We love social media these days. Facebook, Snapchat, Twitter, LinkedIn, and many others can lead to lots of sharing and fun, but also carry significant risks. This is particularly true now that cybercriminals are collating data on you from multiple sources to use at a later date.
Anyone participating in a social network online assumes some risk of becoming a victim of a con artist.
It’s always important to remember that once you put something on the Internet, it is there… forever. It never disappears, you can’t completely remove it, and there is nothing preventing your connections from sharing. Once that happens, you lose control of it.
Pay attention to who wants to follow, friend, or share with you. Often cybercriminals will create a false profile to connect with people to learn about them, bring them into confidence, and then scam them. This may come in the form of attachments or links passed on once you are “friends” with that person. It may come in personal requests, such as asking you to send money or even gift cards to help with an emergency.
Any information found on the Internet may be used against you for nefarious purposes, so post wisely. And just because you use the highest privacy settings, doesn’t mean you are safe. Hackers troll social networking sites to build an information profile on you. This information may be used to scam you online or offline. For example, if you work with financials in your company and you share that on social media, you could be targeted for wire transfer fraud.
All of this may not only put you in physical danger, but it may also be used to create email phishing messages from “you” to your personal and professional contacts. These email messages could contain a seemingly innocent link or attachment that could unleash nasty malware on their computer or network.
A common site used by criminals is LinkedIn. This social networking site is a great way to form business relationships, but criminals use it to learn more about an organization’s personnel. For example, LinkedIn can provide a would-be criminal with the employee names, job title, responsibilities, and even how long an employee has worked at the organization. This information can then be used by criminals to target “high risk” employees or even be used as part of a larger social engineering campaign.
Because all this information is now available to the public, you need to be even more diligent in detecting potentially malicious activity. From suspicious emails to phone calls, just because a person contacting you knows some personal information about you, does not mean they can be trusted. Don’t be tricked into giving out even more information or opening links and attachments contained in emails. Always do an independent verification before disclosing any personal or sensitive details about yourself or your organization.
Be intentional about how you use social media and how much information you want to share. Even if you think it’s just your “village” seeing the information, the reality is that it isn’t. It’s everyone, everywhere.
Generally speaking, there are two ways in which cybercriminals use social engineering to exploit social networks.
1. Attempting to get someone to install software on a computer or phone that will give them access to that device.
2. Gain someone’s trust in order to exploit personal connections and manipulate people through the social network.
People are the weakest link in cybersecurity, and the savvy hacker will take advantage whenever possible. Following are a few tips to help you avoid becoming a victim of either of these:
- Always use the strongest security settings possible on social media sites. For example, don’t share your location. Limit access to your information. Make your posts viewable to friends only, not everybody.
- Don’t post personally identifiable information on social networking sites. This includes your birth date, phone number, and address.
- If you use your smart phone to post photos to your social networking sites, turn off location services for your camera. It would be a great time for someone to break into your home knowing you are out of the country.
- Be aware of unsolicited contact from strangers. Hackers may use social engineering tactics to convince you they need money, but they may use you to spread malware. It’s reasonably easy for criminals to spoof (impersonate) your email address and target your friends, colleagues, and contacts to click malicious links. These people are more likely to click a link if they trust the one posting it.
- With the increase in popularity of private messaging services within social media sites, such as Facebook Messenger, watch for private messages that include only a link, or have a vague description of what the link may contain. As an example, “Bob, is this you?” Contained in the link was malware.
- If a deal sounds too good to be true, it probably is. Cybercriminals use popular events and trends to bait people to open infected email, visit infected websites, donate to fake charities, or purchase items that either don’t exist or that are counterfeit. Recently, someone impersonated Robert Downey Jr. and scammed people by “personally” asking them to donate to his favorite charity. Other stars were used in similar scams such as Brad Paisley, Hugh Jackman, and Elton John. All had to send pleas out to fans not to fall for it.
- Change your social networking passwords often. Studies have shown that 53% of social media users have not changed their passwords in over a year and 20% had never changed them. It’s recommended to do it quarterly, and when doing so, don’t reuse one that you use on another site.
Always use caution when participating in social networks. They can be fun and useful but use good judgment and common sense when participating, so you or your employer don’t become the next victim of fraud or identity theft.
