Cisco: Facebook Scams are Attackers’ #1 Choice for Breaches

Research published in Cisco’s 2015 Midyear Security Report reveals that social media exploitation -- Facebook scams in particular -- has officially taken the crown for the most commonly used method into an organization’s network.

The research found Facebook scams are the #1 web-based attack for cyber criminals seeking to compromise an organization’s systems. Cisco reported roughly 10,000 instances of Facebook scams, 25% more than the next highest attack, JavaScript exploits, and 10x more than traditional email phishing.

Facebook's 1.49 billion monthly active users make it the world's largest nation-state, used by 70% of American each day. It is, for better or worse, a nation without borders. Adversaries exploit the social media giant for its sheer size and trusted nature, making it the medium of choice for both inexperienced and sophisticated network hackers alike. For the adversary, the barriers to entry have never been lower, and the targets have never been more trusting and click-happy.

According to Norton, some nearly 40% of people accept unsolicited friend requests, and 4 in 10 users report falling victim to cybercrime on social media. Another report published by McAfee reveals that more employees have experienced cybercrime on social media than on any other business application, including file sharing and email.

Cisco stressed the importance of holistic network security, as many organizations still rely upon proverbial Band-Aids to treat complex, widespread security threats. Cyber criminals are evolving to better manipulate the digital landscape, redefining cybercrime in the process. As the prevalence of Facebook scams continues to grow, security teams must drastically reconsider how social media factors into the security equation.

Facebook isn’t alone in the cybercrime department: Cisco’s publication was closely followed by a report from FireEye, which describes how Twitter was used as the main attack tool to breach government networks. Late last year, Instagram announced a purge of fraudulent accounts, taking a first crack at a growing problem of fake profiles. Other networks including LinkedIn, Pinterest, Google+ and YouTube have begun grappling with fake accounts, phishing campaigns and information theft.

Social media cyber threats are here to stay. The questions is how to handle them.