We love social media these days. Facebook, Snapchat, Twitter, LinkedIn, and many others can lead to lots of sharing and fun, but also carry significant risks. This is particularly true now that cyber criminals are collating data and using it against us for targeting phishing attacks.
Online social networks may seem all in fun and harmless, but they are anything but that. Anyone participating in a social network online assumes some risk of becoming a victim of a con artist or other criminal. But this does not mean you should opt out of getting involved. It’s part of our society, and in some cases an important part of doing business. Just be aware of the risks and take action to avoid being a victim of identity theft or another cyber crime.
Think about how you use social media and how much information you want to share with the world. Because even if you think it’s just your network seeing the information, the reality is that it isn’t. It’s everyone, everywhere.
Generally speaking, there are two ways in which hackers and cyber criminals use social engineering to exploit social networks.
1. Attempting to get someone to install software on a computer or phone that will give them access to that device.
2. Gain someone’s trust in order to exploit personal connections and manipulate people through the social network.
People are the weakest link in cyber security and the savvy hacker will take advantage whenever possible. Following are a few tips to help you avoid becoming a victim of either of these:
Always use the strongest security settings possible on social media sites
For example, consider if you need to share your location. If it really isn’t necessary (and it usually isn’t), deactivate that option. Also be sure to limit who has access to your information. Don’t make it public to the world, but instead make it viewable only to those who are directly linked to you, keeping in mind that even that information is vulnerable once one of them sends it on. Some sites will allow you to customize lists based on what you are posting. This may be appropriate for some content.
Don’t post personally identifiable information (PII) on social networking sites
This includes your birth date, phone number, and address. If you want to exchange that information, do it via private messaging or email. Never ever post your social security number or any banking or other financial details, not even through the site’s private messaging or email service.
Turn off location services for your camera
Leaving this activated will give away your location. While you may think it isn’t a big deal to share your location, it can be. When you’re on vacation and sharing selfies with recognizable landmarks in the background, it would be a great time for someone to break into your house and steal all kinds of information.
Be aware of unsolicited contact from strangers
Often, scammers will try to get to know you and then scam you. This happens often with online dating sites. They may use social engineering such as to convince you they need money to help them get out of a bind, but they also may use you to spread malware. It’s reasonably easy to spoof someone’s email address and often the criminals will do this to try to get your friends, colleagues, and other contacts to click malicious links. People are more likely to click a link if they trust the one posting it. Therefore, use caution even when clicking links on social media from those you do know.
Watch for private messages that arrive that include only a link
With the increase in popularity of private messaging services that are attached to the social media sites, such as Facebook Messenger, messages may contain a vague description of what the link may contain. One that was seen recently was sent with text that addressed the recipient by name, “Bob, is this you?” Contained in the link was malware.
Change your social networking passwords often
Studies have shown that even with all the password reuse issues and stolen credentials, 53% of social media users had not changed their passwords in over a year and 20% had never changed them. It’s recommended to do it quarterly and when doing so, don’t reuse one that you use on another site; especially one that you use for you financial accounts.
The bottom line
They can be fun and useful and are likely here to stay. However, just use good judgment and common sense when partaking so you are not or don’t cause your company to be the next victim of fraud or identity theft.
