.8 billion individuals globally, constituting slightly over 59% of the world's
population, engage with one or more social media platforms. Although these platforms facilitate
communication with friends, customer engagement, and business promotion, they also elevate the risk
of cyber threats for both individuals and businesses in various ways (Chin, 2023).

According to LinkedIn (2023), there are many ways to improve cybersecurity through the use
of social media such as

Information Sharing & Awareness Raising

With the help of security professionals, they can make use of social media to gather and share
threat intelligence. By monitoring relevant channels, they can stay informed about emerging threats,
vulnerabilities, and attack trends. Hosting live sessions, webinars, Q&A sessions, and community
building on social media platforms enables cybersecurity experts to directly engage with users, and
give cybersecurity advice, practices, and updates on the latest threats. This interaction not only
cultivates a deeper comprehension of cybersecurity concepts but also promotes the adoption of
proactive security measures. Additionally, being knowledgeable on ways to protect your account helps
protect your personal information, prevent identity theft, avoid phishing attacks, ensure business
security, and, in general, helps contribute to a safer internet environment.

Threat Alerts, Updates, & Incident Response Communication

“If your company is not utilizing social media platforms for threat monitoring, chances are the
security team is missing out on a huge aspect of the company’s overall threat landscape, particularly
as threats are not just physical anymore,” says Kara Gronborg, Crisis 24 Analyst III supporting the
National Football League (NFL) (Henriquez, 2022).

During a cybersecurity incident, social media can serve as a rapid communication channel to
disseminate information about the incident, provide updates on the situation, and guide users on
protective measures. Using social media for clear and open communication in the event of
cybersecurity incidents ensures users are kept updated on the situation and offering guidance on
precautionary measures improves cybersecurity.

According to the study by Henriquez (2022), while the act of monitoring social media is not a
recent development, the urgency to track threats on these platforms has gained traction in light of
recent tragic events. The March 2019 mass shooting at two mosques in Christchurch, New Zealand,
was live-streamed on Facebook, prompting a significant discourse on the impact of social media. This
incident underscored the importance of employing social media threat monitoring as a preventive
measure against acts of violence.

In addition, in December 2021, a series of threats regarding school shootings circulated on TikTok
and various other social media platforms. Numerous videos displayed a written warning of a bombing
or shooting slated for December 17, 2021. Despite the lack of credibility in these threats, several
school districts and law enforcement agencies treated them seriously, leading to the cancellation of
classes and an increase in security measures.

The capability to monitor social media for active shooter threats, suicide attempts, or other violent
incidents provides substantial value to businesses. Through this technology, security teams can collect
the necessary intelligence to evaluate the motivations of the individual issuing the threat, assess the
credibility of the threat, and determine the capability of the threat maker to execute it.

In conclusion, social media can serve as a channel for users to report cybersecurity incidents or
suspicious activities. Additionally, organizations can encourage users to report phishing attempts, data
breaches, or other security issues through their social media accounts.

Use of Security Tools

Security tools are designed to detect and prevent various cyber threats, such as malware, phishing
attempts, and suspicious activities. Implementing these tools on social media platforms adds an extra
layer of defense against potential security breaches. It can conduct regular vulnerability assessments,
identifying weaknesses in a social media platform's security infrastructure. By addressing these
vulnerabilities promptly, organizations can fortify their defenses and minimize the risk of exploitation.
Newberry (2023) recommended 3 social media security tools that will keep your accounts safe:

1. Hootsuite - Hootsuite, a social media management platform, enhances team security by

eliminating the need for team members to have direct access to social network login information.
Access and permissions can be controlled, ensuring each team member has only the necessary
level of access. This reduces the risk associated with staff changes, as accounts can be disabled
without the need to change all social media passwords. Additionally, Hootsuite functions as a
proactive social monitoring tool, enabling users to stay ahead of potential threats by tracking
brand mentions and keywords. This capability allows for swift action in response to suspicious
activities, such as the dissemination of fake coupons or the emergence of imposter accounts,
protecting the brand and its customers from potential scams.

2. ZeroFOX - ZeroFOX is a cybersecurity solution that provides automated notifications for diverse
social media risks. These include harmful or inappropriate content directed at your brand,
malicious links present on your social accounts, scams that target your business and customers,
and fake accounts attempting to impersonate your brand. Additionally, the platform protects
against hacking and phishing attacks.

