Social Media Risk Is on the Rise. How Can Users Stay Safe?Director of Threat Operations at ZeroFOX
Social networks have been weaponized by all sorts of bad actors, including election meddlers, misinformation peddlers, account fraudsters, cybercriminals and scammers. It appears that nobody, and no account, is safe anymore. And, while the networks are doing their very best to clean things up, it’s an uphill battle to say the least: Facebook recently announced that at least 50 million of its users had their login credentials compromised—the worst hack in the company’s history.
In the age of social media cybercrime, what are the biggest threats plaguing social media users? And how can users—ranging from individuals to corporations—better protect themselves?
Misinformation can spread instantaneously on social media and be created anywhere in the world with just a few simple clicks. Facebook has recently been implementing scores and warnings for articles proven to be fake, and has even started punishing users for flagging news from credible sources as fake. The more misinformation a user tries to spread, the lower their score and the less influence they have when reviewing or posting content in the future.
While this is a step in the right direction, it’s far from a comprehensive solution. For platforms that are fundamentally built on user-generated, unmoderated content, there is bound to be misinformation. The onus weighs heavily on the users to remember that not everything they read online is legitimate and that information must be independently verified. It’s critical to stick to trusted sources of news and information.
The easiest way for a scammer or cybercriminal to dupe unsuspecting users is by creating a near-identical fake account on social media. Shockingly, the number of impersonation accounts increased elevenfold from December 2014 to December 2016 across Facebook, Twitter and Instagram. These pages often take the form of celebrities, brands or even close friends and family members.
For well-known figures and institutions, look for the blue verified check mark beside profile names to ensure the account is legitimate. If someone contacts you, perhaps via direct message, check the account before engaging, and after doing so, ensure you take a close look at the link or note they’re sending along. In fact, over one-third of all nefarious social media impersonators send their targets to a phishing page to steal social media account credentials, credit cards and personal information.
With a little caution and awareness, it’s possible to avoid the abundance of malicious content floating around social networks.
The New York Post reports that 160,000 accounts are hacked each day on Facebook alone. This is a shocking number and has several implications—for a user with 1,000 connections on a given network, there is a decent chance that one of their connections will be compromised on any given day. Many active users have seen this happen or have experienced it themselves. The University of Phoenix reports that two-thirds of Americans have had a social media account compromised.
Once a malicious actor breaks into an account, they often try to propagate the attack by reaching out to the victim’s connections, either asking for sensitive information, credentials or money. Be wary of messages like this, even if they come from already vetted, trusted connections. Be sure to verify the request in person or via different mediums like a text or a phone call, and remember that if their social accounts are compromised, their email may be as well.
The easiest way to protect accounts from being hijacked is by enabling two-factor authentication (2FA). This is the first piece of advice almost any security professional will give the average user when it comes to staying safe online. This procedure forces the user to authenticate their identity using a separate device or platform (generally by entering a four to six-digit key), ensuring that the attacker cannot break into an account with just a username and password.
Beyond 2FA, all users should review which third-party apps have access to their accounts. This can be done in the security settings tab of most networks. Although most apps are fine to use and cause no immediate problems, some can siphon data or leave users exposed to attacks, as seen with Cambridge Analytica and Twitter Counter recently.
Restrain Your Fingers
For avid social media users, this piece of advice may not sound ideal. After all, what’s the point of social media if you can’t share? While I don’t recommend completely unplugging, there is certain information that simply doesn’t belong online. It will only give attackers more to work with when targeting victims.
For instance, don’t post pictures of your physical home or family. Wait until after you have returned before posting about your travel (this is ideal information for burglars). Don’t reveal your address, phone number, email address, birthday or mother’s maiden name. Before you post something, ask yourself if you would tell a random stranger on the street that information.
While the social media landscape may seem like a dangerous place, there are certain precautions users and companies can take to ensure it remains an enjoyable environment to connect with one another. With a little caution and awareness, it’s possible to avoid the abundance of malicious content floating around the networks.