Social media has completely changed the way humans interact. Our lives have become increasingly public as we all share a variety of personal information online on various social networks. 2019 has seen worldwide social media user numbers grow to almost 3.5 billion, with 288 million new users in the past 12 months, pushing the global social media penetration figure to 45% and close to 80% of the U.S. population.
Facebook and YouTube have more than a staggering 2 billion active users, Instagram and WhatsApp have more than 1 billion active users, and Linkedin and Twitter have more than 300 million active users each and counting. Social media is also very popular in business: nearly three-quarters of all small businesses (73%) invest in social media.
Even though these online platforms have become our primary source of entertainment and an indispensable part of our lives, they can pose a serious threat if we aren’t careful. Scammers abound on social media channels.
Social Media Has Become One Of The Biggest Threat Vectors
A security flaw in Facebook left almost 50 million users exposed to attackers in 2018, and earlier this year, a massive database containing contact information (such as email addresses and phone numbers) of millions of Instagram influencers were found online.
Per a recent report, “Social media incidents accounted for over 56% of the 4.5 billion data records compromised worldwide in the first half of 2018.” Forty-seven percent of payment scams in the U.K. last year affected those under 30 years old, with over half believing they’d been contacted by scammers on social media.
Personal information is today’s currency. Information on what you like, where you go, whom you are friends with — any information that describes who you are is valuable data. The more someone knows about you, the more vulnerable you are. And it’s easier for someone to manipulate you or launch an attack on you when you have private information on an individual.
Let’s look at techniques scammers use to understand how hackers use social media to mount attacks on users.
Only Fools Rush In — Romance Scams
Romance scammers often lure people with a fake online profile on social media. Once these fraudsters win the hearts and trust of their victims, they will claim they are suddenly in need of money for a medical emergency or some kind of personal crisis. Romance scams rank as one of the top social media scams of all time. The FTC reported that in 2018 people lost $143 million — more than any other consumer fraud type.
Don’t Fall For The Bait — Social Phishing
Social media phishing represents a rich source of income for fraudsters. Scammers often lure their victims on Facebook or Twitter or in a direct message, playing on human emotions, often advertising a gift or special offer. The link on the post takes you to a website that requests personal data or causes your computer to get infected with malware, which sends out messages from your profile to your entire contact list. Since the messages that individuals receive are from someone they trust, they end up clicking on the link, which can cause them to inadvertently download malware.
Quizzes And Other Applications
On Facebook or Twitter you’ll see quizzes like, “Which celebrity do you resemble the most?” “What star sign are you?” or “Click here to predict your future.” Every time you click on something like this, you are giving a third-party developer access to your profile information. A lot of times these are fraudulent marketing companies that will collect your profile information and sell your data on the black market or attempt to sell you items.
Attackers will put in a lot of thought to create attractive clickbait campaigns on social media. A juicy headline, an irresistible video, a trending news article — anything to get individuals to click and access a malicious link. Once an individual clicks on the link, the victim is asked to sign in again, asked to accept app permissions or is presented with a fake login screen to authenticate their information. Once you sign in, the attackers have your credentials and access to your passwords and profile information.
Hidden Or Shortened URLs
Most malicious campaigns are accompanied by short URLs. While URL shortening services (like TinyURL) can save some space, they can easily masquerade as malicious URLs and make users believe the link is valid. You’ll see them everywhere on social media, but you’ll never know where you are being directed to because URL shorteners hide the full website address.
How Can You Avoid Getting Conned On Social Media?
Although it’s almost impossible for social media users to prevent themselves from a breach, one could follow the steps below to reduce one’s online exposure.
• Provide minimal information: Only offer information you are comfortable revealing to the world. The best way to protect sensitive information is to not provide it at all. Most information required by social platforms is optional. Don’t provide more information about yourself, your family, your location, your interests, etc., unless it’s mandatory.
• Utilize two-factor authentication: Most leading social media platforms offer two-factor authentication. Usually, this involves connecting your account with a mobile phone to verify or provide a code sent via text. This is the simplest way to stop hackers from hacking into your account.
• Always remain doubtful: When you’re on social media, it’s probably a good idea not to trust everything that comes your way or believe content that’s coming from people you already know. Don’t add contacts you don’t know or appear to be fake, don’t trust people with your personal information, don’t click on links unless you’re absolutely certain that they are from a genuine source and don’t fill in your credentials or give permissions to unknown applications.
Stay Vigilant And Raise Awareness
Staying vigilant and educated about security risks on social media can help reduce the possibility of data breaches and keep your company’s information safe and secure. Deploying phishing simulators in corporate environments can be useful in raising cybersecurity awareness, training staff on social engineering phishing attacks and also identifying risky employees.