CYBER criminals are using fake social networking profiles in a bid to access data which could allow them to hack bank accounts and company computers.
The Scottish Business Resilience Centre (SBRC) has warned that organisations could be attacked by hackers who gather information from networks such as Facebook or Twitter.
The group revealed that one Edinburgh financial services company employed an “ethical” hacker who set up fake profiles on Facebook and LinkedIn and befriended employees.
It found he was able to identify and gain the trust of employees and ultimately obtain access to the firm’s network, critical systems and sensitive corporate and client data.
“Social media offers many benefits which businesses in Scotland need to seize upon, such as providing a dynamic, accessible link to customers and creating a community for feedback and consultation on products and services,” said Mandy Haeburn-Little, director of the SBRC.
“However, e-criminals are all too aware of people’s trusting nature and are now commonly using social media to source private information – through legitimate means.”
Haeburn-Little warned that people must be more wary of “strangers” they encounter online.
She said: “As children, we are routinely told not to speak to strangers. Online, as adults, that same rule and level of caution does not apply. Most of us surf the web on a wave of naivety, connecting with virtual – and literal – strangers.”
The criminals often pretend to be an acquaintance of the individual, convincing them to “friend” them on the sites, giving them access to swathes of private information, often including date of birth, hometown and other information often used in security password questions.
Such breaches can cost small businesses an average of between £35,000 to £65,000 a time.
A report by PricewaterhouseCoopers found that 87 per cent of small businesses had experienced an IT security breach in the previous 12 months – with 63 per cent of those attacks by “unauthorised outsiders” including hackers.
A total of 57 per cent of companies said the breaches were related to social media accounts owned by staff.