Financial news

By Dr Niklas Hellemann

Threads is officially the fastest-growing new app in history, gaining over 100 million users in its first five days, which is even more impressive as the app is not yet available in Europe. However, in an already treacherous digital ecosystem, Meta’s new social media superstar is yet another convenient avenue of attack for career cybercriminals.  

The extensive stash of personal data Threads collects on its users (which has delayed its launch in the EU amid regulatory uncertainty) makes it an attractive target for hackers, but there’s also a tried-and-true psychological element to why it’s such a potential risk: humans are fallible, and when faced with the novelty and excitement of getting to grips with new technologies, they often let their guard down.   

Since its release, cybercriminals have already used Threads much-publicised launch to attempt to scam and attack unsuspecting users. For example, criminals have developed phishing sites that mimic non-existent web versions of Threads, which are designed to trick users into entering their login details. Also, because Threads is connected to other Meta services, cybercriminals could use these phishing sites to steal access to user’s other social media accounts such as Instagram or Facebook. This is not only a privacy risk, opening the door to identity theft and doxing, but also a financial risk as criminals may be able to steal personal banking information.   

Additionally, fake versions of the app have appeared on smartphone stores, either to trick users out of their money by requiring payment or to act as a channel for malware and phishing attacks. A few weeks ago, Apple had to remove a counterfeit Threads app from its European app store after it climbed to the number one spot in its store.  

These fraudulent sites and apps’ success is down to the fact that Threads is not yet available to European consumers; its launch in the EU was delayed due to regulatory issues over the extensive amount of data Threads collects on its users, including personal information on location, finance and even health and fitness data. This treasure trove of data makes it an attractive target for hackers, representing a serious vulnerability if it is breached. Civilians and employees – especially those who work with sensitive data – must therefore be vigilant, as the rapidly expanding social media landscape represents a serious security risk.  

Those who can use Threads must also be careful about who they follow. Threads’ current verification system allows anyone to purchase a “tick”. Without vetting, there is a risk of impersonators pretending to be well-known celebrities or organisations, possibly to scam users out of their money or as part of a multi-channel phishing attack. Social media is the perfect hunting ground for spear-phishing attacks: by harvesting personal details, cybercriminals can craft their attacks to target people with surgical precision, including by pretending to be an authority figure, such as the CEO of a business. This is made even easier because users may falsely believe that they are in a safe, private environment and feel encouraged to broadcast their personal information.  

The security issues around Threads relate to a basic psychological phenomenon that leads to potential risks. Namely, humans are fallible in the sense of reacting with certain behaviour to certain emotions, and when faced with the novelty and excitement of getting to grips with new technologies, they often let their guard down. In their haste to try out Threads, many users are exposing themselves to these scams. ‘FOMO’ – the fear of missing out – is very real when it comes to jumping headfirst into exciting new platforms, but unfortunately so are the potential risks.  

However, there is a bigger issue at play. The rapid diversification of not just social media channels, but the vast array of other communication tools and platforms we use in our everyday work and personal lives mean that we are frequently getting to grips with unfamiliar technologies and environments. Our increased dependency on this wider range of tools and platforms provides an advantage to cybercriminals, giving them more channels and vulnerabilities to attack, and more ways to collect valuable data.  

The security concerns around Threads also point to the simple fact that most people are unaware of the huge menu of tactics and methods used by today’s highly professional hackers. The cybercrime industry has never been more sophisticated or had more resources and opportunities, with the professionalisation of cybercrime leading to the creation of organised networks operating like slick criminal enterprises. Their main chance for success? Exploiting our human psyche and emotions.  

So, how can everyday people stay safe in this ever-evolving cyberthreat jungle? First, we need to raise awareness of the threats that are out, so that people remember to protect themselves online. By learning to spot threats or malicious messages, people are much better equipped to deal with them, rather than learn the hard way.  

Second, we need to reinforce safe online behaviour. That means setting strong passwords and using multi-factor authentication to keep login details secure, but also being aware about what information we are sharing online – social media are public platforms where you cannot control the spread of information. Where possible, set your account to private.  

Finally, be aware that cybercriminals will find ways to exploit current affairs as they are masters of social engineering. Whether it’s the launch of Threads, the shift to remote work, or even the start of the war in Ukraine, hackers will manipulate our emotions against us.  

Today’s cybercriminals are experts at exploiting the human psyche. However, if we are all more aware of the innovation strength and creativity of cybercriminals, and practice secure digital  behaviours, will we be better equipped to identify the risks and stay safe online.

About the Author

Dr Niklas Hellemann is a trained psychologist, longstanding management consultant at the Boston Consulting Group and one of the three co-founders of SoSafe; an awareness platform that trains and tests employees in dealing with the topic of IT security via phishing simulations and interactive e-learnings to teach employees in an effective and sustainable way. Niklas believes that security awareness measures should not only impart knowledge, but also support and motivate employees to reflect on their behavior and practice secure routines.