Protecting against social media phishing attacks

protecting against social media phishing attacks

How can I protect my organisation from social media phishing attacks?

Social media is an excellent way to share the latest information about your organisation’s products and services directly with your customers. But while social media platforms can attract the audience you want, they can also expose your business to the unwanted attention of hackers. With the majority of your employees likely to be using one or more social media platforms, hackers can target these employees to gain access to your network using spear phishing attacks. *link to spear phishing article

How do hackers target employees on social media?

Social media is orientated towards getting its users to share information, whether that be tweeting, posting pictures on Facebook or using WhatsApp for work and socialising, these platforms need their users to engage. But it is exactly this mentality that can lead employees using these platforms for their work or socially to leave themselves open to phishing attacks.

Hackers can scrape the profile information of your employees and organisation to create targeted phishing campaigns in an attempt to hijack accounts, damage your organisation’s reputation, or gain access to your network. A 2020 study revealed that Facebook and WhatsApp were the two most target platforms, with 4.5 million and 3.7 million reported phishing attempts occurring respectively.

Another concerning trend for organisations is the increasing use of work email address by employees to login to their personal social media accounts. Social media platforms are highly targeted for data breaches, meaning that hackers can soon find out if a user has their work email linked to their account. From here, hackers can set up targeted phishing scams to again access to business networks.

What measures can I take to protect my organisation from social media phishing attacks?

Many organisations will ban and block social media sites from being used on their network, but, with some social media platforms, such as WhatsApp, become more integrated into working life, this can prove ineffective at stopping cyber security attacks through phishing scams.

Training your staff on vigilance against targeted phishing attacks and the dangers of using their work email on personal accounts is an important measure. You can also use a free Social Media Phishing Test that can identify which users in your organisation are vulnerable to these types of phishing attacks, so you can better implement training and security measures to combat cyber breaches.

Concerned about phishing attacks? Talk to us

If you’re concerned about the on-going threat of phishing attacks and cyber breaches in your business, we can help you decide on the best way forward. We’ll discuss how to protect your business and will look objectively at your organisation, systems and security needs and work with you to develop an effective security plan.

If you would like to speak to us about any aspect of this article, contact Andrew Wayman at or call our office on +44 (0)1344 870062.