Wednesday, April 01, 2020

Cybercriminals Broaden their Attacks in Social Networks

Posted by OnCourse Staff September 18, 2014 11:15am

Photo Credit: StefanG81

By Buddy Arriola, CISA, MsC

Cybercrime attacks in Social Networking platform is listed as one of the Top 10 IT Security Issues for 2014 by SC Magazine for IT Security Professionals.  Cybercrime is defined in Wikipedia as any crime that either uses or targets a computer in the accomplishment of a crime.  Cybercrime attacks are prevalent in popular social and professional networks such as Facebook, Twitter, YouTube and LinkedIn. 

Why Cybercriminals Target Social Networks?

With an increasing popularity of social media and with a significant number of users logging on to social networking sites daily, Social Networks have become an attractive setting not only for organizations (both private and public) to promote their business products and/or services, but it has also become an ideal target or platform for cybercriminals for the following reasons:

  • There is a wealth of information on social networks.  Social network users willingly store and post personal and confidential information through popular social and professional networks such as Facebook, Twitter, YouTube and LinkedIn.  Articles, photos, videos, posted comment, messages, chats and other materials are posted or uploaded daily by social network users to share details of their personal lives.  According to Facebook Statistics, an estimated 3 million messages are sent daily, and an average of 205 photos uploaded per day.  Moreover, there is an estimated 1.310 billion active Facebook user accounts with personal profile including name, birthday, address, and/or phone number.  Other personal information (such as passport number, driver’s license number, Social Security Number, wedding anniversary date, birthday, age, and planned vacation dates) can also be obtained through posted pictures and messages.  Cybercriminals want your personal information that are used for the attacks or that are used to trick your friends and contacts into revealing information that are used for the attacks.  Cybercriminals steal people’s personal information and people’s identities so these could be used to compromise the victims’ computers and their accounts (including social network, and bank accounts).  

  • There are hundreds of millions of unsuspecting users that logon to social networking sites monthly.  Social Media users, particularly new and inexperienced users are easy prey for criminals.  Facebook alone has an estimated 1.3 billion active users of which an estimated 900 million logon to their Facebook account monthly. Twitter has 645.7 million users of which an estimated 310 million logon to their Twitter account monthly.  See Table 1 below for ebizmba statistics on other popular social media sites.  

 Criminals use social engineering tactics or trickery to obtain or to access social network user confidential information, or to control social network user accounts for various reasons including for financial gain.  Hackers have a high likelihood of success because there are many new and inexperienced social network users.  Many of these users are unaware of social media risks as such do not even think of the need to protect their personal information.  Others are inexperienced as such they do not even know how to protect their personal information. There also others who probably simply do not care to protect their personal information.  Recently, a social network contact posted a photo showing a copy of his Driver’s license, Passport, Social Security card, and professional ID plus his email address simply to transfer the photo from his mobile phone to his computer.  The photo displays his picture, signature, nationality, date of birth, street address, driver’s license number, passport number, social security number, employment details including job title, employer, and work address. Facebook alone had an estimated 170 million new users in 2013, according to Bloomberg Business Week.  As such there is a multitude of potentially vulnerable social network user accounts attracting hackers and criminals.

   Table 1. Top 15 Most Popular Social Media sites as of March 2014

Social Media Site Estimated Unique Monthly Visitors

1 | Facebook


2 | Twitter


3 | LinkedIn


4 | Pinterest


5 | Google Plus+


6 | Tumblr


7 | Instagram


8 | VK


9 | Flickr


10 | MySpace


11 | Tagged


12 |


13 | Meetup


14 | MeetMe


15 | ClassMates



Social media has become a vital means of private and public communication.  With hundreds of millions of social network users logging on to their account daily, and with many accessing their accounts through their mobile phones, Social Media has become a popular and preferred choice for private and public communication.  

There has been an increased reliance on social media for accessing as well as disseminating information such as for businesses to market their products and services; celebrities to promote or to announce changes in their events; governments to broadcast emergency alerts as well as public service announcements; and, for politicians and world leaders to express their views or even to raise campaign funds or funds for (a) charitable cause(s).  Despite its benefits, social media has become an ideal ground for staging crimes such as bullying.  It is a fast, effective, and efficient way to distribute or spread malicious information on targeted individuals, groups and organizations.  Also, social media has become a prime target for denial of service attacks by criminals and terrorists because social network service disruption can have a major impact to social network users as well as to the national security and financial health of an organization/nation.  According to Hackmaggedon, Governments and Industries have been the preferred targets of cyber attackers in 2013 followed by financial institutions.  

What are the Popular Social Media Attacks?  

