top of page

The ‘unfriendly’ side of social media

Social media has quickly become an easy target for cybercriminals. Not only does it provide a huge pool of potential victims, increasing the likelihood of success for malicious activities, but it can also offer a wealth of personal information about users, including their names, locations, birthdays, interests, and connections. Attackers can exploit this information for various purposes, such as identity theft, targeted phishing attacks, or creating personalised scams.

Something as simple as posting a photograph of a pet or birthday celebration, can potentially provide a criminal with the answers to security questions used on other sites. Even the background of an image can provide strong information that a cybercriminal can exploit.

Common social media attacks include:

  • Phishing: This involves tricking users into divulging their sensitive information, such as login credentials or financial details. The criminal often creates fake social media login pages or sends deceptive messages pretending to be from a legitimate social media platform, enticing users to click on malicious links or provide their personal information.

  • Social Engineering: This exploits human psychology to manipulate individuals into revealing sensitive information or performing certain actions. Attackers might impersonate trusted individuals or organisations on social media, engaging in conversations to gain the target’s trust and deceive them into sharing confidential data or carrying out fraudulent activities.

  • Account Hijacking: An attacker gains control of a business account so they can post misleading or malicious content, damaging the brand’s image, causing financial losses, or disseminating false information to manipulate public opinion.

Here’s one example of how a business fell victim to a cyber-attack through its Facebook account.


Think before you click


Clicking a fake Facebook notification led to weeks of anxiety and blocked access to an essential business page for one Derbyshire business owner.


Carlo Laurenti, who owns and runs Derbyshire Wedding and Events, clicked a link after receiving a notification on Facebook saying that his page had been impersonating another. Within seconds, his computer screen filled with various images, including indecent images of children, and Carlo lost access to his business page on Facebook.


“I was having very graphic images coming up on the screen, worst of all even child porn. I was absolutely lost, trying to unplug things but the damage was done.” Carlo recalls.


Carlo got in touch with his technical support team, and due to the nature of the images which had been displayed on his laptop, immediately contacted the police.


Increasingly, hackers are using indecent images of children to ‘cover their tracks’ after gaining access to business pages on social media. Once they have gained access to an account through the victim clicking a link, they will look to take any personal or financial details from the page, even buying advertising, before posting explicit images to get the page shut down by Facebook.


As a result of this growing problem, Derbyshire Constabulary teamed up with Facebook to review the company’s processes to ensure that the Metaverse team can pinpoint the hackers rather than punish the victims by erasing all trace of valuable pages that people rely on for their businesses.


Reporting a crime such as this is to the police or Action Fraud is so important. It not only provides key evidence that could help find and prosecute the perpetrators, but also stop other businesses  from experiencing similar threats, whilst helping improve the overall security of the internet. In this case, Derbyshire police was able to proactively work with Facebook to ensure users are better protected.

If you want to know more about improving the cyber security of your business, then get in touch with a member of our team to discuss our FREE Core Membership package and the variety of services and training we offer.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page