Skip Navigation
Main Content

10.3 Hacking, phishing and spam 

Aside from the misuse of social media to cause emotional harm to individuals, a range of crimes are aimed at damaging corporate reputation. Hacking involves obtaining login details for a social media account and then using those details to send spam (unsolicited bulk messages) to the account holder's contacts. The types of spam may include: advertising, pornography and random nonsense. Both individual and corporate accounts can be affected but in general the impact in terms of reputational damage is greater when a corporate account is hacked. Some high-profile examples of hacking include Fox News announcing the assassination of President Obama in 2011 and the UK Labour Party agreeing to give everyone their own owl in 2014.

Hackers, especially those who have some knowledge of their victim, can often guess weak passwords. Other techniques for obtaining passwords include phishing: sending an email with a link which prompts the person to log into a fake copy of a social media site upon which the hacker captures their username and password, and tricking the victim into installing a keylogger: again involving clicking on a link to a website which automatically installs a piece of malware to capture keystrokes that can then be analysed for usernames and passwords. The practice of tricking users into clicking on malevolent links, in order that they reveal confidential information or that the hacker can take control of their computer, is also sometimes known as click-jacking.

Good practice tips: 

  • Offer guidance – ensure your staff and students are aware of these simple steps to protect their own accounts:
      - use strong passwords ;
      do not use the same password on multiple sites;
      - ensure you have up-to-date anti-virus software on your computer;
      - do not click on links or open attachments in emails from unknown sources;
      - do not download programs or apps that are not from a trusted source.
    • Keep institutional accounts safe – protect institutional social media accounts from hackers by:
        - ensuring that all staff who contribute to your social media presence are aware of the techniques used by hackers as outlined in this Toolkit;
        - ensuring that all staff who contribute to your social media presence follow the guidelines for individuals outlined above;
        - keep the number of staff who know the credentials for institutional social media accounts to the minimum needed for effective operation;
        - do not share a single corporate username and password across multiple individuals.

    Additional resources

    • The University of Oxford site offering platform-specific advice on protecting accounts, a consideration of two-factor authentication and an exploration of threats to accounts via social engineering techniques.

    Blank Image