2 Major Social Media Security Threats (and 3 Prevention Tips)

Social Media Social Networking Connection Global Concept

It seems legit.

It’s an official-looking message from a social media network. There’s been a security breach (hey, they’re in the news). The company suggests users switch to a stronger password, ASAP. No one wants their Twitter hacked or credit card information stolen from Facebook, right?

The fear of being hacked or scammed runs strong on the internet. Social media, then, becomes a soft target for cybercrime. Why?

It’s the social aspect. Of the 1.6 billion social network members worldwide, a handful will join your friends list. Social media allows us to track neighbors’ political leanings and our former in-laws’ meme collections. Content shared on such platforms have something in common:

It all comes from ‘friends.’

Really, though? The fact that a link came from a high school crush we still pine for doesn’t mean a thing for security clearance. When you’re browsing social media, question everybody and everything – even that invite your mom shared. Maybe especially if it’s from your mom.

Maybe especially if it’s official-looking.

What’s the damage?

There’s more than one way to jack an account, the least of which is social spam. Ever seen comments that say nothing related to the topic (lose 10 pounds in 10 minutes! on a post about mortgage refinancing or political rants)? That’s what we mean.

Check out these two threats worse than social spamming.

LIFE JACKERS

These guys don’t have a life, so they steal yours. Lifejacking is a dysfunctional cousin of clickjacking, and often leads to identity theft. It’s a platform to social spam your feed, propagate hoaxes and spread viruses.

How’s it done?

Life-jack artists can unleash malicious code through something as innocuous as a like button. A post with a malicious link gets posted to your page, where your friends could click on it and continue the cycle.

What’s the trick?

Lifejackers serve up an offer too good to pass up. Be wary of free gift cards for coffee joints and bulk-shopping warehouses. Watch out for calls for donations to feed starving kids/puppies as well as outrageous headlines.

What’s the cure?

There’s no substitute for healthy skepticism. Could someone win a $200 gift card just for filling out a survey? Probably not. Vet the posts you read on social media with a watchful eye, in case your contacts don’t.

PHISHERS

We’re not talking the catch-and-release type, either. Phishers pose as people or organizations you trust, sending email or social media messages that request credit card numbers, passwords, and other personal information.

How’s it done?

Phishing messages rouse a sense of urgency, prompting their victims to click links, enter pop-up windows, or download files.

What’s the trick?

A phishing message can look like a serious email from Twitter/your bank/your favorite online marketplace. Phishers can even replicate logos. Most even include an unsubscribe link and physical address for authenticity. Phishers gain access to your data to make unauthorized purchases. Identity theft is another possibility, if they gain access to social security numbers.

Phishers install malware on your computer to victimize your contacts list. It can be a nightmare to track down every aspect of your financial life if you’ve been phished. SC Magazine, a website for security professionals, estimated in 2015 phishing scams costs businesses $3.7 million annually.

What’s the cure?

Banks and social media platforms will never ask for personal data via email or private message. Direct your cursor over a link without clicking to preview the destination URL. If the link isn’t affiliated with the official company, delete the message.

3 ways to protect all accounts

CAUTION WHILE FRIENDING | People rack up friends and contacts on social media – it’s kind of addictive. It’s also tougher to manage a tribe of posters and interactors that might as well be strangers.

LOCK DOWN THAT CELL PHONE | No one wants to remember 17 passwords for all accounts and apps. Set a passcode for the phone. Stay logged into all the accounts while protecting your phone’s integrity. A mobile phone passcode you protect keeps unauthorized users from accessing accounts on your device.

SLOW YOUR SHARING ROLL | Share nearly every move online? There’s glory in knowing friends wish they were in Maui, too. But therein lie riches for crooks in knowing you’re away from home for two weeks, too.

That’s a home-security issue, but it also signals to potential hackers that you might not be monitoring all your accounts while you’re away.

Sources:

https://www.statista.com/markets/424/topic/540/social-media-user-generated-content/

http://whatis.techtarget.com/definition/likejackingll

https://www.owasp.org/index.php/Clickjacking

https://kb.iu.edu/d/arsf

http://www.scmagazine.com/report-phishing-costs-average-organization-37-million-per-year/article/435037/