There’s a new cyber threat.

Small and medium businesses are being targeted by cyber criminals using fake social media posts.

Some are using email spoofing to send fake Twitter and Facebook updates, while others are sending direct messages from legitimate user accounts that have been hacked. In both instances, the sender will post a short note with a phishing link.

“Given America’s widespread participation in social media, small and medium enterprises and assume most employees have either a Twitter or Facebook account or both,” said Stu Sjowerman, founder and CEO of an online security firm KnowBe4. “The perpetrators of the latest phishing scam are counting on users’ curiosity and trust in their social networks.”

And some cyber criminals are even craftier. By using a common link shortener, like, the sender is able to mask the identity of the website the link is directing to, Sjowerman said.

“Many recipients let their guard down and click the link if it appears to be sent by someone they know,” he said. “However, these malicious links will often initiate a malware download or prompt the user to enter personal log in information, and in that instant, the company’s network is compromised.”

- Advertisement -

Employees are often a company’s greatest security risk, he said. KnowBe4 found that employees at 43 percent of companies clicked the link in a simulated phishing email. Even when the email was sent from an unknown and untrusted server, 15 percent of organizations still had one or more employee click the link.