The chance cyber criminals are targeting you personally is mounting … and your social media accounts are making their job all the easier.

Once upon a time, spies needed to utilize sophisticated tools to build a dossier they could use to trick you into giving away the keys to whatever secret they were after. Now, all they have to do is check your LinkedIn profile.

“Everyone is a target in this new industry. And social media is used to create profiles so you can steal our assets,” said Tony Cole, vice president and global government chief technology officer at FireEye (FEYE). “We leave a trail of information everywhere we go.”

Cole, and several other information security executives speaking on a panel at a Security Innovation Network conference in Washington, D.C., this week, described in chilling detail how hackers are carefully gathering background on people so they can trick them into clicking on nefarious links.

The criminals will, for example, determine whom you’re connected with on LinkedIn or Twitter and then construct an email that appears to be from a colleague. The note will contain a link that appears safe, but actually redirects you to a website designed to steal your information, break into your company’s computer systems, etc.

[Get the Latest Market Data and News with the Yahoo Finance App]

In fact, FireEye reported this week on a group it called FIN4 that utilized these fairly simple-to-execute tactics to allegedly glean insider information on publicly traded firms.

‘Tip of the iceberg’

These so-called spear-phishing attacks have existed for a long while, but the complexity is increasing markedly as hackers look to delve deeper into firms' private networks. And, importantly, it sometimes only takes one employee making one improper click to let an intruder sneak into a network.

“We’ve just now touched the tip of the iceberg,” said Brian Johnson, vice president of information security at Netflix (NFLX). “We’ve got to get a handle on this because it’s going to get infinitely worse.”

Another facet of the threat Johnson cited included an example of a hacker posing as Netflix duping users into clicking on offers to increase the speed of their streaming service. Individuals expecting a quick way to boost the clarity of whatever show they were watching handed over credentials, compromising their accounts.

Echoing Johnson, Eric Weakland, director of information security at American University, said hackers at one point managed to create a website that was a mirror image of the university's payroll system to steal credentials and ultimately siphon off paychecks.  

These types of attacks present a real quandary for the information security industry, because as opposed to breaking a system in the true sense, hackers prey on people's natural inclination to trust others. A firm can build the most secure systems, but it only takes one user to let the bad guys in.

Spencer Wilcox, managing security strategist at utility heavyweight Exelon (EXC), described the situation this way:  James Bond used to break into restricted areas by being good-looking, suave, and generally a convincing agent. Now, with social media, anyone can be James Bond.

Education is key
 
The message from all of the industry leaders speaking on the SINET panel was unanimous: It’s crucial to do a better job educating users from a young age on how to fend off the bad guys.

Oftentimes, just taking a moment to check the Internet address you’re about to click on goes a long way. A common tactic hackers use is leveraging domains that look similar to the real website at first glance. A hypothetical example could be yaho0.com. If a link looks suspect, especially if it’s from an unsolicited note, it never hurts to check with the colleague or company in question.

If the website asks for user credentials, personal information, account numbers, or the like, it’s important to be extra cautious. It's also a good idea to use difficult-to-guess passwords across all of your accounts, even if they don't directly provide access to critical information.

“It’s not a technology problem, it’s a human problem,” said Koos Lodewijkx, chief technology officer for IT risk at IBM (IBM). “You don’t need a very sophisticated attack to get in the door."