InfoSec Blog - Security Savvy Social Media!
July 27, 2018
Social media is fun, isn’t it? We are all aware of the good things about social media; we can stay in touch with our friends and family, share our views and opinions, and play games. But along with its immense popularity, social media also has a dark side.
There are approximately 2.6 billion active social media users today. This means that social media sites are attractive places for people with malicious intentions. Cybercriminals often use social media platforms to gather information, spread malware, and con people out of their money.
There are various methods used by cybercriminals to target, trick, and scam innocent social media users. Let’s have a look at few of these methods and ways you can protect yourself.
People asking for Help
Asking for help on social media is a popular scam. Using this method, cybercriminals try to trick you into believing that someone you know is in trouble and desperately needs money. Usually, this shows up as a message or post saying that your friend is on vacation in a foreign country, has lost their wallet and need you to send them money. Chances are that your friend never sent this request, and they might not even be aware that someone has hacked their account.
- Always think before acting. Contact your friend outside of social media (phone, text, email) to confirm the information.
- If you clicked any links or opened any attachments, scan your computer for malware to ensure you are not infected.
“Find out what Stars wars character are you”, “what does your birth date say about your future”, etc. etc. These sound like fun and innocent questions, but be careful as these might not be as benign as they appear.
The quiz could require you to click on a link to either enter some personal information or ask for your cell phone number. After you get your answer, for example, “congratulations you are Yoda”, you may have unwillingly subscribed to a dubious service which will make your next month’s phone bill skyrocket!
- Be wary of these bait and switch games while surfing on social media, and avoid taking these quizzes or surveys.
- Check out our previous blog post on this subject here - https://www.uoguelph.ca/ccs/infosec/NameGames
Romance and Identity Theft
Social media makes it easy to stay in touch with your friends and also to make new friends. But how do you know these people are who they say they are? Cybercriminals tend to make fake accounts, send you a friend request, win your confidence, and then try to abuse your trust. For example, you may receive a message from your new friend saying that they have landed themselves in trouble and need you to send them money. Or they might ask you to send them personal photos, ask you for a video call, or to send them your personal information (such as your driver license number, social insurance number, or banking PIN).
You should always be careful when you are dealing with a person you have only ever met online.
- Be very cautious with online-only friends and always be careful about what type of details you share with them.
- Be mindful of the pictures or videos you share with them as they can use them to blackmail you in future. Even pictures shared on SnapChat can be captured and stored for use later.
- When on a video chat, keep in mind that the other person might actually be recording you
- Never ever share your personal details such as driving license or social Insurance number on social media, even in a private chat.
URLs and ADS
Beware of links that you come across on social media. Cybercriminals commonly use URL shortening services (such as bit.ly and tinyurl.com) to hide the full URL to trick you. They may even add some information that would appear legit to you, such as using the words Twitter or Facebook in the URL. Clicking the link could take you to a site that will attempt to install malware on your device.
- Be very cautious of any links found on social media.
- Ensure your device has the up-to-date anti-malware software installed.
- Keep your device updated with the latest software updates.
- If you want to access a shortened URL, use a service such as http://wheredoesthislinkgo.com/ to see where the URL actually goes first.
We all think that we are too smart to fall for these scams, but remember that scammers are good at what they do and are skilled at tricking people. Be cautious on social media and stay safe!
Written by: Satnam Singh Deol (Cyber Security Analyst, CCS Information Security)