By Brady McCoy, Azimuth Corporation Facility Security Officer (FSO)

As of July 2023, the most popular social media networks worldwide,* ranked by approximate number of monthly users, are Facebook (3 billion), YouTube (2.5 billion), WhatsApp (2 billion), Instagram (2 billion), WeChat (1.3 billion), TikTok (1 billion), and Snapchat (750 million). To a cybercriminal with phishing lines in the water that is approximately 13 billion phish primed for catching. Phishing is on the rise and is only projected to become more prevalent.

For those unfamiliar, phishing is a form of social engineering in which cybercriminals use emails or malicious websites to entice users to click on the bait (seemingly reputable links), enabling access to valuable personal information, such as bank accounts and social media. Once inside these accounts, criminals can create chaos with your finances or even pose as you to request assistance, money, and/or donations, especially around special times of the year like holidays.

Cybercriminals use data mining to collect your information and create the perfect bait. When thinking about your Internet presence, consider that if you can see it, a cybercriminal can see it. If you have a Facebook bio, 1000 friends, 500 pictures, and links to all your influencers, a data miner can create gourmet phish food. The data miner will go from Facebook to Instagram to Snapchat and any other social media presence containing your personal information and piece together your life and possibly work routines. If you add a little spice to your page, documenting your vacation adventure or checking in at favorite restaurants and/or tourist attractions—or even just your home or workplace—data miners can easily identify patterns, trends, and potentially form business conclusions without your knowledge.

Most of us are guilty of sharing a little too much, but if we stop and think from the data miner side of the boat, we can hopefully mitigate or slow down their efforts. Social media is a great place to share, network, and have fun, but we all need to be leery of potential social engineering tactics that help the adversary get the information they need for that perfect bait.

When job recruiting, we need to take care, as well. According to a recent DCSA (Defense Counterintelligence and Security Agency) report, one of the most prevalent and on-the-rise phishing attempts is the use of LinkedIn to search, find, and apply for jobs that require access to classified information. Many of the attempts are centered around collaboration requests and employment with electronics, aeronautic systems, and software. Only U.S. citizens can hold a security clearance so any attempt to gain employment or seek collaboration by individuals who cannot achieve that clearance should send flares up and be reported.

As a lifelong security expert, I am determined to share my knowledge to create a strong security culture, encourage reporting, and show ways to monitor online footprints and maintain vigilance—while still having a robust network and lots of fun. Come back and visit the FSO Corner for more security tips to safeguard your personal information—and our national security!

* According to the website Statista