How can social engineering be used on social media?


Cyber security must be approached on multiple fronts in order to be successful. Whilst technical measures such as MFA, complex passwords and spam filters make up a large part of cyber security, staff training, awareness and policy is also very important.

It’s important to be vigilant on the internet, be it logging into LinkedIn, or on email, you should always be careful about what information you are sharing, even if it appears innocent.

Opinion polls, personal polls and quizzes are popular on large social media networks such as Facebook; you may often see viral posts asking users to answer questions and then ask their network to answer to see how they compare, while these quizzes and polls may seem harmless, they could be social engineering.

What is social engineering?

Social engineering is a form of manipulation to get users to give away confidential information, for example passwords or payment information.

How is social engineering being used on social media?

Social media networks are full of quizzes to tell your network more about you, they tend to include questions such as ‘what was your first pets name?’ ‘what city were you born in?’ and ‘what’s your favourite colour?’ while these may seem like harmless fun, for some people the answers to these questions may well form part of their personal password, or possibly even their account security override questions. While questions like “what is your mothers maiden name?” should send alarm bells ringing, any quiz asking you to give personal information is best avoided.

How to protect your business

The best way to protect yourself and your business against this form of social engineering is to avoid quizzes and polls on social media and to be mindful of the personal information you may be posting.

Business owners should further consider employee training in cybersecurity, helping them to identify possible threats, as well as having policies in place for sensitive activities like payment processing for example that could be compromised if a business mailbox gets hacked and the hacker impersonates the user to request payment.

Employees should feel comfortable to raise any concerns about odd requests from other employees, for instance, if an employee receives an unsuspecting email requesting a large sum of money or gift cards, they should be able to identify it as a potential phishing email and feel comfortable to question the sender through separate communication (e.g., phone call) to confirm the request.

There should also be a set limit on payments without any approval, ensuring large payments go through an approval process before they can be processed.

Report any suspected cyber security attacks to your IT support company

Our customers can report any potential attacks to our friendly and professional team. If required, one of our engineers can see if there is any unusual activity taking place on their systems and support the user/s with any necessary next steps.

If you have any questions, give us a call on 0117 325 0370 or email