Chain of Attack

How Your Facebook Can Lead To A Ransomware Attack

I talk a lot about social media, cookies, and data mining. It’s not just here on Tech Talk either. My friends and family’s eyes glaze over when I start waxing poetic on always modifying cookie settings or locking down your Facebook profile.

But I also believe that you have to understand something that plays such a huge part in your life. Saying, “get rid of all your social media,” just isn’t an option for a lot of people. So how can your Facebook lead to your actual job having to pay after a ransomware attack? Let me tell you a story.

Once Upon A Time…

Once there was a an employee who was quite proud of her job. She had it listed on all her social media channels. She should be proud too, she worked hard to climb the ladder at her company. This employee also loved talking about her place of employment.

Along came a cybercriminal. Since the employee had her Facebook public, he was able to see where she worked. Getting her data was easy enough. Not only did she overshare online, but all of the accepted cookies and social trail she left gave a pretty comprehensive history.

This particular brand of cybercriminal operated mostly through phishing emails. With a little clicking, he was able to find someone in the company with less tech experience than the employee. He fired off his phishing email and waited.

That co-worker opened the email attachment not realizing what it was (education is important!) Luckily, the company deployed a comprehensive allow-list based antivirus on all company machines and the tricky trojan that would have been released was caught and blocked.

Our cybercriminal was thwarted. Except, he wasn’t.

See, the cybercriminal didn’t just find information on the employee’s co-workers, but also on her friends listed on her social media account. He sent phishing emails across the networks of those people too. And one of the companies he targeted didn’t have a comprehensive security plan. They were hit. It cost them $250,000. There was no way for them to track how they’d been targeted since their ability to trace it back never connected to the employee who didn’t work there.

A Lesson Learned

Didn’t see that ending coming, did you? That little twist ending may have been dramatic, but it’s completely plausible. Cybercriminals not only have access to all of your social information, but they can tap into your friends as well.

A sum of $250,000 could shutter the doors on a small business. It’s even scarier to know that small businesses are being attacked more and more as ransomware ramps up. Social media isn’t completely avoidable, but it can be safer.

The entire story is fiction, by the way. No actual companies were harmed in the telling of this story. It is, however, a situation that I’m sure has happened and will happen again. As we surge forward in the war on ransomware, remember that it’s all our responsibility to keep each other safe.

Remember to think before you share, and, as always, stay safe out there.

 2,093 total views,  1 views today

(Visited 1 times, 1 visits today)

2 thoughts on “Chain of Attack”

  1. I run a small business out of my basement office. I was on Facebook for about 6 months and decided it cost me too much of my valuable time. Too many fake farmers and candyland players. I deleted my FB account and never looked back.
    Never have been on any of the others, and I and my business are doing fine. I sold over 1/2 million last year without using social media. If I want to speak with anyone in my family, I call them or go see them. IT CAN BE DONE!!!

  2. Where is it graven in stone that getting rid of social media is not an option? If you have let this crap take over your life, then I really feel sorry for you. From day 1 I predicted what a cesspool this would become. The geometric growth, Ponzi style of “friending” and the rest of the foolishness upon which Facebook, Twitter, and all the rest were obvious.
    Now you can’t scratch your privates without some form of targeted advertising, “suggestions for you”, and the rest of the detritus stemming from this seemingly innocuous “service”. Makes the Bonzi Buddy sem benign.
    Where will it end? Why must the President waste his time “Tweeting”? Why would I care what is “Trending”? Why do I need “Suggestions” from a machine?
    What an amazing waste of time, resources, money and computer cycles. Not to mention the loss of privacy and security. Makes COVID 19 seem like a case of the sniffles.
    Stop the insanity! Eschew this crap for a week or two. See how much less stress you have. Smell the fresh air.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.