The most dangerous hacks and exploits directed to social networks are identified in the Book the “Seven Deadliest Social Network Attacks” by Carl Timm and Richard Perez.  It is important to be aware of these attacks in order to recognize and avoid any possible mishaps to individual and business/professional social network users.  This section briefly identifies and discusses the more popular attacks.  But additional information can be obtained by reading articles or publications listed in the reference section at the end of this article which is recommended.

  • Social Networking Infrastructure Attack – is an attempt to bring down social networks, for example, through Distributed Denial of Service Attack.  Such an attack renders a social network site inaccessible for an extended period of time that can lead to financial loss for businesses relying on marketing their product through social network.  Such an attack can also affect national security as discussed in other sections of this article.
  • Malware Attack – is an attempt to gain access to computer systems and personal data or disrupt computer systems by infecting a computer with application containing malicious codes.  Infected computer can be controlled by the attacker for future activities such as track your activities, obtain your bank account information, or for distributed denial of service attacks.
  • Phishing Attack – is an attempt to acquire personal information (such as credit card info, bank account info, and username and passwords) through trickery and deception. Phishing attacks typically are delivered through emails and instant messaging or through applications that appear harmless.
  • Evil Twin Attack – is an attempt to obtain personal information and resources by impersonating an individual on a social network.  The evil twin (impersonated user account) is able to fool trusted user’s friends and contacts into a big scam.
  • Identity Theft – is an attempt to commit a crime by assuming someone else’s identify, such as through appearance, sound/voice, and smell of a person.
  • Cyberbullying – is an attempt to harass, harm, humiliate and/or intimidate someone through the use of technology such as by posting materials that are harmful, offensive and/or insulting.
  • Physical Threat – is an attempt to gain access to an environment through any means, such as by using information obtained on social networks to commit crimes such as robbery, assault or even sex crime.

How Can You Protect Yourself from Popular Social Media Attacks?

There are safety measures available on the Internet that can be followed to avoid becoming a target or victim of cybercrime and still enjoy the benefits of social media.  These safety measures have one commonality, that is, be careful of what you share and who you share it with on social networking sites.  Following are some good safety tips from various sources including from the article “How Social Media Networks Facilitate Identity Theft and Fraud” from Entrepreneur’s Organization website and from the book the “Seven Deadliest Social Network Attacks”:  

From Entrepreneur’s Organization website

  • Never, ever give out your social security number or driver’s license numbers.
  • Watch where you post and what you say, as it can be used against you later.
  • Don’t give out your username and password to third parties 
  • Avoid listing the following information publicly: date of birth, hometown, home address, year of high school or college graduation, primary e-mail address.
  • Minimize the use of personal information on your profiles that may be used for password verification or phishing attacks.
  • Consider unique user names and passwords for each profile.
  • Vary your passwords and change them regularly.
  • Only invite people to your network that you know or have met, as opposed to friends of friends and strangers.
  • For password security verification questions, use a password for all answers (rather than the answer to the specific question, like “What is your mother’s maiden name?”).

From the Book the “Seven Deadliest Social Network Attacks”

  • Don't click on unknown links.
  • Never open e-mail attachments from people you don't know.
  • Do not accept friends you don't know.
  • Do not use applications you are not familiar with.
  • Ensure you configure your privacy settings.
  • Install and run antivirus software.
  • Keep antivirus software up-to-date with the latest signature updates.
  • All downloaded files should be scanned by antivirus software prior to opening it or running it.
  • Install and run antispyware software.
  • Keep the signature files for antispyware software up-to-date.
  • Utilize the most up-to-date patches for your software.
  • Do not use any storage media that has been used in another computer, unless you are certain the computer is free of viruses and will not pass the virus on to your system.
  • Install and run local firewalls on your desktops and laptops.
  • Be aware of existing and emerging threats
  • When dealing with phishing attacks, the most appropriate action is take no action
  • Choose strong passwords
  • Simply don't accept friend request from people you do not know


In summary, social media networks such as Facebook, Twitter, and LinkedIn have become prime targets for cybercrimes.  There is a wealth of information on social networking sites.  Criminals want your personal information and use these to trick you and others into divulging more information in order to perpetrate crimes such as assault, robbery, fraud and identity theft.  Also, there are many new and inexperienced social network users that are easy prey for hackers and criminals. These users are unaware of the proper privacy settings to protect their personal data.  These users are also unfamiliar with social engineering tactics and are easily tricked and convinced to provide personal information or even deposit money into a perpetrator’s bank account.  Lastly, there is an increased reliance on social networking as a vital means of communication.  Hackers and terrorists attack social networks to disrupt an organization’s business or the national security or financial health of a nation.  Hackers also use social networks to disseminate malicious information on targeted groups and/or individuals. Social Media offers a lot of benefits.  But you need to be careful of what you share and who you share it with on social networking sites.  It is also important you understand social media attacks and your attackers so you know how to protect and defend yourself and still enjoy the benefits of Social Media.  There are information security best practice and preventative measures that can be followed for safe social networking.   



2013 Cyber Attacks Statistics (Summary),, Paolo Passeri , January 19, 2014

Australian government uses Twitter to broadcast emergency alerts,, Kelly Ng, 27 December 2013 |


Cyber-criminals Increasingly Targeting Attacks on Social Networks,, SPAMfighter News - 09-05-2012

Cyber-criminals Increasingly Targeting Attacks on Social Networks - See more at:

Facebook Quiets Skeptics With Audience Growth and Mobile Money,, Brad Stone, January 29, 2014

Facebook Statistics,, Facebook, January 1, 2014

How Social Media Networks Facilitate Identity Theft and Fraud,, Entrepreneurs ‘ Organization, 2013

ID Theft, Fraud & Victims of Cybercrime,, National Cybersecurity Alliance, 2014

Security Threat Report 2014 , 

Seven Deadliest Social Network Attacks ,,   Carl Timm and Richard Perez , Syngress Publishing © 2010 Citation

Social Media Risks Create an Expanded Role for Internal Audit,   Deloitte,  April 6, 2013

Top 10 issues in IT security for 2014,

Top 15 Most Popular Social Networking Sites as of March 2014,

Turkey blocks use of Twitter after prime minister attacks social media site, Kevin Rawlinson, The Guardian, Thursday 20 March 2014

Twitter launches alerts for emergency broadcasts,, Benny Evangelista, September 25, 2013

Twitter Statistics,, Twitter, January 1, 2014

Typhoon Haiyan (TyphoonHaiyan) on Twitter,, Run by @asiacentria, @backspacenews & @newsgon teams.

What to Do If You’re a Victim,, Norton by Symantec

Why Social Networking Sites are a favourite with Cyber criminals today!,, CyberRoam, May 18, 2013 


Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.


OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment

OnCourse Staff's Posts Subscribe to RSS Feed

Flood Coverage – Still a Hot Regulatory Issue
Interagency Statement on Sharing BSA Resources and Challenges
New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Regulation E and Business Account Errors
Controls over Employee and Officer T&E Expenses
Is Regulation CC Put on the Back Burner?
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Keep an Eye On Your Chip!
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
Top Compliance Topics Discussed at the NJ Bankers Compliance University
Some tips and tricks for dealing with Regulatory Examinations
Updated Regulation E Booklet from the OCC!
Is Flood Disaster Still on the Heat Map?
Have You Implemented Your Plan yet?
FDIC Consumer Newsletter
More Flood Insurance Changes...
Same Sex Married Couples - Ensuring Equal Treatment – Announcement from Consumer Financial Protection Bureau
Truth in Lending (Regulation Z) Annual Threshold Adjustments (CARD ACT, HOEPA and ATR/QM)
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
ABA Survey on Impact of Dodd Frank Compliance
ABA Mortgage Origination Deskbook
Who handles Your Dormant Accounts?
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
The Credit -- Er, IT Crisis?
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Wag the Dog
Consumerization of Technology and its influence on Information Security
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
How do you charge Early Withdrawal Fees on Time Deposits?
Do you still offer NOW Accounts?
Policy Changes Required – Do you Wait until Annual Approval?
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
ACAMS to provide Free Webinar
ACBB Changes its Name
Who Do You Give Cash to?
ABA Briefing to Help Banks Address Cyber-security Threats
The OCC Issues Booklet: “A Common Sense Approach to Community Banking”
Safe Deposit Box Contents are not insured – But They COULD Be!
Allowance for Loan Loss Tips and Tricks
FDIC Can Review New Products
Let’s Talk About Overdrafts!
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
Regulation E and NACHA Rules: When you Want to Stop Payment on a Recurring Debit
CFPB Stands Up Against Poor Debt Collection Practices
Don’t Forget the Small Stuff
Double Endorsed Checks: What is the Risk?
Social Media – Will the Regulators Do Spot Checks?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Solutions to Reducing Dormant Accounts at Your Institution
Pandemic Preparedness: Are you testing your Pandemic Plan?
Regulation E Foreign Remittance Rules
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Expiration of Unlimited Deposit Insurance for NIBTAs
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why acxell Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
Regulation O – 5 Easy ways to avoid violations
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA