Ever received a message over social media from a friend with a video or image asking if this is you? Chances are, this is an attempt at “Angler Phishing” – a type of phishing attack associated with social media and their associated messaging services or chat platforms. Often when these links, videos or images are accessed, the user is redirected to a login page where attackers can harvest user credentials if they are entered and use the newly compromised account to distribute the same or similar messages to all their contacts. This type of “spray” phishing attack is used to distribute the phish to a large number of users in hopes that they might snare a few victims with their chosen bait. Once the credentials are entered, users may find themselves redirected to advertisements offering products and services for free or unbelievably cheap prices for scams run by other cyber criminals to collect affiliation fees and earn money from their attack efforts as well as harvest credit card details in a secondary attack. Always be wary of any links sent using social media, even if they’re from your contacts and if in doubt, don’t click!
Using Multi Factor Authentication (2FA or MFA) on your social media accounts is a further means to combat against unauthorised access. We still recommend that you use a strong, unique password as your primary method of defence, but in the event that these details are compromised, MFA can provide an additional layer of protection. Without the ability to approve and authenticate the login attempt, attackers will be unable to access your account, and you will be alerted to an attempted login.
Checking your privacy settings is another great way to protect yourself in the realm of social media. Setting your profile to “Private” will mean that only individuals you accept as a contact will be able to access the information you have available on your profile. Only accepting friend or connection requests from known individuals will prevent unauthorised persons from viewing your information. You can also make sure your profile cannot be found using a Google search by selecting this option from the security settings menu.
Oversharing on social media can be one of the leading causes of compromise or identity theft. Revealing personal details such as email or physical addresses, home or mobile phone numbers, your date of birth, where your children go to school, credit card information and other details about yourself can lead to undesirable outcomes. Fun games and quizzes collect information that can provide details often associated with the answers to your backup security questions or can be used to gather information about your identity for fraud or identity theft so refrain from sharing these or encouraging your friends to complete these types of quizzes. The more games, groups and pages you like or belong to broadens your digital footprint so you should be mindful of limiting your associations where possible.
It’s also a good idea to check other people in your photos are ok to have them shared on social media sites and check before tagging anyone in posts or images. If you have taken photographs using your mobile phone, it may be a good idea to check your camera settings and turn off geographical location recording so time, date and location are not associated with any photos you plan to upload to your social media.
As awful as it might be, upwards of 1.5million children have their identities stolen every year so you should remember not to share too much about your kids when you’re online. It’s a good idea to consider their privacy as well as your own.
Remembering that social media platforms are a community. If you see anything suspicious, it’s always best to get in touch with the owner of any business page or individual you feel may be targeted by a malicious actor. The safest way to do so is by an alternative means of communication other than the social media platform in question where possible, such as by phone, email or through their website. Otherwise, if this is not possible or an option, all social media platforms have a service where suspicious or malicious pages and behaviour can be reported and brought to the administrator’s attention to be dealt with by them.