April 21, 2015Organizations should treat social media as they would any other electronically stored information and assume it is potentially discoverable. Und...
March 26, 2015Feeling overwhelmed by the massive amount of customer feedback data you’re collecting? You’re not alone! Many businesses are struggling to find...
February 20, 2015Symantec, the global technology security provider, needed to provide its global customer base access to social customer service. They were...
February 20, 2015An Employee Advocacy program has value beyond your company’s marketing department. The community you build will be the single most important...
Jul 30 Posted 7 months ago
To follow on from section 2 of the article, one of the specific pieces of information users should be looking to ensure remains private is their email address. Social networking sites and forums can allow users' email addresses to become visible, allowing them to be trivially enumerated and targetted by phishing and spear-phishing attacks.
For personal accounts, this can mean your email inbox becoming flooded with phishing emails, trying to get you to click links to malicious websites that put your personal data at risk.
For corporate accounts this poses an even bigger problem - we often see attackers performing spear-phishing attacks against organisations in a bid to exploit employees to gain access to confidential and sensitive corporate data and/or systems. The vast majority of these attacks use information found in the public domain, including corporate email addresses listed on social networking sites and forums, as a base from which to identify employees inside an organisation to target with spear-phishing - with success rates often in the region of 65%+, even against firms with good employee security awareness training in place.