Privacy Perils: We're Just Not That Into You – But Criminals Are

Bass, Berry & Sims PLC
Contact

Bass, Berry & Sims PLC

Use of social media is pervasive, invasive, consuming, and immensely entertaining. It can also be a useful business tool on an individual and a business level. We are all also aware — or should be by now — that posts are immutable, widely accessible, and permanent (or near-permanent). Imprudent, hasty or downright offensive posts are at best embarrassing; they may also lead to a host of horrors, including reputational damage, client loss, employment sanctions, and social ostracism (or at least Unfriending).

Add to the list of risky behavior over-sharing. We have previously warned of the danger of disclosing your physical absence through certain Out of Office voicemail or email messages and daily Facebook posts of the wonders of your overseas vacation. Less obvious, but maybe more risky, is the opening over-sharing posts provide to scammers. The National Cyber Security Centre (NCSC) disclosed a case study in which a law firm employee was convinced to pay a fraudulent invoice — despite policies and procedures in place to prevent such scams — in response to a spear phishing email from a partner's spoofed email account. The partner had unnecessarily posted on social media the details of an upcoming business trip overseas, including flight information, meeting plans, and even weather forecasts. Cyber criminals who search for just such postings then used that information to target the firm with what would then seem to be a legitimate business expense request.

Similarly, the NCSC reported another successful spear phishing attack where the targeted email requested payment of a fraudulent invoice referencing the business' installation of a new accounting system. The criminals learned of the software conversion because an employee had mentioned in a Facebook post that the accounting team was tied-up installing and training on the new system.

Even the most innocuous social media posting can be business intelligence to cyber thieves whose only job is to search for exploitable information. Chat if you choose, but keep your cards to your chest.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bass, Berry & Sims PLC | Attorney Advertising

Written by:

Bass, Berry & Sims PLC
Contact
more
less

Bass, Berry & Sims PLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide