We’re all fairly knowledgeable about how to deal with security issues for email. We don’t open emails that come from someone we don’t know, for example, and if we do, we’re certainly wary about clicking on links.
These same malicious tools can be used with social media posts to infect people’s computers and smart devices. But for some reason, people are much more willing to click and trust links on social media than they are elsewhere in the digital world.
In May 2017, the New York Times
reported that Russian hackers gained access to the computer of a Pentagon official through a link in a Twitter post that was put out by a robot account for a ‘family friendly summer vacation.’ They also tried ‘spear-phishing
’ on 10,000 Twitter accounts for people in the Department of Defense.
Once a single person is successfully targeted, the message can be sent out again to all the contacts in that person’s social network. As links shared by a genuine friend on social media are more likely to be trusted, the malware can spread very quickly.
The cybersecurity firm ZeroFOX recently found that only 30 percent of spear-phishing emails were opened but that more than double (66 percent) of similar social media messages were clicked.
Be aware of clickable links
One way to protect yourself against social media-based security threats is to subscribe to a service that can check your accounts for malicious content. Even so, the first line of defense is to be aware. If you know that a link clicked on Twitter or Facebook can be as dangerous as a link clicked in an email, make sure you know and trust the link's source. If the business has a page on Facebook, then it’s likely to be OK.
If a friend sends you a link that seems out of character or that advertises a product they probably wouldn’t recommend, check with them first before clicking.
You should also make sure that you update your passwords for social media. Twitter hacks where compromising pictures of celebrities have made their way online have now become commonplace. The reason is because the victims' Twitter accounts had simple passwords that were easily hacked. From there, hackers stole information contained in the Twitter accounts and used it to access home computers and smart devices remotely if they had the same login credentials.
Use different passwords for different accounts
The threats described above seem scary, but they derive their power mainly from people who use simple passwords on more than one device. Private information should be kept safe. Many websites now ask for a mix of characters and numbers as well as at least one upper- and lower-case character. These are much harder to hack than simple words or combinations.
If you are active on social media, then people can find out an awful lot about you. If you have a favorite pet and you post about them, don’t use their name as any part of a password. That goes for family members, birthdays and anything else that is easy for you to remember but also easy for hackers to find out.
There are also many password managers
that can create a randomized password for each of your accounts. With these types of services, you only need to remember one password for your password managing account.
Be careful with your banking details
There are some places that offer a credit card allowing you to change your credit card number with each transaction. This means that even if your information is stolen in a hack (as happened with the PlayStation Network
), then you can just change your credit card number, thereby protecting your banking information. Other services like PayPal offer simpler but just as effective protection.
Users also need to look out for something known as "Cat Fishing." The film and TV show Catfish
is based on this phenomenon, which is broadly just another way of saying that someone is pretending to be someone else online. Sometimes, this can be used to sell people things, mislead individuals into sharing too much, or even giving out their personal or banking information online.
Something as simple as posting your location can let criminals know that your house is unattended, for instance.
There are many cyber security issues with social media, but for every new threat, there is a potential solution. Fortunately, common sense works against most of these risks.
About the Author: Simon Parker has over 70 years of shared experience with Minerva Security, dealing with commercial business security and fire alarm systems.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.