Fake News on Social Media: Why Sharing it is Risking Your Security

Brook Zimmatore | February 15, 2017

With the large attention it has gotten since the United States presidential election last year, fake news has become quite a prominent issue.  It can easily spread large amounts of false data, and potentially even skew many viewpoints purely due to lies, or altered and embellished “facts.”  And while fake news sites can at times be somewhat harmless depending upon the information they are spreading, they can also pose large security concerns for IT and security executives.

Being that the general purpose of fake news sites is to lure and draw in as many people as possible to generate ad revenue, they could also use that as a launching point for cyber attacks.  The fake news could be used to bait individuals into linking to the site, which could then be holding malicious malware, DDoS attacks, or phishing campaigns.  If an employee happens to click on one of these links, and a fake news site were to be hosting malicious threats, an organization could be caused a great amount of damage from these cyber attacks.

How Fake New Sites Reel People In

The ways in which these fake news sites lure people in can be very clever.  They play on the person’s interests and attention to get them to click on the link.  According to a blog post from James Scott, a senior fellow at Institute for Critical Infrastructure Technology, “Lures range in complexity from precise, error-free custom tailored spear-phishing emails that leverage the target’s LinkedIn profile, to typo-filled mass-spam; however, the focus of every social engineering campaign is to entice a target demographic of users to share information, to open an email, to download an attachment, to visit a watering-hole site, etc. For cyber adversaries, social engineering campaigns are low risk, high probability of success, low investment, and high reward. Since the attacker only needs one user, out of hundreds or thousands of potential targets within an organization, to respond to the lure, social engineering remains the dominant attack vector used by sophisticated and unsophisticated cyber adversaries alike. In this manner, a single click can deliver a devastating malicious payload that will haunt an organization for years to come.”

While a majority of these current sites tend to simply be clickbait to generate revenue, they can easily be outfitted to hold these types of threats.  It would be ideal for organizations to monitor these types of fake news sites for potential threats, but this can require many man hours that may not be expendable.  This is where analytic tools can be of great assistance, as well as enlisting outside help to ensure that cybersecurity is under proper monitoring and maintenance.  Cyber security is not something which an organization can be lackadaisical about.  Far too many have run off the idea that “hopefully they will not get attacked,” but this kind of mentality can cost organizations thousands in funds, reputation, and lost data.  The costs of recovering from a breach can far outweigh the costs of having proper security established.

How Anti-Phishing Solutions Can Protect Your Organization

With cleverly disguised cyber threats such as fake news sites, and insidious phishing campaigns, it is important for an organization to remain vigilant when it comes to cyber security.  They need to have proper security in place to ensure that these threats are either prevented from ever coming in, or that they are properly mitigated if there is a breach.  Massive Alliance provides anti-phishing solutions that can help to identify these campaigns, as well as help organizations to locate and eradicate the sources of them.

CEO / Co-Founder
Brook Zimmatore is the Co-Founder & CEO at Massive.