3. BrandFort - BrandFort is a platform designed to safeguard social accounts from spam, phishing
comments, and content moderation issues. Spam comments pose a security risk as they are visible
on profiles and might lure legitimate followers or employees to click on scam sites. BrandFort
addresses this by automatically detecting and hiding spam comments in multiple languages,
helping to prevent potential fallout and protect the brand's online presence.
Use of Two-Factor Authentication (2FA)
“Starting with a strong, unique password is good. However, it’s not enough on its own.” (Pearson,
2023).

Social media has become a crucial aspect of our daily lives, facilitating connections with friends,
family, and business engagements. As the utilization of social media platforms continues to rise, the
significance of securing your accounts cannot be emphasized enough.

Activating Two-Factor Authentication (2FA) on all your social media accounts stands out as one
of the most efficient methods to safeguard your accounts. Two-factor authentication is a security
method that mandates users to present two distinct authentication elements before obtaining access to
an account or system. Implementing Two-Factor Authentication (2FA) provides an additional level of
security for your accounts, demanding a secondary form of verification alongside your password. This
ensures that even if unauthorized individuals acquire your password, they cannot access your account
without completing the second authentication step.

The stakes are elevated, particularly with social media accounts, especially when linked to
advertising accounts. If a hacker breaches your social media account, there's the potential for them to
gain entry to associated ad accounts, where sensitive information like credit card details may be
stored. Implementing Two-Factor Authentication for your social media accounts is a straightforward
yet impactful method to enhance your online security, especially when dealing with sensitive data
such as credit card information. By adopting this precautionary measure, you significantly reduce the
likelihood of unauthorized access and potential financial harm. This, in turn, offers a sense of
reassurance as you navigate the digital realm.

Community Building
Social media has the ability to build trust and unity within a community by instilling a sense of
belonging, identity, and solidarity among its members. Utilizing social media enables the facilitation
of communication, interaction, and collaboration within your audience, while also providing a
platform to acknowledge and celebrate diversity, culture, and accomplishments (LinkedIn, 2023). In
addition, social media has the potential to boost community learning and innovation by offering
access to information, knowledge, and skills that can enhance the outcomes of your community
development efforts. Therefore, establishing online communities centered around cybersecurity
conversations offers a space for individuals to seek guidance, exchange experiences, and gain insights
from one another, contributing to the development of a more robust and resilient online community.

Within specialized cybersecurity communities, individuals can exchange advice and share
experiences concerning online security. This shared knowledge contributes to a heightened awareness
among community members regarding potential threats, vulnerabilities, and effective security
practices. The environment facilitates mutual learning, enabling individuals to gather insights from the
experiences and expertise of their peers. This collaborative learning atmosphere fosters a community
that is well-informed and vigilant in identifying and addressing cybersecurity issues, including the
early detection and discussion of emerging threats. The collective vigilance functions as an early
warning system, empowering members to proactively implement preventive measures and share
valuable threat intelligence.
 Moreover, in the event of a cybersecurity incident, community members can extend mutual
support by offering shared resources, guidance, and assistance. This collective support proves
invaluable for individuals and organizations navigating security challenges.

Mitigating Cybersecurity Risks Posed by Social Media

Addressing cybersecurity risks associated with social media is essential in our interconnected
society. Social media platforms present individuals and organizations with diverse threats such as
phishing attacks, identity theft, malware distribution, and potential harm to reputation. To protect
against these threats and use social media safely, Bulwarkers (2023) presented four (4) strategies to
help mitigate these risks:

Educate Yourself and Spread Awareness

Keep yourself updated on online scams and cybersecurity threats by actively learning about them.
Engaging in cybersecurity studies provides you with a diverse skill set that encompasses threat
detection and analysis, network security, cryptography, ethical hacking, and risk management. These
skills hold significant value not only within the cybersecurity sector but also in IT and associated
industries. The more knowledge you accumulate, the more effectively you can safeguard yourself
(Bay Atlantic University, 2023). Users can also follow cybersecurity experts on social media
platforms and engage with their content for insights and updates.

