Are you something of a selfie-fiend, constantly craving likes on your Instagram posts? Or perhaps you’re a sucker for social media popularity, accepting any Facebook friend request in order to feel loved?
If that sounds like you, then you’re probably going to want to be more careful about keeping your ego in check because cybercriminals and hackers are getting particularly adept at taking advantage of narcissists — and that could have grave consequences for both the individual and their employer.
“A trait we’ve increasingly seen social engineers take advantage of is narcissism,” said cybersecurity consultant Dr Jessica Barker, speaking at this week’s Infosecurity Europe 2016 show in London.
With so many users — particularly millennials — feeling the need to have their ego flattered, cybercriminals are looking to social engineering to take advantage of this for their own gain.
“Research suggests that those who display narcissistic traits — those who have a superego — are more desiring of having more contacts on social media, so they want higher and higher numbers of friends or contacts,” said Barker.
This is potentially dangerous because cybercriminals are creating fake social media profiles which they use to befriend and manipulate targets — and if a user is known to have an ego, the hackers won’t hesitate to send them a Facebook or LinkedIn contact request, safe in the knowledge that the victim’s main concern is increasing their follower count.
However, that’s not the only danger as narcissistic users aren’t shy about posting every bit of information about their lives onto social media — and that also poses a risk.
“They also want people to know what they’re doing, where they are, things that they enjoy, more than people who don’t have narcissistic traits — you can see how easily that could be taken advantage of by social engineering attacks and some of these can be very damaging,” said Barker.
Indeed, while stealing personal financial data has traditionally been a common target for hackers, those who overshare on social media could unwittingly find themselves victim of cybercrime as information about their life, hobbies, or even pets could give away passwords.
There’s also a far-less subtle and potentially very damaging way cybercriminals could take advantage of users who are susceptible to having their ego stroked: outright blackmail.
“We’ve all heard about the approaches on social media that begin with a pretty face — a pretty girl approaching a boy. They make friends, they chat, it goes to become more explicit with sharing explicit images and then it turns out the attacker is a cybercriminal and they attempt to extort money out of the target,” explained Barker.
However, while you could easily dismiss this type of ego-stroking attack as something restricted to younger victims. it isn’t. According to Barker, CEOs also fall for a modified version of this social engineering scheme.
“There can be overconfidence on the CEO’s part. He gets an email asking him to transfer money to the president of the company… so it builds him up, makes him feel good and he can’t resist the important task,” she explained, speaking about how cybercriminals are using ‘whaling’ to target high profile victims.
“We know that these types of emails are increasing all the time and by making somebody feel important and playing their ego, it’s a great way of social engineers being able to take advantage of them,” Barker said.