20 September 2017
Risc News

Social media has, without a shadow of a doubt, become central to our way of life. And yet, while millions use these platforms on a daily basis, they are not without their pitfalls. In particular, online privacy and information security constantly come under the spotlight.

Anyone – regardless of age or expertise – can fall victim to one of the above attacks, as Facebook’s CEO Mark Zuckerberg found out in June 2016 when his Twitter and Pinterest credentials were compromised. The group responsible for this, which goes by the name OurMine, claimed that Mr. Zuckerberg’s error was in reusing passwords, which were discovered amidst the trove of information exposed via a previous LinkedIn data breach.

Incidents like this are on the rise – the numbers speak for themselves. In recent years, there have been high-profile attacks on LinkedIn (resulting in over 100 million emails and passwords being posted online), Myspace (a data breach affecting 360 million users) and Tumblr (65 million people affected). Individually, the information stolen in each attack might not be significant, but with so many breaches, hackers are able to pool data together, as was seen in the Dark Web archive exposure recently. 1.4 billion credentials were found in clear text, with the most recent update being the end of November 2016. This means that the archive is being added to as new data is exposed. It’s likely that all this data was pooled together from different breaches, creating a comprehensive list of personal profiles and confidential info. With all of this in mind, let’s look at the ways you can avoid falling victim to online attacks, and how you can boost your social media security.

Manage Passwords and Adopt Phrases

The problem with most compromises is that people use weak passwords (123456 is the most common) or – worse still – they use the same passwords time and time again.

Cybercriminals today can break these passwords easily and quickly, with brute force and dictionary attacks that are able to crack even lengthy passwords in a matter of minutes. Then there are keylogger attacks, where malware secretly installed on your machine can quietly gather passwords without the user knowing. This was seen recently with the HP keylogger bug. Fortunately, this bug has not been found to be malicious, but demonstrates how easily bugs can go undetected.

You can bolster security in this area by using a password manager, which can generate new passwords and store existing ones (as well as your credit card details if needed).

Invest in Two-Factor Authentication

Two-factor authentication (2FA) has been known to be a good additional security measure for a number of years now. In essence, 2FA pushes you to enter a secondary piece of information to access an account, meaning that you’re not compromised if a password has been lost or stolen.

“Two-factor systems are far more secure than passwords – many high-profile hacks, such as those against the Twitter accounts of media organisations last year, could not have happened if a 2FA system had been in place,” a WeLiveSecurity article noted. “Even if an attacker places malware on a PC and steals a password, the attacker is still locked out.”

Check Emails for Suspicious Login Attempts

Facebook and Twitter are improving their information security practices, and are particularly good at alerting you when a possible intruder has tried to access your account. So keep a close eye on your email to see – and react – when you get that email.

Most social media accounts will block suspicious attempts to log in, and will immediately ask you to change your password. You should look to do this as soon as possible, so that you minimize any opportunity a cybercriminal may have in exploiting your account and your personal details.

Beware of Suspicious Links

While you may trust your social media platform, the same can’t be said of the people who use it, nor can you be 100% confident that people are who they say they are. For that reason, you should be wary of opening links sent on the platform, especially if they’ve been shortened using Bitly or Hootsuite for example.

Equally, be cautious of links embedded in email messages supposedly from a social network provider, as well as links that appear to come from a trusted source. Be vigilant and, if you’re on a page that doesn’t feel right, close the browser tab without clicking any buttons on the page to avoid clickjacking attacks* and other such scams.

Instead, connect to the site directly by typing the URL into the address bar. It’s important to note that scams are rife and highly effective. Consider the Burger King/ WhatsApp scam from 2016 – the sense of urgency it creates is a clever ploy to win you over before you begin questioning the authenticity of the offer.

Be Privacy Conscious

It sounds obvious, but avoid putting potentially sensitive information about you or other people on social media. Be careful about your own privacy settings, as your page may be open to all viewers, regardless of whether they're a ‘friend’ or not. This public information could potentially be used to conduct identity fraud, with techniques like social engineering** used to exploit this information for financial gain.

*A Clickjacking attacking is when invisible hyperlinks are placed on a website. This means that users can accidentally click on a link and download malware for example, without realising.

**Social engineering is when criminals collate information about somebody to create a very convincing, personalised attack.