Effective cybersecurity awareness involves a combination of continuous learning, proactive

sharing of information, and fostering a culture of security within your community and networks. So,
users must not only educate themselves but should also take the initiative to raise awareness. They can
share informative posts about cybersecurity risks on your social media accounts to educate your
friends, family, and followers. In this way, users can emphasize the importance of secure practices,
such as using strong passwords, enabling two-factor authentication, and being cautious about sharing
personal information.

Regularly Update Passwords

As per Thytoctic, 80% of cybersecurity attacks result from either weak or stolen passwords.
Changing your password every quarter diminishes the likelihood of exposure, mitigating various IT
security risks. Unfortunately, passwords are frequently overlooked.

The importance of regularly updating your password cannot be overstated. Your computer
contains and grants access to a wealth of sensitive information, especially when connected to a
network that holds client data. Safeguarding this data should be a top priority. It is wise for
organizations to have a password policy that requires employees to change their passwords regularly.
Passwords should also be unique for each account. Phillips (2023) recommends changing passwords
every 90 days (about 3 months).

Phillips (2023) stated four (4) reasons why users should often change their passwords:

1. Limits Breaches to Multiple Accounts. If you use the same password across all your
accounts, the compromise of one should be regarded as a potential threat to others. It is
essential to assign a distinct password to each account. For instance, your Facebook password
 should not be identical to your work password, and your Target password should differ from
your mobile banking password.

2. Prevents Constant Access. A hacker might make multiple attempts to gain access to your
account over an extended period. Regularly changing your password minimizes the likelihood
of them having recurrent access.

3. Prevents Use of Saved Passwords. In the event of losing or switching computers, there's a
risk that someone else might acquire access to your passwords. Consistently updating your
passwords ensures that even if someone discovers an old or saved password, it becomes
obsolete, enhancing the security of your data.

4. Limits Access Gained by Keystroke Loggers. A keystroke logger is a form of surveillance

technology designed to record keystrokes, commonly employed to illicitly capture credit card
details and login credentials. Changing your password regularly reduces the likelihood that
passwords acquired through this method will remain effective for an extended period.

Monitor Social Media Activity

Regularly checking your social media for anything unusual is crucial for staying safe online. This
helps catch strange activities early like someone trying to use your account without permission or
attempting to trick you with fake messages. In addition, automated tools can send alerts if your
account is at risk. Monitoring also helps identify and report fake accounts. This ensures that your
privacy settings are secure, and warns against harmful links.

For businesses, it ensures they follow security rules and helps understand user behavior. Keeping
an eye on social media helps you stay informed about online threats, and if there's ever a problem, the
information collected can be used to investigate and improve security measures. This is a proactive
way to make sure your online space is safe.

Keep Updating Your Operating System

According to the University of Idaho (2023), keeping your software up to date is crucial for
preserving the security and functionality of your devices and applications. It serves as a defense
against cyber threats, enhances user experience, and ensures seamless compatibility with other
software and hardware. Below are some advantages and recommendations for maintaining current
software versions:

● Tightened Security. Regular software updates typically contain patches addressing

vulnerabilities or bugs that hackers might exploit to gain unauthorized access to your system
or data. Keeping your software current helps minimize the risk of cyberattacks, safeguarding
both personal and business information.

● Improved User Satisfaction. Software updates go beyond security enhancements; they also
focus on improving functionality and usability. Updates can introduce new features, boost
performance, increase speed, and enhance overall stability. Staying up to date with software
 ensures a more seamless and satisfying user experience.

● Sustained compatibility. Software updates play a crucial role in preventing compatibility

issues with other software and hardware. For instance, using an outdated web browser may
limit access to certain websites or online services that require the latest version. Similarly,
outdated apps may struggle to sync with your device or cloud storage. Regularly updating
your software ensures smooth compatibility with various systems and devices.

In addition, users can also use these strategies:

● Secure Privacy Settings. Utilizing secure privacy settings on social media is instrumental in
reducing the risk of cybersecurity threats by controlling who can access and view your
personal information. By configuring strong privacy settings, individuals can minimize the
exposure of sensitive data on social media platforms, enhancing their overall cybersecurity
posture. In addition, secure privacy settings act as a barrier against potential threats, limiting
the extent of information that could be exploited by malicious actors on social media.

