Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity NewswireSecurity Leadership and ManagementSecurity & Business ResilienceIdentity ManagementPhysical SecurityBanking/Finance/Insurance

How to protect against rising social media threats

By John LaCour
Hand holds phone using social media
January 7, 2022

By some estimates, the number of worldwide social media users reached 4.2 billion in early 2021, and this number continues to grow. Additionally, 91.9% of U.S. marketers in companies larger than 100 employees use social media for marketing purposes. That’s a lot of companies connecting with a lot of people, making social media the largest pool of potential victims at scammers’ fingertips. And that leaves most American businesses open to phishing scams from bad actors.

Indeed, social media threats are on the rise. In January 2021, the average targeted organization experienced nearly 34 attacks through social media. As the year progressed, this number significantly increased. By September, the average targeted organization encountered 61 attacks per month, which is an 82% increase in three quarters.

Unfortunately, it can be extremely difficult to diffuse this rising threat. As digital transformation continues to accelerate — living more and more in a digital world as a means to work, communicate, purchase products, conduct research and find entertainment — our lives are moving into an almost fully digital space. This allows for easier social engineering attacks, selling of personal information, impersonation and general fraud. Identifying, locating and charging scammers through their social media activity is difficult to impossible for most situations.                               

Let’s start by defining the five key types of social media threats:

  1. Fraud: An incident designed to deceptively deny a right to a victim or provide illegal gain to the threat actor, including the unauthorized sale of account credentials; exposure of banking details; deposit fraud; providing access to tools designed to commit fraud; and other financial threats.
  2. Impersonation: An incident including a purposeful spoof of a corporate brand, executive or employee with intent to sway opinion or fool victims into performing an action.
  3. Cyber threat: An incident that includes an intentional cyber risk to the targeted victim, such as hacking attempts.
  4. Data leak: A leak or unauthorized share of proprietary or sensitive data such as login credentials, corporate documents or source code.
  5. Physical threat: A physical threat of harm specifically directed toward an employee, a physical location or an event.

While the percentage of fraud-related social media attacks leveled off in Q3 2021 after a significant increase in Q2, the threat type continued to make up the lion’s share of attacks. Cyber threats experienced the largest increase among all threat types in Q3, growing 5.5% from Q2 and accounting for approximately one quarter of the threats encountered. Employee, brand, and executive impersonations increased slightly as well, making up an additional quarter of the social media threats encountered.

Regarding specific industries, financial services was among the business sectors targeted most by social media attacks in 2021. This industry is a natural target for threat actors because their services are used broadly across several business sectors. The staffing and recruiting sector experienced the steepest increase in attacks, possibly due to seasonality and threat actors preying on job seekers during end-of-year recruiting. Information typically gleaned by hackers includes user and employee login credentials, credit card information and personal information that can then be used to launch other scams and attacks. One more factor contributing to the rise in social media threats include the growing focus on cryptocurrency. Crypto is non-traceable and crypto scams are easy to create, yet difficult to track.

Obviously, as the data shows, there is an urgent need for security teams to more closely monitor and manage social media activity. Here are some standard rules that employees should follow: 

  • Do not click on links in posts, tweets or direct messages unless you are 100% certain that they are genuine and well-intentioned. Ask yourself if somebody genuine would really contact you in this way with this information.
  • Recognize threats of financial issues or offers that seem too good to be true for what they really are.
  • If in doubt, call the correct number of the organization or individual from whom the post or tweet claims to be from to check its authenticity.
  • Know that even if the post or tweet seems to come from someone you trust, their account may have been hacked or spoofed.

Additionally, security teams need to start implementing procedures such as the following to protect against such threats which are sure to grow in 2022: 

  • Concentrate on marketing “phishing security awareness.” In most cases, phishing attempts require some kind of user action or response to succeed, so it is obvious that making users aware of the tactics used by scammers and the consequences of certain behaviors is paramount. Consider periodically communicating to your user base about the dangers of phishing and what to look out for. 
  • Employ experts. Security teams should have mobile experts dedicated to the detection and curation of these types of threats. Active monitoring is necessary and apps and emails should be flagged as suspicious if they reference, impersonate or replicate a brand’s content or images, including unauthorized use of logos, trademarks, content, functionality or appearance
  • Make your employees your frontline army. Involve and empower employees to take proactive participation in organization-wide training, as it is important to give employees a sense of their importance as a human barrier against phishing attempts. Make them feel a sense of pride and ownership for the safety of the brand’s customers. 
  • Account Protections. Always use a company email address to create social media accounts and have at least two “admins” on each account. This prevents someone changing passwords and locking you out. Additionally, each company should employ standard password change protocols and minimum password requirements. 
  • Verify the C-suite. Create official accounts for your top executives and get them verified (having a verified account or any account helps with mitigation of impersonation scams).

This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users brought to you by Security Magazine. Subscribe here.

KEYWORDS: cryptocurrency cyber threat data loss prevention employee risk fraud prevention phishing security awareness social media security threat detection

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John LaCour is the Founder and CTO of PhishLabs and serves as Principal Strategist with HelpSystems. PhishLabs, by HelpSystems, is a cyber threat intelligence company that delivers Digital Risk Protection through curated threat intelligence and complete mitigation. PhishLabs provides brand impersonation, account takeover, data leakage and social media threat protection in one complete solution for the world’s leading brands and companies.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • social media influencer

    How to reduce security risks for social media influencers

    See More
  • protests -violence

    How extremist groups are using social media to spread their ideology, recruit and encourage violence

    See More
  • 5 mins with Prout

    5 minutes with Jeremy Prout - How to protect the workforce against security risks in 2021

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing