Security Awareness and Social Media


Facebook. Twitter. Instagram. LinkedIn. Pinterest.

Whatever your flavor of social media, there’s a lot of content out there vying for your attention. In this time of social distancing, having that outlet is a blessing…and a curse. For every fun pet picture, amusing anecdote, and entertaining meme you find, there’s something darker and more subtle waiting in your news feed.

No, we are not suggesting that you stop using social media. This is about awareness, in the much same way we discuss Phishing in association with email.

And we’re going to start with the most successful way for hackers to steal your password and identity.

Quizzes

I’m sure you see them every day.

  • How well do you know me?
  • Fun facts you might not know about me.
  • Personality tests.
  • What TV/Movie character are you?

What’s more mind boggling than the proliferation of these online quizzes is the number of people who take and share them. Security experts estimate that more than 75% of these tests are designed by hackers with the sole purpose of asking seemingly silly or meaningless questions, that can then be used to successfully guess passwords and answer security questions. In fact, many of the questions included in these quizzes are taken directly from the security questions used by the government, financial institutions, and retail websites.

On the dark web, every piece of personal information has a dollar value and every time someone takes one of these online quizzes, they are sending their information to hackers. What’s worse, social media is proving that all the hackers have to do is package personal questions in a fun way, and people are more than willing to just hand over this information.

While it’s true that not all social media quizzes are being used for data collection, enough of them are that it’s better to be skeptical and avoid them altogether. Beyond that, if you’ve taken any of these quizzes, you should go back and delete them off your timeline.

Fake Friend Requests

A favorite ongoing activity for hackers is to steal images and create fake profiles.

Stealing images off of a social media platform is a lot easier than you might think. In addition to the right click, save image as option available in most web browsers, screen captures are growing increasingly easier on computers and mobile devices. Anyone can create a social media account with a valid email address, and with a lot of people having similar names, creating a passable email address is not exactly challenging. Add a stolen picture and you have a fake profile.

From there its just a matter of sending invites to friends and coworkers.

Let’s face it, we love to talk about our lives – Family. Work. Traffic. Getting through another day of the quarantine without chewing an arm off. We reveal all kinds of things about ourselves that hackers can use without realizing it. If you have already adjusted your privacy and security settings to make sure that your ramblings are available only to friends (which you absolutely should if you haven’t), then you’re safe right?

You are, unless you accept an invite from a fake friend. Accepting that fake friend request opens your entire timeline or feed – and your friends – to the hackers. This is why they go to the trouble of creating fake profiles and sending out the friend requests.

Before you accept friend requests:

  • Check to make sure you’re not already friends
  • From within the social media platform, do a search for the person who sent the friend request, if there are duplicate profiles, you should be able to tell which one is fake
  • Look at the profile – is there anything in their timeline? Do they have any pictures posted? Is the About section blank?
  • If something looks phishy (<–see what I did there), ignore the friend request, report it, or reach out to the person in a different way

Fake friend requests rely on people not paying attention and blindly accepting invites. Be aware and watch out for yourself and your online friends.

Share Wisely

We all know that social media is full of fake news, no matter what side of whatever fence you stand behind. Add to that the extremists, conspirators, and hackers, and now we have false, misleading, or nefarious links posted all over the place.

Many people assume that if a friend is sharing it, that it must be trustworthy.

This could not be further from the truth.

Most people share things because it resonates with them on some level, positively or negatively. Hackers have made a living by posting blatantly false information embedded with malicious links just to get people to comment, click, and share. Social media platforms are doing more now than ever before to limit this, but it takes time to catch everything, and that little bit of time is all they need to wreak havoc on someone’s life.

Before sharing anything:

  • Hover over the link to see where it really leads, and if it looks phishy, leave it alone or report it
  • If anything prompts you to download or install an app or file, cancel immediately and stay away
  • Watch out for brand impersonators, it might have the logo for ABC News, FOX News, or whatever, but that doesn’t mean its really them
  • Pay attention to who you follow, if they share suspicious links, they’re potentially exposing you to social media scams
  • Above all, be careful about what you click on, and don’t believe everything you read – if it looks suspicious or too good to be true, it is

When it comes to security, awareness is key – in email, on social media, walking down the road. Keep your eyes open, remain alert, and stay safe.