Most institutions spend a lot of time and money guarding and monitoring their network perimeter and their internal networks against attackers. Firewalls, web filters, email filters, intrusion prevention systems, and employee training all receive constant attention. But there may be attacks occurring right now that are outside of the control of the institution. Social media attacks are used regularly by criminals to gain access to customer accounts.
A social media attack normally starts when someone creates a fake account on Twitter, Facebook, Instagram, or any other social media site. They then post messages using the accounts, including a link for customers to follow. The link, of course, does not lead to the website of the institution but instead leads to a malicious site.
In some cases, the link will attempt to install malware. In other cases, the link will lead to a logon site that appears to belong to the institution, and the criminal will capture customer credentials. The more sophisticated attacks may use a man-in-the-middle attack that captures the customer credentials and multifactor authentication responses, then passes them on to the actual institution Internet banking site in real time, giving the attacker full access to the customer account.
While there is no way to be fully protected against social media attacks on customers, there are a few things your institution can do to reduce the likelihood of this type of attack:
- Monitor the Internet and Social Media: Consider subscribing to at least one service that monitors for your institution name (or similar sounding names) on the Internet, including on social media sites. Make sure that any of the alerts that come from this service are quickly reviewed.
- Have a Takedown Process: Make sure that your incident response plan includes a takedown process when malicious Internet sites or social media accounts are discovered. Consider subscribing to a takedown service if your institution lacks the internal staff to accomplish this task when needed.
- Link to Official Social Media Sites: By including links to official social media accounts on the website of the institution, you reduce the number of customers that will perform an Internet search for your accounts and be led by these search results to a malicious account.
- Don’t Reinforce Link Clicking Behaviors: Avoid posting items on social media sites that link to a login page. Doing so can condition customers that this is normal and will result in them entering their credentials more quickly if they do click on a malicious link. (For a quick refresher on how to spot a bad URL check out our blog post To Click or Not to Click: The 5 Laws of Links.)
- Train Customers: Teach customers that they should always go to your official website directly to log in to Internet banking, and that they should never follow a link.
A sound social media policy is part of a strong information security program. (For more on policies, check out our blog post: Is it Time to Give Your Information Security Policies an Update.)
If you are trying to improve your information security program and want expert advice, email us any time at support@bedelsecurity.com or give us a call at 833-297-7681.
Additional Resources:
https://www.bedelsecurity.com/blog/click-not-click-5-laws-links
https://www.bedelsecurity.com/blog/is-it-time-to-give-your-information-security-policies-a-refresh