Sign up to our newsletter
Courtesy of Facebook, Twitter, Instagram and Snapchat – to name but a few – we are increasingly living digital lives, where we interact and engage with our friends and family online. Social media has, without a shadow of a doubt, become central to our way of life.
And yet, while millions use these platforms on a daily basis, they are not without their pitfalls. In particular, online privacy and information security constantly come under the spotlight, while online bullying and harassment can’t be ignored too.
Indeed, anyone – regardless of age or expertise – can fall victim to one of the above attacks, as Facebook’s CEO Mark Zuckerberg found out earlier this month when his Twitter and Pinterest credentials were compromised.
The group responsible for this, which goes by the name OurMine, claimed that Mr. Zuckerberg’s error was in reusing passwords, which were discovered amidst the trove of information exposed via the 2012 LinkedIn data breach.
Incidents like this are on the rise – the numbers speak for themselves. In recent months, there have been high-profile attacks on LinkedIn (resulting in over 100 million emails and passwords being posted online), Myspace (a data breach affecting 360 million users) and Tumblr (65 million people affected). And frankly, who knows truly how many more social media accounts have already been compromised?
With all of this in mind, we looked at the ways you can avoid falling victim to social media attacks, and how you can boost your social media security in time for Social Media Day on 30th June.
The problem with most compromises is that people continue to use weak passwords (123456 is the most common) or – worse still – they use the same passwords time and time again.
Cybercriminals today can break these passwords easily and quickly, with brute force and dictionary attacks that are able to crack even lengthy passwords in a matter of seconds or minutes. Then there are keylogger attacks, where malware secretly installed on your machine can quietly gather passwords without the user knowing.
You can bolster security in this area by using a password manager, which can generate new passwords and store existing ones (as well as your credit card details if needed).
Fortunately, technology companies like Google are also making improvements in this area, forcing users to make their passwords stronger, while caching these passwords with autofill so they don’t have to constantly remember what that password is.
Lastly, you can make a huge difference by opting for passphrases, which are miles better than a password. Moreover, they are easy to implement, and, of course, remember.
Two-factor authentication (2FA) has been promoted as a good additional security measure for a number of years now, but is, as of late, gaining widespread popularity. In essence, 2FA pushes you to enter a secondary piece of information to access an account, meaning that you’re not compromised if a password or PIN has been lost or stolen.
“Two-factor systems are far more secure than passwords – many high-profile hacks, such as those against the Twitter accounts of media organizations last year, could not have happened if a 2FA system had been in place,” a WeLiveSecurity article noted. “Even if an attacker places malware on a PC and steals a password, the attacker is still locked out.”
Facebook and Twitter are improving their information security practices, and are particularly good at alerting you when a possible intruder has tried to access your account. So keep a close eye on your email to see – and react – when you get that email.
Most social media accounts will block suspicious attempts to log in, and will immediately ask you to change your password. You should look to do this as soon as possible, so that you minimize any opportunity a cybercriminal may have in exploiting your account and your personal details.
While you may trust your social media platform, the same can’t be said of the people who use it, nor can you be 100% confident that people are who they say they are. For that reason, you should be wary of opening links sent on the platform, especially if they’ve been shortened using e.g., Bitly or Hootsuite.
Equally, be cautious of links embedded in email messages supposedly from a social network provider, as well as links that appear to come from a trusted source. Be vigilant, extra careful even, and, if you’re on a page that doesn’t feel right, close the browser tab without clicking any buttons on the page to avoid clickjacking attacks and other such scams.
Instead, connect to the site directly by typing the URL into the addressbar or by using a bookmark. It’s important to note that scams are rife and highly effective. Consider the Burger King WhatsApp racket – the sense of urgency it creates is a clever ploy to win you over before you begin questioning the authenticity of the offer.
It sounds obvious, but avoid putting potentially sensitive information about you or other people on social media. For example, some parents don’t like to mention the names of their children online, and so you should respect their privacy preferences.
This nicely brings us onto younger people and social media and how involved parents need to be. ESET’s David Harley has written a detailed piece on this, which goes a long way in addressing and highlighting some of the challenges.
You should also be careful about your own privacy settings, as your page may be open to all viewers, irrespective if they are a ‘friend’ or not. This public information could potentially be used to conduct identity fraud, with techniques like social engineering used to exploit this information for financial gain.
Author Editor, ESET