● Enable Two-Factor Authentication (2FA). Enabling Two-Factor Authentication (2FA)

enhances social media cybersecurity by adding an extra layer of protection. This additional
step, often involving a verification code sent to a mobile device, significantly reduces the risk
of unauthorized access, even if passwords are compromised.

● Beware of Impersonation. Being cautious about impersonation helps mitigate cybersecurity

risks on social media by preventing unauthorized individuals from posing as someone else,
which can lead to deceptive activities, unauthorized access, and potential exploitation of
personal or sensitive information. Staying vigilant about impersonation acts as a protective
measure against social engineering and fraudulent activities that could compromise the
security and privacy of users on social media platforms.

● Avoid Clicking on Unknown Links. Avoiding clicking on unknown links is crucial to

mitigate the risk of cybersecurity on social media because these links may lead to malicious
websites or phishing attempts, potentially compromising your personal information and
account security.
References:

Alam, S., & El-Khatib, K. (2016, July). Phishing susceptibility detection through social media
analytics: Proceedings of the 9th International Conference on Security of Information and
Networks. ACM Other conferences. https://dl.acm.org/doi/abs/10.1145/2947626.2947637

Amos, Z. (2022, July 22). How social media impacts business cybersecurity. Cybersecurity
Magazine.
https://cybersecurity-magazine.com/how-social-media-impacts-business-cybersecurity/

Bay Atlantic University. (2023, October 6). 6 compelling reasons why you should study Cyber
Security. Bay Atlantic University - Washington, D.C.
https://bau.edu/blog/why-study-cyber-security/#:~:text=Studying%20cyber%20security%20equ
ips%20you,in%20IT%20and%20related%20industries.

Buhari, A., & Isa, Z. (2023, August). Social Media and cyber security: Protecting against
online threats and attacks. Research Gate.
https://www.researchgate.net/publication/373328868_SOCIAL_MEDIA_AND_CYBER_SEC
URITY_PROTECTING_AGAINST_ONLINE_THREATS_AND_ATTACKS

Bulwarkers. (2023, October 28). Common cyber security risks associated with social media use
and how individuals can protect themselves. LinkedIn.
https://www.linkedin.com/pulse/common-cyber-security-risks-associated-social-media-use-ho
w-px6bf/

Chin, K. (2023, May 8). The impact of social media on cybersecurity: Upguard. Upguard.
https://www.upguard.com/blog/the-impact-of-social-media-on-cybersecurity

Folger, J. (2022, September 7). What is spoofing? how scam works and how to protect yourself.
Investopedia. https://www.investopedia.com/terms/s/spoofing.asp

Gillis, A. S. (2023, June). What is phishing and how does it work?: Definition from TechTarget.
Security.
https://www.techtarget.com/searchsecurity/definition/phishing#:~:text=With%20the%20integra
tion%20of%20social,technologies%20are%20also%20being%20used.

Henriquez, M. (2022, June 15). Threat monitoring with social media. Security Magazine RSS.
https://www.securitymagazine.com/articles/97823-threat-monitoring-with-social-media

Irshad, S., & Soomro, T. R. (2018, February). Identity Theft and Social Media . Research Gate.
https://www.researchgate.net/publication/323185128_Identity_Theft_and_Social_Media

Khidzir, N. Z., Ismail, A. R., Daud, K. A. M., Ghani, M. S. A. A., & Ibrahim, M. A. H. (2016,
June 1). Critical cybersecurity risk factors in digital social media: Analysis ... Lecture Notes on
Information Theory.
https://www.researchgate.net/publication/306119001_Critical_Cybersecurity_Risk_Factors_in_
Digital_Social_Media_Analysis_of_Information_Security_Requirements

LinkedIn. (2023, April 4). How can social media enhance community development and social
capital?. How Social Media Boosts Community Development and Social Capital.
https://www.linkedin.com/advice/0/how-can-social-media-enhance-community-development#:
~:text=Social%20media%20can%20foster%20community,diversity%2C%20culture%2C%20a
nd%20achievements.

