Resource Center / Executives / The unique executive threats from each of the top social media sites

The unique executive threats from each of the top social media sites

 | Updated
by Jennifer Bridges  @JenBridgesRD

Shadow of devil trying to catch the frightened businessman.

C-suite executives are often highly visible on social media (especially if they have controversial opinions or are in the news). As such, they are likely to draw the attention of bad actors.

To protect your leadership team (and your company) from harm, you need to understand the different types of threats social media can pose, as well as the strategies your executives can use to reduce their physical and digital risks.

Here are the top threats executives face on each platform.

Twitter

It’s easier for content to go viral on Twitter than on other social media platforms because a single tweet can reach tens of thousands of users, even if the original poster only has a few followers. This virality poses unique threats to executives.

Old tweets coming back to haunt you

Twitter is the platform where people are most likely to be denounced or “canceled” for what they tweet. This means that anyone who finds an executive’s old tweets offensive—even if he or she posted them as a teenager—can repost them in an attempt to ruin your executive’s reputation.

An example of old tweets coming back to haunt someone is:

Is your online reputation good or bad? Find out with our free Reputation Report Card. Start Your Scan
  • Away CEO Steph KoreyThe Verge published an unflattering article about the luggage company’s cofounder and CEO, describing her as being an overly demanding boss. Within hours, the story went viral and made many Twitter users angry enough to start a campaign of online harassment against her. In response, Away’s board of directors quickly asked for her to step down and hired a replacement. Korey publicly apologized for her bad behavior as described in the Verge article and announced her resignation.

Doxxing

Another threat executives face on Twitter is doxing—the publishing of someone’s personal information with the goal of motivating other people to contact the individual and harass him or her. Even though doxxing violates Twitter’s policies, it remains a serious problem.

Here’s an example of someone doxxing an executive on Twitter:

Harassing

Former Twitter CEO Dick Costolo has publicly admitted that the platform has a harassment problem. According to Mr. Costolo, “We suck at dealing with abuse and trolls on the platform and we’ve sucked at it for years.”

One example of executives being harassed on Twitter is:

Get your free
Reputation Report Card
Start Your Reputation Scan

Facebook

The biggest problem with Facebook is that the platform is designed to get people to share personal data, which thieves, scammers, and others can often leverage to harm your executives.

Fake friend invitations

According to Facebook, 16% of accounts on the platform are either duplicates or fakes. In some instances, bad actors create fake Facebook accounts and send friend requests to individuals to access the valuable, personal information that these people have limited to “friends only.” Cybercriminals then use this data to conduct a phishing attack or to scam the person who just friended them.

Here’s one example:

Family members inadvertently revealing your private info

According to Proofpoint’s 2020 State of the Phish (PDF) report, cybercriminals targeted executives at 88% of businesses in 2019. If your executives’ families post their personal information on Facebook, attackers can use these details to manipulate your leadership team into doing what they want. Often, these attacks can lead to reputation-damaging data breaches or serious financial loss for the company.

Here’s one example:

  • CEO of a Texas energy company—Scammers were able to convince the CEO’s assistant to pay a $3.2 million fake invoice by impersonating the CEO via email. To guarantee their success, the hackers used information about the CEO’s family on Facebook to gain the assistant’s trust. 

Vacation pics leading to home invasion

It’s easier to rob an empty house than an occupied one. Because of this, nearly 80% of thieves scan Facebook and other social media posts for clues as to when people will be away from their homes. 

So, if one of your executives posts real-time pictures or the itinerary of his or her European vacation on Facebook, then criminals will know when the executive’s house will be vacant and how long they can take to pack up that person’s valuables.

Some examples of this happening are:

Is your online reputation good or bad? Find out with our free Reputation Report Card. Start Your Scan
  • New Hampshire homeowners—After checking Facebook to find out which houses would be empty at a specific time, three burglars broke into 50 New Hampshire homes. They were able to steal $200,000 worth of goods and cash before the police arrested them.

