How to Protect Yourself on Social Media Platforms

Social media enables people to communicate, share, and seek information at an accelerated rate. In recent years, social media became the pinnacle of news consumption through its rapid dissemination, low costs, and its accessibility to consumers worldwide. Often breaking and sensitive news is first made available on social media. Whether the information is fact-checked or not, it disseminates around the globe within minutes. Social media allows users to exchange thoughts and ideas with people from corners of the worlds they might not have visited, enables strangers to collaborate and positively impact our collective society, and increase awareness to help grow our businesses and communities. However, social media is a double-edged sword, for all the good we intend to accomplish, social media is also an adversary breeding ground for subverting social media use for their illicit gain.

We also recommend getting more information on Data Privacy and security from different sources.  Cybersecurity is a growing field and can be a very rewarding and lucrative career for anyone interested. We recommend signing up for online courses offered by Udacity like the one that can be found linked here.

By signing up for Udacity’s online course, you can gain some of the wonderful benefits listed below:

• Udacity’s courses are taught by leading professionals in the space.
• They offer a comprehensive course load and resume-building skills and activities.
• The courses can be completed in one month or less.
• Udacity provides a data privacy checklist to utilize in future projects.
• Udacity provides industry-best practices that help you stand out from the competition.
• The average data privacy manager makes $121,800!

Quick dissemination and viral posts allow adversaries to spread misinformation and “fake news” through deepfake accounts, bots, big data, and trolls to create circumstances to benefit their agendas. Misinformation campaigns are stories presented as if they are legitimate. In 2016, “fake news” emanated on social media as the deliberate presentation of typically misleading or false news claims. Deepfakes evolved over the past couple of years as a subset of Artificial Intelligence (AI) that leverages neural networks to manipulate videos and photos while maintaining an authentic presence.

Deepfake video (right side) of Robert de Niro from iFake in The Irishman: https://www.youtube.com/watch?v=dyRvbFhknRc

To identify misinformation and check against deepfakes, users can scrutinize and exercise skepticism when reading about divisive and emotionally charged topics; verify the information or claims online through reliable sources; search for additional social media accounts for the person to verify their identity, and inspect the content posted. For example, many adversaries push an old image out of context to fit their current narrative. Users can reverse image search to verify if the image was previously posted from a different story. Lastly, if a user identifies what they believe is information, the following social media platforms have options to report posts and accounts to reduce the spread of false information: Facebook, Instagram, LinkedIn, TikTok, Twitter, WhatsApp, and YouTube.

Phishing & Scams

Phishing scams are one of the most common forms of social engineering tactics used by adversaries to fraudulently acquire a recipient’s personally identifiable information (PII). Examples of PII include credit card and bank account numbers, debit card PINs, and account credentials. Phishing emails often include a malicious attachment or link, and the sender may appear to be legitimate, coming from a recognizable or reputable contact – whether it is the recipient’s bank, phone company, a frequented store, or even a friend or coworker.

Phishing can also take place on social media platforms such as Facebook, Instagram, Twitter, and LinkedIn through posted links or direct messages. Adversaries utilize hidden or shortened URLs to masquerade malicious URLs and leverage clickbait content to entice users to click a link. It’s important to properly manage your privacy settings on these platforms to provide minimal personal information on your profile and to utilize Multi-Factor Authentication (MFA) to reduce the risk of adversaries from successfully taking over your account.

Ways to identify phishing emails or messages can include links/attachments, poor spelling, and grammar, threats requiring a false sense of urgency, spoofed websites, domains, or company logos and imagery. To prevent becoming a victim of phishing, avoid clicking a link if it doesn’t match the proper address of the purported sender and if an email looks suspicious, forward it to your IT Security team for verification and block the sender and send the email to spam.

Malware

Adversaries treat social media as a golden opportunity to spread malware to unsuspecting individuals. Links from untrusted or unsolicited social media accounts, profiles, and messages can be boobytrapped to deliver malware to your devices. As such, malware poses a serious threat that homes, businesses (of all sizes), and individuals. The following are common types of computer and mobile malware:

• Virus – Malicious code designed to harm or interrupt confidentially, integrity, and availability of computing and mobile devices. Viruses require human interaction, such as downloading unverified applications and programs from the internet or clicking links from untrusted sources to initiate.
• Worms – Take advantage of weaknesses and vulnerabilities in a system to self-replicate and automatically infect other systems without human intervention.
• Spyware – Monitors devices to collect and transmit information about your activities and data – usually without your knowledge or consent.
• Adware – Similar to spyware, which its often installed without your knowledge or consent, adware is designed to interrupt expected device usage to display ads.
• Ransomware – Designed to encrypt your data without your consent and knowledge of the decryption keys. Once decrypted, you are contacted to pay a ransom to regain access to your data.

Protecting yourself from malware on social media requires constant diligence. Here are a few tips:

• Leveraging and updating your anti-virus/endpoint protection software
• Install reputable security applications on your mobile devices
• Always keep your browser and applications updated
• Be wary of applications and links from untrusted or unsolicited sources
• Use hard token (such as FIDO based keys) or soft token (such as Google Authenticator wherever possible
• Backup your data
• Utilize online courses to stay up to speed on tech trends!

Account Takeovers
Sharing photos with the latest filters, commenting on current events, or keeping in touch with friends and family can make Email and Social Media a fun way to stay connected and current. But losing access to these accounts can cause embarrassment, financial loss, or permanent loss of the account involved. A reported 22% of internet users in the United States had their online accounts hacked at least once, and 14% have had their accounts hacked more than once.

Account Takeovers can result in losing control of accounts from Email, Social Media, Banking, etc. Malicious adversaries can perform these takeovers for a variety of reasons, but a surprising takeaway is how cheaply sold accounts can be exchanged for, typically for only a few USD. The key to taking over these accounts is commonly through your most popular form of online identity, your email address. To protect against account takeovers, ensure that your Email and Social Media accounts have extra precautions in place, such as MFA. It is also recommended to use a separate email address for your finances from what you use for your social media accounts and to never reuse passwords between your accounts.

We also recommend getting more information on Data Privacy and security from different sources.  Cybersecurity is a growing field and cake be a very rewarding career for anyone interested.  We recommend signing up for online courses offered by Udacity like the one that can be found linked here.  By beginning Udacity’s courses today, you can open yourself up to a lifetime of rewarding cyber security skills! Even if cyber security isn’t for you, Udacity also offers courses in data engineering, data science, data analysis, data structures and algorithms, and ethical hacking. Try widening your horizons with Udacity!