LinkedIn. (2023, September 29). The importance of two-factor authentication in online

security.
https://www.linkedin.com/pulse/importance-two-factor-authentication-online-security?trk=publ
ic_post#:~:text=Enhanced%20Security%3A%20The%20primary%20benefit,the%20risk%20of
%20unauthorized%20access.

LinkedIn. (2023, October 29). How can social media and crowdsourcing improve your
cybersecurity incident response plan?. How Social Media and Crowdsourcing Boost
Cybersecurity Incident Response.
https://www.linkedin.com/advice/0/how-can-social-media-crowdsourcing-improve-your-cybers
ecurity-dosge#:~:text=You%20can%20also%20use%20them,receive%20updates%20on%20rel
evant%20topics.

MacKay, J. (2023, March 9). How to promote Cyber Security Awareness in your organisation.
MetaCompliance.
https://www.metacompliance.com/blog/cyber-security-awareness/how-to-promote-cyber-securi
ty-awareness-in-your-organisation

Newberry, C. (2023, March 13). Social media security tools and tips to mitigate risks [2023].
Social Media Marketing & Management Dashboard.
https://blog.hootsuite.com/social-media-security-for-business/

Pearson, C. (2023, November 9). Protect your digital presence: The importance of two-factor
authentication for Social Media Accounts. Your IT Department.
https://www.your-itdepartment.co.uk/the-importance-of-two-factor-authentication-for-social-m
edia-accounts/#:~:text=2FA%20adds%20an%20extra%20layer,without%20the%20second%20
authentication%20step.

Phillips, E. (2023, November). Benefits of changing your password regularly.

footer_bg_transparent_2-03. https://www.proactive-info.com/blog/change-your-password

Proofpoint. (2023, October 30). What is a social media threat? attacks & security: Proofpoint
us.
https://www.proofpoint.com/us/threat-reference/social-media-threats#:~:text=Attackers%20ofte
n%20use%20social%20media,including%20social%20engineering%20and%20phishing.

Sharma, B. K. (2019). Social media evidence in traditional and cyber crimes. ResearchGate.
https://www.researchgate.net/figure/Social-media-evidence-in-traditional-and-cyber-crimes_fig
2_340890411

Tessian. (2023, February 7). 15 examples of real social engineering attacks - updated 2023.
https://www.tessian.com/blog/examples-of-social-engineering-attacks/

Terranova Security. (2023, July 12). What is spoofing?: Examples & prevention: Terranova
security. Cyber Security Awareness. https://terranovasecurity.com/what-is-spoofing/
Tunggal, A. T. (2023, May 2). What is a whaling attack?: Upguard. RSS.
https://www.upguard.com/blog/whaling-attack#:~:text=A%20whaling%20attack%20is%20a,in
formation%20or%20employees’%20personal%20information.

University of Idaho. (2023, October 18). Why keeping your software up to date is important for
cybersecurity. University of Idaho - Knowledge Base.
https://support.uidaho.edu/TDClient/40/Portal/KB/ArticleDet?ID=2770#:~:text=Tightened%20
security%3A%20Software%20updates%20often,your%20personal%20and%20business%20inf
ormation.

Uzialko, A. (2023, October 23). How to guard against Social Media Identity Theft. Business
News Daily. https://www.businessnewsdaily.com/4194-social-media-security-tips.html

Wallace, G. (2013, December 23). Target credit card hack: What you need to know.
CNNMoney. https://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/

What is social engineering?. IBM. (n.d.).

https://www.ibm.com/topics/social-engineering#:~:text=Social%20engineering%20attacks%20
manipulate%20people,their%20personal%20or%20organizational%20security.

Yasar, K., Wright, G., & Teravainen, T. (2023, March 14). What is information security
(INFOSEC)? – TechTarget definition. Security.
https://www.techtarget.com/searchsecurity/definition/information-security-infosec#:~:text=Phy
sical%20security%2C%20endpoint%20security%2C%20data,natural%20disasters%20and%20
server%20outages.

Yellari, M. S. S. L., Manisha, M., Dhanesh, J., Rao, M. S., & Suhasini, S. (2017, March).
Identifying malicious data in social media - IRJET. International Research Journal of
Engineering and Technology (IRJET). https://www.irjet.net/archives/V4/i3/IRJET-V4I3479.pdf