Social media users need the following information to avoid clicking on the wrong links and providing sensitive information.
As of January 2022, more than half of the world was using social media. Along with these platforms’ benefits are a growing range of cybersecurity risks.
According to Gary Gardiner, Head of Security Engineering, APAC and Japan, Check Point Software Technologies, social networks are one of the main targets of cybercriminals, and knowing their continually refined techniques is the only way to stay safe when participating in such digital social communities. “It is essential for us to alert users and warn them of the existing risks so that they remain safe from any type of attack through these platforms,” he said.
The top four risks are:
- Excessive and indiscriminate sharing of personal information: Cybercriminals are looking to steal every morsel of seemingly unimportant personal information from various sources to build a digital profile of social media users. With this data, they can then launch multiple targeted phishing campaigns to steal more data or digital funds. Also, most people will use the same login credentials for the different social media platforms they use, so stealing credentials from just one social network will enable hackers to gain access to all other social media accounts.
- Best practice: Do not share personal data publicly, limit access to your stories and adventures to only trusted friends. Be sure to use different hard-to-guess passphrases (and change them regularly) to minimize the damage if you were to become the victim of an attack.
- Unsolicited password reset emails: If you get an email citing some fake incident involving your account and urgently demanding that you change your password, or an email that simply informs you that your password-change request link (which you did not ask for) is ready, your first impulse is to click on the link and reset. This is dangerous, as it can give cybercriminals access to your entire account.
- Best practice: Report the email as a phishing attack and never click on any links even if you do not suspect the email is fraudulent. In case the action required (such as changing your password) is something you wish to proceed with, you should go directly to the social media platform’s page (remember, do not click on any links in the email) and renew your password from there. This applies to all other social media accounts and in fact, every service or website you use.
- Fake links galore—to lure you to misery: Clicking on just one malicious link takes only a second, but it can lead to a lifetime of online regret. Cybercriminals often use legitimate-looking links (URLs) that lure victims to equally realistic-looking malicious sites. These links can come in the form of an innocent looking email or SMS message, a naggy popup advertisement, an unsolicited social media message from a stranger, or even messages from social media contacts whose accounts have been hacked.
- Best practice: Treat every URL as a potential booby trap.If the link is from a contactable source, make sure to confirm that it was sent by that person, and that the link is aboveboard. If this is not possible, use a separate browser to visit the link’s domain and search for the page related to what you need to view. As always, all your connected devices should be protected by antivirus/antimalware solutions that monitor your online safety. Should you still end up clicking on a malicious link, such solutions may be able to detect any suspicious activities initiated by malicious scripts on the web page.
- Deepfakes, spoofed messages and URLs: Using a variety of spoofed text (consisting of Unicode glyphs that resemble ordinary ASCII alphabets), deepfake voice messages, blogs and video clips, hackers on social media networks can convince a target to do something such as click on a legitimate-looking link or log in to something they think is their bank account or online gaming service. In some cases, even the most cautious users have fallen for such increasingly sophisticated multi-stage phishing attempts.
- Best practice: To avoid falling for these scams, it is important to check the URLs that you click on, making sure that the website you are redirected to has an SSL security certificate. If it does, you will see the letter “s” in the address bar. So, it should read: https://. This technology protects any confidential information sent between two systems and prevents cybercriminals from being able to access the data being transferred, including information that could be considered personal. In the case of deepfake videos and business email compromises, the usual precautions apply.
In the event that users aware of these top four social media threats still end up getting tricked into visiting malicious websites, there is still hope, if they have installed strong threat detection measures in their operating system. Anything that requires you to enter any account user name and password can still be thwarted at this stage, if you will just remain calm and double check the online safety checklists to make sure you are protected.
