Preloader

Rising Cyber Threats from Social Media Targeting Organizations

Rising Cyber Threats from Social Media Targeting Organizations

Rising Cyber Threats from Social Media Targeting Organizations

Every post we share on social media can be a piece of a dangerous puzzle.
LinkedIn reveals our job titles, Facebook and Instagram expose details of our daily lives, and X (formerly Twitter) shares our opinions and thoughts.
When combined, these fragments create a valuable map for cybercriminals to design highly targeted phishing attacks.

According to a report by Ivanti Research Institute, the rise of Artificial Intelligence (AI) has accelerated this trend.
AI can analyze user behavior across social platforms to generate personalized and convincing phishing emails — attacks that are inexpensive to execute but highly effective in compromising organizational security.

Oversharing personal information gives cybercriminals an opportunity to build detailed profiles of individuals, including personal interests, travel plans, family details, and professional achievements.
They then exploit this data to impersonate employees or craft malicious messages that trick recipients into clicking infected links or downloading harmful attachments.

Some attackers even establish direct connections on social networks, posing as colleagues, business partners, or executives to manipulate employees and exploit their trust.

A recent Gen Research Institute report shows that social media platforms have become major targets for cyberattacks:

  • LinkedIn accounts for 56% of identified threats,
  • Facebook for 24%,
  • X (Twitter) for 10%,
  • while Reddit and Instagram each represent 3% of total threats.

Another major risk arises when employees reuse the same passwords for both personal and professional accounts.
If a personal account is compromised, attackers may gain access to corporate systems as well
 

Managing Employee Behavior on Social Media

The surface of cyberattacks is no longer limited to internal corporate systems — it now extends to employees’ social media profiles.
Organizations must therefore establish clear social media policies defining what employees can and cannot share online, especially regarding work-related matters.
Such policies should include restrictions on sharing sensitive information, including:

  • Work projects: Avoid posting about ongoing projects, upcoming product launches, or internal operations.
  • Professional relationships: Refrain from sharing details about colleagues, supervisors, or business partners to prevent social engineering attacks.
  • Job roles and responsibilities: Avoid posting specific details about roles, duties, or workplace information that could help attackers craft targeted phishing messages.

By enforcing such policies, companies can significantly reduce the risk of phishing, impersonation, and data breaches caused by employee oversharing.

Source: MedadPress
www.medadpress.ir