Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

04 November 2020

Kaspersky warns business about social networking apps being exploited for phishing

10/30/2020 04:09:39 AM


Do your employees aware that they may be vulnerable to cyber fraud through the apps they are using?

The latest news story by Kaspersky said employees of small and medium businesses have been using accessing several web services while working, including YouTube, Facebook, Google services, and WhatsApp, with some of these applications being the most exploited by malefactors as a springboard for phishing. 

However, the said list differs from the services that employers tend to limit for use on corporate devices. And while organizations can have different priorities and permissions for what web services can be used by their employees, it is still important to make sure they stay protected from any cyber-risks, especially on how they can infiltrate corporate endpoints – for example, through phishing in cloud services – because once a web service becomes a popular or trending item in the cyberspace, it may turn into a more attractive target amongst scammers. 

For example, the TikTok app has gained enormous popularity over the past few years that it appeared to be flooded with fake accounts and scammers who are gradually improving their skills as the service rises in popularity. Protection from such scams and phishing attempts is crucial to ensure both personal user accounts and corporate data and devices remain safe. 

According to anonymized statistics of events captured in a Kaspersky product, voluntarily provided by its customers, the top five web services employees access more often from their corporate devices include a video sharing platform, a social network, a mail service, and a messenger. Among the names following these structures are ones leading such as YouTube, Facebook, Google Drive, Gmail, and WhatsApp. Unfortunately, they are also exploited for phishing and other malicious actions. Kaspersky's analysis revealed the top five applications where phishing attempts were found most often: Facebook (4.5m phishing attempts), WhatsApp (3.7m), Amazon (3.3m), Apple (3.1m), and Netflix (2.7m). Google’s offerings bundled together, including YouTube, Gmail, and Google Drive, took the sixth position with 1.5m phishing attempts. With the two lists sharing many of the services, these results only confirm the trend that popular applications have become valuable platforms for fraudsters’ malicious actions. 

The product statistics also showed what web applications are most likely to be limited to organizations’ corporate devices. The top five most blocked applications only include social networks: Facebook, Twitter, Pinterest, Instagram, and LinkedIn. These decisions can be made for a variety of reasons, such as complying with data regulations, or in line with specific organization requirements for social media use. And while it includes Facebook, which is actively exploited by scammers, it doesn’t include messengers, file-sharing, or mail services – probably because they are often used for working purposes as well as for personal needs. 

“We can’t imagine our daily lives and work, without different web services, including social media, messenger apps, and file-sharing platforms. They allow us to communicate and share thoughts, ideas, images, and inspiration – and this has become even more of a reality when the entire world has spent many months online this year. However, it is important for any organization to understand where threats may come from and what technology and awareness measures are needed to prevent them. Businesses also need to provide their employees with comfortable use of services they require, so it is crucial to get the balance right. We at Kaspersky appreciate this and provide organizations with relevant protection tools and expertise,” says Tatyana Sidorina, a security expert at Kaspersky.

All that being said, Kaspersky recommends the following steps to ensure a safe and secure way of using web services by the company and its employees.
  • Show employees how to recognize fake or insecure websites and phishing messages. Encourage them to never enter their credentials before checking a website’s credibility, or open and download files from unknown senders. 
  • Conduct basic security awareness training for your employees. This can be done online and should cover essential practices including those that protect against phishing, such as account and password management, email security, endpoint security, and web browsing. Kaspersky Automated Security Awareness Platform [] provides such training in an easy and effective way. 
  • Adopt a proven endpoint security product with web, network, and mail threat protection.
  • It is also important to enhance IT managers’ expertise in relevant cyber threats and how to prevent them. Kaspersky Endpoint Security Cloud now provides Cybersecurity for IT Online training that allows them to learn new skills on how to classify malware and how to recognize malicious and suspicious behavior in software. It is available as a beta version on the product management console
Author: slickmaster | © 2020 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!