Cyber Risk Social Media: Potential Dangers For Your Business
Social media platforms such as Facebook, Instagram, TikTok and LinkedIn have long been a fundamental part of marketing for freelancers, self-employed and companies. However, the increased use of social media in business also harbours risks. Criminals have long identified this area as a lucrative source through which they can obtain sensitive data. In this article, we reveal which scams hackers use, how you can protect your social media channels and what to do if a cyber attack on your accounts does succeed.
Artificial intelligence offers a wealth of opportunities to make work easier and create high-quality content quickly. However, cyber criminals are also aware of this. For example, they use posted photos to create their own content on this basis and utilise it for their social engineering campaigns.
For example, it is possible to make the so-called fake president trick appear even more natural: Criminals pretend to be a manager and demand, for example, that large sums of money be transferred to supposed business accounts. These instructions are also repeatedly sent via messengers such as WhatsApp. Deepfake enables authentic profile pictures to be created in this context, among other things. It is also possible to create "proof photos" to reinforce the impression that the person is really authorised to issue instructions. This makes it even more difficult for the recipients of this scam to distinguish between reality and fake. In most cases, the fraud only becomes apparent when it is already too late.
Ever since the triumph of ChatGPT, the use of AI has raised some fundamental security questions. We shed light on where the risks lie in the article AI and Its Dangers: The Potential For Abuse of Artificial Intelligence
Social media accounts are used to present your business and the people behind it to potential customers. This includes regularly sharing something about yourself and authentically showing who you are. But think carefully in advance about what you want to disclose! This is because criminals use this information to gather anything that could help them in their activities. Knowledge of internal processes and structures makes it easier to create suitable fake profiles. Fraudsters then use these to approach your customers and business contacts and manipulate them into handing over sensitive data. The more information criminals can acquire, the more successful they are.
In fact, social engineering is one of the most widespread scams. Read here to find out how you can protect yourself: Social Engineering: When People Become a Risk.
Even in business networks, you are not safe from criminal activity. According to a study by cyber security company NordLayer, 56 per cent of the 500 companies surveyed experienced at least one attempted fraud via LinkedIn in 2023. Here, too, phishing attempts take first place among scams: Criminals are particularly fond of sending contact requests with links that are enriched with malware or pretending to be technical support staff. Damaging the reputation of a business is also often the method of choice.
Nevertheless, LinkedIn remains an important business network, especially for freelancers. In the article LinkedIn: The Right Way for Freelancers to Use the Business Network, you can find out how to get the most out of the platform.
An absolute horror scenario for all freelancers and the self-employed certainly is the takeover of a social media account by hackers. The consequences of such a hostile takeover can be serious - here is a small selection.
- Your channel is flooded with inappropriate adverts.
- The criminals capture important data and information, such as user data, which they sell for a profit.
- After the takeover, hackers use the access to your account to ruin your reputation, for example by posting illegal content on your profile.
- Your contacts receive messages with further malware via the hacked channel. If these are clicked on, criminals can expand their activities even further.
- In the worst case scenario, your entire online identity is hijacked.
But how do you recognise that your account has been hacked and what can you do about it?
Of course, you can only react to a threat that you recognise. It is therefore important that you realise early on if one of your social media accounts does fall victim to a cyberattack. The following indications speak in favour of a successful hack:
- Accounts that you don't even know suddenly appear in the list of people you follow - or comments have even been posted and likes given in your name.
- Posts appear on your profile that you have definitely not published yourself.
- Messages are sent in your name that you cannot remember.
- You cannot even access your account, even though you are using the correct password.
- You receive an email or text message asking you to reset your password, even though you have not requested this.
- Your profile is flooded with adverts that have absolutely nothing to do with the topic of your account.
- You receive a push message about the login process to your account via an unknown device.
The Perfect Coverage For Your Social Media Presence
With Professional Indemnity Insurance from exali, you are not only covered against industry-specific liability risks and the resulting financial loss, personal injury and property damage. You can also extend your insurance cover to include first-party damage with our optional Add-on.
These first-party damages do not affect third parties, but your own business - for example, if your social media account is hacked. This is where our additional Add-on for First-Party Cyber and Data Risks Insurance (FPC) can help you, among other things, by covering the costs of computer forensics to clean up your systems. The insurer also covers the costs of any necessary crisis management and PR as well as specialised lawyers.
Our experts at exali customer service will be happy to help you put together your customised insurance coverage. You can reach us from Monday to Friday from 9.00 a.m. to 6.00 p.m. (CET) on + (49) 0 821 80 99 46 0. Alternatively, you can reach us conveniently via our contact form.
In the event of a hacked account, it is important to react quickly if you want to limit the damage. Be sure to change your login details for the affected social media account and the email account you have on file. Also inform your contacts about the cyberattack - but preferably in person and not via the compromised channel itself.
What To Do If Access Is Blocked?
If your account is hacked, there is also the possibility that criminals will not only change your account access data. In the worst case, they may also change the email address required to recover the password. This means that you can no longer access the compromised account.
In such a case, the only last resort is to contact the support team of the respective platform. The team there will take care of the matter - but please be patient.
To minimise the risk of a cyberattack on your social media accounts, you can take a few measures in advance.
Activate automatic updates:
This often patches security gaps that criminals would otherwise use as a gateway.
Secure your smartphone:
Use at least one available locking method, for example a PIN, or store your fingerprint. If you don't use this low-threshold option to secure your accounts, criminals can easily gain access to a lot of sensitive data in the worst-case scenario. This is the case, for example, if you lose your smartphone or if you are not careful for a moment and let your device out of your sight.
Check your emails carefully:
If you receive mail from one of your social media platforms, the following applies: Do not simply click on links within a message. First make sure that the email really comes from the indicated sender. Because if you sign in via a link sent by hackers, you are simply giving them access to your login details.
Use two-factor authentication:
When logging in to a social media platform, it is best to confirm your identity in two ways: once with your access data and additionally via a confirmation code by email or text message or via an authenticator app that automatically generates a code. This creates an additional barrier for cyber criminals when it comes to accessing your social media profiles. In this context, it is important to regularly check the email account stored in your profile. You will be notified there if someone tries to log in from a different device.
Use a password manager:
Never use the same password for all accounts - even if it makes it easier for you to memorise this data. A password manager will help you to keep track of the many different accounts and passwords. Usually, you "only" have to remember one master password. The manager then generates all the other passwords for the respective accounts.
Use a VPN when travelling:
Social media often takes place on the go. After all, you can quickly post something from your smartphone and insights into live events or remote work make a social media account truly authentic. To save data volume, access to public Wi-Fi is a good option. But this is often not particularly secure! This is where the use of a VPN (virtual private network) can help. This encrypts the data traffic and hides your IP address. This means that nothing stands in the way of secure posting while travelling.
As you can see: Social media offers great potential for every business, but at least as great risks. However, if you are aware of these risks and practise prudent risk management consisting of preventive measures and protection, you can turn your social media accounts into a profitable part of your business that will attract many potential customers to your offering.
Vivien Gebhardt is an online editor at exali. She creates content on topics that are of interest to self-employed people, freelancers and entrepreneurs. Her specialties are risks in e-commerce, legal topics and claims that have happened to exali insured freelancers.
She has been a freelance copywriter herself since 2021 and therefore knows from experience what the target group is concerned about.