Using social media is not as innocent as it looks. There are several security and privacy risks lurking around the corner. It's important to be on your guard. In this post I'll give you some advice that can help you to stay out of trouble on social media.
Secure your social media user accounts
Make sure that you create strong passwords and enable multi-factor authentication for your social media accounts. Also be aware of the security risks of third party apps that you give access to your social media accounts.
When your social media account or a third party app you've given access to it is hacked, the attackers can post on your behalf. This might cause reputational damage. But the attackers could also start spreading malicous links via your account, for instance to try to infect your social media connections with malware.
Think about what you post on social media.
It sounds simple, don't post anything that puts your security or privacy at risk. But in reality I see that a lot of people make mistakes against this all the time.
Like I described in this post, sharing personal information like VISA card details is not particularly clever and can bring you into problems. Even without sharing the CVV on the back of the card.
The same applies for your date of birth. A lot of people don't see any harm in sharing this with the world. But unfortunately your date of birth can be abused by criminals in many ways.
Like The Telegraph puts it:
Fraudsters need just three key bits of information to steal your identity and access your accounts, take out loans, credit cards, mobile phones in your name.
It's risky to share your location on social media. That's why you should disable location information for your social media accounts. For instance on Twitter you can manage location information via this link.
Facebook has a feature that shares your location with nearby friends. This article explains how you can disable that feature. As we will see in the next section, your friends on Facebook might be criminals that tricked you into adding them as friends.
But what with apps that use your location as a feature? Like FourSquare, a social game that's build around people checking in at public places. When you use FourSquare, you not only reveal your current location. People that want to can look for recurring patterns. When burglars know you check in at the same restaurant every wednesday evening, this probably is the ideal moment for them to pay you a visit.
You'll face the same risk if you post pictures when you are on holiday. Instead of sharing them with everyone it's a better idea to wait until your back home or send them directly to your friends or family.
Don't fall for social media scams
Scams are very common on social media and they exist in various forms. I'm going to list a few of them here to give you an idea how they work and how you can recognize common patterns.
Fake Facebook friend requests
If you get a friend request on Facebook from someone you don't know it's better not to accept it, because:
- This might be a scam and your online security and privacy might be in danger
- By accepting unknown people as a friend they can see all your profile information and even information about your friends. They can abuse this information to scam you and your friends
If you have accepted a friend request from an unknown person the following things might happen:
- The person starts asking you for personal, even sensitive, information. Never give it.
- They will ask you for money after a while. Never send someone you don't know money. Even if someone you know asks for money via Facebook (or any other social medium) don't send it. The account of your Facebook friend might be hacked. In case of doubt call your friend to verify if this request is legit.
- They might send you strange links that contain viruses or other malware.
Another known scam on Facebook is a friend request from someone that you're already friends with. This should be a red alert, if you are already friends with someone it's highly unlikely they will add you again. Just don't accept this request. And again, in case of doubt call your friend to verify if the invite is legit.
Twitter scams almost always work in the same way and are very recognizable.
- You get a DM (often from a sexy looking lady)
- The twitter handle ends with a random number. In this case @jenny11143608
- The bio contains language and grammar errors.
- The accounts are recently created. This is common in a lot of scams by the way. The reason is that these profiles get reported and blocked and mostly don't have a very long lifetime.
- When you accept the conversation request they will always try to get either personal information or ask for money. If you read the above Twitter thread you will see that Jenny asked for iTunes gift cards.
Be careful for fake ads on social media. A fairly recent example are Facebook pages that launch fake news about TV personalities.
One of these scams works as follows. A fake post says that a female TV personality is fired because she used skin care products from her own line of beauty products instead of the ones the television channel wanted her to use. The post links to the webshop were the fake beauty products can be bought.
But these fake ads come in many forms. Remember that it's always safer to buy from trusted stores or webshops and offers that are too good to be true mostly just aren't true.
Secure your social media accounts and think about what you post and what you might reveal by doing so. Be careful, scams are very prevalent on the different social media platforms.
That's all for today. Tomorrow episode 28 of my security awareness journey. In the meantime stay safe online!