Social media has changed many things during its meteoric rise to fame. We now communicate and share with family and friends in a completely different manner than we have in the past and many of us use it extensively for business. However, with the rise of anything that proves to be popular comes those looking to exploit it for their own gain and social media is no exception.
Just as Windows is the most attacked operating system in the world, due to its popularity, and Android malware now accounts for 98% of all mobile infections, social media is a breeding ground for scams, spam, malware and phishing. Attacks on social take many forms; cybercriminals are aware of how lax many people are with passwords when creating accounts and of course take advantage of this. They also use malware known as trojans in order to capture login credentials and harvest passwords that users store in the browser.
Social Phishing Sites up by 123%
However, according to security vendor Symantec, “by far the simplest way to steal account details is with a well-crafted phishing attack”. Phishing is prevalent in all internet incarnations. Email is a big source, as are sites that are clones of popular sites created to capture financial and login information. Last year, it was found that the number of spoof social media sites increased by 123% on the previous year.
But what’s the harm? Even if cybercrooks manage to get into your social accounts, if you don’t keep any financial information records in there then the damage is minimal and it’s no big deal, right? Well, the damage that could potentially be done to your business aside for the moment, it is a big deal, yes. If you become infected with malware a lot of damage can be done to both you and others.
The Problem with Malware
Malware stand for malicious software and it has many forms, some of which is damaging and some that simply sits in the background stealing information or bandwidth (as it sends its contribution to a DDoS attack). It’s used extensively to steal information and financial details (and even cash) from targets as small as an individual and as large as a bank. Whilst it was the case last year that malware was appearing on social media sites which enticed users to click on infected links, new security measures on sites such as Facebook seem to have made this practice less prevalent, probably because scanners are better at picking these up. But it’s entirely possible for an account to be compromised and an infected link to be sent from a friend.
Phishing can be extremely sophisticated. Most of us now recognise the poorly constructed phishing mail that we get which purports to be from an ex-king in possession of millions of dollars, if they could only get someone to pay that pesky holding fee. But many people don’t recognise the good ones and these will often be so well constructed that they don’t hold the usual clues such as asking for login credentials. Instead, they take you through to a page that’s so well crafted to look like the original that it’s impossible to tell if it’s real or not at a glance. Often, a quick look at the address bar and the URL will be enough, as they don’t match that of the official site.
Protecting Your Account
On social media, as with any site, it’s wise to use a complex password made up of upper and lowercase letters and where you can symbols and numbers too. It’s also a good idea to not save passwords to your browser, but to use a password manager such as Last Pass instead. Browser add-ons such as these also allow you to generate complex passwords and store them, giving you a master password in the event that anything happens to your machine.
Whilst malware infected links might not be as prevalent as they once were, it’s also wise to avoid any headlines that could be considered to be ‘clickbait’. These use social engineering techniques to entice you to click on them. Popular ones include the ‘news’ that a celebrity has died, or claiming you’ll see something outrageous if you watch the video. These take you to an outside site which is generally either infected with malware or asks you to fill out a survey, which is designed for nothing more than to capture your details.
To avoid this:
- If you come across a big story, check trusted news channels first
- Never trust a headline that claims ‘you won’t believe what happened next’
- Remember that genuine market research firms don’t need to employ outright trickery to get you onto their surveys
Facebook has recently cracked down on click-bait articles, so these too are becoming less common. Click-bait isn’t just employed by cybercriminals, some sites use it as a way to get content shared – not recommended.
One of the biggest threats to business is spear phishing which works by gathering information on an individual in order to compromise their account, specifically. According to TechRadar Pro, social media has made it simple to collect lots of valuable information by collecting and assembling information that we post on social sites.
“By trawling the internet, cyber criminals can piece together information including date of birth, current responsibilities, previous jobs, education, phone numbers, personal information, likes and dislikes as well as personal and professional connections.”
They can also build up a profile of your current responsibilities within a company, be it yours or someone else’s and the contacts that you have with other companies, which can then also be used to send highly targeted email. Spear phishing is very convincing and it works by kidding you into thinking that the mail is genuine and from someone that you might know professionally.
Social media in itself doesn’t pose a threat to your business but human error often does. Most of the ways in which your accounts can be taken over can be put down to the user and a lack of knowledge when it comes to how big a risk threats might pose. By implementing strong passwords and taking care not to click through on suspicious links, it’s a simple matter to secure accounts. You should of course have antivirus software in place and this should have a link scanner that will block infected sites so that you can’t land on them. You should also use a password manager and ensure that your accounts are protected by two-factor authentication in order to further protect yourself. Carry out these actions and be vigilant and your account, financial details and business should remain safe.
And if you’re not sure just how internet and phishing savvy you are, why not try this quiz from OpenDNS and see if you can spot the fake, spoofed sites.