Do you know who could be following you on social media on #SocialMediaDay?

Social engineering is one of the fastest growing cybercrimes out there and it’s our personal information which allows these attacks to be so successful. Offenders are becoming ever more adept in targeting people’s confidential information, gleaning such data as passwords and bank details through very straightforward methods.


A good social engineer will often take weeks or months getting to know a company through a variety of ways. Scouring the major social media sites and business websites for bits of personal information about you are easy wins. For many South East businesses that rely on their social media channels for business, this potentially leaves them wide open to such an attack.


Unsecured, public profiles are the most useful, but even if you keep your privacy settings on high, there’s no guarantee that a family member or close acquaintance might not have shared information about you on their profiles.


Phishing is also a form of social engineering and is now commonly considered to be the most disruptive type of violation that organisations face according to the Cyber Security Breaches Survey 2021, with 62% of businesses reporting this to be the case.


Cyber criminals will use the personal information they have been able to glean through social engineering and contact individuals by email, telephone or text message. They will pose as a legitimate organisation to lure them into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.


Take for example the recent Facebook leak where it was revealed that nearly half a billion platform users' personal information was breached including full names, birthdays, phone numbers and their location.


Facebook has since said that the leak dates back to an issue from 2019 and has now been resolved but with more than 30 million accounts in the US affected the damage has already been done.


Other ways in which a cybercriminal can find information on you is by researching other organisations you’re affiliated with, for example, local charities or perhaps you sit on a local board. Personal details send strong signals about your interests and the types of appeals that might be most effective on you.


On a more conspiratorial note, someone you know from a company may be recruited to infiltrate your activities, or industrial espionage specialists may profile you though the internet and get to know your preferences, hobbies, contacts, and friends.


These are just a few methods that cybercriminals can employ, so if you want your business to be truly resilient, then here are our top five tips on preventing personal data from being hacked.

  1. Keep social profiles locked down

  2. Be wary of cold calls

  3. Set your spam filters to high – and we don’t just mean on your computer

  4. Follow security best practices

  5. Opt-out of people-search sites


Also be aware of business email compromise (BEC), which is where a criminal gets access to an email box. They set up forwarding rules which directs any emails containing financial keywords such as ‘invoice’ or ‘payment’ to another inbox. They may also impersonate the victim by sending a change of banking details or set up a fake email account with very close spelling (typosquatting) to take over the communication. Take a look at this video of how outsiders try to get in.



For more information on social engineering or if you have any questions about how to be more cyber resilient then contact a member of the team. Alternatively, sign up to be a core member today and have immediate access to resources and tools that walk you through some really practical cyber security basics.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.