LinkedIn

Because LinkedIn is designed for professionals, many users view it as being more trustworthy than other social media platforms. Thieves and scammers know this and look for ways to take advantage of LinkedIn users’ gullibility. 

Social engineering

Social engineering, which leverages human nature to trick an individual into doing something dangerous (like revealing private information or downloading malware), is one of the most popular cybercrime techniques. It’s also one of the most effective. In fact, phishing emails (the most popular social engineering vector) account for over 90% of all successful cyberattacks.

On LinkedIn, cybercriminals create fake accounts to access your business page to scrape information about your employees to use in phishing scams. This strategy is so popular, that the platform has had to work overtime to delete the fake accounts. In the first half of 2019, for example, LinkedIn removed 21.6 million fake profiles.

Attackers also use these fake accounts to connect with your team members, in order to access even more detailed personal information. 

One example of someone carrying out a phishing attack via LinkedIn is:

  • Anthem Health—Cybercriminals scraped personal details of high-level Anthem employees on LinkedIn to carry out phishing attacks that led to a data breach that exposed 80 million private records.

Hacking

LinkedIn contains the names, user IDs, email addresses, job titles, work history, connections, and other personal data of 8.2 million C-suite executives. This makes the platform a ripe target for hackers seeking to access your leadership team’s personal accounts. In fact, databases of LinkedIn members are frequently discovered for sale online.

Even the most tech-savvy executives are vulnerable to hacking. 

Get your free
Reputation Report Card
Start Your Reputation Scan
  • Mark Zuckerberg—The hacker group OurMine found the Facebook CEO’s social media account credentials in a database of LinkedIn member data for sale on the web. They used his password “dadada” to briefly take over his Instagram, Twitter, and Pinterest accounts and send out taunting messages: “Hey @finkd we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm (direct message) us.”

Instagram

Executives with large numbers of Instagram followers are prime targets for scammers and hackers looking to manipulate them via a variety of social engineering scams.

Verified badge phishing scam

In this popular scam, hackers send emails to high-profile Instagram users, like your C-level executives, telling them they are qualified to apply for a blue “verified” badge, which would add prestige and credibility to their account. All they have to do to become “verified” is fill out a form that asks for their account information. 

Is your online reputation good or bad? Find out with our free Reputation Report Card. Start Your Scan

However, the online form only looks like an official Instagram site. In reality, hackers created it to trick people into sharing their valuable account credentials. Once your executive enters his or her email, username, password, and phone number, hackers can take over that person’s account and use it to scam or spam other users, as well as hold the account hostage for ransom for money or nude pictures.

One example of this kind of attack is:

  • The owner of a photoshoot equipment rental company—This person received a phishing email that included an “Apply Now” button that, when clicked, opened a series of forms on the instagramforbusiness[.]info domain. After the entrepreneur unwittingly filled out the forms, hackers permanently locked the individual out of his/her Instagram account.
Source: PCMag.com

Cloned accounts

Just like on Facebook, fake accounts are rife on Instagram. Often bad actors copy the account of someone with a large following and then use it to ask followers for money or for their banking information. This scam not only harms the followers, but it also destroys the reputation of the original account owner.

Here is one example:

  • Emma Heathcote-James—The owner of the Little Soap Company discovered that her business’s Instagram account was cloned when the scammers accidentally tagged her in one of the fake company page’s pictures. In the span of a day, the scammers contacted hundreds of Little Soap Company followers, telling them they had won a company contest. To claim their prize, the customers had to send the scammers their PayPal account information.

*****

It can be tricky for executives to safely navigate through the various threats on these platforms because new threats are constantly emerging as social media continues to evolve. Therefore, it makes sense to include your leadership team’s social media activity in your executive protection plan.

For more information about protecting your executives, see the following articles:

You can also give us a call. We are happy to offer advice regarding your team’s unique situation.