On April 10, co-founder and CEO of Facebook Mark Zuckerberg testified before US Congress for the first time, answering questions related to the social network’s latest data breach, which affected the personal information of 87 million of its users. But Facebook and other social networks are not only a threat to our privacy—they are a massive cybersecurity challenge and the perfect breeding ground for criminal activity, as we explain in this article.
According to Thycotic’s annual survey titled “Employee Social Network Password Practices a Major Workplace Risk,” 50 percent of the survey participants haven’t changed their social media passwords for at least a year, and 20 percent have never changed their social media passwords at all. The numbers are especially alarming considering that the survey studied the habits of security professionals—not regular users.
A compromised social media password can be used to gain access to other online accounts, and it also allows cybercriminals to exploit the associated user account for social engineering purposes, as we explain in the next chapter.
Spear phishing is like traditional phishing, the attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication, except that it is targeted toward a specific individual or organization. Data from Proofpoint’s recent security report indicates that social engineering experienced a rise of 150 percent last year alone, with social networks being the main driving force of this growth.
Even when cybercriminals are unable to compromise someone’s account and use to it attack the person’s friends, they can still easily pose as a friend of a friend to gain trust and credibility. This makes it much easier for cybercriminals to manipulate people into divulging personal information and sometimes even money.
Brand fraud is a kind of phishing that is extremely easy to execute yet very effective. Cybercriminals simply create fake social media accounts, attempting to impersonate well-known brands. From there, they can just sit and wait for people to come seeking customer support and persuade the unknowing individuals to share their personal information, including passwords, social security or credit card numbers, and more.
It may take days and even weeks for a real brand to notice the activity of the fake social media accounts that pretend to be associated with it. When that finally happens, the brand’s reputation may already be irreparably damaged.
Because social networks surround their users with friends and content from people and companies they trust and want to follow, most social media users tend to let their guard down when clicking on outbound links and downloading various attachments.
Cybercriminals are well aware of this, and they use it to their advantage, which is evident from the steep rise of ransomware, a type of malicious software that threatens block access to data unless a ransom is paid, and the fact that ransomware represented roughly 60 percent of malware payloads last year.
How to Stay Safe on Social Media
Despite the numerous challenges presented by social media, it is still entirely possible to be both safe and social at the same time. The key is to strictly adhere to basic social media security practices:
- Strong password: Long passwords consisting of letters, numbers, and special characters make it virtually impossible for cybercriminals to brute force their way into an account.
- Two-factor authentication: Adding another layer of security in addition to a password significantly reduces the risk of a successful hack.
- Clicking with caution: Anyone can share anything on social media, and, as such, it is paramount to pay attention and never click without caution.
- Personal information: Revealing sensitive personal information, such as home address, phone number, or date of birth, makes it easier for cybercriminals to commit identity
- Privacy settings: Privacy and security settings make it possible to control who can see what on social media, and they should be used to their full extent to keep phishers at bay.
Social media networks pose many cybersecurity risks for individual users and companies alike. Unfortunately, there is not any all-encompassing approach how to stay safe online and use social media at the same time. Users need to adhere to best security practices and be mindful of the unique attack vectors that exist on social media networks.