While corporations and government agencies around the world are training their staff to think twice before opening anything sent by email,
hackers have already moved on to a new kind of attack, targeting social media accounts, where people are more likely to be trusting.
“It’s something that you don’t hear as much about,
but the problem is pervasive,” said Jay Kaplan, a former Defense Department cybersecurity expert and senior cyberanalyst at the National Security Agency who is now the chief executive of the cybersecurity company Synack.
And the human error that causes people to click on a link sent to them in an email is exponentially greater on social media sites, the officials said,
because people are more likely consider themselves among friends.
Another official, who spoke to on the condition of anonymity because he was not authorized to speak to reporters, described the problem as teaching an entire department to be wary of anything
that was sent to it — even if the message appeared to come from family or a friend.
“Social media gives a number of indicators to an attacker, on a state-sponsored level, that you couldn’t get through email.”
Outside of simply using a spear phishing email to gain access to a network, attackers could use an account to gather intelligence.
“They also don’t assume people on their network might be attackers.”
According to a 2016 report by Verizon, roughly 30 percent of spear phishing emails are opened by their targets.