Every Social Media Platform Brings Its Own Security Risks — Here’s What to Watch For

The holiday season is a time for rest and celebration, but cybercriminals never clock out. As 2016 winds down, security experts are already forecasting a rise in social media security risks that will target businesses and individuals alike in 2017. According to Mike Raggo, chief research scientist at ZeroFOX, each social network presents a unique set of dangers — and attackers are becoming more strategic about which platform they exploit.

Why does this matter? Because enterprises are rapidly adopting internal collaboration tools like Slack, Workplace by Facebook, and Microsoft Teams. These platforms boost productivity, but they also open new doors for malicious actors. “As these platforms evolve, they become more unregulated, presenting a variety of different threat vectors,” Raggo warned.

LinkedIn: A Goldmine for Corporate Reconnaissance

LinkedIn remains the top choice for nation-state actors and corporate spies. Raggo explained that impersonators frequently pose as recruiters to connect with employees inside target organizations. “We’ve seen fake accounts tailoring their skills and resumes to information security,” he noted. Some accounts even change their job titles over time to match different industries, making detection difficult.

This type of LinkedIn impersonation attack is part of a broader reconnaissance effort. Attackers profile individuals and their companies to gather intelligence. As a result, LinkedIn is expected to become one of the most targeted platforms for hackers in the coming year.

Facebook and Instagram: Phishing Through Giveaways and Apps

On Facebook and Instagram, the social media security risks often come in the form of fake giveaways, contests, and extreme discounts. These scams lure users into clicking links that request login credentials or credit card information. “In all scenarios, they’re phishing information,” Raggo said.

What’s more, forwarding sites can now detect the user’s device type. If someone is on a mobile device, the site may prompt them to download a malicious app. This trend will only intensify in 2017, with hackers using images and videos as vectors to spread viruses. Mobile malware, in particular, will become a more prominent threat. One wrong click could compromise a phone, laptop, or even an entire enterprise network.

How These Attacks Work

Attackers often hijack hashtags or impersonate legitimate brands to distribute malicious links. Shortened URLs make it nearly impossible for users to verify the destination site. According to Raggo, “With one simple click, an unsuspecting victim can completely compromise their laptop or phone.”

Twitter: A Hotbed for Malware and Account Hacks

Twitter continues to be a primary channel for distributing malware and launching phishing attacks. Hackers use hashtag hijacking, impersonation, and direct messages to spread malicious links. The platform also saw a surge in account breaches in 2016, including high-profile incidents like the Zuckerberg hack and the leak of 32 million passwords.

Raggo predicts that Twitter-based attacks will only increase. The platform’s real-time nature and use of shortened URLs make it an ideal environment for cybercriminals to operate.

How to Defend Against Social Media Threats

While it’s impossible to eliminate social media security risks entirely, Raggo recommends several practical steps. First, enable multi-factor authentication on every account. “Multi-factor authentication should be a standard security practice for everyone online today,” he emphasized. Second, avoid reusing passwords across social platforms. Third, businesses must constantly monitor their digital channels for impersonator accounts, phishing links, and scams.

Organizations should adopt a programmatic approach to managing social media security. This means setting up automated monitoring tools, training employees to recognize threats, and having a response plan in place. “With a few digital hygiene best practices, individuals can protect themselves and slow attackers down in a substantial way,” Raggo concluded.

For more insights, check out our guide on social media security best practices and learn how to prevent LinkedIn impersonation attacks.