For anyone who has missed every other headline for the past 3 years, here’s a quick update: social media protection is more necessary than ever. Social networks have been weaponized by all sorts of bad actors, including election meddlers, misinformation peddlers, fraudulent accounts, cybercriminals and scammers. The networks are doing their best to clean up the platforms but it’s an uphill battle to say the very least.
So in the age of social media cybercrime, and because it’s the first week of National Cybersecurity Awareness Month (#NCSAM), here are some things you should know to ensure social media protection for all of your profiles and posts.
Accounts get hacked all the time
The New York Post reports that 160000 accounts are hacked each day on Facebook alone. This is a shocking number and has several implications. For a user with 1000 connections on a given network, there is a halfway decent chance that one of your connections will be compromised on any given day. Many active users have seen this happen or have had it happen to themselves. The University of Phoenix reports that ⅔ of Americans have had a social media account get compromised.
Once an attacker has broken into an account, they often try to propagate the attack by reaching out to the victims connections, either asking for sensitive information, credentials or even money. Be very wary of messages like this, even from already vetted, trusted connections. Be sure to verify the request in person or via different medium like text or phone call (remember that if their social accounts are compromised, their email may be as well).
Watch out for misinformation
There’s nothing fake about the era of fake news; misinformation can spread like wildfire on social media. It can be created anywhere in the world for any purposes and instantly circulated around the globe. Facebook has recently been implementing scores and warnings for articles proven to be fake. They have even started punishing users for reporting real news and promoting fake news. The more misinformation a user tries to spread, the lower their score and the less influence they have when reviewing or posting content in the future.
While this is a step in the right direction, it’s far from a comprehensive social media protection solution. For platforms that are fundamentally built on user generated, largely unmoderated content, there is bound to be misinformation. The onus is on the users to remember that not everything they read online is legitimate and information must be independently verified. We advise sticking to trusted sources of news and information.
Beware of fake accounts
The easiest way for an scammer or cybercriminal to dupe unsuspecting users is to create a convincing fake account. This can be a celebrity, a brand or even someone entirely made up. For well known figures and institution, always look for the blue verified check mark beside the profile name to ensure the account is legitimate. If an account contacts you, perhaps via direct message, always check the account before engaging. When in doubt, don’t respond. We hate to break the news, but your favorite celebrity is unlikely to reach out to you out of the blue. If it seems phishy, it probably is.
Social networks are ripe with fake accounts these days, and not many of them are created with benevolent intentions. The fake account is the means-to-an-end in a host of nefarious activities, and it’s often the first place a bad actor starts when beginning a new campaign, be it with the intention to scam users, phish employees of a company, influence elections or hack into highly visible accounts.
Safeguard your accounts
The easiest way to ensure social media protection for your accounts from attacks such as hijacking is enabling 2-factor authentication. This is the first piece of advice almost any security professional will give the average user when it comes to staying safe online. This security procedure forces the user to authenticate their identity using a separate device or platform, generally a 4 to 6 digit key. This ensures that the attacker cannot break into your account with simply a username and password, they’ll require access to your physical devices, such as phone, or other accounts, like email.
Beyond 2-factor authentication, all users should review which third-party apps have access to their accounts. This can be done in the security setting tabs of most networks. We advise users to remove any apps they are not using. Although most apps are fine to use and cause no immediate problem, some can siphon data or leave users exposed to attacks, as with what happened with Cambridge Analytica and TwitterCounter respectively.
We of course recommend using long passwords, regularly changing them and leveraging a password manager to ensure you’re secure. In 2018, this is a bare minimum for staying secure online.
Be careful what you share
For avid social media mavens, this piece of advice may not sound like the most fun. Afterall, what’s the point of social media if you can’t share? While we agree, and we don’t recommend completely unplugging, there is certain information that simply doesn’t belong online. It will only make attackers more likely to target you and undermine your privacy.
For instance, don’t post pictures of your physical home or family. Wait until after you have returned before posting about your travel (this is ideal information for burglars). Don’t reveal your address, phone number, email address, birthday or mother’s maiden names. These bits of info can be used to crack your security questions. Avoid viral social media quizzes, the answers to which can likewise be used by attackers to hack your accounts. In short, be smart about what you share. Before you post, ask yourself if you would tell a random stranger on the street that information. If not, don’t post.
On some networks you can make yourself private or limit what certain people can see about you. We strongly recommend this, though when in doubt, simply don’t disclose potentially sensitive information at all, no matter how private. Again, if a close acquaintance is hacked, the attacker get all the information you have previously shared with that acquaintance, including via direct message. Even without being hacked yourself, you can expose information just by sending it on ostensibly private channels, making social media protection that much more important.
Ask your company if they have a social media protection plan
Businesses and their people are key targets for cyber criminals, because that’s where the real money can be found. Attackers create fake account of businesses and brand to phish customers and spread scams to loyal followers. Social media is also a preferred method for targeted attacks against business which often start by targeting a single employee.
Businesses are increasingly adopting tools and solutions to protect their accounts, their social media community and their employees online. Tools like ZeroFOX‘s brand and employee protection help to maintain your reputation and keep employees safe, all at the same time. Is your business doing all it can to protect itself? Is there something else you can be doing better to protect yourself and your family?
Happy National Cyber Security Awareness Month, and stay safe out there!