Facebook has over 2.8 Billion users.
LinkedIn has over 740 Million members.
Twitter has over 350 Million users.
Instagram has over 1 Billion users.
Kevin Mallory was a former CIA case officer (undercover operative) for years before becoming an intelligence officer for the DIA (Defense Intelligence Agency). He was fluent in Mandarin. He had huge debts and was behind on his mortgage. That's when a Chinese headhunter reached out to him to connect on a widely used professional social media platform - LinkedIn.
Chinese operatives recruited him over a short period of time, offering large sums of money in exchange for classified information from government agencies. Mallory traveled to China twice to meet with his Chinese handlers who gave him a modified Samsung phone that doubled as a covert communications device. Mallory had become a spy. Fortunately he wasn't a good one and was caught.
It all began with a connect request on LinkedIn.
Beyond the Kevin Mallory example, how many of you receive connect requests on LinkedIn or Facebook from people you've never met or don't know? How many times have you accepted the request just because the profile looked legit? Just because they wanted to "grow their network?" How often did you take a few minutes to look through the profile?
You and your profile could easily become targets for compromise just by a simple connect request - effectively opening the doors to your castle and making you susceptible to social engineering and eventually a victim. Think past that and you may not even be the intended target. What if threat actors want to get to someone you know, through your social media?
In a time when state-sponsored threat actors from China, Russia, North Korea, etc., are elevating their game at stealing information and money by exploiting the weakest link in cybersecurity - people - you can't let your guard down, not even on social media.
You have to get it right every time. Bad guys just have to get it right once. And they have billions of targets.
Think before you click.