Social Media Threats: Twitter, Facebook, Instagram and More
Whether you got a new job, some new clothes or just want to post a selfie, chances are you have shared what you have been up to on social media. Communication channels like Facebook, Twitter, and Instagram make sharing information fast and easy. Now that social media platforms have multiplied and have attracted millions of people throughout the world, the number of hackers preying on those who use it has increased.
Why Hackers Love Social Media
Everyone is on Social Media
Social media has brought the power to reach a massive audience at our fingertips. We can choose to show the aspects of our life that we want others to know and can conveniently hide what needs to be swept under the rug. The reach of social media channels like Facebook and Instagram stretches into the billions. A chunk of the world’s population is active on one or more social media platforms and as digital platform grows in popularity, it becomes a bigger target for cybercrime.
More Likely to Click
Users are often more comfortable on social networks than when checking email. Most social networks are not overrun by spam and marketing messages. Majority of the material seen by users is sent by friends, brands, and publishers they have chosen to follow. This creates an atmosphere of trust and friendship– one in which a user is more likely to click a shared link than they would be if the link had arrived via a work email.
Personal Data Available
Depending on a person’s privacy settings, an attacker might be able to see their contacts, location, and topics of interest. Attackers can gather research, tailor a campaign, and launch it in the same channel. This creates a huge opportunity for spear phishing – or very targeted attacks that are tailored to the victim, which is why the attacks are growing.
Main Types of Social Media Attacks: Social Engineering
The number of fake social media accounts have spiked through recent years, and attackers are finding many uses for them. Profile cloning uses fake accounts to impersonate a person known by the target, thereby making the person more likely to share information and click malicious links. This tactic is also used to spy on user’s social networks. Attackers also create fake accounts that impersonate companies and brands, especially fake customer support. When a user on the network complains about an issue with the company, the attacker quickly reaches out to offer help, only leading the victim to an attack.
Malicious Links: Phishing and Malware
Phishing and malware threats on social networks can be very similar because they often rely on external links. Phishing links typically point the victim to a malicious website. The site either impersonates a brand to trick the user into entering login information or it attempts to infect the user with malware. Malware links also typically point to a malicious website. However, these threats can alternatively encourage users to download the payload via direct message. Most of these attacks spread via links to external, malicious websites.
Examples on how the links spread include:
• Direct messages that send a malicious link or file attachments
• Comments on threads or using popular hashtags while including malicious links
• Hacking user’s accounts to spread the attack to the victim’s contacts
How to Prevent It from Happening to You
What Not to Do
The more information you post, the more vulnerable you will become to attacks. To help you play it safe, here are a couple of things you should never share on social media.
• Phone Number- Although you might think you’re just innocently sharing with friends, social media hackers want your number, too. Obtaining a target’s phone number provides an attacker with a platform to obtain additional information about the user targeted and to launch further attacks against the user. Hackers might also bypass security and use your phone number as a caller I.D. to send text messages that ask recipients to unknowingly click on a malware link.
• Check In’s- Checking in to your favorite places on Facebook, Foursquare, and Twitter might be fun, but is not the smartest choice. This will allow social media hackers know where you are — or where you are not. This information can also give social media hackers information to where you will likely be again, as well.
• Address- This should be a no-brainer but is a common thing people share on social media. To avoid burglars showing up at your home would be one reason not to share your home address on social media. Home addresses are also often used by financial institutions to verify your identity.
• Make sure that you set a unique password for each social network, so that if someone manages to access one of your profiles, they won’t automatically have access to all of them. Change your passwords three or four times a year, and always change them immediately if you feel like your account has been compromised.
• Sharing passwords is often overlooked. Several tools are available that allow you to enter passwords and share access via a web interface, without sharing access to the passwords themselves.
• Nearly all social networks have two-factor authentication features. When you attempt to login, a code will be sent to a separate device you have pre-registered, and you must then input that code to the login page. Hackers generally won’t have access to your device. Make sure your designated devices are up to date.