Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.


Check here if you're human


Social Media Security: Using Facebook to Steal Company Data

Pin It

Robert Siciliano Identity Theft Expert

There is a reason why computer users are called “users.” Like crack addicts who are drug users, more is never enough. And when under the influence, people do stupid things. I find myself scanning the Dell catalog like it’s the latest (or any) Victoria Secrets catalog. I’m amazed at how many people I know are online all day long and digitally stoned. The bad guy knows you are obsessed and uses this against you. He sees that you are comfortably numb here. He understands that in the virtual world you’re delirious and more apt to respond to his message then log your credentials.

Meanwhile Facebook’s security and privacy issues are being challenged from all sides. And during the brouhaha one of the Facebooks investors fell for a Facebook phishing scam.

Steve Stasiukonis is vice president and founder of Secure Network Technologies Inc. and publishes to Dark Reading tested his clients network using a bogus identity, and joined the companies Facebook site and started mining the names and email addresses of individuals who identified themselves as employees.

As he collected a database of names for a penetration test in the phish, he secured a domain name similar to that of his client. This domain name took on the appearance of a human resources or benefits portal. When he emailed the employees as “human resources,” they were redirected to a Web page, such as https://www.xyzcompany-benefits.com.

He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his companie’s Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers’ network.

Steve says:

— Officially sponsor the social networking site and assign an administrator who is responsible for permitting employees to join. This will help control somebody infiltrating the site for devious purposes.

— Establish a social networking policy. If your employees are participating in social networking sites (company sponsored or not) make sure company policies dictate what is and is not permissible. For example, divulging your corporate email account on social networking sites should not be permitted.

— Last but not least, if employees feel the need to gather and converse about their day-to-day work, personal lives, and hobbies, consider a corporate intranet. Maybe someday social networking vendors will launch a product that will provide the same features and benefits, but with the security tools needed to keep employees and company secrets safe. But in the meantime, it’s up to you.

Sober up and protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • How to Hack a Corporate Network…with Facebook
    Robert Siciliano Identity Theft Expert There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. They have no reason to distrust. People who are your “Friends” are generally those who you “know, like and trust”. In this world, your guard is as down as it
  • Spear Phishers Know Your Name
    “Spear phishing” refers to phishing scams that are directed at a specific target. Like when Tom Hanks was stranded on the island in the movie Cast Away. He whittled a spear and targeted specific fish, rather than dropping a line with bait and catching whatever came by. When phishing attacks are directed at company officers
  • Social Media is a Criminals Playground
    Social media has become a playground for adults, teens, and tweens. And like on any playground, when you hit the jungle gym or horseplay on the seesaw, there is always a chance that you may go home with an egg on your forehead. Or, if you are like me, a broken collarbone. Twitter and Facebook have
  • 15 Small-Business Social Network Nightmares
    You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense. Can you think of five social network nightmares you hope never happen to your business? How about 10? Well, I can top that, because there are at least 15 social network mishaps that can
  • 8 Ways to Prevent Business Social Media Identity Theft
    Robert Siciliano Identity Theft Expert There are hundreds, or maybe even thousands of social media sites worldwide such as Facebook, MySpace, Twitter, and YouTube. Social media networks are quickly becoming the bane of the IT Manager. Twitter phishing and Facebook jacking are growing rapidly. Social media is still in its infancy and its security has been an issue since its inception.

Leave a Comment

You must be logged in to post a comment.

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category