White Rock Advisory

· Cyber Resilience  · 2 min read

It Takes a Criminal 60 Seconds to Spot an Opportunity

What appears to be a harmless social media post can provide criminals with everything they need to launch an impersonation attack.

What appears to be a harmless social media post can provide criminals with everything they need to launch an impersonation attack.

Business owners regularly share what appear to be harmless screenshots and updates on social media.

To most people:

What’s the issue?

To a criminal:

Thanks for the breadcrumb trail.

Here’s exactly what they see and how an attack can begin from a single post.

What Criminals See

A Visible Relationship

The post links a company with a partner, supplier or software vendor and often identifies real employees working within those organisations.

Quick Reconnaissance

A criminal can assess both organisations’ email security within seconds using freely available online tools.

How the Attack Begins

1. Fake Website or Domain Created

A lookalike domain is registered to impersonate either organisation.

At first glance, it appears genuine.

2. No Email Security Present

The technical term is called DMARC.

Neither organisation has basic email authentication controls in place, making impersonation significantly easier.

3. Impersonation Begins

Criminals email the company pretending to be the software vendor.

No alerts are triggered.

4. Reverse Attack

They then email the software vendor pretending to be the customer or logistics company.

Again, the messages appear legitimate.

5. Building Trust

This is where things become dangerous.

Criminals may send:

  • Screenshot updates
  • Clickable buttons
  • Shared documents
  • Harmless-looking attachments

Some may contain malware.

Others are simply designed to persuade someone to hand over credentials voluntarily.

No hacking required.

Just logging in using information someone unknowingly provides.

And all the personal details needed to mimic staff?

They are often gathered directly from LinkedIn.

What You Can Do Today

Before Posting Publicly

Ask yourself:

Does this information have value to a criminal?

Review Your Email Security

Speak with your IT team, cyber provider or MSSP and ensure:

  • SPF is configured
  • DKIM is configured
  • DMARC is configured

These controls are often inexpensive to implement and can prevent many impersonation attacks.

Challenge Your Supply Chain

Ask suppliers, clients and partners:

What cyber security controls do you have in place?

Their weaknesses can quickly become your problem.

If Your Mindset Is Still…

  • “Why would anyone target us?”
  • “Someone bigger would be more attractive.”
  • “We’ve got nothing worth stealing.”
  • “What are the chances?”

What Is Really at Risk?

  • Your money
  • Your brand
  • Your reputation
  • Your customer trust
  • Your data

Final Thought

Most cyber attacks do not begin with sophisticated hacking.

They begin with information.

A social media post, a screenshot, a supplier announcement or a public conversation can provide enough detail for a determined criminal to start building an attack.

If you’re unsure whether your organisation, suppliers or partners are exposed, get in touch and we can help identify the risks before someone else does.

Share:
Back to Blog