Top 5 Social Media Security Threats To Monitor in Real-time

The top threats your organization needs to proactively monitor and remediate to maintain a resilient social media security posture.

What Is Real-time Social Media Security Monitoring?

Social media security monitoring is exactly that, proactively using social media to identify and analyze security threats to an organization. These threats may include anything from negative sentiment identification to explicit threats targeting personnel to phishing attempts. But real-time social media monitoring is not quite as simple as it sounds. For every solution, there are unforeseen issues. For example, if you have an organization whose name contains a common word or phrase, social media monitoring tools can easily inundate a security team with extremely high volumes of information, most of which is entirely irrelevant.

security intelligence dashboard

Thus, understanding the threats that social media may pose can help a team whittle down those irrelevant results and only have to look at the most relevant information. In addition, developing keyword lists to apply against the organization’s search terms provides references points for large-scale monitoring and alerting to deliver threat information in real time.

Top Security Threats Posed by Social Media

The social media landscape is vast, and the range of potential threats against a given organization or individual are legion.

Below are the top 5 most common security threats we observe on social media. These threats should be monitored in real-time and must have the fastest Mean Time to Detect (MTTD) and the Mean Time to Resolve (MTTR) possible.

Reputation Attacks

Not all threats are necessarily technical but critical for the security team be aware of. Individuals or groups may seek to tarnish an organization’s reputation by making comments en masse, a process known as brigading, about that organization’s products, services, or personnel. Thanks to review aggregators and micro blogging platforms, these negative reviews can quickly mushroom into major headaches for an organization that relies on customer trust to produce and maintain its revenue stream.

Account Hijacking & Account Takeover

Even worse than brigading, and possibly even a cause for a brigading campaign, is the prospect of an account hijacking, which occurs when a threat actor takes over a social media account and uses it for malicious means, whether using the account to tarnish the organization’s reputation or to conduct other sorts of unseemly online activities. Although account hijacking is relatively simple to recover from, the damage done may have lasting impacts detrimental to the organization.

Oversharing Information

One of the greatest dangers presented by avid social media users, especially those who leave their location settings turned on, is that they unwittingly (and sometimes fully wittingly) share details about their locations, plans, and other information that shouldn’t be made public in a manner that allows potential adversaries to track them or provide an opportunity.

Social Media Impersonations

Whereas account hijackings require the use of legitimate login credentials, impersonations do not, and therefore are much more dangerous. Impersonations can occur when a threat actor pretends to be both individuals and organizations, often seeking to either tarnish a reputation, cause general chaos and confusion, or set up an angler phishing campaign.

Social Media Surveillance

Thus far, all of the threats mentioned have been active, but the open-source intelligence threat targeting the individuals and personnel associated with an organization is just as important, despite its relative passiveness. Surveillance seeks to identify individuals and their roles in order to set up and launch spear phishing and whaling campaigns. For more information about how threat actors conduct OSINT campaigns against individuals and organizations, see how attackers use OSINT to target your organization.


Finally, and perhaps most dangerous of all, is social media phishing, which often involves using a malicious link to distribute malware, spam, or other threat against an individual’s computer. Yes, surveillance can identify individuals, for a targeted campaign, but social media phishing will ensnare unwitting individuals. This is very common when an angler phishing campaign spoofs a customer support account and intercepts customer queries.

This is only a description of the threats presented by social media in the broadest of terms. Within each category are multiple subcategories and further aspects to consider when attempting to prepare defenses against each threat type, and there are plenty of other security concerns that social media poses to its users.

Detecting Social Media Threats with Machine Learning Technology

scout_toplevelOne of the most difficult aspects of social media monitoring is understanding how to properly configure word lists and apply those lists to a search. Developing synonym lists for all the various threats and situations that may impact your organization is a time-consuming process that is likely impossible to fully implement properly. Then, when considering all of the different facets of threat types that may appear across the social media landscape, the task becomes even more daunting. With DigitalStakeout Scout, this work is already done. Deep learning algorithms to provide the proper filtering you need to prevent a blind spot.

  • Sentiment, emotion and psycholinguistic algorithms detect physical threats and control for sarcasm.
  • Physical security algorithms detect threats, vulnerabilities and hazards to people, places and things.
  • Cyber security and technical algorithms detect attack chatter about attacks, vulnerabilities and disruptions.
  • Machine learning algorithms automatically categorize posts into 25+ security categories with best-in-class accuracy.
  • Proprietary data enrichment algorithms add context fields to posts by tagging and adding reference information

Real-time Alerting of Security Threats

DigitalStakeout also provides the option of configuring a monitor to deliver real-time alerts, so that your security team can rest assured that if a threat does develop, they will be the first to know. With these alerts, if an executive happens to share information about his upcoming business trip, the executive protection can identify this information in real-time and have that information removed before its appearance online has an opportunity to potentially harm the organization or its personnel. If a threat actor creates a fake support account and starts angler phishing customers, the cyber security team can be alerted an unauthorized account is engaging with customers. The team can take immediate action to takedown the fake account and corresponding domains used in the attack. For more advanced security teams, complex alerts can be consumed into an existing security stack with a REST API for further orchestration.

See How DigitalStakeout Social Media Security Monitoring Works