How to stay safe on social media?

 
 Social media has become an integrated part of our lives as we are using it more and more for personal reasons but also for business reasons. It's not rare that we access social media from our personal devices but also from our business ones. And it isn't rare that we are accessing social media accounts at work, especially in areas like marketing, public relations.

Although many of you may think that the only thing worth protecting on social media is privacy, things are a little more complicated, as increasingly, people give privacy up willingly and consciously. According to 2013 Cisco Connected World Technology Report 91% of generation Y employees believe the "age of privacy" is over, and one third of them are not worried about their personal data being stored by private companies or government agencies, as they are willing to sacrifice personal information for socialization online. As a matter of fact, many generation Y employees globally said they feel more comfortable sharing personal information with online retail stores than with their own company IT departments.Indeed, we could easily presume, based on these findings, that the Y's are more likely to weaken the cyber security in corporate environments by their excessive sharing attitude.
 
As cyber security touches every topic related to technology and the attackers usually go where the masses are, social media seems to be the perfect place for hackers to get their job done. A lot of personal information is exchanged through social media. Moreover, we often use social media accounts to access other services, so peeping into your social media account might seem like a good opportunity for the attackers.

Even though the age of privacy might be over for some of us, although I don't entirely agree with this statement, cyber security on social media is much more than privacy, as I am trying to argue further on. Cisco 2013 Annual Security Report mentions that "the highest concentration of online security threats are on mass audience sites, including social media", while "online advertisements are 182 times more likely to deliver malicious content than pornography sites". Users spending time on social media are very likely to click links that come from trusted friends, from friends of the friends or just links that they see on their timelines/walls. According to an article on heimdalsecurity.com "because social media users usually trust their circles of online friends. [...] more than 600.000 Facebook accounts are compromised every single day!" Also, 1 in 10 social media users said they’ve been a victim of a cyber attack and the numbers are on the rise.

Therefore, I will try to be of use and present a useful classification of the types of attacks targeting social media and explain their potential impact on the user:

1. Victim's manual sharing – this type of threat actually comes from a "friend" that just got infected and unknowingly posted on his friends' walls some malicious content (fake offers, intriguing videos, viruses etc.).
2. Fake Offering – a scam used to invite users to join fake pages and presumably be rewarded with fake gifts. Joining usually requires giving up the credentials or sending an SMS to an overcharged number.
3. Likejacking – users are tricked into clicking fake Like buttons that may install malware and further spread by posting malicious links on the victim's wall.
4. Fake Apps – sometimes malicious content comes in the form of a fake app that appears to be integrated for use with a social network, but it's only used for harvesting personal data or infect devices with malware.
5. Comment Jacking – the attacker tricks the user into submitting a comment about a link or site, which will then be posted to his/her wall.
6. Phishing - an old technique brought to live by social media; an attempt to collect personal information through a fake post or tweet that impersonates a trustworthy entity.
7. Social spam: unwanted content that can appear in many forms, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends etc. 

Whatever the type of the attack, results are pretty much the same: your personal data are compromised, you are helping somebody promote some suspicious activities by sharing and liking, you get infected with other malware that can further compromise your computer/device. As you may notice in the graph on the left (source: Internet Security Threat Report, Internet Report Volume 21, April 2016) using the victim's social network for spreading the scam by manual sharing seems to be the preferred method for hackers.

What can you do to protect yourself from these types of attacks?

1. If you are an individual

• Don't click on suspicious posts, especially when they contain links.
• Always verify the source and whether or not the message might have been sent unwillingly.
• Pay attention to what you post and upload, never post sensitive information.
• Choose your friends with care and do not accept friend requests from people you do not know.
• Protect your work environment and avoid reputation risk.
• Protect your privacy online by permanently checking the privacy settings offered by the platforms. Here's a little tutorial on this: http://www.techlicious.com/tip/complete-guide-to-facebook-privacy-settings/
• Always report abusive content as this will help you and others.
• Always do some reading (of this blog for example) and be aware of the types of threats targeting different social media platforms.
• Install anti malware solution that are capable of protecting you from social media threats.

Although many antivirus producers offer special social network modules, one of the main technical capabilities of such a solution should be to scan all links that are shared on your profile. Identifying phishing sites is also an important feature. Of course the solution must be non-intrusive and (computing) resource friendly. You can find a detailed review of the suitable solutions here.

2. If you are a company

• Develop a social media policy and emphasize the importance of cyber security.
• Regularly educate your employees through awareness programs.
• Use cyber security solutions that are capable of protecting you from social media threats.

All in all, I would sum up by saying that defending your privacy is not enough to stay safe on social media. Stay skeptical and beware of the risks! Let us know if you found this post useful and if you want more posts like this.


References:

1) This article was edited using considerable input from Internet Security Threat Report, Internet Report Volume 21, April 2016.